[Lxc-users] LXC Container: Network Configuration

Patrick Kevin McCaffrey pkm at uwm.edu
Thu Dec 1 17:33:57 UTC 2011 


----- Original Message -----
From: "Gordon Henderson" <gordon at drogon.net>
To: "Linux Containers List" <lxc-users at lists.sourceforge.net>
Sent: Thursday, December 1, 2011 7:49:04 AM
Subject: Re: [Lxc-users] LXC Container:  Network Configuration

On Tue, 29 Nov 2011, Patrick Kevin McCaffrey wrote:

> Alright, I've been struggling with LXC for several days now.  I can't 
> seem to get a container configured properly.  I originally was trying to 
> set up a few Ubuntu Oneiric containers, but am now just trying to get a 
> Debian template container set up using the lxc-debian script that comes 
> with lxc.
>
> The container runs, and I can log in to it via SSH from the host 
> machine.
>
> The host machine also runs as my router, as it has a 4 port ethernet 
> card (four subnets, DHCP running on each).  However, I cannot SSH into 
> my container from another computer on the local network -- it is only 
> accessible via the host machine.  If I try to SSH from another machine, 
> it says "no route to host."  Additionally, the container does not have 
> internet access.  If I try to ping, use wget or apt, I get connection 
> errors.  I'm assuming these two problems are related.
>
> I've got my local network set up using Shorewall, and it works 
> reasonably well for everything else (the entire local network is on the 
> "local" zone, which is completely open).  The host's 
> etc/network/interfaces file sets up the five ethernet interfaces 
> (eth0-eth3 with static IPs and eth4 with DHCP from the cable modem) as 
> well as the bridge for lxc.  The following is my bridge entry:
>
> #bridge for LXC iface br0 inet static
>        address 192.168.80.1
>        netmask 255.255.255.0
>        broadcast 192.168.80.255
>        network 192.168.80.0
>        bridge_ports eth1
>
> I had some other options designated, but have been playing with my 
> configurations to see if I can get a better result.
>
> Also, what is the correct method to bring up my bridge?  It seems like 
> when I run /etc/init.d/netwokring restart, it will come up as it should 
> sometimes, but sometimes gives me problems, like "eth1 is not a slave of 
> br0."
>
> The container appears to run as it should, but I really need it to have 
> proper networking to fulfil my needs.  Any ideas?

I've read the other comments so-far - just one question (and I may have 
missed it in the other emails):

Does the container actually have a default route setup?

However I also have a similar setup - 5-port Linux box acting as a router 
and LXC host, althouh I run PPPoE via an ADSL modem to the ISP. It runs 
Debian which has very similar config files to what you're presenting - 
maybe shorewall is based on Debian? (I've no idea - never looked at it)

In the host, my /etc/network/interfaces for the bridge unit:

auto eth1
iface eth1 inet manual

auto br0
iface br0 inet static
   bridge_ports   eth1
   bridge_stp     off
   bridge_fd      0
   bridge_maxwait 0
   address        81.31.100.110
   network        81.31.100.104
   broadcast      81.31.100.111
   netmask        255.255.255.248

My eth1 is currently connected to a single PC (81.31.100.107 but that's 
not really relevant here)

I don't need to do any brctl stuff as Debians network scripts does all 
that for me, however it does sometimes get confused if I bring the 
interface down & up again. (or manually fiddle without using ifup/ifdown)

My contaners config file looks like:

lxc.utsname        = bell
lxc.network.type   = veth
lxc.network.flags  = up
lxc.network.link   = br0
lxc.network.hwaddr = 00:00:fc:00:00:01
lxc.network.ipv4   = 81.31.100.108/29
lxc.network.name   = eth0

etc.


and in the startup script of the contaner (/etc/init.d/rcS) I have:

   route add default gw 81.31.100.105

and that's it. Just works...

So the only thing I've not seen from you is your container having a 
default route...

What does

   netstat -rn (or route -n, but old habits die hard)

in the container show?


Gordon

------------------------------------------------------------------------------



----- Original Message -----
From: "Gordon Henderson" <gordon at drogon.net>
To: "Linux Containers List" <lxc-users at lists.sourceforge.net>
Sent: Thursday, December 1, 2011 7:49:04 AM
Subject: Re: [Lxc-users] LXC Container:  Network Configuration

On Tue, 29 Nov 2011, Patrick Kevin McCaffrey wrote:

> Alright, I've been struggling with LXC for several days now.  I can't 
> seem to get a container configured properly.  I originally was trying to 
> set up a few Ubuntu Oneiric containers, but am now just trying to get a 
> Debian template container set up using the lxc-debian script that comes 
> with lxc.
>
> The container runs, and I can log in to it via SSH from the host 
> machine.
>
> The host machine also runs as my router, as it has a 4 port ethernet 
> card (four subnets, DHCP running on each).  However, I cannot SSH into 
> my container from another computer on the local network -- it is only 
> accessible via the host machine.  If I try to SSH from another machine, 
> it says "no route to host."  Additionally, the container does not have 
> internet access.  If I try to ping, use wget or apt, I get connection 
> errors.  I'm assuming these two problems are related.
>
> I've got my local network set up using Shorewall, and it works 
> reasonably well for everything else (the entire local network is on the 
> "local" zone, which is completely open).  The host's 
> etc/network/interfaces file sets up the five ethernet interfaces 
> (eth0-eth3 with static IPs and eth4 with DHCP from the cable modem) as 
> well as the bridge for lxc.  The following is my bridge entry:
>
> #bridge for LXC iface br0 inet static
>        address 192.168.80.1
>        netmask 255.255.255.0
>        broadcast 192.168.80.255
>        network 192.168.80.0
>        bridge_ports eth1
>
> I had some other options designated, but have been playing with my 
> configurations to see if I can get a better result.
>
> Also, what is the correct method to bring up my bridge?  It seems like 
> when I run /etc/init.d/netwokring restart, it will come up as it should 
> sometimes, but sometimes gives me problems, like "eth1 is not a slave of 
> br0."
>
> The container appears to run as it should, but I really need it to have 
> proper networking to fulfil my needs.  Any ideas?

I've read the other comments so-far - just one question (and I may have 
missed it in the other emails):

Does the container actually have a default route setup?

However I also have a similar setup - 5-port Linux box acting as a router 
and LXC host, althouh I run PPPoE via an ADSL modem to the ISP. It runs 
Debian which has very similar config files to what you're presenting - 
maybe shorewall is based on Debian? (I've no idea - never looked at it)

In the host, my /etc/network/interfaces for the bridge unit:

auto eth1
iface eth1 inet manual

auto br0
iface br0 inet static
   bridge_ports   eth1
   bridge_stp     off
   bridge_fd      0
   bridge_maxwait 0
   address        81.31.100.110
   network        81.31.100.104
   broadcast      81.31.100.111
   netmask        255.255.255.248

My eth1 is currently connected to a single PC (81.31.100.107 but that's 
not really relevant here)

I don't need to do any brctl stuff as Debians network scripts does all 
that for me, however it does sometimes get confused if I bring the 
interface down & up again. (or manually fiddle without using ifup/ifdown)

My contaners config file looks like:

lxc.utsname        = bell
lxc.network.type   = veth
lxc.network.flags  = up
lxc.network.link   = br0
lxc.network.hwaddr = 00:00:fc:00:00:01
lxc.network.ipv4   = 81.31.100.108/29
lxc.network.name   = eth0

etc.


and in the startup script of the contaner (/etc/init.d/rcS) I have:

   route add default gw 81.31.100.105

and that's it. Just works...

So the only thing I've not seen from you is your container having a 
default route...

What does

   netstat -rn (or route -n, but old habits die hard)

in the container show?


Gordon

------------------------------------------------------------------------------



Thanks a bunch, Gordon.  I ran route -n inside the container, as saw there was no gateway.  Assigning 192.168.80.1 (the address of br0) as the default gateway inside the container works beautifully.  I can now apt-get from the container, and ping it from another subnet too.  I had been playing with the "gateway" setting in /etc/network/interfaces on the host machine, but it seems like everything worked (as far as the machine acting as my router, and each subnet having access to the Internet and each other) without defining a default gateway, so it totally slipped my mind to try assigning one inside the container.

Again, thank a lot.  This mailing list has proved to be extremely helpful over the last few days.

Pat

More information about the lxc-users mailing list