[lxc-devel] Networking issue

Saint Michael venefax at gmail.com
Wed Nov 9 06:33:56 UTC 2016


It was working fine until a week ago.
I have two sites, it happened on both, so the issue is not on my router or
my switch, since they are different sites and we did not upgrade anything.
Ubuntu 16.04.1 LTS (GNU/Linux 4.4.0-45-generic x86_64)
LXC installed from apt-get install lxc1
iptables off in both hosts and containers. I protect my network at the
perimeter.

All my container networking is defined

lxc.network.type=macvlan
lxc.network.macvlan.mode=bridge
lxc.network.link=eth1
lxc.network.name = eth0
lxc.network.flags=up
lxc.network.hwaddr = XX:XX:XX:XX:XX:XX
lxc.network.ipv4 = 0.0.0.0/24

Now suppose I have a machine, not a container, in the same broadcast domain
as the containers, same subnet.
It cannot ping or ssh into a container, which is accessible from outside my
network.
However, from inside the container the packets come and go perfectly, when
the connection is originated by the container.
A container can ping that host I mentioned, but the host cannot ping back
the container.
It all started a few days ago.
Also, from the host, this test works
arping -I eth0 (container IP address)
it shows that we share the same broadcast domain.

My guess is that the most recent kernel update in the LXC host, is blocking
the communication to the containers, but it allows connections from the
containers or connections from IP addresses not on the same broadcast
domain.
Any idea?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20161109/b5a59da4/attachment.html>


More information about the lxc-devel mailing list