From: Serge Hallyn <serge.hallyn-GeWIH/nMZzLQT0dZR+AlfA@public.gmane.org>
To: Hongbing Wang <hongbingwang-rphTv4pjVZMJGwgDXS7ZQA@public.gmane.org>
Cc: "containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org"
<containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org>
Subject: Re: allocate specific port range for container?
Date: Tue, 5 Nov 2013 15:53:24 -0600 [thread overview]
Message-ID: <20131105215324.GB4256@ac100> (raw)
In-Reply-To: <1383680242.61814.YahooMailNeo-abza1nB0wQv35Xbc4wGBzZOW+3bF1jUfVpNB7YpNyf8@public.gmane.org>
Quoting Hongbing Wang (hongbingwang-rphTv4pjVZMJGwgDXS7ZQA@public.gmane.org):
> Hello LXC experts:
>
> Is it possible to allocate specific transport port range for the socket based applications inside one container?
How do you mean? You want ports 50000-51000 of the host to be forwarded
to container 1, and 60000-61000 to container 2?
> Say I have two containers: LXC_a and LXC_b, and each has some socket based applications I cannot modify or have no source code. If I need port range 50000 - 51000 for LXC_a and 60000 - 61000 for LXC_b. Any way to achieve this?
>
> The /proc/sys/net/ipv4/ip_local_port_range is for the host to adjust the ephemeral port range, and we do not have the per LXC based setting on the local_port_range. Is this due to that the LXC network namespace isolation is at the L3 level? How could I achieve this per port range LXC?
The network namespaces are actually at L2, not L3. Each container has
its own routing table.
I think you can get what you want by simply giving each container a veth
nic and using iptables on the host to forward the ports you want to the
appropriate container. That's how I co-locate web, mail, and other
server containers on the same host.
next prev parent reply other threads:[~2013-11-05 21:53 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-11-05 19:37 allocate specific port range for container? Hongbing Wang
[not found] ` <1383680242.61814.YahooMailNeo-abza1nB0wQv35Xbc4wGBzZOW+3bF1jUfVpNB7YpNyf8@public.gmane.org>
2013-11-05 21:53 ` Serge Hallyn [this message]
2013-11-05 22:35 ` Hongbing Wang
[not found] ` <1383690907.99487.YahooMailNeo-abza1nB0wQu2Y7dhQGSVAJOW+3bF1jUfVpNB7YpNyf8@public.gmane.org>
2013-11-06 3:36 ` Zhu Yanhai
2013-11-08 23:40 ` Eric W. Biederman
[not found] ` <87vc02qx7i.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2013-11-09 1:14 ` Hongbing Wang
[not found] ` <1383959661.2417.YahooMailNeo-abza1nB0wQvuQS8rMknbopOW+3bF1jUfVpNB7YpNyf8@public.gmane.org>
2013-11-09 1:41 ` Eric W. Biederman
[not found] ` <87ppqal5aw.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2013-11-09 1:49 ` Hongbing Wang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20131105215324.GB4256@ac100 \
--to=serge.hallyn-gewih/nmzzlqt0dzr+alfa@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=hongbingwang-rphTv4pjVZMJGwgDXS7ZQA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.