[Lxc-users] LXC Container: Network Configuration

Gordon Henderson gordon at drogon.net
Thu Dec 1 13:49:04 UTC 2011


On Tue, 29 Nov 2011, Patrick Kevin McCaffrey wrote:

> Alright, I've been struggling with LXC for several days now.  I can't 
> seem to get a container configured properly.  I originally was trying to 
> set up a few Ubuntu Oneiric containers, but am now just trying to get a 
> Debian template container set up using the lxc-debian script that comes 
> with lxc.
>
> The container runs, and I can log in to it via SSH from the host 
> machine.
>
> The host machine also runs as my router, as it has a 4 port ethernet 
> card (four subnets, DHCP running on each).  However, I cannot SSH into 
> my container from another computer on the local network -- it is only 
> accessible via the host machine.  If I try to SSH from another machine, 
> it says "no route to host."  Additionally, the container does not have 
> internet access.  If I try to ping, use wget or apt, I get connection 
> errors.  I'm assuming these two problems are related.
>
> I've got my local network set up using Shorewall, and it works 
> reasonably well for everything else (the entire local network is on the 
> "local" zone, which is completely open).  The host's 
> etc/network/interfaces file sets up the five ethernet interfaces 
> (eth0-eth3 with static IPs and eth4 with DHCP from the cable modem) as 
> well as the bridge for lxc.  The following is my bridge entry:
>
> #bridge for LXC iface br0 inet static
>        address 192.168.80.1
>        netmask 255.255.255.0
>        broadcast 192.168.80.255
>        network 192.168.80.0
>        bridge_ports eth1
>
> I had some other options designated, but have been playing with my 
> configurations to see if I can get a better result.
>
> Also, what is the correct method to bring up my bridge?  It seems like 
> when I run /etc/init.d/netwokring restart, it will come up as it should 
> sometimes, but sometimes gives me problems, like "eth1 is not a slave of 
> br0."
>
> The container appears to run as it should, but I really need it to have 
> proper networking to fulfil my needs.  Any ideas?

I've read the other comments so-far - just one question (and I may have 
missed it in the other emails):

Does the container actually have a default route setup?

However I also have a similar setup - 5-port Linux box acting as a router 
and LXC host, althouh I run PPPoE via an ADSL modem to the ISP. It runs 
Debian which has very similar config files to what you're presenting - 
maybe shorewall is based on Debian? (I've no idea - never looked at it)

In the host, my /etc/network/interfaces for the bridge unit:

auto eth1
iface eth1 inet manual

auto br0
iface br0 inet static
   bridge_ports   eth1
   bridge_stp     off
   bridge_fd      0
   bridge_maxwait 0
   address        81.31.100.110
   network        81.31.100.104
   broadcast      81.31.100.111
   netmask        255.255.255.248

My eth1 is currently connected to a single PC (81.31.100.107 but that's 
not really relevant here)

I don't need to do any brctl stuff as Debians network scripts does all 
that for me, however it does sometimes get confused if I bring the 
interface down & up again. (or manually fiddle without using ifup/ifdown)

My contaners config file looks like:

lxc.utsname        = bell
lxc.network.type   = veth
lxc.network.flags  = up
lxc.network.link   = br0
lxc.network.hwaddr = 00:00:fc:00:00:01
lxc.network.ipv4   = 81.31.100.108/29
lxc.network.name   = eth0

etc.


and in the startup script of the contaner (/etc/init.d/rcS) I have:

   route add default gw 81.31.100.105

and that's it. Just works...

So the only thing I've not seen from you is your container having a 
default route...

What does

   netstat -rn (or route -n, but old habits die hard)

in the container show?


Gordon




More information about the lxc-users mailing list