Quoting Randy Wilson (randyedwil...@gmail.com): > Hi, > > Here's a brief summary of the issue, as this is quite a lengthy post: > > * Ubuntu 12.04 host with eth0 bridged with br0 and lxcbr0 not used > * Ubuntu 12.04 container configured with macvlan, > lxc-container-with-nesting AppArmor profile running LXC with lxcbr0 > configured on 10.16.0.1/12 > * Ubuntu 12.04 nested container with veth configured on 10.16.4.76/12 > with default AppArmor profile > * Nested container's external communication is received by the remote > end but the response is not routed back from the first container to > the nested container. > > > The full details: > > I've followed Stéphane Graber's excellent guide to create a nested > container on Ubuntu 12.04: > > https://www.stgraber.org/2012/05/04/lxc-in-ubuntu-12-04-lts/ > > The only difference with my setup is that the host does not make use > of the lxcbr0 bridge and the first level container uses macvlan > networking: > > host# cat /etc/network/interfaces > ... > iface eth0 inet manual > > auto br0 > iface br0 inet static > address xx.xx.xx.12 > netmask 255.255.255.0 > gateway xx.xx.xx.1 > dns-nameservers 8.8.8.8 > bridge_ports eth0 > ... > > host# cat /var/lib/lxc/first/config > lxc.network.type = macvlan > lxc.network.macvlan.mode = bridge > lxc.network.link = br0
This is your problem. Yes, the first container works - and I'm surprised that it does, actually The nested container will work fine if you don't bridge eth0. It's not just network containers that fail, manually creating a veth pair and passing into a fresh network namespace also results in inability to reach the host from the new net_ns. I don't know whether this would be a bug in the bridging or macvlan code, or just a result of the weirdness that is macvlan. -serge ------------------------------------------------------------------------------ Free Next-Gen Firewall Hardware Offer Buy your Sophos next-gen firewall before the end March 2013 and get the hardware for free! Learn more. http://p.sf.net/sfu/sophos-d2d-feb _______________________________________________ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
