How can I expose a NIC to a container?

Jan 12, 2015
94
2
28
I have an IDS system I've containerized. eth0 is on vmbr0 while eth3 is an interface running from a SPAN session of a Cisco switch. I've tried creating a new bridge (vmbr100) and added eth3 to it. This allows the container to see UDP traffic from the SPAN session but none of the TCP traffic seems to be coming through the bridge. If I tcpdump eth3 on the hypervisor I can definitely see TCP traffic from the SPAN session. Nothing on the container though. How can I view my all my SPAN session traffic on eth3 in the container?
 
ok so I found this posting: https://forum.proxmox.com/threads/l...ment-for-lxc-containers-in-proxmox-4-0.23068/

(note eth1 below used to be eth3. Seems it moved to eth1 after a reboot or something?)

I shutdown container 700 and added these lines to my config /var/lib/lxc/700/config:
lxc.network.type = phys
lxc.network.link = eth1
lxc.network.name = span0

then started the container from either proxmox GUI or the cli:
pct start 700
and the lines I added were removed.

If I start the container as in the thread above:
lxc-start -n 700 -F -ldebug -o /tmp/log
The changes seem persistent.

Anyone know why? I don't want to have to start this container by hand on every reboot.
 
Last edited:

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!