Assuming you have your bridge configured as br0, and are are running a webserver on port 9880 (either unbound or bound the primary IP of the bridge ‘br0’), the following should allow a KVM VM, LXC container, etc. to connect to http://169.254.169.254/ just like they can in Amazon EC2. This has to be run on the server hosting the VMs, of course.

# sysctl net.bridge.bridge-nf-call-iptables=1 
# sysctl net.bridge.bridge-nf-call-arptables=1
# ip addr add 169.254.169.254/32 dev br0 
# iptables -t nat -A PREROUTING -d 169.254.169.254 -p tcp --dport 80 -j REDIRECT --to-port 9880
or using DNAT:
# ip addr add 169.254.169.254/32 dev lo
# iptables -t nat -A PREROUTING -j DNAT -d 169.254.169.254 -p tcp --dport 80 --to 169.254.169.254:9880

Your webserver should probably ensure that the request is coming from the IP of one of the VMs currently running on the server itself.

— by Robert Thomson, created 14th Feb, 2014, last modified 14th Feb, 2014 | Tags: Tech