From 3f69286ef4b15161febb4a4bae085fb4c2c83bbf Mon Sep 17 00:00:00 2001
From: Jasper Ras <jras@hostnet.nl>
Date: Sat, 29 Mar 2025 11:32:44 +0100
Subject: vault backup: 2025-03-29 11:32:44

---
 NixOS - Container networking.md | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 NixOS - Container networking.md

(limited to 'NixOS - Container networking.md')

diff --git a/NixOS - Container networking.md b/NixOS - Container networking.md
new file mode 100644
index 0000000..f70c1d1
--- /dev/null
+++ b/NixOS - Container networking.md	
@@ -0,0 +1,20 @@
+Networking is implemented as a pair of Veth interfaces. `eth0` inside of the container, `ve-containername` on the host. A container has its own networking namespace so it can configure the network without affecting the host's network.
+
+To allow containers to talk to the outside network we'll need to set-up NAT on the host. 
+```
+{
+	networking.nat.enable = true;
+	networking.nat.internalInterfaces = [ "ve-+" ];
+	networking.nat.externalInterface = "eth0";
+}
+```
+
+NetworkManager has to be stopped from trying to manage container interfaces:
+```
+{
+	networking.networkmanager.unmanaged = [ "interface-name:ve-*" ];
+}
+```
+
+---
+[[NixOS - Containers]]
\ No newline at end of file
-- 
cgit v1.2.3