0

I just started to experiment with LXC containers. I was able to create a container and start it up but I cannot get dhcp to assign the container an IP address. If I assign a static address the container can ping the host IP but not outside the host IP.

The host is CentOS 6.5 and the guest is Ubuntu 14.04LTS. I used the template downloaded by lxc-create -t download -n cn-01 command.

If I am trying to get an IP address on the same subnet as the host I don't believe I should need the IP tables rule for masquerading but I added it anyways. Same with IP forwarding.

I compiled LXC by hand from the following source https://linuxcontainers.org/downloads/lxc-1.0.4.tar.gz

Host Operating System Version 

#> cat /etc/redhat-release 
CentOS release 6.5 (Final)

#> uname -a
Linux localhost.localdomain 2.6.32-431.20.3.el6.x86_64 #1 SMP Thu Jun 19 21:14:45 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux

Container Config

#> cat /usr/local/var/lib/lxc/cn-01/config 
# Template used to create this container: /usr/local/share/lxc/templates/lxc-download
# Parameters passed to the template:
# For additional config options, please look at lxc.container.conf(5)

# Distribution configuration
lxc.include = /usr/local/share/lxc/config/ubuntu.common.conf
lxc.arch = x86_64

# Container specific configuration
lxc.rootfs = /usr/local/var/lib/lxc/cn-01/rootfs
lxc.utsname = cn-01

# Network configuration
lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = br0

LXC default.confu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:12:30:f2 brd ff:ff:ff:ff:f

#> cat /usr/local/etc/lxc/default.conf 
lxc.network.type = veth
lxc.network.link = br0
lxc.network.flags = up


#> lxc-checkconfig 
Kernel configuration not found at /proc/config.gz; searching...
Kernel configuration found at /boot/config-2.6.32-431.20.3.el6.x86_64
--- Namespaces ---
Namespaces: enabled
Utsname namespace: enabled
Ipc namespace: enabled
Pid namespace: enabled
User namespace: enabled
Network namespace: enabled
Multiple /dev/pts instances: enabled

--- Control groups ---
Cgroup: enabled
Cgroup namespace: enabled
Cgroup device: enabled
Cgroup sched: enabled
Cgroup cpu account: enabled
Cgroup memory controller: /usr/local/bin/lxc-checkconfig: line 103: [: too many arguments
enabled
Cgroup cpuset: enabled

--- Misc ---
Veth pair device: enabled
Macvlan: enabled
Vlan: enabled
File capabilities: /usr/local/bin/lxc-checkconfig: line 118: [: -gt: unary operator expected

Note : Before booting a new kernel, you can check its configuration
usage : CONFIG=/path/to/config /usr/local/bin/lxc-checkconfig

Network Config (HOST)

#> cat /etc/sysconfig/network-scripts/ifcfg-br0 
DEVICE=br0
TYPE=Bridge
BOOTPROTO=dhcp
ONBOOT=yes

#> cat /etc/sysconfig/network-scripts/ifcfg-eth0 
DEVICE=eth0
ONBOOT=yes
TYPE=Ethernet
IPV6INIT=no
USERCTL=no
BRIDGE=br0

#> cat /etc/networks 
default 0.0.0.0
loopback 127.0.0.0
link-local 169.254.0.0


#> ip a s
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:12:30:f2 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::20c:29ff:fe12:30f2/64 scope link 
       valid_lft forever preferred_lft forever
3: pan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN 
    link/ether 42:7e:43:b3:61:c5 brd ff:ff:ff:ff:ff:ff
4: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN 
    link/ether 00:0c:29:12:30:f2 brd ff:ff:ff:ff:ff:ff
    inet 10.60.70.121/24 brd 10.60.70.255 scope global br0
    inet6 fe80::20c:29ff:fe12:30f2/64 scope link 
       valid_lft forever preferred_lft forever
12: vethT6BGL2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether fe:a1:69:af:50:17 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::fca1:69ff:feaf:5017/64 scope link 
       valid_lft forever preferred_lft forever


#> brctl show
bridge name bridge id       STP enabled interfaces
br0     8000.000c291230f2   no      eth0
                        vethT6BGL2
pan0        8000.000000000000   no  

#> cat /proc/sys/net/ipv4/ip_forward 
1

# Generated by iptables-save v1.4.7 on Fri Jul 11 15:11:36 2014
*nat
:PREROUTING ACCEPT [34:6287]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -o eth0 -j MASQUERADE 
COMMIT
# Completed on Fri Jul 11 15:11:36 2014

Network Config (Container) 

#> cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet dhcp

#> ip a s
11: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 02:69:fb:42:ee:d7 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::69:fbff:fe42:eed7/64 scope link 
       valid_lft forever preferred_lft forever
13: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
digitaladdictions
  • 1,465
  • 1
  • 11
  • 29
  • Forgot to mention that the host CentOS 6.5 machine is actually a vmware fusion VM on my macbook pro. The network adapter is bridged though and the host gets a IP from the network DHCP not from VMware. I am not trying to do any weird double NAT stuff or anything. – digitaladdictions Jul 11 '14 at 22:01

2 Answers2

2

This is a limitation of virtualized network you're using under VMware. Bridge adds a possibility for virtual machine to appear on the network with it's own MAC. But hypervisor know nothing about these additional MAC-s. Under VirtualBox it can be resolved by going into VM's Network settings and allowing Promiscuous Mode on bridged interface. Similar option exists for VMware involving setting permissions on vmnet interface(s). You can also create a new VM in VirtualBox using existing disk VMDK file from VMware.

Arkadi Shishlov
  • 151
  • 4
1

Try this: (source: http://www.linuxfoundation.org/collaborate/workgroups/networking/bridge#No_traffic_gets_trough_.28except_ARP_and_STP.29)

No traffic gets trough (except ARP and STP)

Your kernel might have ethernet filtering (ebtables, bridge-nf, arptables) enabled, and traffic gets filtered. The easiest way to disable this is to go to /proc/sys/net/bridge. Check if the bridge-nf-* entries in there are set to 1; in that case, set them to zero and try again.

 cd /proc/sys/net/bridge
 ls bridge-nf-call-arptables bridge-nf-call-iptables bridge-nf-call-ip6tables bridge-nf-filter-vlan-tagged
 for f in bridge-nf-*; do echo 0 > $f; done
Oli
  • 1,791
  • 17
  • 27
rsenk330
  • 126
  • 4