Hi Andreas, hi tamas,
thanks for your fast answers. I removed the IP settings from the config,
but that was obviously not the problem.
I cannot ping the gateway from inside of the container:
ubuntu@ubuntu-test:~$ ping 91.143.88.1
PING 91.143.88.1 (91.143.88.1) 56(84) bytes of data.
^C
--- 91.143.88.1 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 3023ms
Meanwhile I used "tcpdump -i eth0 -v icmp -n" on the host to look at the
ICMP packets (because there is a lot of other traffic on that device).
tcpdump: WARNING: eth0: no IPv4 address assigned
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size
65535 bytes
11:46:27.181917 IP (tos 0x0, ttl 244, id 28226, offset 0, flags [none],
proto ICMP (1), length 84)
176.227.209.42 > 81.7.14.108: ICMP echo request, id 263, seq 31682,
length 64
11:46:27.401801 IP (tos 0x0, ttl 64, id 48628, offset 0, flags [DF],
proto ICMP (1), length 84)
91.143.88.119 > 91.143.88.1: ICMP echo request, id 457, seq 1,
length 64
11:46:28.409373 IP (tos 0x0, ttl 64, id 48629, offset 0, flags [DF],
proto ICMP (1), length 84)
91.143.88.119 > 91.143.88.1: ICMP echo request, id 457, seq 2,
length 64
11:46:29.417370 IP (tos 0x0, ttl 64, id 48630, offset 0, flags [DF],
proto ICMP (1), length 84)
91.143.88.119 > 91.143.88.1: ICMP echo request, id 457, seq 3,
length 64
11:46:30.425366 IP (tos 0x0, ttl 64, id 48631, offset 0, flags [DF],
proto ICMP (1), length 84)
91.143.88.119 > 91.143.88.1: ICMP echo request, id 457, seq 4,
length 64
11:46:31.383279 IP (tos 0x0, ttl 244, id 29380, offset 0, flags [none],
proto ICMP (1), length 84)
176.227.209.42 > 81.7.14.108: ICMP echo request, id 263, seq 32673,
length 64
^C
6 packets captured
6 packets received by filter
0 packets dropped by kernel
So it looks like the packets are going out, but there is no answer
coming back. So I tried Andreas hint. I called (in the container)
ubuntu@ubuntu-test:~$ sudo ./arping -I eth0 -u 91.143.88.119 -c4
ARPING 91.143.88.119
--- 91.143.88.119 statistics ---
4 packets transmitted, 0 packets received, 100% unanswered (0 extra)
But still no answers from the gateway :-(
Best regards,
Thomas
On 11.09.2014 11:20, Andreas Laut wrote:
We face this problem very often.
You can try to ping the Host IP and after that the gateway IP from
inside the container.
If that doesn't work you'll have to send arpings from inside the conainter:
arping -I [lxc-interfacename] -U 91.143.88.119 -c4 (arping from iputils
package)
After that you'll get the following output:
Sent 4 probes (4 broadcast(s))
Received 0 response(s)
0 responses are ok. Try to ping again.
Hope that helps.
Best Regards
Am 11.09.2014 um 11:05 schrieb othiman:
Hi everyone,
I already posted this to askubuntu.com
(http://askubuntu.com/questions/522457/lxc-container-no-outgoing-traffic-with-bridged-network-and-public-ip-address),
but I think this might be a better place to find help.
I try to setup a LXC container with bridged network on ubuntu 14.04.1,
but the outgoing traffic seems to be blocked. Ping another IP than the
container's one is not working. Actually I tried this with a working
container of a ubuntu 12.04 host moved to new hardware and a recent
ubuntu 14.04, but the problem also applies to a new created ubuntu
14.04 container.
I should mention that if I bind the IP address to an aliasing
interface of the host directly, pinging inside and outside to the host
is working correctly.
I hope someone has an idea what I am doing wrong.
I created a the new container with:
lxc-create -t ubuntu -n ubuntu-test
This is my config file:
# Template used to create this container:
/usr/share/lxc/templates/lxc-ubuntu
# Parameters passed to the template: -r trusty
# For additional config options, please look at lxc.container.conf(5)
# Common configuration
lxc.include = /usr/share/lxc/config/ubuntu.common.conf
# Container specific configuration
lxc.rootfs = /var/lib/lxc/ubuntu-test/rootfs
lxc.mount = /var/lib/lxc/ubuntu-test/fstab
lxc.utsname = ubuntu-test
lxc.arch = amd64
# Network configuration
lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = br0
lxc.network.hwaddr = 00:16:3e:6c:7c:79
lxc.network.ipv4=91.143.88.119/24
lxc.network.ipv4.gateway=91.143.88.1
lxc.network.name=eth0
My '/etc/network/interfaces' on the host:
auto lo
iface lo inet loopback
auto br0
iface br0 inet static
address 81.7.15.233
netmask 255.255.255.0
broadcast 81.7.15.255
gateway 81.7.15.1
bridge_ports eth0
bridge_fd 0
bridge_stp off
bridge_waitport 0
bridge_maxwait 0
and on the client:
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 91.143.88.119
netmask 255.255.255.0
broadcast 91.143.88.255
gateway 91.143.88.1
IP forwarding is enabled:
cat /proc/sys/net/ipv4/ip_forward
1
'iptables-save' shows
# Generated by iptables-save v1.4.21 on Wed Sep 10 18:26:23 2014
*mangle
:PREROUTING ACCEPT [20035:4192692]
:INPUT ACCEPT [7193:3225426]
:FORWARD ACCEPT [2677:191017]
:OUTPUT ACCEPT [381:36624]
:POSTROUTING ACCEPT [3058:227641]
-A POSTROUTING -o lxcbr0 -p udp -m udp --dport 68 -j CHECKSUM
--checksum-fill
COMMIT
# Completed on Wed Sep 10 18:26:23 2014
# Generated by iptables-save v1.4.21 on Wed Sep 10 18:26:23 2014
*nat
:PREROUTING ACCEPT [10474:819973]
:INPUT ACCEPT [282:41644]
:OUTPUT ACCEPT [7:537]
:POSTROUTING ACCEPT [57:4274]
-A POSTROUTING -s 10.0.3.0/24 ! -d 10.0.3.0/24 -j MASQUERADE
COMMIT
# Completed on Wed Sep 10 18:26:23 2014
# Generated by iptables-save v1.4.21 on Wed Sep 10 18:26:23 2014
*filter
:INPUT ACCEPT [7193:3225426]
:FORWARD ACCEPT [2677:191017]
:OUTPUT ACCEPT [381:36624]
-A INPUT -i lxcbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i lxcbr0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i lxcbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A INPUT -i lxcbr0 -p udp -m udp --dport 67 -j ACCEPT
-A FORWARD -o lxcbr0 -j ACCEPT
-A FORWARD -i lxcbr0 -j ACCEPT
COMMIT
# Completed on Wed Sep 10 18:26:23 2014
output of 'brctl show':
bridge name bridge id STP enabled interfaces
br0 8000.0025905700f8 no eth0
vethRTX30H
lxcbr0 8000.000000000000 no
My host's 'ifconfig':
br0 Link encap:Ethernet Hardware Adresse 00:25:90:57:00:f8
inet Adresse:81.7.15.233 Bcast:81.7.15.255 Maske:255.255.255.0
inet6-Adresse: fe80::225:90ff:fe57:f8/64
Gültigkeitsbereich:Verbindung
UP BROADCAST RUNNING MULTICAST MTU:1500 Metrik:1
RX-Pakete:128248 Fehler:0 Verloren:15 Überläufe:0 Fenster:0
TX-Pakete:3835 Fehler:0 Verloren:0 Überläufe:0 Träger:0
Kollisionen:0 Sendewarteschlangenlänge:0
RX-Bytes:11076138 (11.0 MB) TX-Bytes:343557 (343.5 KB)
eth0 Link encap:Ethernet Hardware Adresse 00:25:90:57:00:f8
UP BROADCAST RUNNING MULTICAST MTU:1500 Metrik:1
RX-Pakete:129421 Fehler:0 Verloren:0 Überläufe:0 Fenster:0
TX-Pakete:4046 Fehler:0 Verloren:0 Überläufe:0 Träger:0
Kollisionen:0 Sendewarteschlangenlänge:1000
RX-Bytes:13510902 (13.5 MB) TX-Bytes:449527 (449.5 KB)
Interrupt:16 Speicher:fb900000-fb920000
lo Link encap:Lokale Schleife
inet Adresse:127.0.0.1 Maske:255.0.0.0
inet6-Adresse: ::1/128 Gültigkeitsbereich:Maschine
UP LOOPBACK RUNNING MTU:65536 Metrik:1
RX-Pakete:2 Fehler:0 Verloren:0 Überläufe:0 Fenster:0
TX-Pakete:2 Fehler:0 Verloren:0 Überläufe:0 Träger:0
Kollisionen:0 Sendewarteschlangenlänge:0
RX-Bytes:176 (176.0 B) TX-Bytes:176 (176.0 B)
lxcbr0 Link encap:Ethernet Hardware Adresse ae:2c:57:c2:f0:24
inet Adresse:10.0.3.1 Bcast:10.0.3.255 Maske:255.255.255.0
inet6-Adresse: fe80::ac2c:57ff:fec2:f024/64
Gültigkeitsbereich:Verbindung
UP BROADCAST RUNNING MULTICAST MTU:1500 Metrik:1
RX-Pakete:0 Fehler:0 Verloren:0 Überläufe:0 Fenster:0
TX-Pakete:8 Fehler:0 Verloren:0 Überläufe:0 Träger:0
Kollisionen:0 Sendewarteschlangenlänge:0
RX-Bytes:0 (0.0 B) TX-Bytes:648 (648.0 B)
vethRTX30H Link encap:Ethernet Hardware Adresse fe:97:2b:8e:90:8a
inet6-Adresse: fe80::fc97:2bff:fe8e:908a/64
Gültigkeitsbereich:Verbindung
UP BROADCAST RUNNING MULTICAST MTU:1500 Metrik:1
RX-Pakete:39 Fehler:0 Verloren:0 Überläufe:0 Fenster:0
TX-Pakete:14826 Fehler:0 Verloren:0 Überläufe:0 Träger:0
Kollisionen:0 Sendewarteschlangenlänge:1000
RX-Bytes:3282 (3.2 KB) TX-Bytes:1466740 (1.4 MB)
My container's 'ifconfig'
eth0 Link encap:Ethernet Hardware Adresse 00:16:3e:6c:7c:79
inet Adresse:91.143.88.119 Bcast:91.143.88.255
Maske:255.255.255.0
inet6-Adresse: fe80::216:3eff:fe6c:7c79/64
Gültigkeitsbereich:Verbindung
UP BROADCAST RUNNING MULTICAST MTU:1500 Metrik:1
RX-Pakete:20082 Fehler:0 Verloren:2 Überläufe:0 Fenster:0
TX-Pakete:40 Fehler:0 Verloren:0 Überläufe:0 Träger:0
Kollisionen:0 Sendewarteschlangenlänge:1000
RX-Bytes:2005479 (2.0 MB) TX-Bytes:3368 (3.3 KB)
lo Link encap:Lokale Schleife
inet Adresse:127.0.0.1 Maske:255.0.0.0
inet6-Adresse: ::1/128 Gültigkeitsbereich:Maschine
UP LOOPBACK RUNNING MTU:65536 Metrik:1
RX-Pakete:0 Fehler:0 Verloren:0 Überläufe:0 Fenster:0
TX-Pakete:0 Fehler:0 Verloren:0 Überläufe:0 Träger:0
Kollisionen:0 Sendewarteschlangenlänge:0
RX-Bytes:0 (0.0 B) TX-Bytes:0 (0.0 B)
'tail /proc/sys/net/bridge/*' on the host
==> /proc/sys/net/bridge/bridge-nf-call-arptables <==
0
==> /proc/sys/net/bridge/bridge-nf-call-ip6tables <==
0
==> /proc/sys/net/bridge/bridge-nf-call-iptables <==
0
==> /proc/sys/net/bridge/bridge-nf-filter-pppoe-tagged <==
0
==> /proc/sys/net/bridge/bridge-nf-filter-vlan-tagged <==
0
==> /proc/sys/net/bridge/bridge-nf-pass-vlan-input-dev <==
0
finally 'ping 8.8.8.8' in the container:
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
^C
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2015ms
Best regards,
Thomas
_______________________________________________
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users
_______________________________________________
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users
_______________________________________________
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users