On Tue, 29 Nov 2011, Patrick Kevin McCaffrey wrote: > Alright, I've been struggling with LXC for several days now. I can't > seem to get a container configured properly. I originally was trying to > set up a few Ubuntu Oneiric containers, but am now just trying to get a > Debian template container set up using the lxc-debian script that comes > with lxc. > > The container runs, and I can log in to it via SSH from the host > machine. > > The host machine also runs as my router, as it has a 4 port ethernet > card (four subnets, DHCP running on each). However, I cannot SSH into > my container from another computer on the local network -- it is only > accessible via the host machine. If I try to SSH from another machine, > it says "no route to host." Additionally, the container does not have > internet access. If I try to ping, use wget or apt, I get connection > errors. I'm assuming these two problems are related. > > I've got my local network set up using Shorewall, and it works > reasonably well for everything else (the entire local network is on the > "local" zone, which is completely open). The host's > etc/network/interfaces file sets up the five ethernet interfaces > (eth0-eth3 with static IPs and eth4 with DHCP from the cable modem) as > well as the bridge for lxc. The following is my bridge entry: > > #bridge for LXC iface br0 inet static > address 192.168.80.1 > netmask 255.255.255.0 > broadcast 192.168.80.255 > network 192.168.80.0 > bridge_ports eth1 > > I had some other options designated, but have been playing with my > configurations to see if I can get a better result. > > Also, what is the correct method to bring up my bridge? It seems like > when I run /etc/init.d/netwokring restart, it will come up as it should > sometimes, but sometimes gives me problems, like "eth1 is not a slave of > br0." > > The container appears to run as it should, but I really need it to have > proper networking to fulfil my needs. Any ideas?
I've read the other comments so-far - just one question (and I may have missed it in the other emails): Does the container actually have a default route setup? However I also have a similar setup - 5-port Linux box acting as a router and LXC host, althouh I run PPPoE via an ADSL modem to the ISP. It runs Debian which has very similar config files to what you're presenting - maybe shorewall is based on Debian? (I've no idea - never looked at it) In the host, my /etc/network/interfaces for the bridge unit: auto eth1 iface eth1 inet manual auto br0 iface br0 inet static bridge_ports eth1 bridge_stp off bridge_fd 0 bridge_maxwait 0 address 81.31.100.110 network 81.31.100.104 broadcast 81.31.100.111 netmask 255.255.255.248 My eth1 is currently connected to a single PC (81.31.100.107 but that's not really relevant here) I don't need to do any brctl stuff as Debians network scripts does all that for me, however it does sometimes get confused if I bring the interface down & up again. (or manually fiddle without using ifup/ifdown) My contaners config file looks like: lxc.utsname = bell lxc.network.type = veth lxc.network.flags = up lxc.network.link = br0 lxc.network.hwaddr = 00:00:fc:00:00:01 lxc.network.ipv4 = 81.31.100.108/29 lxc.network.name = eth0 etc. and in the startup script of the contaner (/etc/init.d/rcS) I have: route add default gw 81.31.100.105 and that's it. Just works... So the only thing I've not seen from you is your container having a default route... What does netstat -rn (or route -n, but old habits die hard) in the container show? Gordon ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d _______________________________________________ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users