I’m trying to have a container get its own ip address from my lan and I’ve been searching around for a bit. I’m trying to use a routed nic since the host itself is using a wireless interface, but I can’t get it working.
The host is running Ubuntu 22.04 LTS on arm64, and it is a fresh install. I have no firewall running on the host, the default policy for input and forward is accept and I don’t have any additional rule set.
This is the configuration of the container:
architecture: aarch64
config:
image.architecture: arm64
image.description: ubuntu 20.04 LTS arm64 (release) (20220824)
image.label: release
image.os: ubuntu
image.release: focal
image.serial: "20220824"
image.type: squashfs
image.version: "20.04"
user.network-config: |
version: 2
ethernets:
eth0:
addresses: [192.168.1.171/32]
nameservers:
addresses: [8.8.8.8, 1.1.1.1]
routes:
- to: 0.0.0.0/0
via: 169.254.0.1
on-link: true
volatile.base_image: bdf8596e0d90c6d1762800f5fa860a61fb82ab28bf83b17f28b737759e473871
volatile.cloud-init.instance-id: d13f9cdb-6ef2-42f8-91f4-046f4d70e76e
volatile.eth0.hwaddr: 00:16:3e:52:25:2b
volatile.eth0.name: eth0
volatile.idmap.base: "0"
volatile.idmap.current: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
volatile.idmap.next: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
volatile.last_state.idmap: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
volatile.last_state.power: STOPPED
volatile.uuid: a9d2281b-4aa7-4bb1-8573-fc8bdc1cfe42
devices:
eth0:
ipv4.address: 192.168.1.171
nictype: routed
parent: wlan0
type: nic
ephemeral: false
profiles:
- default
stateful: false
description: ""
Both “lxc ls” on the host and “ip a” inside the container report the correct ip address:
+------+---------+----------------------+------+-----------+-----------+
| NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS |
+------+---------+----------------------+------+-----------+-----------+
| test | RUNNING | 192.168.1.171 (eth0) | | CONTAINER | 0 |
+------+---------+----------------------+------+-----------+-----------+
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
6: eth0@if7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:16:3e:52:25:2b brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 192.168.1.171/32 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::216:3eff:fe52:252b/64 scope link
valid_lft forever preferred_lft forever
I’m able to ping the container from the host and vice-versa, but I can’t ping anything else from the container, even in my lan, and I can’t ping the container from any other device.
This is the output of “ip r”
container:
default via 169.254.0.1 dev eth0 proto static onlink
host:
default via 192.168.1.1 dev wlan0 proto static
192.168.1.0/24 dev wlan0 proto kernel scope link src 192.168.1.170
192.168.1.171 dev vethe3252996 scope link
I’ve found several threads about routed networking, but I couldn’t manage to get it working.
I’ve also tried ipvlan but the results were exactly the same.