[lxc-users] Network space visibility in containers
John Lewis
oflameo2 at gmail.com
Wed Jul 6 15:35:46 UTC 2016
How are these containers networked together? Are you using a Bridges on
the host or are you just bringing up new interfaces on the host?
On 07/06/2016 10:24 AM, steve at linuxsuite.org wrote:
> Howdy!
>
> I have a number of containers running. Is it expected that
> information about the network of other containers is "visible".. for
> example
>
> the container admn-101 has ip 10.2.3.101
>
> [root at admn-101 admn-101]# netstat -an|grep LIST
> tcp 0 0 0.0.0.0:514 0.0.0.0:*
> LISTEN
> tcp 0 0 10.2.3.101:22 0.0.0.0:*
> LISTEN
> tcp 0 0 0.0.0.0:25 0.0.0.0:*
> LISTEN
> tcp 0 0 :::514 :::*
> LISTEN
> unix 2 [ ACC ] STREAM LISTENING 69697909
> @/com/ubuntu/upstart
>
> The other container on the host has ip 10.5.5.101
>
> [root at admn-101 admn-101]# netstat -an
> Active Internet connections (servers and established)
> Proto Recv-Q Send-Q Local Address Foreign Address
> State
> tcp 0 0 0.0.0.0:514 0.0.0.0:*
> LISTEN
> tcp 0 0 10.5.5.101:443 103.14.89.19:10165
> SYN_RECV
> tcp 0 0 10.5.5.101:443 114.77.25.146:50649
> SYN_RECV
> tcp 0 0 10.5.5.101:443 96.53.94.194:51060
> SYN_RECV
> tcp 0 0 10.5.5.101:443 96.53.94.194:51051
> SYN_RECV
> tcp 0 0 10.5.5.101:443 122.106.235.197:61016
> SYN_RECV
> tcp 0 0 10.5.5.101:443 84.74.55.62:63064
> SYN_RECV
> tcp 0 0 10.5.5.101:443 39.110.173.3:6985
> SYN_RECV
> tcp 0 0 10.5.5.101:443 96.53.94.194:50958
> SYN_RECV
> tcp 0 0 10.5.5.101:443 171.99.169.231:53917
> SYN_RECV
> tcp 0 0 10.5.5.101:443 96.53.94.194:51018
> SYN_RECV
> tcp 0 0 10.5.5.101:443 116.15.8.112:64049
> SYN_RECV
> tcp 0 0 10.5.5.101:443 71.56.250.124:58672
> SYN_RECV
> tcp 0 0 10.2.3.101:22 0.0.0.0:*
> LISTEN
> tcp 0 0 0.0.0.0:25 0.0.0.0:*
> LISTEN
> tcp 0 0 10.2.3.101:22 10.2.1.2:48356
> ESTABLISHED
> tcp 0 0 :::514 :::*
> LISTEN
> udp 0 0 0.0.0.0:514 0.0.0.0:*
> udp 0 0 :::514 :::*
>
> Why is information about 10.5.5.101 visable??? Is this expected?
> shouldn't cgroup limit this visibility??
>
> Also iptables in admn-101 logs packets from 10.5.5.101 but only
> some???
>
> [root at admn-101 admn-101]# tail -f kern
> kern.warning: Jul 6 10:22:06 admn-101 kernel:IN= OUT=eth3 SRC=10.5.5.101
> DST=52.0.92.26 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=46910 DF PROTO=TCP
> SPT=34378 DPT=443 WINDOW=14600 RES=0x00 SYN URGP=0
> kern.warning: Jul 6 10:22:06 admn-101 kernel:IN= OUT=eth3 SRC=10.5.5.101
> DST=52.7.169.28 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=49586 DF PROTO=TCP
> SPT=57832 DPT=443 WINDOW=14600 RES=0x00 SYN URGP=0
> kern.warning: Jul 6 10:22:07 admn-101 kernel:IN= OUT=eth3 SRC=10.5.5.101
> DST=52.7.169.28 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=53263 DF PROTO=TCP
> SPT=57856 DPT=443 WINDOW=4600 RES=0x0SNUG= <4>IN= OUT=eth3 SRC=10.5.5.101
> DST=52.0.92.26 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=866 DF PROTO=TCP
> SPT=34456 DPT=443 WINDOW=14600 RES=0x00 SYN URGP=0
> kern.info: Jul 6 10:22:12 admn-101 kernel:1209.6LN6 O=x0PE=x0TL6 D673D
> RT=TPST366DT43WNO=40 E=x0SNUG= <4>IN= OUT=eth3 SRC=10.5.5.101
> DST=52.7.169.28 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=60707 DF PROTO=TCP
> SPT=58190 DPT=443 WINDOW=14600 RES=0x00 SYN URGP=0
>
>
>
>
>
> root at admn-101 # ifconfig
> eth0 Link encap:Ethernet HWaddr 52:D0:AF:B6:9D:16
> inet addr:10.2.3.101 Bcast:10.2.255.255 Mask:255.255.0.0
> inet6 addr: fe80::50d0:afff:feb6:9d16/64 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:6758 errors:0 dropped:0 overruns:0 frame:0
> TX packets:814 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:1270156 (1.2 MiB) TX bytes:150528 (147.0 KiB)
>
> eth1 Link encap:Ethernet HWaddr 3E:43:D5:B7:2C:DF
> inet addr:10.5.3.101 Bcast:10.5.255.255 Mask:255.255.0.0
> inet6 addr: fe80::3c43:d5ff:feb7:2cdf/64 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:12 errors:0 dropped:0 overruns:0 frame:0
> TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:828 (828.0 b) TX bytes:468 (468.0 b)
>
> eth2 Link encap:Ethernet HWaddr EA:78:BC:50:BD:CF
> inet addr:10.1.3.101 Bcast:10.1.255.255 Mask:255.255.0.0
> inet6 addr: fe80::e878:bcff:fe50:bdcf/64 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:122 errors:0 dropped:0 overruns:0 frame:0
> TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:13242 (12.9 KiB) TX bytes:468 (468.0 b)
>
> lo Link encap:Local Loopback
> inet addr:127.0.0.1 Mask:255.0.0.0
> inet6 addr: ::1/128 Scope:Host
> UP LOOPBACK RUNNING MTU:65536 Metric:1
> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
>
>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
More information about the lxc-users
mailing list