Downgrade the kernel to verify your guess, as the other feedback you got also points to the kernel. If that solves it, go file a kernel bug.
2016-11-09 7:33 GMT+01:00 Saint Michael <vene...@gmail.com>: > It was working fine until a week ago. > I have two sites, it happened on both, so the issue is not on my router or > my switch, since they are different sites and we did not upgrade anything. > Ubuntu 16.04.1 LTS (GNU/Linux 4.4.0-45-generic x86_64) > LXC installed from apt-get install lxc1 > iptables off in both hosts and containers. I protect my network at the > perimeter. > > All my container networking is defined > > lxc.network.type=macvlan > lxc.network.macvlan.mode=bridge > lxc.network.link=eth1 > lxc.network.name = eth0 > lxc.network.flags=up > lxc.network.hwaddr = XX:XX:XX:XX:XX:XX > lxc.network.ipv4 = 0.0.0.0/24 > > Now suppose I have a machine, not a container, in the same broadcast > domain as the containers, same subnet. > It cannot ping or ssh into a container, which is accessible from outside > my network. > However, from inside the container the packets come and go perfectly, when > the connection is originated by the container. > A container can ping that host I mentioned, but the host cannot ping back > the container. > It all started a few days ago. > Also, from the host, this test works > arping -I eth0 (container IP address) > it shows that we share the same broadcast domain. > > My guess is that the most recent kernel update in the LXC host, is > blocking the communication to the containers, but it allows connections > from the containers or connections from IP addresses not on the same > broadcast domain. > Any idea? > > _______________________________________________ > lxc-users mailing list > lxc-users@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-users >
_______________________________________________ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users