[lxc-users] unprivileged containers with PHYS network type and vlan interfaces on host.

Serge Hallyn serge.hallyn at ubuntu.com
Mon Jun 9 23:32:24 UTC 2014


Are you using veth or macvlan?  Please show the container configuration
as well as /etc/network/interfaces on the host and 'brctl show' and
'ifconfig -a' output.

Quoting Shidan (shidan at gmail.com):
> Thanks for the help Stéphane and Serge.
> 
> I've set it up so that the host device is a bridge br0, I then assigned
> those IP addresses which were previously aliases on eth0 to the containers
> (configured with same gateway as the host) and connected them to the br0
> bridge.
> 
> The network works fine internally, I can SSH into the host from the
> containers and vice versa.
> 
> However, I can't access from or to anything external, I think this is
> because the mac addresses of the containers are different than the mac
> address of the host and the gateway won't allow this. How can I make it so
> that it will use the hosts mac address with the outside world.
> 
> 
> 
> 
> On Thu, Jun 5, 2014 at 2:32 PM, Stéphane Graber <stgraber at ubuntu.com> wrote:
> 
> > On Thu, Jun 05, 2014 at 05:35:10PM +0000, Serge Hallyn wrote:
> > > Quoting Shidan (shidan at gmail.com):
> > > > Hello, on my host I have 4 VLAN interfaces on eth0
> > > > (eth0:1, eth0:2, eth0:3, eth0:4) and each one has its own assigned
> > public
> > > > IP address.
> >
> > Also note that eth0:1 isn't a vlan interface, it's simply an extra
> > address added to eth0 with an alias value of "eth0:1". So even if we did
> > have the phys or vlan interface types working with unprivileged
> > containers, they still wouldn't work with interface aliases.
> >
> > In your case, I think you either want to put eth0 itself into a bridge
> > accessible to your containers or maybe do something with the macvlan
> > driver instead (though that latter won't work with unprivileged
> > containers).
> >
> > > >
> > > > I want to create 4 unprivileged containers and assign a unique VLAN
> > > > interface to each, similar (I think) to a PHYS network type. How
> > should I
> > > > go about doing this?
> > >
> > > Currently that's not possible, only veth is supported in unprivileged
> > > containers.  What you can do is bridge each link and connect the
> > > unpriv container veths to those bridges
> > > _______________________________________________
> > > lxc-users mailing list
> > > lxc-users at lists.linuxcontainers.org
> > > http://lists.linuxcontainers.org/listinfo/lxc-users
> >
> > --
> > Stéphane Graber
> > Ubuntu developer
> > http://www.ubuntu.com
> >
> > _______________________________________________
> > lxc-users mailing list
> > lxc-users at lists.linuxcontainers.org
> > http://lists.linuxcontainers.org/listinfo/lxc-users
> >

> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users



More information about the lxc-users mailing list