[lxc-users] unprivileged containers with PHYS network type and vlan interfaces on host.
Shidan
shidan at gmail.com
Mon Jun 9 23:49:42 UTC 2014
Hi, I figured it out, I used ebtables to rewrite the mac address on
postrouting and everything works.
Now I have another problem with LXC containers running Ubuntu 14.04, the
DNS server does not persist on reboot, it seems like my
/etc/network/interfaces is not being read and when I do sudo ifdown -a &&
sudo ifup -a from the container I get the error:
RTNETLINK answers: File exists
Failed to bring up eth0.
On Mon, Jun 9, 2014 at 7:32 PM, Serge Hallyn <serge.hallyn at ubuntu.com>
wrote:
> Are you using veth or macvlan? Please show the container configuration
> as well as /etc/network/interfaces on the host and 'brctl show' and
> 'ifconfig -a' output.
>
> Quoting Shidan (shidan at gmail.com):
> > Thanks for the help Stéphane and Serge.
> >
> > I've set it up so that the host device is a bridge br0, I then assigned
> > those IP addresses which were previously aliases on eth0 to the
> containers
> > (configured with same gateway as the host) and connected them to the br0
> > bridge.
> >
> > The network works fine internally, I can SSH into the host from the
> > containers and vice versa.
> >
> > However, I can't access from or to anything external, I think this is
> > because the mac addresses of the containers are different than the mac
> > address of the host and the gateway won't allow this. How can I make it
> so
> > that it will use the hosts mac address with the outside world.
> >
> >
> >
> >
> > On Thu, Jun 5, 2014 at 2:32 PM, Stéphane Graber <stgraber at ubuntu.com>
> wrote:
> >
> > > On Thu, Jun 05, 2014 at 05:35:10PM +0000, Serge Hallyn wrote:
> > > > Quoting Shidan (shidan at gmail.com):
> > > > > Hello, on my host I have 4 VLAN interfaces on eth0
> > > > > (eth0:1, eth0:2, eth0:3, eth0:4) and each one has its own assigned
> > > public
> > > > > IP address.
> > >
> > > Also note that eth0:1 isn't a vlan interface, it's simply an extra
> > > address added to eth0 with an alias value of "eth0:1". So even if we
> did
> > > have the phys or vlan interface types working with unprivileged
> > > containers, they still wouldn't work with interface aliases.
> > >
> > > In your case, I think you either want to put eth0 itself into a bridge
> > > accessible to your containers or maybe do something with the macvlan
> > > driver instead (though that latter won't work with unprivileged
> > > containers).
> > >
> > > > >
> > > > > I want to create 4 unprivileged containers and assign a unique VLAN
> > > > > interface to each, similar (I think) to a PHYS network type. How
> > > should I
> > > > > go about doing this?
> > > >
> > > > Currently that's not possible, only veth is supported in unprivileged
> > > > containers. What you can do is bridge each link and connect the
> > > > unpriv container veths to those bridges
> > > > _______________________________________________
> > > > lxc-users mailing list
> > > > lxc-users at lists.linuxcontainers.org
> > > > http://lists.linuxcontainers.org/listinfo/lxc-users
> > >
> > > --
> > > Stéphane Graber
> > > Ubuntu developer
> > > http://www.ubuntu.com
> > >
> > > _______________________________________________
> > > lxc-users mailing list
> > > lxc-users at lists.linuxcontainers.org
> > > http://lists.linuxcontainers.org/listinfo/lxc-users
> > >
>
> > _______________________________________________
> > lxc-users mailing list
> > lxc-users at lists.linuxcontainers.org
> > http://lists.linuxcontainers.org/listinfo/lxc-users
>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20140609/4993c1ce/attachment.html>
More information about the lxc-users
mailing list