[lxc-users] Networking issue

Saint Michael venefax at gmail.com
Wed Nov 9 14:42:08 UTC 2016 

I don't know how to downgrade the kernel.
This is Ubuntu 16.04.1 LTS (GNU/Linux 4.4.0-45-generic x86_64)

I always use apt-get -y update and apt-get -y dist-upgrade




On Wed, Nov 9, 2016 at 2:22 AM, Janjaap Bos <janjaapbos at gmail.com> wrote:

> Downgrade the kernel to verify your guess, as the other feedback you got
> also points to the kernel. If that solves it, go file a kernel bug.
>
> 2016-11-09 7:33 GMT+01:00 Saint Michael <venefax at gmail.com>:
>
>> It was working fine until a week ago.
>> I have two sites, it happened on both, so the issue is not on my router
>> or my switch, since they are different sites and we did not upgrade
>> anything.
>> Ubuntu 16.04.1 LTS (GNU/Linux 4.4.0-45-generic x86_64)
>> LXC installed from apt-get install lxc1
>> iptables off in both hosts and containers. I protect my network at the
>> perimeter.
>>
>> All my container networking is defined
>>
>> lxc.network.type=macvlan
>> lxc.network.macvlan.mode=bridge
>> lxc.network.link=eth1
>> lxc.network.name = eth0
>> lxc.network.flags=up
>> lxc.network.hwaddr = XX:XX:XX:XX:XX:XX
>> lxc.network.ipv4 = 0.0.0.0/24
>>
>> Now suppose I have a machine, not a container, in the same broadcast
>> domain as the containers, same subnet.
>> It cannot ping or ssh into a container, which is accessible from outside
>> my network.
>> However, from inside the container the packets come and go perfectly,
>> when the connection is originated by the container.
>> A container can ping that host I mentioned, but the host cannot ping back
>> the container.
>> It all started a few days ago.
>> Also, from the host, this test works
>> arping -I eth0 (container IP address)
>> it shows that we share the same broadcast domain.
>>
>> My guess is that the most recent kernel update in the LXC host, is
>> blocking the communication to the containers, but it allows connections
>> from the containers or connections from IP addresses not on the same
>> broadcast domain.
>> Any idea?
>>
>> _______________________________________________
>> lxc-users mailing list
>> lxc-users at lists.linuxcontainers.org
>> http://lists.linuxcontainers.org/listinfo/lxc-users
>>
>
>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20161109/9531dc5f/attachment.html>

More information about the lxc-users mailing list