Thanks for the hints: I'm fairly new to diagnosing networking problems beyond "Did you check the cables, and make sure everything was turned on?," and all the tools I can get towards the goal of being a better network admin are useful to me.
However, later in the evening, I discovered that even pinging the host from inside the linux container was dropping a startling and unpredictable number of packets: At one point I was dropping 10% of my ping requests, at another I only dropped 16 out of 900... Both are abysmal, considering the packets were NEVER ACTUALLY LEAVING THE PHYSICAL MACHINE! So clearly SOMETHING wasn't working in my macvlan configuration. I'm also still trying to figure out all of these different virtual networking technologies; I'm fairly certain that my problem pertains to the configuration of macvlan I had, as I had configured both the host and the client as macvlans rather than as macvtaps, Or Something Like That... I'm still not sure I understand macvlan, as it's not terribly well documented with relationship to Linux Containers. That's where I gave up for the evening. Now I'm back to researching macvlan and macvtaps... I suspect the solution will become something along the lines of having three seperate networks: Internet facing, Intranet facing, and then a virtual Linux Container facing network, and I'll just bridge them all together with firewall rules... At least that way the host is only networking using physical NICs, and the virtual clients aren't messing with them. On Fri, Jan 3, 2014 at 12:48 PM, Mike C. <[email protected]> wrote: > <snip> > > > I am experimenting with Linux Containers, as I would like to run several > > web servers without the overhead of proper virtualization. I am using > > Oracle Linux 6.5 on both the host and the container. I never got static > IP > > addresses to work, so I instead gave the container a fixed reservation > from > > the DHCP server. It is now getting the desired IP address, and it's > > populating /etc/resolv.conf with the appropriate DNS servers. I am able > to > > SSH into the container, and ping around the local network and the > internet > > from the container, but by IP only. DNS lookups work on all clients on > the > > network, and from the host, but not from the containers; To be clear: I > can > > ping Google by IP address, but ping won't resolve the hostname if I try > > pinging google.com. > > > > I do not have a local DNS (yet); That will come later when I install > > IdM/FreeIPA. Right now, the DHCP server is issuing 8.8.8.8 and 8.8.4.4 > as > > the DNS servers, and that works on all of the network clients in the > house > > EXCEPT the Linux Containers. <snip> > > > > Hey Tyrell - The first thing I'd suggest doing is to verify that you can > send a DNS request and receive a DNS response to/fro an Internet DNS > server. You can do this by running the "nslookup" command from a terminal > prompt. > > You can do this 2 ways. If you don't set the server, nslookup will attempt > to make the query from the DNS servers specified in /etc/resolv.conf. > > Even though your DHCP is configured with DNS server parameters, each DHCP > client has to request the DNS server ip addrs from the DHCP server. > > So it could be that what's in the /etc/resolv.conf in the LXC container is > not what you think it should be. > > So I would set the DNS server with "server 8.8.8.8" after you enter the > nslookup command. Then at the ">" prompt just enter in yahoo.com or > whatever for the dns lookup test. > > e.g. > > > $ nslookup > > > > > server 8.8.8.8 > > > > Default server: 8.8.8.8 > > > > Address: 8.8.8.8#53 > > > > > yahoo.com > > > > Server: 8.8.8.8 > > > > Address: 8.8.8.8#53 > > > > > >> Non-authoritative answer: > > > > Name: yahoo.com > > > > Address: 98.139.183.24 > > > > Name: yahoo.com > > > > Address: 98.138.253.109 > > > > Name: yahoo.com > > > > Address: 206.190.36.45 > > > > > > HTH! > _______________________________________________ > PLUG mailing list > [email protected] > http://lists.pdxlinux.org/mailman/listinfo/plug > _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
