[lxc-users] Need help with static IP address -- Simplest use case.

Rick Leir rleir at leirtech.com
Sat Jun 10 01:18:18 UTC 2017 

Hi Michael,

Is it possible that your config is more like RHEL than Ubuntu? You 
probably already looked at https://fedoraproject.org/wiki/LXC, it showed 
me how to set up the bridge (on Fedora). That was the only thing holding 
me up.

I assume you are satisfied with just plain LXC, and do not need the 
whole LXD setup.

cheers -- Rick



On 2017-06-09 05:13 PM, Michael Johnson wrote:
> Hi All.
>
> I'm utterly failing to configuring a simple static IP address for a
> single container.
>
> Here is the use case:
> Host server running Gentoo, static IP address is: 192.168.0.35
> Gentoo container with static IP address of 192.168.0.36
>
> I'm needing some general instructions -- not Ubuntu specific.
>
> I'm passing a kernel parameter so that old interface naming is used,
> i.e., my host nic is called eth0.
>
> 1) How should the network be configured on the host? Is a bridge
> required? Are 2 NICs required? Should the interface be configured as
> eth0 or br0 or both? Multiple IP addresses for eth0? Multi addresses
> assigned to br0? Should my bridge, if I need one, be called lxdbr0?
>
> 2) What configuration should be performed using the lxc command line?
> That seems to be a convenient way to get the entries in iptables. I
> assume those are needed. Do I need entries in the container's iptables?
>
> 3) How should the network be configured within the container? Should the
> container interface be a bridge: br0, lxdbr0, or simply eth0? I've found
> the only way to get a static IP address to show up in the output of 'lxc
> list' is to configure it inside the container, i.e., by commenting out
> dhcp and adding static IP entries for eth0 (container) IP address,
> default route, and dns servers.
>
> 4) Is openvswitch required, is it a dependency? What about dhcp? Is dhcp
> a requirement for using static IP addresses? Sounds like a silly
> question but I've seen discussions that suggest dhcp may be a
> requirement under all circumstances.
>
> Here is an example of what I've tried:
>
> Host:
>
> ip -4 route show:
> default via 192.168.0.1 dev eth0  metric 3
> 192.168.0.0/24 dev eth0  proto kernel  scope link  src 192.168.0.35
>
>
> ip -4 addr show
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
> group default qlen 1
>      inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
>         valid_lft forever preferred_lft forever
> 3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP
> group default qlen 1000
>      inet 192.168.0.35/24 brd 192.168.0.255 scope global eth0
>         valid_lft forever preferred_lft forever
>      inet 192.168.0.36/24 brd 192.168.0.255 scope global secondary eth0
>         valid_lft forever preferred_lft forever
>
> (Note this time I have 2 ip addresses on the host's eth0. I've tried
> with just one as well. I've also tried with br0 instead of eth0, and so on.)
>
> lxc network list:
> +------+----------+---------+---------+
> | NAME |   TYPE   | MANAGED | USED BY |
> +------+----------+---------+---------+
> | eth0 | physical | NO      | 0       |
> +------+----------+---------+---------+
> | eth1 | physical | NO      | 0       |
> +------+----------+---------+---------+
>
> lxc network create lxdbr0 ipv4.address=192.168.0.36/24 ipv4.nat=true
> ipv4.dhcp=false ipv4.firewall=false ipv4.routing=true ipv6.address=none
>
> lxc network list
>                              +--------+----------+---------+---------+
> |  NAME  |   TYPE   | MANAGED | USED BY |
> +--------+----------+---------+---------+
> | eth0   | physical | NO      | 0       |
> +--------+----------+---------+---------+
> | eth1   | physical | NO      | 0       |
> +--------+----------+---------+---------+
> | lxdbr0 | bridge   | YES     | 0       |
> +--------+----------+---------+---------+
>
> lxc network attach lxdbr0 gentoo default eth0
>
> lxc list
> +--------+---------+---------------------+------+------------+-----------+
> |  NAME  |  STATE  |        IPV4         | IPV6 |    TYPE    | SNAPSHOTS |
> +--------+---------+---------------------+------+------------+-----------+
> | gentoo | RUNNING | 192.168.0.36 (eth0) |      | PERSISTENT | 0         |
> +--------+---------+---------------------+------+------------+-----------+
>
> lxc exec gentoo /bin/bash
>
> In the container:
>
> ip -4 route show
> default via 192.168.0.1 dev eth0  metric 12
> 192.168.0.0/24 dev eth0  proto kernel  scope link  src 192.168.0.36
>
> ip -4 addr show
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
> group default qlen 1
>      inet 127.0.0.1/8 scope host lo
>         valid_lft forever preferred_lft forever
> 12: eth0 at if13: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
> state UP group default qlen 1000 link-netnsid 0
>      inet 192.168.0.36/24 brd 192.168.0.255 scope global eth0
>         valid_lft forever preferred_lft forever
>
> ping 192.168.0.11
> PING 192.168.0.11 (192.168.0.11) 56(84) bytes of data.
>  From 192.168.0.36 icmp_seq=1 Destination Host Unreachable
>  From 192.168.0.36 icmp_seq=2 Destination Host Unreachable
>  From 192.168.0.36 icmp_seq=3 Destination Host Unreachable
>
> So... the container is not on the network.
>
> The iptables are different on host vs. container. Does this matter?
>
> Host:
> iptables -L
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination
> ACCEPT     tcp  --  anywhere             anywhere             tcp
> dpt:domain /* generated for LXD network lxdbr0 */
> ACCEPT     udp  --  anywhere             anywhere             udp
> dpt:domain /* generated for LXD network lxdbr0 */
> ACCEPT     udp  --  anywhere             anywhere             udp
> dpt:bootps /* generated for LXD network lxdbr0 */
>
> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination
>
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
> ACCEPT     tcp  --  anywhere             anywhere             tcp
> spt:domain /* generated for LXD network lxdbr0 */
> ACCEPT     udp  --  anywhere             anywhere             udp
> spt:domain /* generated for LXD network lxdbr0 */
> ACCEPT     udp  --  anywhere             anywhere             udp
> spt:bootps /* generated for LXD network lxdbr0 */
>
> Container:
> iptables -L
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination
>
> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination
>
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
>
> Where do I go from here? I'm running out of ideas. Greatly appreciate
> any directions you can send me.
> -Mike
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users

More information about the lxc-users mailing list