[Lxc-users] LXC on ubuntu precise and dhclient/net config

Fajar A. Nugraha list at fajar.net
Sun Jun 10 01:04:24 UTC 2012


On Sun, Jun 10, 2012 at 3:24 AM, Vasiliy Molostov <molostoff at gmail.com> wrote:
> I had some lxc containers running under oneiric with dhcp-obtained ip4 address
> configuration (container's veth on host's br0), and now I have upgraded host
> to precise and unable to start even new clean ubuntu/precise container with
> lxc default veth config: dhclient does not receive reply, container does not
> display login prompt.
>
> If the static ip4 address is set in container configuration file then
> networking works fine, ssh enters session, but anyway dhclient fails to
> obtain/renew.
>
> I have tried to run container "unconfined", and even disabled any apparmor
> related checks via 'aa-disable' but still no success.

It shouldn't be related to apparmor. It MIGHT be related to bridge
forwarding delay though.

You didn't say which bridge the containter is connected to. I'd
suggest connecting it to lxcbr0 first (should be created already by
default).

FWIW, I use something like this to create my own lxcbr-like bridge on
/etc/network/interfaces, complete with dnsmasq for dhcp & dns:

#=================

auto dummy0
iface dummy0 inet manual

auto br0
iface br0 inet static
        address 192.168.124.1
        netmask 255.255.255.0

        bridge_ports dummy0
        bridge_maxwait 0
        bridge_stp off
        bridge_fd 0

        #post-up /sbin/iptables --table filter --insert INPUT --proto udp \
        #        --dport 67 --jump ACCEPT
        post-up /sbin/iptables --table filter --insert INPUT --source \
                192.168.124.0/255.255.255.0 --jump ACCEPT
        post-up /sbin/iptables --table filter --insert FORWARD --source \
                192.168.124.0/255.255.255.0 --jump ACCEPT
        post-up /sbin/iptables --table filter --insert FORWARD --destination \
                192.168.124.0/255.255.255.0 --match state \
                --state ESTABLISHED,RELATED --jump ACCEPT
        post-up /sbin/iptables --table nat --insert POSTROUTING --source \
                192.168.124.0/255.255.255.0 \
                ! --destination 192.168.124.0/255.255.255.0 --jump MASQUERADE
        post-up /usr/sbin/dnsmasq --strict-order --bind-interfaces \
                --pid-file=/var/run/dnsmasq-br0.pid --listen-address
192.168.124.1 \
                --dhcp-range 192.168.124.2,192.168.124.254
--dhcp-lease-max=253 \
                --dhcp-no-override

        #pre-down /sbin/iptables --table filter --insert INPUT --proto udp \
        #        --dport 67 --jump ACCEPT
        pre-down kill `cat /var/run/dnsmasq-br0.pid`
        pre-down /sbin/iptables --table filter --delete INPUT --source \
                192.168.124.0/255.255.255.0 --jump ACCEPT
        pre-down /sbin/iptables --table filter --delete FORWARD --source \
                192.168.124.0/255.255.255.0 --jump ACCEPT
        pre-down /sbin/iptables --table filter --delete FORWARD --destination \
                192.168.124.0/255.255.255.0 --match state \
                --state ESTABLISHED,RELATED --jump ACCEPT
        pre-down /sbin/iptables --table nat --delete POSTROUTING --source \
                192.168.124.0/255.255.255.0 \
                ! --destination 192.168.124.0/255.255.255.0 --jump MASQUERADE

#============

-- 
Fajar




More information about the lxc-users mailing list