On Sun, Jun 10, 2012 at 3:24 AM, Vasiliy Molostov <molost...@gmail.com> wrote:
> I had some lxc containers running under oneiric with dhcp-obtained ip4 address
> configuration (container's veth on host's br0), and now I have upgraded host
> to precise and unable to start even new clean ubuntu/precise container with
> lxc default veth config: dhclient does not receive reply, container does not
> display login prompt.
>
> If the static ip4 address is set in container configuration file then
> networking works fine, ssh enters session, but anyway dhclient fails to
> obtain/renew.
>
> I have tried to run container "unconfined", and even disabled any apparmor
> related checks via 'aa-disable' but still no success.
It shouldn't be related to apparmor. It MIGHT be related to bridge
forwarding delay though.
You didn't say which bridge the containter is connected to. I'd
suggest connecting it to lxcbr0 first (should be created already by
default).
FWIW, I use something like this to create my own lxcbr-like bridge on
/etc/network/interfaces, complete with dnsmasq for dhcp & dns:
#=================
auto dummy0
iface dummy0 inet manual
auto br0
iface br0 inet static
address 192.168.124.1
netmask 255.255.255.0
bridge_ports dummy0
bridge_maxwait 0
bridge_stp off
bridge_fd 0
#post-up /sbin/iptables --table filter --insert INPUT --proto udp \
# --dport 67 --jump ACCEPT
post-up /sbin/iptables --table filter --insert INPUT --source \
192.168.124.0/255.255.255.0 --jump ACCEPT
post-up /sbin/iptables --table filter --insert FORWARD --source \
192.168.124.0/255.255.255.0 --jump ACCEPT
post-up /sbin/iptables --table filter --insert FORWARD --destination \
192.168.124.0/255.255.255.0 --match state \
--state ESTABLISHED,RELATED --jump ACCEPT
post-up /sbin/iptables --table nat --insert POSTROUTING --source \
192.168.124.0/255.255.255.0 \
! --destination 192.168.124.0/255.255.255.0 --jump MASQUERADE
post-up /usr/sbin/dnsmasq --strict-order --bind-interfaces \
--pid-file=/var/run/dnsmasq-br0.pid --listen-address
192.168.124.1 \
--dhcp-range 192.168.124.2,192.168.124.254
--dhcp-lease-max=253 \
--dhcp-no-override
#pre-down /sbin/iptables --table filter --insert INPUT --proto udp \
# --dport 67 --jump ACCEPT
pre-down kill `cat /var/run/dnsmasq-br0.pid`
pre-down /sbin/iptables --table filter --delete INPUT --source \
192.168.124.0/255.255.255.0 --jump ACCEPT
pre-down /sbin/iptables --table filter --delete FORWARD --source \
192.168.124.0/255.255.255.0 --jump ACCEPT
pre-down /sbin/iptables --table filter --delete FORWARD --destination \
192.168.124.0/255.255.255.0 --match state \
--state ESTABLISHED,RELATED --jump ACCEPT
pre-down /sbin/iptables --table nat --delete POSTROUTING --source \
192.168.124.0/255.255.255.0 \
! --destination 192.168.124.0/255.255.255.0 --jump MASQUERADE
#============
--
Fajar
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users
