How to properly configure networkbridge and general networking

uahic · June 19, 2018, 12:06pm

Hello,

I am trying to configure a linux ubuntu server 16.04 with LXD 3.1 such that each container shares the LAN connection of the host.

For that I’ve modified /etc/network/interfaces as followed:

auto o
iface lo inet loopback

auto br0
iface br0 inet dhcp
    bridge-ifaces enp0s31f6
    bridge-ports enp0s31f6
    up ifconfig enp0s31f6 up

iface enp0s31f6 inet manual

Some stuff like ‘apt-get update’ works well, whereas other commands like ‘ping google.com’ fail:

lxc exec c1 – sh -c “ping google.com”

–> ‘PING google.com (216.58.206.14) 56(84) bytes of data.’ but no reply or retries

I wonder if this is an IP routing issue or something else?

Our DHCP server is administrated by another department and not under my control (we use dynamic IPs)

the LXD config of my default profile:

devices:
eth0:
name: eth0
nictype: bridged
parent: br0
type: nic
root: …
used_by:
/1.0/containers/c1

executing ‘lxc exec c1 – ip -4 route’ gives
‘default via 141.21.32.1 dev eth0
141.21.32.0/19 dev eth0 proto kernel scope link src 141.21.63.24’

executing ‘ifconfig br0’ on the host OS gives
br0 Link encap: Ethernet HWaddr b0:6e:bf:36:00:fu:
inet addr: 141.21.47.39 Bcast: 141.21.63.255 Mask 255.255.224.0
inet6 addr: …
inet6 addr: …
inet6 addr: ,…
RX packets: 18900 errors:0 dropped: 0 …
TX packets: 4 errors:0 dropped:0…
RX bytes: … (2.4 MB) TX bytes: … (9.0 KB)

uahic · June 20, 2018, 9:49am

Ok I basically think the problem here is that our firewall (of my institute) is basically blocking incomming connection for the IP adresses of the containers (not for the host though).

So basically I would need to ‘tunnel’/nat all the traffic for WAN through the host’s IP … how could that be achieved? Thank you

simos · June 20, 2018, 3:57pm

You may want to rephrase what you want to achieve here.
The default setup of LXD will get your containers to share the LAN connection of the host, so you do not need to do anything extra. That is, each container will get access to the Internet.

Perhaps you want to install internet services in the containers, and want outsiders to connect to them from the Internet?

uahic · June 22, 2018, 3:45pm

@simos You’re right, I use now the defaults and use NAT and it works perfectly except for offering web services (iptables is not so nice here as I basically offer spawning multiple instances of the same service software) but a single instances worked so far pretty well