[Lxc-users] LXC on ubuntu precise and dhclient/net config
Fajar A. Nugraha
list at fajar.net
Sun Jun 10 01:04:24 UTC 2012
On Sun, Jun 10, 2012 at 3:24 AM, Vasiliy Molostov <molostoff at gmail.com> wrote:
> I had some lxc containers running under oneiric with dhcp-obtained ip4 address
> configuration (container's veth on host's br0), and now I have upgraded host
> to precise and unable to start even new clean ubuntu/precise container with
> lxc default veth config: dhclient does not receive reply, container does not
> display login prompt.
>
> If the static ip4 address is set in container configuration file then
> networking works fine, ssh enters session, but anyway dhclient fails to
> obtain/renew.
>
> I have tried to run container "unconfined", and even disabled any apparmor
> related checks via 'aa-disable' but still no success.
It shouldn't be related to apparmor. It MIGHT be related to bridge
forwarding delay though.
You didn't say which bridge the containter is connected to. I'd
suggest connecting it to lxcbr0 first (should be created already by
default).
FWIW, I use something like this to create my own lxcbr-like bridge on
/etc/network/interfaces, complete with dnsmasq for dhcp & dns:
#=================
auto dummy0
iface dummy0 inet manual
auto br0
iface br0 inet static
address 192.168.124.1
netmask 255.255.255.0
bridge_ports dummy0
bridge_maxwait 0
bridge_stp off
bridge_fd 0
#post-up /sbin/iptables --table filter --insert INPUT --proto udp \
# --dport 67 --jump ACCEPT
post-up /sbin/iptables --table filter --insert INPUT --source \
192.168.124.0/255.255.255.0 --jump ACCEPT
post-up /sbin/iptables --table filter --insert FORWARD --source \
192.168.124.0/255.255.255.0 --jump ACCEPT
post-up /sbin/iptables --table filter --insert FORWARD --destination \
192.168.124.0/255.255.255.0 --match state \
--state ESTABLISHED,RELATED --jump ACCEPT
post-up /sbin/iptables --table nat --insert POSTROUTING --source \
192.168.124.0/255.255.255.0 \
! --destination 192.168.124.0/255.255.255.0 --jump MASQUERADE
post-up /usr/sbin/dnsmasq --strict-order --bind-interfaces \
--pid-file=/var/run/dnsmasq-br0.pid --listen-address
192.168.124.1 \
--dhcp-range 192.168.124.2,192.168.124.254
--dhcp-lease-max=253 \
--dhcp-no-override
#pre-down /sbin/iptables --table filter --insert INPUT --proto udp \
# --dport 67 --jump ACCEPT
pre-down kill `cat /var/run/dnsmasq-br0.pid`
pre-down /sbin/iptables --table filter --delete INPUT --source \
192.168.124.0/255.255.255.0 --jump ACCEPT
pre-down /sbin/iptables --table filter --delete FORWARD --source \
192.168.124.0/255.255.255.0 --jump ACCEPT
pre-down /sbin/iptables --table filter --delete FORWARD --destination \
192.168.124.0/255.255.255.0 --match state \
--state ESTABLISHED,RELATED --jump ACCEPT
pre-down /sbin/iptables --table nat --delete POSTROUTING --source \
192.168.124.0/255.255.255.0 \
! --destination 192.168.124.0/255.255.255.0 --jump MASQUERADE
#============
--
Fajar
More information about the lxc-users
mailing list