----- Original Message ----- From: "Gordon Henderson" <gor...@drogon.net> To: "Linux Containers List" <lxc-users@lists.sourceforge.net> Sent: Thursday, December 1, 2011 7:49:04 AM Subject: Re: [Lxc-users] LXC Container: Network Configuration
On Tue, 29 Nov 2011, Patrick Kevin McCaffrey wrote: > Alright, I've been struggling with LXC for several days now. I can't > seem to get a container configured properly. I originally was trying to > set up a few Ubuntu Oneiric containers, but am now just trying to get a > Debian template container set up using the lxc-debian script that comes > with lxc. > > The container runs, and I can log in to it via SSH from the host > machine. > > The host machine also runs as my router, as it has a 4 port ethernet > card (four subnets, DHCP running on each). However, I cannot SSH into > my container from another computer on the local network -- it is only > accessible via the host machine. If I try to SSH from another machine, > it says "no route to host." Additionally, the container does not have > internet access. If I try to ping, use wget or apt, I get connection > errors. I'm assuming these two problems are related. > > I've got my local network set up using Shorewall, and it works > reasonably well for everything else (the entire local network is on the > "local" zone, which is completely open). The host's > etc/network/interfaces file sets up the five ethernet interfaces > (eth0-eth3 with static IPs and eth4 with DHCP from the cable modem) as > well as the bridge for lxc. The following is my bridge entry: > > #bridge for LXC iface br0 inet static > address 192.168.80.1 > netmask 255.255.255.0 > broadcast 192.168.80.255 > network 192.168.80.0 > bridge_ports eth1 > > I had some other options designated, but have been playing with my > configurations to see if I can get a better result. > > Also, what is the correct method to bring up my bridge? It seems like > when I run /etc/init.d/netwokring restart, it will come up as it should > sometimes, but sometimes gives me problems, like "eth1 is not a slave of > br0." > > The container appears to run as it should, but I really need it to have > proper networking to fulfil my needs. Any ideas? I've read the other comments so-far - just one question (and I may have missed it in the other emails): Does the container actually have a default route setup? However I also have a similar setup - 5-port Linux box acting as a router and LXC host, althouh I run PPPoE via an ADSL modem to the ISP. It runs Debian which has very similar config files to what you're presenting - maybe shorewall is based on Debian? (I've no idea - never looked at it) In the host, my /etc/network/interfaces for the bridge unit: auto eth1 iface eth1 inet manual auto br0 iface br0 inet static bridge_ports eth1 bridge_stp off bridge_fd 0 bridge_maxwait 0 address 81.31.100.110 network 81.31.100.104 broadcast 81.31.100.111 netmask 255.255.255.248 My eth1 is currently connected to a single PC (81.31.100.107 but that's not really relevant here) I don't need to do any brctl stuff as Debians network scripts does all that for me, however it does sometimes get confused if I bring the interface down & up again. (or manually fiddle without using ifup/ifdown) My contaners config file looks like: lxc.utsname = bell lxc.network.type = veth lxc.network.flags = up lxc.network.link = br0 lxc.network.hwaddr = 00:00:fc:00:00:01 lxc.network.ipv4 = 81.31.100.108/29 lxc.network.name = eth0 etc. and in the startup script of the contaner (/etc/init.d/rcS) I have: route add default gw 81.31.100.105 and that's it. Just works... So the only thing I've not seen from you is your container having a default route... What does netstat -rn (or route -n, but old habits die hard) in the container show? Gordon ------------------------------------------------------------------------------ ----- Original Message ----- From: "Gordon Henderson" <gor...@drogon.net> To: "Linux Containers List" <lxc-users@lists.sourceforge.net> Sent: Thursday, December 1, 2011 7:49:04 AM Subject: Re: [Lxc-users] LXC Container: Network Configuration On Tue, 29 Nov 2011, Patrick Kevin McCaffrey wrote: > Alright, I've been struggling with LXC for several days now. I can't > seem to get a container configured properly. I originally was trying to > set up a few Ubuntu Oneiric containers, but am now just trying to get a > Debian template container set up using the lxc-debian script that comes > with lxc. > > The container runs, and I can log in to it via SSH from the host > machine. > > The host machine also runs as my router, as it has a 4 port ethernet > card (four subnets, DHCP running on each). However, I cannot SSH into > my container from another computer on the local network -- it is only > accessible via the host machine. If I try to SSH from another machine, > it says "no route to host." Additionally, the container does not have > internet access. If I try to ping, use wget or apt, I get connection > errors. I'm assuming these two problems are related. > > I've got my local network set up using Shorewall, and it works > reasonably well for everything else (the entire local network is on the > "local" zone, which is completely open). The host's > etc/network/interfaces file sets up the five ethernet interfaces > (eth0-eth3 with static IPs and eth4 with DHCP from the cable modem) as > well as the bridge for lxc. The following is my bridge entry: > > #bridge for LXC iface br0 inet static > address 192.168.80.1 > netmask 255.255.255.0 > broadcast 192.168.80.255 > network 192.168.80.0 > bridge_ports eth1 > > I had some other options designated, but have been playing with my > configurations to see if I can get a better result. > > Also, what is the correct method to bring up my bridge? It seems like > when I run /etc/init.d/netwokring restart, it will come up as it should > sometimes, but sometimes gives me problems, like "eth1 is not a slave of > br0." > > The container appears to run as it should, but I really need it to have > proper networking to fulfil my needs. Any ideas? I've read the other comments so-far - just one question (and I may have missed it in the other emails): Does the container actually have a default route setup? However I also have a similar setup - 5-port Linux box acting as a router and LXC host, althouh I run PPPoE via an ADSL modem to the ISP. It runs Debian which has very similar config files to what you're presenting - maybe shorewall is based on Debian? (I've no idea - never looked at it) In the host, my /etc/network/interfaces for the bridge unit: auto eth1 iface eth1 inet manual auto br0 iface br0 inet static bridge_ports eth1 bridge_stp off bridge_fd 0 bridge_maxwait 0 address 81.31.100.110 network 81.31.100.104 broadcast 81.31.100.111 netmask 255.255.255.248 My eth1 is currently connected to a single PC (81.31.100.107 but that's not really relevant here) I don't need to do any brctl stuff as Debians network scripts does all that for me, however it does sometimes get confused if I bring the interface down & up again. (or manually fiddle without using ifup/ifdown) My contaners config file looks like: lxc.utsname = bell lxc.network.type = veth lxc.network.flags = up lxc.network.link = br0 lxc.network.hwaddr = 00:00:fc:00:00:01 lxc.network.ipv4 = 81.31.100.108/29 lxc.network.name = eth0 etc. and in the startup script of the contaner (/etc/init.d/rcS) I have: route add default gw 81.31.100.105 and that's it. Just works... So the only thing I've not seen from you is your container having a default route... What does netstat -rn (or route -n, but old habits die hard) in the container show? Gordon ------------------------------------------------------------------------------ Thanks a bunch, Gordon. I ran route -n inside the container, as saw there was no gateway. Assigning 192.168.80.1 (the address of br0) as the default gateway inside the container works beautifully. I can now apt-get from the container, and ping it from another subnet too. I had been playing with the "gateway" setting in /etc/network/interfaces on the host machine, but it seems like everything worked (as far as the machine acting as my router, and each subnet having access to the Internet and each other) without defining a default gateway, so it totally slipped my mind to try assigning one inside the container. Again, thank a lot. This mailing list has proved to be extremely helpful over the last few days. Pat ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d _______________________________________________ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
