Search code examples
ubuntucontainerslxc

LXC. Container's IP from the same network as host

I am trying LXC. Now I want to assign IP to guest (container) from the same network as a LXC host. As host OS I use Ubuntu 14.04.3, and as guest - Ubuntu 15.10.

LXC host machine uses my home router for Internet accessing (default gateway), LXC host has IP - 192.168.1.50 (network - 192.168.1.0/24), and gateway (router) address - 192.168.1.1.

So now I want to assign 192.168.1.51 from the same network to LXC guest. For this purpose I've configured br0 interface on host LXC machine:

root@lxc-host:~# cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet manual

auto br0
iface br0 inet static
        address 192.168.1.50
        netmask 255.255.255.0
        gateway 192.168.1.1
        dns-nameservers 8.8.8.8
        bridge_ports eth0
        bridge_stp off
        bridge_fd 0
        bridge_maxwait 0

After this configuration Internet and internal network is working:

root@lxc-host:~# ifconfig
br0       Link encap:Ethernet  HWaddr 08:00:27:5a:39:b5
          inet addr:192.168.1.50  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fe5a:39b5/64 Scope:Link
          inet6 addr: fdee:cbcd:a595:0:a00:27ff:fe5a:39b5/64 Scope:Global
          inet6 addr: fdee:cbcd:a595:0:91b8:6067:2b5c:e58d/64 Scope:Global
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:5001 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2094 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:613920 (613.9 KB)  TX bytes:307810 (307.8 KB)

eth0      Link encap:Ethernet  HWaddr 08:00:27:5a:39:b5
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:4964 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2109 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:681460 (681.4 KB)  TX bytes:316156 (316.1 KB)

...

root@lxc-host:~#

According to this docs, I have changed container configuration (u1 is my ubuntu container) to such view:

root@lxc-host:~# cat /var/lib/lxc/u1/config
# Template used to create this container: /usr/share/lxc/templates/lxc-download
# Parameters passed to the template:
# For additional config options, please look at lxc.container.conf(5)

# Distribution configuration
lxc.include = /usr/share/lxc/config/ubuntu.common.conf
lxc.arch = x86_64

# Container specific configuration
lxc.rootfs = /var/lib/lxc/u1/rootfs
lxc.utsname = u1

# Network configuration
lxc.network.type = veth
lxc.network.link = br0
lxc.network.flags = up
lxc.network.hwaddr = 00:16:3e:a1:c2:fe
lxc.network.ipv4 = 192.168.1.51/24

# define a gateway to have access to the internet
lxc.network.ipv4.gateway = 192.168.1.1

And network configuration of container now looks like this:

root@lxc-host:~# cat /var/lib/lxc/u1/rootfs/etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
address 192.168.1.51
netmask 255.255.255.0
gateway 192.168.1.1
dns-nameservers 8.8.8.8
root@lxc-host:~#

After container reboot, eth0 is really uses 192.168.1.51, container can ping LXC host IP 192.168.1.50 but can't ping any other IPs including internal IPs like gateway 192.168.1.1 and so on.

root@u1:~# ip a
1: lo...
5: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:16:3e:a1:c2:fe brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.51/24 brd 192.168.1.255 scope global eth0
...

root@u1:~# ping 192.168.1.50
PING 192.168.1.50 (192.168.1.50) 56(84) bytes of data.
64 bytes from 192.168.1.50: icmp_seq=1 ttl=64 time=0.064 ms
64 bytes from 192.168.1.50: icmp_seq=2 ttl=64 time=0.064 ms
^C
--- 192.168.1.50 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.064/0.064/0.064/0.000 ms

root@u1:~# ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
From 192.168.1.51 icmp_seq=1 Destination Host Unreachable
From 192.168.1.51 icmp_seq=2 Destination Host Unreachable
From 192.168.1.51 icmp_seq=3 Destination Host Unreachable
^C
--- 192.168.1.1 ping statistics ---
4 packets transmitted, 0 received, +3 errors, 100% packet loss, time 2999ms
pipe 3

root@u1:~# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
^C
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 1999ms

root@u1:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 eth0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
root@u1:~#

Where am I wrong? Apparmor is stopped, iptables is clean on LXC host.

Solution

  • This problem was related to Virtualbox visualization (but I know that some people have problems like this with Hyper-V).

    Looks like LXC cant share br0 interface in such cases.

    With real hardware I have no problems anymore.