Incus: Difference between revisions
No edit summary |
No edit summary |
||
| Line 31: | Line 31: | ||
$IPADDRESS a valid IPv4 address from CIDR range</blockquote>For example, if I wanted to set internal container to have an IPv4 of 10.9.12.2 inside the network device eth0, I execute the command | $IPADDRESS a valid IPv4 address from CIDR range</blockquote>For example, if I wanted to set internal container to have an IPv4 of 10.9.12.2 inside the network device eth0, I execute the command | ||
incus config device override | incus config device override internal eth0 ipv4.address=10.9.12.2 | ||
==== Actual port forwarding ==== | ==== Actual port forwarding ==== | ||
Revision as of 22:51, 2 June 2025
Hello there 🙂 🙂 🙂 🙂 🙂 🙂 (This is supposed to denote "sarcastic smile"). Welcome to Incus documentation page, where we use incorrect terminologies for networking and stuff, I guess.
Why Incus? Well, it was the closest thing to FreeBSD Jails for me... I love FreeBSD Jails, man. But FreeBSD CPU performance sucks-butt. I just want a space for application isolation. But Docker fucks with my firewall and eats my memory so that ain't feasible as well. I hate all of the Docker-like solution, I just want to have FreeBSD Jails on Linux. We used to use systemd-nspawn as well, but that solution also kinda sucked. Please just give me a simple isolation application like FreeBSD Jails does, please.
Setting up
To set-up, do incus admin init and a voila, done.
Give yourself incus-admin user group
I think User:Techit installed web UI for Thetic Incus, but I don't use that. So.
Networking
Please clean this up later by using OVN/OVS
How the fuck does Incus does their networking, I have no idea.
But basically, the default eth0 is a bridge to your actual network, it is running an internal DHCP server using dnsmasq with random private CIDR range assigned to it (e.g., 10.52.21.1/24 or 10.63.183.1/24).
When you connect (I.E., creating a new container with the default profile), a random IPv4 address from that private CIDR range will get assigned to that container. But however, don't be fooled, it's still not static IP.
Port forwarding
Setting a static IPv4 address
In order to do port forward [other than the older way that it isn't an actual NAT, and sees every request as a loopback (127.0.0.1),] you would have to manually assign a valid IPv4 address from that private CIDR.
To do so,
incus config device override set $CONTAINER $NETWORKDEVICE ipv4.address=$IPADDRESS
Where
$CONTAINER is the container name
$NETWORKDEVICE is the network device
$IPADDRESS a valid IPv4 address from CIDR range
For example, if I wanted to set internal container to have an IPv4 of 10.9.12.2 inside the network device eth0, I execute the command
incus config device override internal eth0 ipv4.address=10.9.12.2
Actual port forwarding
incus config device add internal $PROTOCOL$PORTLISTEN-$PORTCONNECT proxy listen=$PROTOCOL:$IPLISTEN:$PORTLISTEN connect=$PROTOCOL:$IPCONNECT:PORTCONNECT nat=true
Where
$PROTOCOL is the protocol (tcp, udp, unix)
$PORTLISTEN is the port on the main machine that the container is running on that will listen to
$PORTCONNECT is the port on the container that it'll connect to
$IPLISTEN is a valid IPv4 address that your main machines connect to
$IPCONNECT just leave this to 0.0.0.0
For example, Thetic has an internal network of 10.10.10.2 and a container called internal. Inside that container, there is an HTTP server listening on port 8303 and we actually want to get to that port from the outside world.
incus config device add internal tcp8303-8303 proxy listen=tcp:10.10.10.2:8303 connect=tcp:0.0.0.0:8303 nat=true