36 lines
1.1 KiB
Markdown
36 lines
1.1 KiB
Markdown
# Outsider container
|
|
So this container's a bit special - it represents a host which is **not**
|
|
on the UW network. The motivation is to test software which have different
|
|
privilege settings for people outside of the local network, e.g. Postfix.
|
|
|
|
The easiest way to do this, in my opinion, is to simply create a new bridge
|
|
with a different subnet. Add the following to your /etc/network/interfaces:
|
|
```
|
|
auto lxcbr2
|
|
iface lxcbr2 inet static
|
|
bridge_ports none
|
|
bridge_fd 0
|
|
bridge_maxwait 0
|
|
address 192.168.101.1/24
|
|
up iptables -t nat -C POSTROUTING -s 192.168.101.0/24 ! -o lxcbr2 -j MASQUERADE 2>/dev/null || \
|
|
iptables -t nat -A POSTROUTING -s 192.168.101.0/24 ! -o lxcbr2 -j MASQUERADE
|
|
down iptables -t nat -D POSTROUTING -s 192.168.101.0/24 ! -o lxcbr2 -j MASQUERADE 2>/dev/null || true
|
|
```
|
|
Then:
|
|
```
|
|
ifup lxcbr2
|
|
```
|
|
|
|
## Installation
|
|
Once you have created the container, edit the following line in
|
|
`/var/lib/lxc/outsider/config`:
|
|
```
|
|
lxc.net.0.link = lxcbr2
|
|
```
|
|
|
|
As usual, create the container, start it, and install python3.
|
|
Now detach and run the playbook:
|
|
```
|
|
ansible-playbook main.yml
|
|
```
|