[lxc-users] Container doesn't connect to bridge
Joshua Schaeffer
jschaeffer0922 at gmail.com
Fri Oct 23 22:34:20 UTC 2015
Alright, making progress on this. I forgot to mention that the host is a VM
running off of VMWare... slipped my mind :)
I set the virtual switch that the host uses to promiscuous mode and I can
ping the gateway and other machines on my subnet from the container,
however I still cannot get to the outside world:
>From the container:
root at thinkweb:/# ping 192.168.54.1
PING 192.168.54.1 (192.168.54.1) 56(84) bytes of data.
64 bytes from 192.168.54.1: icmp_seq=1 ttl=255 time=2.98 ms
64 bytes from 192.168.54.1: icmp_seq=2 ttl=255 time=5.01 ms
64 bytes from 192.168.54.1: icmp_seq=3 ttl=255 time=1.10 ms
^C
--- 192.168.54.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 1.105/3.035/5.014/1.597 ms
root at thinkweb:/# ping 192.168.54.65
PING 192.168.54.65 (192.168.54.65) 56(84) bytes of data.
64 bytes from 192.168.54.65: icmp_seq=1 ttl=64 time=0.245 ms
64 bytes from 192.168.54.65: icmp_seq=2 ttl=64 time=0.041 ms
64 bytes from 192.168.54.65: icmp_seq=3 ttl=64 time=0.047 ms
^C
--- 192.168.54.65 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1998ms
rtt min/avg/max/mdev = 0.041/0.111/0.245/0.094 ms
root at thinkweb:/# ping 8.8.8.8
connect: Network is unreachable
Is this because of my routing table on the container?
Thanks,
Joshua
On Fri, Oct 23, 2015 at 3:50 PM, Joshua Schaeffer <jschaeffer0922 at gmail.com>
wrote:
> Okay, ip_forward was set to 0 on the host. I changed it to 1, but I still
> wasn't able to ping the gateway from the container. iptables rules is set
> to accept for INPUT, FORWARD, and OUTPUT on the host:
>
> jschaeffer at prvlxc01:~$ sudo iptables -L
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
>
> Here is the OVS db output:
>
> jschaeffer at prvlxc01:~$ sudo ovs-vsctl show
> [sudo] password for jschaeffer:
> 4e502746-9746-4972-8cb4-cf27f7b7332f
> Bridge "br0"
> Port "veth52B8DS"
> Interface "veth52B8DS"
> Port vethYERYXP
> Interface vethYERYXP
> Port "vethAGP5QO"
> Interface "vethAGP5QO"
> Port "eth0"
> Interface "eth0"
> Port "veth6WFED2"
> Interface "veth6WFED2"
> Port "br0"
> Interface "br0"
> type: internal
> ovs_version: "2.3.0"
>
> Not sure if this is a problem or not, but I ran ifconfig on the host again
> and it looks like the last 6 digits of the veth changed (maybe because I
> changed the lxc's config to include the hardward address?). This particular
> veth is not included in the ovs output:
>
> jschaeffer at prvlxc01:~$ sudo ifconfig
> [...]
> vethJMVQHJ Link encap:Ethernet HWaddr fe:1f:8a:a9:25:52
> inet6 addr: fe80::fc1f:8aff:fea9:2552/64 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:15 errors:0 dropped:0 overruns:0 frame:0
> TX packets:216 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:1054 (1.0 KiB) TX bytes:21554 (21.0 KiB)
>
> Thanks,
> Joshua
>
> On Fri, Oct 23, 2015 at 2:25 PM, Benoit GEORGELIN - Association Web4all <
> benoit.georgelin at web4all.fr> wrote:
>
>> Yes, thanks, I saw it in your configuration file.
>>
>> Everything looks good.
>> Your container does not have a gateway address , but you should be able
>> to ping local network .
>>
>> This looks good too:
>>
>> Address HWtype HWaddress Flags Mask
>> Iface
>> 192.168.54.65 <callto:192.168.54.65> ether
>> 00:50:56:be:13:94 C eth0
>> 192.168.54.1 <callto:192.168.54.1> ether 00:13:c4:f2:64:41
>> C eth0
>>
>>
>> Your container know the mac address of the host. Communication is working
>> on that level.
>>
>> Do you have any iptables rules on the host ?
>>
>> Can you look at this file , it should be 1
>> cat /proc/sys/net/ipv4/ip_forward
>>
>> Also can you send the OVS db content:
>>
>> ovs-vsctl show
>>
>>
>> Cordialement,
>>
>> Benoît Georgelin -
>> Afin de contribuer au respect de l'environnement, merci de n'imprimer ce
>> mail qu'en cas de nécessité
>>
>> ------------------------------
>> *De: *"Joshua Schaeffer" <jschaeffer0922 at gmail.com>
>> *À: *"lxc-users" <lxc-users at lists.linuxcontainers.org>
>> *Envoyé: *Vendredi 23 Octobre 2015 15:41:49
>> *Objet: *Re: [lxc-users] Container doesn't connect to bridge
>>
>> Oh, also forgot to mention that I'm using OVS to create the bridge. I
>> didn't think this would be a problem if I got the bridge working on the
>> host, but let me know if I've missed something.
>> Thanks,
>> Joshua
>>
>> On Fri, Oct 23, 2015 at 1:36 PM, Joshua Schaeffer <
>> jschaeffer0922 at gmail.com> wrote:
>>
>>> Here ya go. It looks like the routing table is off for the container or
>>> am I just misreading that. Also I assigned the veth an mac address from the
>>> config file. Everything still appears to be the same, no change.
>>>
>>> Host:
>>> jschaeffer at prvlxc01:~$ sudo route -n
>>> Kernel IP routing table
>>> Destination Gateway Genmask Flags Metric Ref Use
>>> Iface
>>> 0.0.0.0 192.168.54.1 0.0.0.0 UG 0 0 0
>>> br0
>>> 192.168.54.0 0.0.0.0 255.255.255.128 U 0 0 0
>>> br0
>>>
>>> jschaeffer at prvlxc01:~$ cat /etc/network/interfaces
>>> # This file describes the network interfaces available on your system
>>> # and how to activate them. For more information, see interfaces(5).
>>>
>>> source /etc/network/interfaces.d/*
>>>
>>> # The loopback network interface
>>> auto lo
>>> iface lo inet loopback
>>>
>>> allow-ovs br0
>>> iface br0 inet static
>>> address 192.168.54.65
>>> netmask 255.255.255.128
>>> gateway 192.168.54.1
>>> ovs_type OVSBridge
>>> ovs_ports eth0
>>>
>>> # The primary network interface
>>> allow-br0 eth0
>>> iface eth0 inet manual
>>> ovs_bridge br0
>>> ovs_type OVSPort
>>>
>>>
>>>
>>> Container:
>>> root at thinkweb:~# route -n
>>> Kernel IP routing table
>>> Destination Gateway Genmask Flags Metric Ref Use
>>> Iface
>>> 192.168.54.0 0.0.0.0 255.255.255.128 U 0 0 0
>>> eth0
>>>
>>> root at thinkweb:~# arp -n
>>> Address HWtype HWaddress Flags Mask
>>> Iface
>>> 192.168.54.65 ether 00:50:56:be:13:94 C
>>> eth0
>>> 192.168.54.1 ether 00:13:c4:f2:64:41 C
>>> eth0
>>>
>>>
>>> On Fri, Oct 23, 2015 at 12:23 PM, Benoit GEORGELIN - Association Web4all
>>> <benoit.georgelin at web4all.fr> wrote:
>>>
>>>> Hi,
>>>>
>>>> can you provide from the host and from the container :
>>>>
>>>> route -n
>>>>
>>>> can you provide from the container :
>>>>
>>>> arp -n
>>>>
>>>> can you also give the bridge configuration from /etc/network/interfaces
>>>>
>>>> LXC configuration looks good to me .
>>>> I would try to set the mac address manually in the configuration file
>>>> like :
>>>>
>>>> lxc.network.hwaddr = fe:fa:9c:21:8d:0b
>>>>
>>>> Cordialement,
>>>>
>>>> Benoît Georgelin -
>>>> Afin de contribuer au respect de l'environnement, merci de n'imprimer
>>>> ce mail qu'en cas de nécessité
>>>>
>>>> ------------------------------
>>>> *De: *"Joshua Schaeffer" <jschaeffer0922 at gmail.com>
>>>> *À: *"lxc-users" <lxc-users at lists.linuxcontainers.org>
>>>> *Envoyé: *Vendredi 23 Octobre 2015 13:40:35
>>>> *Objet: *[lxc-users] Container doesn't connect to bridge
>>>>
>>>> I have a lxc container on version 1.1.2 on Debian that cannot connect to
>>>> the network. My host has br0 setup and I can access any machine on the
>>>> network and internet from the host:
>>>>
>>>> This is the host:
>>>> jschaeffer at prvlxc01:~$ sudo ifconfig
>>>> [sudo] password for jschaeffer:
>>>> br0 Link encap:Ethernet HWaddr 00:50:56:be:13:94
>>>> inet addr:192.168.54.65 Bcast:192.168.54.127
>>>> Mask:255.255.255.128
>>>> inet6 addr: fe80::250:56ff:febe:1394/64 Scope:Link
>>>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
>>>> RX packets:9891 errors:0 dropped:0 overruns:0 frame:0
>>>> TX packets:4537 errors:0 dropped:0 overruns:0 carrier:0
>>>> collisions:0 txqueuelen:0
>>>> RX bytes:4078480 (3.8 MiB) TX bytes:521427 (509.2 KiB)
>>>>
>>>> eth0 Link encap:Ethernet HWaddr 00:50:56:be:13:94
>>>> inet6 addr: fe80::250:56ff:febe:1394/64 Scope:Link
>>>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
>>>> RX packets:10872 errors:0 dropped:0 overruns:0 frame:0
>>>> TX packets:5085 errors:0 dropped:0 overruns:0 carrier:0
>>>> collisions:0 txqueuelen:1000
>>>> RX bytes:4159749 (3.9 MiB) TX bytes:575863 (562.3 KiB)
>>>>
>>>> lo Link encap:Local Loopback
>>>> inet addr:127.0.0.1 Mask:255.0.0.0
>>>> inet6 addr: ::1/128 Scope:Host
>>>> UP LOOPBACK RUNNING MTU:65536 Metric:1
>>>> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>>>> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>>>> collisions:0 txqueuelen:0
>>>> RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
>>>>
>>>> vethAGP5QO Link encap:Ethernet HWaddr fe:fa:9c:21:8d:0b
>>>> inet6 addr: fe80::fcfa:9cff:fe21:8d0b/64 Scope:Link
>>>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
>>>> RX packets:536 errors:0 dropped:0 overruns:0 frame:0
>>>> TX packets:3013 errors:0 dropped:0 overruns:0 carrier:0
>>>> collisions:0 txqueuelen:1000
>>>> RX bytes:49648 (48.4 KiB) TX bytes:332247 (324.4 KiB)
>>>>
>>>> From the container I cannot even reach the gateway:
>>>>
>>>> This is the container:
>>>> root at thinkweb:/# ifconfig
>>>> eth0 Link encap:Ethernet HWaddr aa:0a:f7:64:12:db
>>>> inet addr:192.168.54.110 Bcast:192.168.54.127
>>>> Mask:255.255.255.128
>>>> inet6 addr: fe80::a80a:f7ff:fe64:12db/64 Scope:Link
>>>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
>>>> RX packets:3194 errors:0 dropped:0 overruns:0 frame:0
>>>> TX packets:536 errors:0 dropped:0 overruns:0 carrier:0
>>>> collisions:0 txqueuelen:1000
>>>> RX bytes:352314 (344.0 KiB) TX bytes:49648 (48.4 KiB)
>>>>
>>>> lo Link encap:Local Loopback
>>>> inet addr:127.0.0.1 Mask:255.0.0.0
>>>> inet6 addr: ::1/128 Scope:Host
>>>> UP LOOPBACK RUNNING MTU:65536 Metric:1
>>>> RX packets:4 errors:0 dropped:0 overruns:0 frame:0
>>>> TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
>>>> collisions:0 txqueuelen:0
>>>> RX bytes:336 (336.0 B) TX bytes:336 (336.0 B)
>>>>
>>>> root at thinkweb:/# ping 192.168.54.1
>>>> PING 192.168.54.1 (192.168.54.1) 56(84) bytes of data.
>>>> ^C
>>>> --- 192.168.54.1 ping statistics ---
>>>> 7 packets transmitted, 0 received, 100% packet loss, time 6049ms
>>>>
>>>> jschaeffer at prvlxc01:~$ cat /var/lib/lxc/thinkweb/config
>>>> cat: /var/lib/lxc/thinkweb/config: Permission denied
>>>> jschaeffer at prvlxc01:~$ sudo cat /var/lib/lxc/thinkweb/config
>>>> # Template used to create this
>>>> container: /usr/share/lxc/templates/lxc-download
>>>> # Parameters passed to the template: -d debian -r jessie -a amd64
>>>> # For additional config options, please look at lxc.container.conf(5)
>>>>
>>>> # Distribution configuration
>>>> lxc.include = /usr/share/lxc/config/debian.common.conf
>>>> lxc.arch = x86_64
>>>>
>>>> # Container specific configuration
>>>> lxc.rootfs = /var/lib/lxc/thinkweb/rootfs
>>>> lxc.utsname = thinkweb
>>>> lxc.tty = 4
>>>> lxc.pts = 1024
>>>> lxc.cap.drop = sys_module mac_admin
>>>> mac_override sys_time
>>>> # When using LXC with apparmor, uncomment the next line to run
>>>> unconfined:
>>>> #lxc.aa_profile = unconfined
>>>>
>>>> # Network configuration
>>>> lxc.network.type = veth
>>>> lxc.network.flags = up
>>>> lxc.network.link = br0
>>>> lxc.network.ipv4 = 192.168.54.110/25
>>>> lxc.network.name = eth0
>>>>
>>>> ## Limits
>>>> lxc.cgroup.cpu.shares = 1024
>>>> lxc.cgroup.cpuset.cpus = 0,1,2,3
>>>> lxc.cgroup.memory.limit_in_bytes = 2G
>>>> #lxc.cgroup.memory.memsw.limit_in_bytes = 3G
>>>>
>>>>
>>>> Thanks,
>>>> Joshua
>>>>
>>>> _______________________________________________
>>>> lxc-users mailing list
>>>> lxc-users at lists.linuxcontainers.org
>>>> http://lists.linuxcontainers.org/listinfo/lxc-users
>>>>
>>>> _______________________________________________
>>>> lxc-users mailing list
>>>> lxc-users at lists.linuxcontainers.org
>>>> http://lists.linuxcontainers.org/listinfo/lxc-users
>>>>
>>>
>>>
>>
>> _______________________________________________
>> lxc-users mailing list
>> lxc-users at lists.linuxcontainers.org
>> http://lists.linuxcontainers.org/listinfo/lxc-users
>>
>> _______________________________________________
>> lxc-users mailing list
>> lxc-users at lists.linuxcontainers.org
>> http://lists.linuxcontainers.org/listinfo/lxc-users
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20151023/a1c46a82/attachment-0001.html>
More information about the lxc-users
mailing list