[Lxc-users] LXC Container: Network Configuration
Gordon Henderson
gordon at drogon.net
Thu Dec 1 13:49:04 UTC 2011
On Tue, 29 Nov 2011, Patrick Kevin McCaffrey wrote:
> Alright, I've been struggling with LXC for several days now. I can't
> seem to get a container configured properly. I originally was trying to
> set up a few Ubuntu Oneiric containers, but am now just trying to get a
> Debian template container set up using the lxc-debian script that comes
> with lxc.
>
> The container runs, and I can log in to it via SSH from the host
> machine.
>
> The host machine also runs as my router, as it has a 4 port ethernet
> card (four subnets, DHCP running on each). However, I cannot SSH into
> my container from another computer on the local network -- it is only
> accessible via the host machine. If I try to SSH from another machine,
> it says "no route to host." Additionally, the container does not have
> internet access. If I try to ping, use wget or apt, I get connection
> errors. I'm assuming these two problems are related.
>
> I've got my local network set up using Shorewall, and it works
> reasonably well for everything else (the entire local network is on the
> "local" zone, which is completely open). The host's
> etc/network/interfaces file sets up the five ethernet interfaces
> (eth0-eth3 with static IPs and eth4 with DHCP from the cable modem) as
> well as the bridge for lxc. The following is my bridge entry:
>
> #bridge for LXC iface br0 inet static
> address 192.168.80.1
> netmask 255.255.255.0
> broadcast 192.168.80.255
> network 192.168.80.0
> bridge_ports eth1
>
> I had some other options designated, but have been playing with my
> configurations to see if I can get a better result.
>
> Also, what is the correct method to bring up my bridge? It seems like
> when I run /etc/init.d/netwokring restart, it will come up as it should
> sometimes, but sometimes gives me problems, like "eth1 is not a slave of
> br0."
>
> The container appears to run as it should, but I really need it to have
> proper networking to fulfil my needs. Any ideas?
I've read the other comments so-far - just one question (and I may have
missed it in the other emails):
Does the container actually have a default route setup?
However I also have a similar setup - 5-port Linux box acting as a router
and LXC host, althouh I run PPPoE via an ADSL modem to the ISP. It runs
Debian which has very similar config files to what you're presenting -
maybe shorewall is based on Debian? (I've no idea - never looked at it)
In the host, my /etc/network/interfaces for the bridge unit:
auto eth1
iface eth1 inet manual
auto br0
iface br0 inet static
bridge_ports eth1
bridge_stp off
bridge_fd 0
bridge_maxwait 0
address 81.31.100.110
network 81.31.100.104
broadcast 81.31.100.111
netmask 255.255.255.248
My eth1 is currently connected to a single PC (81.31.100.107 but that's
not really relevant here)
I don't need to do any brctl stuff as Debians network scripts does all
that for me, however it does sometimes get confused if I bring the
interface down & up again. (or manually fiddle without using ifup/ifdown)
My contaners config file looks like:
lxc.utsname = bell
lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = br0
lxc.network.hwaddr = 00:00:fc:00:00:01
lxc.network.ipv4 = 81.31.100.108/29
lxc.network.name = eth0
etc.
and in the startup script of the contaner (/etc/init.d/rcS) I have:
route add default gw 81.31.100.105
and that's it. Just works...
So the only thing I've not seen from you is your container having a
default route...
What does
netstat -rn (or route -n, but old habits die hard)
in the container show?
Gordon
More information about the lxc-users
mailing list