Page 1 of 1

Correct config for virtual LXC containers

Posted: 06 Jul 2020, 14:48
by alsur
Hi. I've been using CSF for a while on a PVE (LXC) server.
The host has an interface vmbr0 for public address and a vmbr10 that we use as an internal network (10.0.X.X)
Most LXC containers only have one of the internal network address as we use a Nginx proxy in one of them to receive all the external traffic. This to the local containers is an eth0 address. Additional IPs are routed through the host IP to only the proxy.

So host has approx:
eno1
vmbr0: public address
vmbr10: internal address

On the container:
vmbr10: becomes eth0

We have CSF configured on both, although is a bit redundant on the internal IP containers.

I've only just noticed that on the containers IPTABLES_LOG we only see blocks that we understand are happening on the host public address and that all containers share the same info on the logs.

I am wondering if anyone can point me of how I should configure it so I only see blocks of each specific IP on each container or how the host should be configured otherwise.

thanks.