[Lxc-users] Routing issues

Rory Campbell-Lange rory at campbell-lange.net
Mon Jun 3 22:52:44 UTC 2013 

On 04/06/13, Papp Tamas (tompos at martos.bme.hu) wrote:
> On 06/03/2013 06:55 PM, Rory Campbell-Lange wrote:
> >
> > I can ssh into the main host from the lxc host. However I cannot hit the
> > internet from the lxc host. I'd be grateful for some pointers.
> >
> > At present I have the following configuration on the host:
> >
> >      auto br0
> >      iface br0 inet static
> >              bridge_ports eth0
> >              bridge_fd 0
> >              address aa.bb.cc.103
> >              netmask 255.255.255.192
> >              gateway aa.bb.cc.65
> >
> > and the following in the container config:
> >
> >      lxc.utsname = wheezy05
> >      lxc.network.type = veth
> >      lxc.network.flags = up
> >      lxc.network.link = br0
> >      lxc.network.ipv4 = aa.bb.cc.87/26
> >      lxc.network.hwaddr = 00:1E:83:8D:7C:25
> >
> > with the following in wheezy05's /etc/network/interfaces file:
> >
> >      auto eth0
> >      # iface eth0 inet dhcp
> >      iface eth0 inet static
> >          address aa.bb.cc.87
> >          netmask 255.255.255.192
> >          gateway aa.bb.cc.65
> >
> > One specific issue I found:
> >
> >      * it looks like the container address is assigned at startup and the
> >        'interfaces' network stanza is not run -- I have to assign the
> >        gateway by hand
> 
> So you can or can not hit the internet? It's not clear, what your
> problem is exactly It's also not clear, which one you mean by 'lxc
> host'.
> 
> Do you really mean the machine, where containers are running, or lxc
> host is actually the guest?
> 
> You don't need to use lxc.network.ipv4, if you setup the network from
> the container.

Hi Tamas

Thanks very much for your email. First of all thanks very much for the
note about the lxc.network.ipv4 paramenter -- I disabled that and
routing seems to be fine.

My question was unclear -- sorry! My host is on the internet. I can ssh
from the guest to the host over the bridge, but I can't route out of the
subnet. Do I need iptables masquerading on the host in this scenario?

host 'ip addr' output with the guest running:

    2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP qlen 1000
        link/ether 00:e0:81:4c:bc:f6 brd ff:ff:ff:ff:ff:ff
    3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
        link/ether 00:e0:81:4c:bc:f7 brd ff:ff:ff:ff:ff:ff
        inet 192.168.9.9/27 brd 192.168.9.31 scope global eth1
        inet6 fe80::2e0:81ff:fe4c:bcf7/64 scope link 
           valid_lft forever preferred_lft forever
    4: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP 
        link/ether 00:e0:81:4c:bc:f6 brd ff:ff:ff:ff:ff:ff
        inet aa.bb.cc.103/26 brd aa.bb.cc.127 scope global br0
        inet6 fe80::2e0:81ff:fe4c:bcf6/64 scope link 
           valid_lft forever preferred_lft forever
    36: vethklhgjT: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP qlen 1000
        link/ether fe:ae:36:71:d7:2b brd ff:ff:ff:ff:ff:ff
        inet6 fe80::fcae:36ff:fe71:d72b/64 scope link 
           valid_lft forever preferred_lft forever

Regards
Rory
-- 
Rory Campbell-Lange
rory at campbell-lange.net

More information about the lxc-users mailing list