> How are these containers networked together? Are you using a Bridges on > the host or are you just bringing up new interfaces on the host?
I have a bridge for each interface. No interfaces on the host have IP's except br1. Use veth in config lxc.network.type = veth lxc.network.flags = up lxc.network.link = br1 #lxc.network.hwaddr = fe:41:31:7f:5c:d6 lxc.network.veth.pair = admn101-1 lxc.network.ipv4 = 10.2.3.101/16 lxc.network.ipv4.gateway = 10.2.1.2 lxc.network.type = veth lxc.network.flags = up lxc.network.link = br4 #lxc.network.hwaddr = fe:41:31:7f:5c:d6 lxc.network.veth.pair = admn101-4 lxc.network.ipv4 = 10.5.3.101/16 [root@lxc100 ~]$ brctl show bridge name bridge id STP enabled interfaces br1 8000.0024e85d25ea no admn101-1 em1 mfs101-1 br2 8000.0024e85d25ec no em2 mfs101-2 br3 8000.0024e85d25ee no em3 mfs101-3 br4 8000.0024e85d25f0 no admn101-4 em4 mfs101-4 br5 8000.00151778923c no admn101-5 em5 > > On 07/06/2016 10:24 AM, st...@linuxsuite.org wrote: >> Howdy! >> >> I have a number of containers running. Is it expected that >> information about the network of other containers is "visible".. for >> example >> >> the container admn-101 has ip 10.2.3.101 >> >> [root@admn-101 admn-101]# netstat -an|grep LIST >> tcp 0 0 0.0.0.0:514 0.0.0.0:* >> LISTEN >> tcp 0 0 10.2.3.101:22 0.0.0.0:* >> LISTEN >> tcp 0 0 0.0.0.0:25 0.0.0.0:* >> LISTEN >> tcp 0 0 :::514 :::* >> LISTEN >> unix 2 [ ACC ] STREAM LISTENING 69697909 >> @/com/ubuntu/upstart >> >> The other container on the host has ip 10.5.5.101 >> >> [root@admn-101 admn-101]# netstat -an >> Active Internet connections (servers and established) >> Proto Recv-Q Send-Q Local Address Foreign Address >> State >> tcp 0 0 0.0.0.0:514 0.0.0.0:* >> LISTEN >> tcp 0 0 10.5.5.101:443 103.14.89.19:10165 >> SYN_RECV >> tcp 0 0 10.5.5.101:443 114.77.25.146:50649 >> SYN_RECV >> tcp 0 0 10.5.5.101:443 96.53.94.194:51060 >> SYN_RECV >> tcp 0 0 10.5.5.101:443 96.53.94.194:51051 >> SYN_RECV >> tcp 0 0 10.5.5.101:443 122.106.235.197:61016 >> SYN_RECV >> tcp 0 0 10.5.5.101:443 84.74.55.62:63064 >> SYN_RECV >> tcp 0 0 10.5.5.101:443 39.110.173.3:6985 >> SYN_RECV >> tcp 0 0 10.5.5.101:443 96.53.94.194:50958 >> SYN_RECV >> tcp 0 0 10.5.5.101:443 171.99.169.231:53917 >> SYN_RECV >> tcp 0 0 10.5.5.101:443 96.53.94.194:51018 >> SYN_RECV >> tcp 0 0 10.5.5.101:443 116.15.8.112:64049 >> SYN_RECV >> tcp 0 0 10.5.5.101:443 71.56.250.124:58672 >> SYN_RECV >> tcp 0 0 10.2.3.101:22 0.0.0.0:* >> LISTEN >> tcp 0 0 0.0.0.0:25 0.0.0.0:* >> LISTEN >> tcp 0 0 10.2.3.101:22 10.2.1.2:48356 >> ESTABLISHED >> tcp 0 0 :::514 :::* >> LISTEN >> udp 0 0 0.0.0.0:514 0.0.0.0:* >> udp 0 0 :::514 :::* >> >> Why is information about 10.5.5.101 visable??? Is this >> expected? >> shouldn't cgroup limit this visibility?? >> >> Also iptables in admn-101 logs packets from 10.5.5.101 but only >> some??? >> >> [root@admn-101 admn-101]# tail -f kern >> kern.warning: Jul 6 10:22:06 admn-101 kernel:IN= OUT=eth3 >> SRC=10.5.5.101 >> DST=52.0.92.26 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=46910 DF PROTO=TCP >> SPT=34378 DPT=443 WINDOW=14600 RES=0x00 SYN URGP=0 >> kern.warning: Jul 6 10:22:06 admn-101 kernel:IN= OUT=eth3 >> SRC=10.5.5.101 >> DST=52.7.169.28 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=49586 DF PROTO=TCP >> SPT=57832 DPT=443 WINDOW=14600 RES=0x00 SYN URGP=0 >> kern.warning: Jul 6 10:22:07 admn-101 kernel:IN= OUT=eth3 >> SRC=10.5.5.101 >> DST=52.7.169.28 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=53263 DF PROTO=TCP >> SPT=57856 DPT=443 WINDOW=4600 RES=0x0SNUG= <4>IN= OUT=eth3 >> SRC=10.5.5.101 >> DST=52.0.92.26 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=866 DF PROTO=TCP >> SPT=34456 DPT=443 WINDOW=14600 RES=0x00 SYN URGP=0 >> kern.info: Jul 6 10:22:12 admn-101 kernel:1209.6LN6 O=x0PE=x0TL6 D673D >> RT=TPST366DT43WNO=40 E=x0SNUG= <4>IN= OUT=eth3 SRC=10.5.5.101 >> DST=52.7.169.28 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=60707 DF PROTO=TCP >> SPT=58190 DPT=443 WINDOW=14600 RES=0x00 SYN URGP=0 >> >> >> >> >> >> root@admn-101 # ifconfig >> eth0 Link encap:Ethernet HWaddr 52:D0:AF:B6:9D:16 >> inet addr:10.2.3.101 Bcast:10.2.255.255 Mask:255.255.0.0 >> inet6 addr: fe80::50d0:afff:feb6:9d16/64 Scope:Link >> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 >> RX packets:6758 errors:0 dropped:0 overruns:0 frame:0 >> TX packets:814 errors:0 dropped:0 overruns:0 carrier:0 >> collisions:0 txqueuelen:1000 >> RX bytes:1270156 (1.2 MiB) TX bytes:150528 (147.0 KiB) >> >> eth1 Link encap:Ethernet HWaddr 3E:43:D5:B7:2C:DF >> inet addr:10.5.3.101 Bcast:10.5.255.255 Mask:255.255.0.0 >> inet6 addr: fe80::3c43:d5ff:feb7:2cdf/64 Scope:Link >> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 >> RX packets:12 errors:0 dropped:0 overruns:0 frame:0 >> TX packets:6 errors:0 dropped:0 overruns:0 carrier:0 >> collisions:0 txqueuelen:1000 >> RX bytes:828 (828.0 b) TX bytes:468 (468.0 b) >> >> eth2 Link encap:Ethernet HWaddr EA:78:BC:50:BD:CF >> inet addr:10.1.3.101 Bcast:10.1.255.255 Mask:255.255.0.0 >> inet6 addr: fe80::e878:bcff:fe50:bdcf/64 Scope:Link >> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 >> RX packets:122 errors:0 dropped:0 overruns:0 frame:0 >> TX packets:6 errors:0 dropped:0 overruns:0 carrier:0 >> collisions:0 txqueuelen:1000 >> RX bytes:13242 (12.9 KiB) TX bytes:468 (468.0 b) >> >> lo Link encap:Local Loopback >> inet addr:127.0.0.1 Mask:255.0.0.0 >> inet6 addr: ::1/128 Scope:Host >> UP LOOPBACK RUNNING MTU:65536 Metric:1 >> RX packets:0 errors:0 dropped:0 overruns:0 frame:0 >> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 >> collisions:0 txqueuelen:0 >> RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) >> >> >> _______________________________________________ >> lxc-users mailing list >> lxc-users@lists.linuxcontainers.org >> http://lists.linuxcontainers.org/listinfo/lxc-users > > > _______________________________________________ > lxc-users mailing list > lxc-users@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-users _______________________________________________ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users