[lxc-users] No outgoing traffic with bridged network and public IP address from container

Fajar A. Nugraha list at fajar.net
Thu Sep 11 14:13:03 UTC 2014


Depends on how your provider set it up.

If it WERE intended to work that way, they would've given you full
instructions (e.g. "use this IP, this netmask, and this gateway") instead
of just giving the IP (and probably say "add this as a secondary IP on your
server).

The fact that you say it works when you use it as br0:0 (and br0 has
81.7.15.233) means that at that point you're NOT using bridge, but instead
use your host's primary IP as the gateway. And your provider has route that
IP thru your primary IP.

Again, it is important to know how your provider works. Asking them BEFORE
asking questions here would've lead to a more productive discussion.

FWIW, on server4you I use something like this:

On the host's /etc/network/interfaces:
#==========================
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
  address 209.126.X.Y
  netmask 255.255.255.192
  gateway 209.126.X.1

auto br0
iface br0 inet static
        address 192.168.124.1
netmask 255.255.255.0
bridge_ports none
up ip route add A.B.C.D/32 dev br0 || true



... where A.B.C.D is the one additional IP that they gave me.


On the container lxc config:
#===================
# Network configuration
lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = br0
lxc.network.hwaddr = 00:16:3E:04:A8:65
lxc.network.veth.pair=veth-C1-0


On the container's /etc/network/interfaces:
#==============================
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
        address A.B.C.D
        netmask 255.255.255.255
up ip route add 192.168.124.1 dev eth0
up ip route add default via 192.168.124.1



Basically it uses some static routes to force communication between the
hosts's br0 and the container's eth0, even though they're on different
logical subnet (br0 192.168.124.1/24, container is A.B.C.D/32). And
container's traffic is routed thru the host's br0, which in turn goes to
the provider's routing thru the host's main IP. Pure routing setup, no NAT
involved.

-- 
Fajar



On Thu, Sep 11, 2014 at 8:19 PM, othiman <othiman at gmx.de> wrote:

> 91.143.88.1 actually is the providers gateway for the subnet.
>
> The whole IP configuration for the container looks like this:
> IP address: 91.143.88.119
> netmask: 255.255.255.0
> broadcast: 91.143.88.255
> gateway: 91.143.88.1
>
> So the container is on a totally different subnet, but shouldn't that work
> anyway with a bridged device?
>
> Best regards,
> Thomas
>
>
> On 11.09.2014 15:11, brian mullan wrote:
>
>> In your container config you set the IP gateway as:
>>
>>  lxc.network.ipv4.gateway=91.143.88.1
>>
>> But I didn't see that IP addr anywhere else in your email. Where is 88.1 ?
>>
>> Brian
>>
>>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20140911/d7c07e00/attachment.html>


More information about the lxc-users mailing list