Alright, making progress on this. I forgot to mention that the host is a VM running off of VMWare... slipped my mind :)
I set the virtual switch that the host uses to promiscuous mode and I can ping the gateway and other machines on my subnet from the container, however I still cannot get to the outside world: >From the container: root@thinkweb:/# ping 192.168.54.1 PING 192.168.54.1 (192.168.54.1) 56(84) bytes of data. 64 bytes from 192.168.54.1: icmp_seq=1 ttl=255 time=2.98 ms 64 bytes from 192.168.54.1: icmp_seq=2 ttl=255 time=5.01 ms 64 bytes from 192.168.54.1: icmp_seq=3 ttl=255 time=1.10 ms ^C --- 192.168.54.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2002ms rtt min/avg/max/mdev = 1.105/3.035/5.014/1.597 ms root@thinkweb:/# ping 192.168.54.65 PING 192.168.54.65 (192.168.54.65) 56(84) bytes of data. 64 bytes from 192.168.54.65: icmp_seq=1 ttl=64 time=0.245 ms 64 bytes from 192.168.54.65: icmp_seq=2 ttl=64 time=0.041 ms 64 bytes from 192.168.54.65: icmp_seq=3 ttl=64 time=0.047 ms ^C --- 192.168.54.65 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 1998ms rtt min/avg/max/mdev = 0.041/0.111/0.245/0.094 ms root@thinkweb:/# ping 8.8.8.8 connect: Network is unreachable Is this because of my routing table on the container? Thanks, Joshua On Fri, Oct 23, 2015 at 3:50 PM, Joshua Schaeffer <[email protected]> wrote: > Okay, ip_forward was set to 0 on the host. I changed it to 1, but I still > wasn't able to ping the gateway from the container. iptables rules is set > to accept for INPUT, FORWARD, and OUTPUT on the host: > > jschaeffer@prvlxc01:~$ sudo iptables -L > Chain INPUT (policy ACCEPT) > target prot opt source destination > > Chain FORWARD (policy ACCEPT) > target prot opt source destination > > Chain OUTPUT (policy ACCEPT) > target prot opt source destination > > Here is the OVS db output: > > jschaeffer@prvlxc01:~$ sudo ovs-vsctl show > [sudo] password for jschaeffer: > 4e502746-9746-4972-8cb4-cf27f7b7332f > Bridge "br0" > Port "veth52B8DS" > Interface "veth52B8DS" > Port vethYERYXP > Interface vethYERYXP > Port "vethAGP5QO" > Interface "vethAGP5QO" > Port "eth0" > Interface "eth0" > Port "veth6WFED2" > Interface "veth6WFED2" > Port "br0" > Interface "br0" > type: internal > ovs_version: "2.3.0" > > Not sure if this is a problem or not, but I ran ifconfig on the host again > and it looks like the last 6 digits of the veth changed (maybe because I > changed the lxc's config to include the hardward address?). This particular > veth is not included in the ovs output: > > jschaeffer@prvlxc01:~$ sudo ifconfig > [...] > vethJMVQHJ Link encap:Ethernet HWaddr fe:1f:8a:a9:25:52 > inet6 addr: fe80::fc1f:8aff:fea9:2552/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:15 errors:0 dropped:0 overruns:0 frame:0 > TX packets:216 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:1054 (1.0 KiB) TX bytes:21554 (21.0 KiB) > > Thanks, > Joshua > > On Fri, Oct 23, 2015 at 2:25 PM, Benoit GEORGELIN - Association Web4all < > [email protected]> wrote: > >> Yes, thanks, I saw it in your configuration file. >> >> Everything looks good. >> Your container does not have a gateway address , but you should be able >> to ping local network . >> >> This looks good too: >> >> Address HWtype HWaddress Flags Mask >> Iface >> 192.168.54.65 <callto:192.168.54.65> ether >> 00:50:56:be:13:94 C eth0 >> 192.168.54.1 <callto:192.168.54.1> ether 00:13:c4:f2:64:41 >> C eth0 >> >> >> Your container know the mac address of the host. Communication is working >> on that level. >> >> Do you have any iptables rules on the host ? >> >> Can you look at this file , it should be 1 >> cat /proc/sys/net/ipv4/ip_forward >> >> Also can you send the OVS db content: >> >> ovs-vsctl show >> >> >> Cordialement, >> >> Benoît Georgelin - >> Afin de contribuer au respect de l'environnement, merci de n'imprimer ce >> mail qu'en cas de nécessité >> >> ------------------------------ >> *De: *"Joshua Schaeffer" <[email protected]> >> *À: *"lxc-users" <[email protected]> >> *Envoyé: *Vendredi 23 Octobre 2015 15:41:49 >> *Objet: *Re: [lxc-users] Container doesn't connect to bridge >> >> Oh, also forgot to mention that I'm using OVS to create the bridge. I >> didn't think this would be a problem if I got the bridge working on the >> host, but let me know if I've missed something. >> Thanks, >> Joshua >> >> On Fri, Oct 23, 2015 at 1:36 PM, Joshua Schaeffer < >> [email protected]> wrote: >> >>> Here ya go. It looks like the routing table is off for the container or >>> am I just misreading that. Also I assigned the veth an mac address from the >>> config file. Everything still appears to be the same, no change. >>> >>> Host: >>> jschaeffer@prvlxc01:~$ sudo route -n >>> Kernel IP routing table >>> Destination Gateway Genmask Flags Metric Ref Use >>> Iface >>> 0.0.0.0 192.168.54.1 0.0.0.0 UG 0 0 0 >>> br0 >>> 192.168.54.0 0.0.0.0 255.255.255.128 U 0 0 0 >>> br0 >>> >>> jschaeffer@prvlxc01:~$ cat /etc/network/interfaces >>> # This file describes the network interfaces available on your system >>> # and how to activate them. For more information, see interfaces(5). >>> >>> source /etc/network/interfaces.d/* >>> >>> # The loopback network interface >>> auto lo >>> iface lo inet loopback >>> >>> allow-ovs br0 >>> iface br0 inet static >>> address 192.168.54.65 >>> netmask 255.255.255.128 >>> gateway 192.168.54.1 >>> ovs_type OVSBridge >>> ovs_ports eth0 >>> >>> # The primary network interface >>> allow-br0 eth0 >>> iface eth0 inet manual >>> ovs_bridge br0 >>> ovs_type OVSPort >>> >>> >>> >>> Container: >>> root@thinkweb:~# route -n >>> Kernel IP routing table >>> Destination Gateway Genmask Flags Metric Ref Use >>> Iface >>> 192.168.54.0 0.0.0.0 255.255.255.128 U 0 0 0 >>> eth0 >>> >>> root@thinkweb:~# arp -n >>> Address HWtype HWaddress Flags Mask >>> Iface >>> 192.168.54.65 ether 00:50:56:be:13:94 C >>> eth0 >>> 192.168.54.1 ether 00:13:c4:f2:64:41 C >>> eth0 >>> >>> >>> On Fri, Oct 23, 2015 at 12:23 PM, Benoit GEORGELIN - Association Web4all >>> <[email protected]> wrote: >>> >>>> Hi, >>>> >>>> can you provide from the host and from the container : >>>> >>>> route -n >>>> >>>> can you provide from the container : >>>> >>>> arp -n >>>> >>>> can you also give the bridge configuration from /etc/network/interfaces >>>> >>>> LXC configuration looks good to me . >>>> I would try to set the mac address manually in the configuration file >>>> like : >>>> >>>> lxc.network.hwaddr = fe:fa:9c:21:8d:0b >>>> >>>> Cordialement, >>>> >>>> Benoît Georgelin - >>>> Afin de contribuer au respect de l'environnement, merci de n'imprimer >>>> ce mail qu'en cas de nécessité >>>> >>>> ------------------------------ >>>> *De: *"Joshua Schaeffer" <[email protected]> >>>> *À: *"lxc-users" <[email protected]> >>>> *Envoyé: *Vendredi 23 Octobre 2015 13:40:35 >>>> *Objet: *[lxc-users] Container doesn't connect to bridge >>>> >>>> I have a lxc container on version 1.1.2 on Debian that cannot connect to >>>> the network. My host has br0 setup and I can access any machine on the >>>> network and internet from the host: >>>> >>>> This is the host: >>>> jschaeffer@prvlxc01:~$ sudo ifconfig >>>> [sudo] password for jschaeffer: >>>> br0 Link encap:Ethernet HWaddr 00:50:56:be:13:94 >>>> inet addr:192.168.54.65 Bcast:192.168.54.127 >>>> Mask:255.255.255.128 >>>> inet6 addr: fe80::250:56ff:febe:1394/64 Scope:Link >>>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 >>>> RX packets:9891 errors:0 dropped:0 overruns:0 frame:0 >>>> TX packets:4537 errors:0 dropped:0 overruns:0 carrier:0 >>>> collisions:0 txqueuelen:0 >>>> RX bytes:4078480 (3.8 MiB) TX bytes:521427 (509.2 KiB) >>>> >>>> eth0 Link encap:Ethernet HWaddr 00:50:56:be:13:94 >>>> inet6 addr: fe80::250:56ff:febe:1394/64 Scope:Link >>>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 >>>> RX packets:10872 errors:0 dropped:0 overruns:0 frame:0 >>>> TX packets:5085 errors:0 dropped:0 overruns:0 carrier:0 >>>> collisions:0 txqueuelen:1000 >>>> RX bytes:4159749 (3.9 MiB) TX bytes:575863 (562.3 KiB) >>>> >>>> lo Link encap:Local Loopback >>>> inet addr:127.0.0.1 Mask:255.0.0.0 >>>> inet6 addr: ::1/128 Scope:Host >>>> UP LOOPBACK RUNNING MTU:65536 Metric:1 >>>> RX packets:0 errors:0 dropped:0 overruns:0 frame:0 >>>> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 >>>> collisions:0 txqueuelen:0 >>>> RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) >>>> >>>> vethAGP5QO Link encap:Ethernet HWaddr fe:fa:9c:21:8d:0b >>>> inet6 addr: fe80::fcfa:9cff:fe21:8d0b/64 Scope:Link >>>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 >>>> RX packets:536 errors:0 dropped:0 overruns:0 frame:0 >>>> TX packets:3013 errors:0 dropped:0 overruns:0 carrier:0 >>>> collisions:0 txqueuelen:1000 >>>> RX bytes:49648 (48.4 KiB) TX bytes:332247 (324.4 KiB) >>>> >>>> From the container I cannot even reach the gateway: >>>> >>>> This is the container: >>>> root@thinkweb:/# ifconfig >>>> eth0 Link encap:Ethernet HWaddr aa:0a:f7:64:12:db >>>> inet addr:192.168.54.110 Bcast:192.168.54.127 >>>> Mask:255.255.255.128 >>>> inet6 addr: fe80::a80a:f7ff:fe64:12db/64 Scope:Link >>>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 >>>> RX packets:3194 errors:0 dropped:0 overruns:0 frame:0 >>>> TX packets:536 errors:0 dropped:0 overruns:0 carrier:0 >>>> collisions:0 txqueuelen:1000 >>>> RX bytes:352314 (344.0 KiB) TX bytes:49648 (48.4 KiB) >>>> >>>> lo Link encap:Local Loopback >>>> inet addr:127.0.0.1 Mask:255.0.0.0 >>>> inet6 addr: ::1/128 Scope:Host >>>> UP LOOPBACK RUNNING MTU:65536 Metric:1 >>>> RX packets:4 errors:0 dropped:0 overruns:0 frame:0 >>>> TX packets:4 errors:0 dropped:0 overruns:0 carrier:0 >>>> collisions:0 txqueuelen:0 >>>> RX bytes:336 (336.0 B) TX bytes:336 (336.0 B) >>>> >>>> root@thinkweb:/# ping 192.168.54.1 >>>> PING 192.168.54.1 (192.168.54.1) 56(84) bytes of data. >>>> ^C >>>> --- 192.168.54.1 ping statistics --- >>>> 7 packets transmitted, 0 received, 100% packet loss, time 6049ms >>>> >>>> jschaeffer@prvlxc01:~$ cat /var/lib/lxc/thinkweb/config >>>> cat: /var/lib/lxc/thinkweb/config: Permission denied >>>> jschaeffer@prvlxc01:~$ sudo cat /var/lib/lxc/thinkweb/config >>>> # Template used to create this >>>> container: /usr/share/lxc/templates/lxc-download >>>> # Parameters passed to the template: -d debian -r jessie -a amd64 >>>> # For additional config options, please look at lxc.container.conf(5) >>>> >>>> # Distribution configuration >>>> lxc.include = /usr/share/lxc/config/debian.common.conf >>>> lxc.arch = x86_64 >>>> >>>> # Container specific configuration >>>> lxc.rootfs = /var/lib/lxc/thinkweb/rootfs >>>> lxc.utsname = thinkweb >>>> lxc.tty = 4 >>>> lxc.pts = 1024 >>>> lxc.cap.drop = sys_module mac_admin >>>> mac_override sys_time >>>> # When using LXC with apparmor, uncomment the next line to run >>>> unconfined: >>>> #lxc.aa_profile = unconfined >>>> >>>> # Network configuration >>>> lxc.network.type = veth >>>> lxc.network.flags = up >>>> lxc.network.link = br0 >>>> lxc.network.ipv4 = 192.168.54.110/25 >>>> lxc.network.name = eth0 >>>> >>>> ## Limits >>>> lxc.cgroup.cpu.shares = 1024 >>>> lxc.cgroup.cpuset.cpus = 0,1,2,3 >>>> lxc.cgroup.memory.limit_in_bytes = 2G >>>> #lxc.cgroup.memory.memsw.limit_in_bytes = 3G >>>> >>>> >>>> Thanks, >>>> Joshua >>>> >>>> _______________________________________________ >>>> lxc-users mailing list >>>> [email protected] >>>> http://lists.linuxcontainers.org/listinfo/lxc-users >>>> >>>> _______________________________________________ >>>> lxc-users mailing list >>>> [email protected] >>>> http://lists.linuxcontainers.org/listinfo/lxc-users >>>> >>> >>> >> >> _______________________________________________ >> lxc-users mailing list >> [email protected] >> http://lists.linuxcontainers.org/listinfo/lxc-users >> >> _______________________________________________ >> lxc-users mailing list >> [email protected] >> http://lists.linuxcontainers.org/listinfo/lxc-users >> > >
_______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
