[lxc-users] Network connection on a Debian unstable host
Fajar A. Nugraha
list at fajar.net
Mon Mar 23 03:34:44 UTC 2015
On Sun, Mar 22, 2015 at 10:53 PM, Geordie <geordi at kos.net> wrote:
> /etc/lxc/default.conf
> lxc.utsname =lsmb1
> lxc.network.type=veth
> lxc.network.flags=up
> lxc.network.link=br0
> lxc.network.hwaddr=ac:de:48:00:00:15
is the a unique MAC address?
If you're unsure, just leave it empty.
> lxc.network.ipv4=10.0.0.15
ip address is not what you usually put on /etc/lxc/default.conf.
I'd actually recommend you do NOT specify that at all, and setup
networking on the host's /etc/network/interfaces
>
> /etc/network/interfaces
> # The loopback network interface
> iface br0 inet static
> bridge_ports eth0
> bridge_fd 0
> address 10.0.0.15
> netmask 255.255.255.0
> network 10.0.0.0
> broadcast 10.0.0.255
> gateway 10.0.0.1
So you set static IP on the host?
Then the easiest way is to also use static IP setup on the container.
> lxc.network.hwaddr = ac:de:48:00:00:15
> lxc.network.ipv4 = 10.0.0.15/8
>
> /var/lib/lxc/lsmb1/rootfs/etc/network/interfaces
>
> auto lo
> iface lo inet loopback
>
> auto eth0
> iface eth0 inet dhcp
See my earlier comment.
Do you have dhcp server enable on your network? If yes, then simply
remove lxc.network.ipv4 (and possibly lxc.network.hwaddr) from
container config file. If not, then remove those lines, AND change
/var/lib/lxc/lsmb1/rootfs/etc/network/interfaces to use static IP.
>
> I can ping the container, and ssh from the container to another
> computer on the lan. I cannot access the WAN from the container when I
> ssh to the host from the container I get the hosts root at laptop:~# I
> find that strange
Either:
- you did not setup default gateway on the container (basic networking
issue, see debian man page)
- you haven't enable /proc/sys/net/ipv4/ip_forward on the host
>
> lxc: Installed: 1:1.0.7-1 Kernel: 3.16.0-4-amd64 x86_64 (64 bit) Debian
> Unstable
>
> So what is needed to connect to the internet and I will admit that my
> iptables-foo knowledge is severely lacking
You shouldn't need iptables for that setup if your default rule is ACCEPT.
If you know how to build from source, lxc-1.1.1 should have better
support for debian, including an init script that creates lxcbr0. Very
useful if you ONLY want a NAT setup (container can access anything,
outside host can't access the container directly)
--
Fajar
More information about the lxc-users
mailing list