How to bind container network with a specific network interface

echowings · March 8, 2024, 3:56am

How to bind a container network with a specific network interface?

Viacheslav · March 8, 2024, 5:38am

Only two options allowed for now.
Bind all interfaces
Bind the internal network interface (bridge added by podman itself)

echowings · March 8, 2024, 6:15am

So podman only support host,bridge ? Didn’t support macvlan mode ?

Viacheslav · March 8, 2024, 6:21am

CLI is not implemented but podman supports

echowings · March 9, 2024, 12:33am

I tried macvlan in vyos. But the container ip can’t communicate with the hosts ip.
Then I want to apply PRB in then container network. But how to implement it? I can’t run command
set interface <container_network_interface> policy xxxx

Viacheslav · March 9, 2024, 6:15am

Not sure what do you mean about macvlan and how do you use it.
You can use “policy local-route”

echowings · March 9, 2024, 6:55am

I want to let container network follow the PBR of LAN， currently container network follow the vyos host routing policy.

Viacheslav · March 9, 2024, 9:29am

In the 1.4 interfaces under the policy section

set policy route PBR interface pod-NET01

echowings · March 9, 2024, 11:57am

Great news! But Vyos 1.4 didn’t support ipset anymore. Currently, I can’t upgrade to Vyos 1.4. May I ask if can you backport this feature into Vyos 1.3?
If so that would be great! Currently I set the DNS server in proxmox VE , and run Vyos as a VM in it. It was a little complex for me. If the container supports PBR. I only need to install Vyos on a bare metal server would be great!

Viacheslav · March 9, 2024, 12:07pm

The new re-implementation of QoS/policy/firewall won’t be backported to 1.3

echowings · March 9, 2024, 12:20pm

Upgrade vyos 1.4 is fine. but I still didn’t know how to quickly load a 8000 networks in a file as a firewall network group when vyos booting. I can’t directly set them in vyos configure.

echowings · March 12, 2024, 6:56am

@Viacheslav After upgrad vyos 1.3 to vyos 1.4 . IT works! Thanks a lot!
We can set the policy on the pod network. will make the whole network follow the PBR policy!

set container network dns-net prefix '172.20.0.0/24'
set policy route NETWORK-SHUNT-PBR interface 'pod-dns-net'

echowings · March 12, 2024, 11:53pm

@Viacheslav I find a issue that in vyos 1.4.1 epa1 . after reboot this configure can’t save in configuration. even I run save command. It will lost after system reboot.

Viacheslav · March 13, 2024, 4:08am

Known bug it saved but due to order cannot applies due to priority ⚓ T5892 container network interface and policy fails to apply after reboot

echowings · March 13, 2024, 4:36am

As you suggested to use local-route in the ticket .But the local-router didn’t support group.
Shall we let local-group support group option?

set policy local-route rule 10 destination
Possible completions:
+  address              IPv4 address or prefix
   port                 Port number used by connection

system · April 12, 2024, 4:36am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.