<div dir="ltr">Alright, making progress on this. I forgot to mention that the host is a VM running off of VMWare... slipped my mind :)<div><br></div><div>I set the virtual switch that the host uses to promiscuous mode and I can ping the gateway and other machines on my subnet from the container, however I still cannot get to the outside world:</div><div><br></div><div>From the container:</div><div><div>root@thinkweb:/# ping 192.168.54.1</div><div>PING 192.168.54.1 (192.168.54.1) 56(84) bytes of data.</div><div>64 bytes from <a href="http://192.168.54.1">192.168.54.1</a>: icmp_seq=1 ttl=255 time=2.98 ms</div><div>64 bytes from <a href="http://192.168.54.1">192.168.54.1</a>: icmp_seq=2 ttl=255 time=5.01 ms</div><div>64 bytes from <a href="http://192.168.54.1">192.168.54.1</a>: icmp_seq=3 ttl=255 time=1.10 ms</div><div>^C</div><div>--- 192.168.54.1 ping statistics ---</div><div>3 packets transmitted, 3 received, 0% packet loss, time 2002ms</div><div>rtt min/avg/max/mdev = 1.105/3.035/5.014/1.597 ms</div><div>root@thinkweb:/# ping 192.168.54.65</div><div>PING 192.168.54.65 (192.168.54.65) 56(84) bytes of data.</div><div>64 bytes from <a href="http://192.168.54.65">192.168.54.65</a>: icmp_seq=1 ttl=64 time=0.245 ms</div><div>64 bytes from <a href="http://192.168.54.65">192.168.54.65</a>: icmp_seq=2 ttl=64 time=0.041 ms</div><div>64 bytes from <a href="http://192.168.54.65">192.168.54.65</a>: icmp_seq=3 ttl=64 time=0.047 ms</div><div>^C</div><div>--- 192.168.54.65 ping statistics ---</div><div>3 packets transmitted, 3 received, 0% packet loss, time 1998ms</div><div>rtt min/avg/max/mdev = 0.041/0.111/0.245/0.094 ms</div><div>root@thinkweb:/# ping 8.8.8.8</div><div>connect: Network is unreachable</div></div><div><br></div><div>Is this because of my routing table on the container?</div><div><br></div><div>Thanks,</div><div>Joshua</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Oct 23, 2015 at 3:50 PM, Joshua Schaeffer <span dir="ltr"><<a href="mailto:jschaeffer0922@gmail.com" target="_blank">jschaeffer0922@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Okay, ip_forward was set to 0 on the host. I changed it to 1, but I still wasn't able to ping the gateway from the container. iptables rules is set to accept for INPUT, FORWARD, and OUTPUT on the host:<div><br></div><div><div>jschaeffer@prvlxc01:~$ sudo iptables -L</div><div>Chain INPUT (policy ACCEPT)</div><div>target prot opt source destination</div><div><br></div><div>Chain FORWARD (policy ACCEPT)</div><div>target prot opt source destination</div><div><br></div><div>Chain OUTPUT (policy ACCEPT)</div><div>target prot opt source destination</div></div><div><br></div><div>Here is the OVS db output:</div><div><br></div><div><div>jschaeffer@prvlxc01:~$ sudo ovs-vsctl show</div><div>[sudo] password for jschaeffer:</div><div>4e502746-9746-4972-8cb4-cf27f7b7332f</div><div> Bridge "br0"</div><div> Port "veth52B8DS"</div><div> Interface "veth52B8DS"</div><div> Port vethYERYXP</div><div> Interface vethYERYXP</div><div> Port "vethAGP5QO"</div><div> Interface "vethAGP5QO"</div><div> Port "eth0"</div><div> Interface "eth0"</div><div> Port "veth6WFED2"</div><div> Interface "veth6WFED2"</div><div> Port "br0"</div><div> Interface "br0"</div><div> type: internal</div><div> ovs_version: "2.3.0"</div></div><div><br></div><div>Not sure if this is a problem or not, but I ran ifconfig on the host again and it looks like the last 6 digits of the veth changed (maybe because I changed the lxc's config to include the hardward address?). This particular veth is not included in the ovs output:</div><div><br></div><div>jschaeffer@prvlxc01:~$ sudo ifconfig<br></div><div>[...]</div><div><div>vethJMVQHJ Link encap:Ethernet HWaddr fe:1f:8a:a9:25:52<br></div><div> inet6 addr: fe80::fc1f:8aff:fea9:2552/64 Scope:Link</div><span class=""><div> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1</div></span><div> RX packets:15 errors:0 dropped:0 overruns:0 frame:0</div><div> TX packets:216 errors:0 dropped:0 overruns:0 carrier:0</div><div> collisions:0 txqueuelen:1000</div><div> RX bytes:1054 (1.0 KiB) TX bytes:21554 (21.0 KiB)</div></div><div><br></div><div>Thanks,</div><div>Joshua</div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Oct 23, 2015 at 2:25 PM, Benoit GEORGELIN - Association Web4all <span dir="ltr"><<a href="mailto:benoit.georgelin@web4all.fr" target="_blank">benoit.georgelin@web4all.fr</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div style="font-family:arial,helvetica,sans-serif;font-size:10pt;color:#000000"><div>Yes, thanks, I saw it in your configuration file. </div><div><br></div><div>Everything looks good. <br>Your container does not have a gateway address , but you should be able to ping local network . </div><div><br></div><div>This looks good too: </div><span><div><br></div><div><div style="color:#000000;font-family:'Times New Roman';font-size:12.9799995422363px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:#ffffff">Address HWtype HWaddress Flags Mask Iface</div><div style="color:#000000;font-family:'Times New Roman';font-size:12.9799995422363px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:#ffffff"><span style="color:#005a95;text-decoration:none"><a href="callto:192.168.54.65" style="color:#005a95;text-decoration:none" target="_blank">192.168.54.65</a></span> ether 00:50:56:be:13:94 C eth0</div><div style="color:#000000;font-family:'Times New Roman';font-size:12.9799995422363px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:#ffffff"><span style="color:#005a95;text-decoration:none"><a href="callto:192.168.54.1" style="color:#005a95;text-decoration:none" target="_blank">192.168.54.1</a></span> ether 00:13:c4:f2:64:41 C eth0</div></div><div><br></div><div><br></div></span><div>Your container know the mac address of the host. Communication is working on that level.</div><div><br></div><div>Do you have any iptables rules on the host ?</div><div><br></div><div>Can you look at this file , it should be 1 </div><div>cat /proc/sys/net/ipv4/ip_forward</div><div><br></div><div>Also can you send the OVS db content: </div><div><br></div><div>ovs-vsctl show </div><span><div><br></div><div><br></div><div><div><span style="color:rgb(51,51,51);font-family:times new roman,new york,times,serif">Cordialement,</span><span style="color:rgb(51,51,51);font-family:times new roman,new york,times,serif;font-weight:bold"><span style="color:rgb(51,51,51);font-family:times new roman,new york,times,serif;font-weight:bold"><br></span></span></div><div><br></div><div><span style="color:rgb(51,51,51);font-family:times new roman,new york,times,serif;font-weight:bold">Benoît Georgelin -</span><span style="color:rgb(51,51,51);font-family:times new roman,new york,times,serif;font-weight:bold"><br></span><span style="color:#c0c0c0;font-weight:bold;font-size:xx-small" size="1"><span style="font-family:times new roman,new york,times,serif;font-style:italic">Afin de contribuer au respect de l'environnement, merci de n'imprimer ce mail qu'en cas de nécessité</span></span><span style="color:rgb(51,51,51);font-family:times new roman,new york,times,serif;font-weight:bold"><br></span></div></div><br><hr></span><div><span><b>De: </b>"Joshua Schaeffer" <<a href="mailto:jschaeffer0922@gmail.com" target="_blank">jschaeffer0922@gmail.com</a>><br><b>À: </b>"lxc-users" <<a href="mailto:lxc-users@lists.linuxcontainers.org" target="_blank">lxc-users@lists.linuxcontainers.org</a>><br></span><b>Envoyé: </b>Vendredi 23 Octobre 2015 15:41:49<br><b>Objet: </b>Re: [lxc-users] Container doesn't connect to bridge<br></div><div><div><br><div><div dir="ltr">Oh, also forgot to mention that I'm using OVS to create the bridge. I didn't think this would be a problem if I got the bridge working on the host, but let me know if I've missed something.<br><div>Thanks,</div><div>Joshua</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Oct 23, 2015 at 1:36 PM, Joshua Schaeffer <span dir="ltr"><<a href="mailto:jschaeffer0922@gmail.com" target="_blank">jschaeffer0922@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div>Here ya go. It looks like the routing table is off for the container or am I just misreading that. Also I assigned the veth an mac address from the config file. Everything still appears to be the same, no change.</div><br><div>Host:</div><div>jschaeffer@prvlxc01:~$ sudo route -n</div><div>Kernel IP routing table</div><div>Destination Gateway Genmask Flags Metric Ref Use Iface</div><div>0.0.0.0 192.168.54.1 0.0.0.0 UG 0 0 0 br0</div><div>192.168.54.0 0.0.0.0 255.255.255.128 U 0 0 0 br0</div></div><br><div><div>jschaeffer@prvlxc01:~$ cat /etc/network/interfaces</div><div># This file describes the network interfaces available on your system</div><div># and how to activate them. For more information, see interfaces(5).</div><br><div>source /etc/network/interfaces.d/*</div><br><div># The loopback network interface</div><div>auto lo</div><div>iface lo inet loopback</div><br><div>allow-ovs br0</div><div>iface br0 inet static</div><div> address 192.168.54.65</div><div> netmask 255.255.255.128</div><div> gateway 192.168.54.1</div><div> ovs_type OVSBridge</div><div> ovs_ports eth0</div><br><div># The primary network interface</div><div>allow-br0 eth0</div><div>iface eth0 inet manual</div><div> ovs_bridge br0</div><div> ovs_type OVSPort</div></div><br><br><br><div>Container:</div><div>root@thinkweb:~# route -n</div><div>Kernel IP routing table</div><div>Destination Gateway Genmask Flags Metric Ref Use Iface</div><div>192.168.54.0 0.0.0.0 255.255.255.128 U 0 0 0 eth0</div><br><div><div>root@thinkweb:~# arp -n<br></div><div>Address HWtype HWaddress Flags Mask Iface</div><div>192.168.54.65 ether 00:50:56:be:13:94 C eth0</div><div>192.168.54.1 ether 00:13:c4:f2:64:41 C eth0</div></div><div><div><br><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Oct 23, 2015 at 12:23 PM, Benoit GEORGELIN - Association Web4all <span dir="ltr"><<a href="mailto:benoit.georgelin@web4all.fr" target="_blank">benoit.georgelin@web4all.fr</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div style="font-family:arial,helvetica,sans-serif;font-size:10pt;color:#000000"><div>Hi,</div><br><div>can you provide from the host and from the container :</div><br><div>route -n <br><br></div><div>can you provide from the container :</div><br><div>arp -n </div><br><div>can you also give the bridge configuration from /etc/network/interfaces</div><br><div>LXC configuration looks good to me . <br>I would try to set the mac address manually in the configuration file like : </div><br><div>lxc.network.hwaddr = <span style="color:#000000;font-family:arial,helvetica,sans-serif;font-size:13.3333330154419px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;display:inline!important;float:none;background-color:#ffffff">fe:fa:9c:21:8d:0b</span></div><br><div><div><span style="color:#333333;font-family:times new roman,new york,times,serif">Cordialement,</span><span style="color:#333333;font-family:times new roman,new york,times,serif;font-weight:bold"><span style="color:#333333;font-family:times new roman,new york,times,serif;font-weight:bold"><br></span></span></div><br><div><span style="color:#333333;font-family:times new roman,new york,times,serif;font-weight:bold">Benoît Georgelin -</span><span style="color:#333333;font-family:times new roman,new york,times,serif;font-weight:bold"><br></span><span style="color:#c0c0c0;font-weight:bold;font-size:xx-small"><span style="font-family:times new roman,new york,times,serif;font-style:italic">Afin de contribuer au respect de l'environnement, merci de n'imprimer ce mail qu'en cas de nécessité</span></span><span style="color:#333333;font-family:times new roman,new york,times,serif;font-weight:bold"><br></span></div></div><br><hr><div><b>De: </b>"Joshua Schaeffer" <<a href="mailto:jschaeffer0922@gmail.com" target="_blank">jschaeffer0922@gmail.com</a>><br><b>À: </b>"lxc-users" <<a href="mailto:lxc-users@lists.linuxcontainers.org" target="_blank">lxc-users@lists.linuxcontainers.org</a>><br><b>Envoyé: </b>Vendredi 23 Octobre 2015 13:40:35<br><b>Objet: </b>[lxc-users] Container doesn't connect to bridge<br></div><br><div><div><div><div dir="ltr"><div>I have a lxc container on version 1.1.2 on Debian that cannot connect to</div><div>the network. My host has br0 setup and I can access any machine on the</div><div>network and internet from the host:</div><br><div>This is the host:</div><div>jschaeffer@prvlxc01:~$ sudo ifconfig</div><div>[sudo] password for jschaeffer: </div><div>br0 Link encap:Ethernet HWaddr 00:50:56:be:13:94 </div><div> inet addr:192.168.54.65 Bcast:192.168.54.127</div><div>Mask:255.255.255.128</div><div> inet6 addr: fe80::250:56ff:febe:1394/64 Scope:Link</div><div> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1</div><div> RX packets:9891 errors:0 dropped:0 overruns:0 frame:0</div><div> TX packets:4537 errors:0 dropped:0 overruns:0 carrier:0</div><div> collisions:0 txqueuelen:0 </div><div> RX bytes:4078480 (3.8 MiB) TX bytes:521427 (509.2 KiB)</div><br><div>eth0 Link encap:Ethernet HWaddr 00:50:56:be:13:94 </div><div> inet6 addr: fe80::250:56ff:febe:1394/64 Scope:Link</div><div> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1</div><div> RX packets:10872 errors:0 dropped:0 overruns:0 frame:0</div><div> TX packets:5085 errors:0 dropped:0 overruns:0 carrier:0</div><div> collisions:0 txqueuelen:1000 </div><div> RX bytes:4159749 (3.9 MiB) TX bytes:575863 (562.3 KiB)</div><br><div>lo Link encap:Local Loopback </div><div> inet addr:127.0.0.1 Mask:255.0.0.0</div><div> inet6 addr: ::1/128 Scope:Host</div><div> UP LOOPBACK RUNNING MTU:65536 Metric:1</div><div> RX packets:0 errors:0 dropped:0 overruns:0 frame:0</div><div> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0</div><div> collisions:0 txqueuelen:0 </div><div> RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)</div><br><div>vethAGP5QO Link encap:Ethernet HWaddr fe:fa:9c:21:8d:0b </div><div> inet6 addr: fe80::fcfa:9cff:fe21:8d0b/64 Scope:Link</div><div> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1</div><div> RX packets:536 errors:0 dropped:0 overruns:0 frame:0</div><div> TX packets:3013 errors:0 dropped:0 overruns:0 carrier:0</div><div> collisions:0 txqueuelen:1000 </div><div> RX bytes:49648 (48.4 KiB) TX bytes:332247 (324.4 KiB)</div><br><div>From the container I cannot even reach the gateway:</div><br><div>This is the container:</div><div>root@thinkweb:/# ifconfig</div><div>eth0 Link encap:Ethernet HWaddr aa:0a:f7:64:12:db </div><div> inet addr:192.168.54.110 Bcast:192.168.54.127</div><div>Mask:255.255.255.128</div><div> inet6 addr: fe80::a80a:f7ff:fe64:12db/64 Scope:Link</div><div> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1</div><div> RX packets:3194 errors:0 dropped:0 overruns:0 frame:0</div><div> TX packets:536 errors:0 dropped:0 overruns:0 carrier:0</div><div> collisions:0 txqueuelen:1000 </div><div> RX bytes:352314 (344.0 KiB) TX bytes:49648 (48.4 KiB)</div><br><div>lo Link encap:Local Loopback </div><div> inet addr:127.0.0.1 Mask:255.0.0.0</div><div> inet6 addr: ::1/128 Scope:Host</div><div> UP LOOPBACK RUNNING MTU:65536 Metric:1</div><div> RX packets:4 errors:0 dropped:0 overruns:0 frame:0</div><div> TX packets:4 errors:0 dropped:0 overruns:0 carrier:0</div><div> collisions:0 txqueuelen:0 </div><div> RX bytes:336 (336.0 B) TX bytes:336 (336.0 B)</div><br><div>root@thinkweb:/# ping 192.168.54.1</div><div>PING 192.168.54.1 (192.168.54.1) 56(84) bytes of data.</div><div>^C</div><div>--- 192.168.54.1 ping statistics ---</div><div>7 packets transmitted, 0 received, 100% packet loss, time 6049ms</div><br><div>jschaeffer@prvlxc01:~$ cat /var/lib/lxc/thinkweb/config</div><div>cat: /var/lib/lxc/thinkweb/config: Permission denied</div><div>jschaeffer@prvlxc01:~$ sudo cat /var/lib/lxc/thinkweb/config</div><div># Template used to create this</div><div>container: /usr/share/lxc/templates/lxc-download</div><div># Parameters passed to the template: -d debian -r jessie -a amd64</div><div># For additional config options, please look at lxc.container.conf(5)</div><br><div># Distribution configuration</div><div>lxc.include = /usr/share/lxc/config/debian.common.conf</div><div>lxc.arch = x86_64</div><br><div># Container specific configuration</div><div>lxc.rootfs = /var/lib/lxc/thinkweb/rootfs</div><div>lxc.utsname = thinkweb</div><div>lxc.tty = 4</div><div>lxc.pts = 1024</div><div>lxc.cap.drop = sys_module mac_admin</div><div>mac_override sys_time</div><div># When using LXC with apparmor, uncomment the next line to run</div><div>unconfined:</div><div>#lxc.aa_profile = unconfined</div><br><div># Network configuration</div><div>lxc.network.type = veth</div><div>lxc.network.flags = up</div><div>lxc.network.link = br0</div><div>lxc.network.ipv4 = <a href="http://192.168.54.110/25" target="_blank">192.168.54.110/25</a></div><div><a href="http://lxc.network.name" target="_blank">lxc.network.name</a> = eth0</div><br><div>## Limits</div><div>lxc.cgroup.cpu.shares = 1024</div><div>lxc.cgroup.cpuset.cpus = 0,1,2,3</div><div>lxc.cgroup.memory.limit_in_bytes = 2G</div><div>#lxc.cgroup.memory.memsw.limit_in_bytes = 3G</div><br><br><div>Thanks,</div><div>Joshua</div></div>
<br></div></div>_______________________________________________<br>lxc-users mailing list<br><a href="mailto:lxc-users@lists.linuxcontainers.org" target="_blank">lxc-users@lists.linuxcontainers.org</a><br><a href="http://lists.linuxcontainers.org/listinfo/lxc-users" target="_blank">http://lists.linuxcontainers.org/listinfo/lxc-users</a><br></div></div></div><br>_______________________________________________<br>
lxc-users mailing list<br>
<a href="mailto:lxc-users@lists.linuxcontainers.org" target="_blank">lxc-users@lists.linuxcontainers.org</a><br>
<a href="http://lists.linuxcontainers.org/listinfo/lxc-users" rel="noreferrer" target="_blank">http://lists.linuxcontainers.org/listinfo/lxc-users</a><br></blockquote></div><br></div></div></div></div>
</blockquote></div><br></div>
<br>_______________________________________________<br>lxc-users mailing list<br><a href="mailto:lxc-users@lists.linuxcontainers.org" target="_blank">lxc-users@lists.linuxcontainers.org</a><br><a href="http://lists.linuxcontainers.org/listinfo/lxc-users" target="_blank">http://lists.linuxcontainers.org/listinfo/lxc-users</a><br></div></div></div></div></div><br>_______________________________________________<br>
lxc-users mailing list<br>
<a href="mailto:lxc-users@lists.linuxcontainers.org" target="_blank">lxc-users@lists.linuxcontainers.org</a><br>
<a href="http://lists.linuxcontainers.org/listinfo/lxc-users" rel="noreferrer" target="_blank">http://lists.linuxcontainers.org/listinfo/lxc-users</a><br></blockquote></div><br></div>
</div></div></blockquote></div><br></div>