I am using lxc-net helper script to create lxcbr0 interface. The container gets ip address but internet is not accessible (ping 8.8.8.8 doesn’t work).
The host is connected via wifi (no ethernet ports). How can I get internet access in the host ? I don’t mind if the host and container cannot ping each other.
Host :
sudo ip a show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: usb0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000
link/ether 7e:44:f6:7d:a3:6a brd ff:ff:ff:ff:ff:ff
3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
link/ether 9e:a8:78:c2:6f:aa brd ff:ff:ff:ff:ff:ff
inet 192.168.182.153/24 brd 192.168.182.255 scope global dynamic noprefixroute wlan0
valid_lft 2986sec preferred_lft 2986sec
inet6 2409:40c1:100b:73ec:1a4:8060:6eb0:eac9/64 scope global secondary dynamic
valid_lft 6968sec preferred_lft 6968sec
inet6 2409:40c1:100b:73ec:8116:18fe:aba:d0b1/64 scope global dynamic noprefixroute flags 100
valid_lft 6968sec preferred_lft 6968sec
inet6 fe80::98ce:42d1:1fc2:16f2/64 scope link noprefixroute
valid_lft forever preferred_lft forever
4: lxcbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
link/ether 00:16:3e:00:00:00 brd ff:ff:ff:ff:ff:ff
inet 10.0.3.1/24 scope global lxcbr0
valid_lft forever preferred_lft forever
inet6 fe80::216:3eff:fe00:0/64 scope link
valid_lft forever preferred_lft forever
5: wwan0: <POINTOPOINT,NOARP> mtu 1500 qdisc noop state DOWN qlen 1000
link/[519]
6: wwan1: <POINTOPOINT,NOARP> mtu 1500 qdisc noop state DOWN qlen 1000
link/[519]
7: wwan2: <POINTOPOINT,NOARP> mtu 1500 qdisc noop state DOWN qlen 1000
link/[519]
8: wwan3: <POINTOPOINT,NOARP> mtu 1500 qdisc noop state DOWN qlen 1000
link/[519]
9: wwan4: <POINTOPOINT,NOARP> mtu 1500 qdisc noop state DOWN qlen 1000
link/[519]
10: wwan5: <POINTOPOINT,NOARP> mtu 1500 qdisc noop state DOWN qlen 1000
link/[519]
11: wwan6: <POINTOPOINT,NOARP> mtu 1500 qdisc noop state DOWN qlen 1000
link/[519]
12: wwan7: <POINTOPOINT,NOARP> mtu 1500 qdisc noop state DOWN qlen 1000
link/[519]
13: vethoIpQFm@usb0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master lxcbr0 state UP qlen 1000
link/ether fe:9c:b4:33:51:7c brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc9c:b4ff:fe33:517c/64 scope link
valid_lft forever preferred_lft forever
sudo brctl show
bridge name bridge id STP enabled interfaces
lxcbr0 8000.00163e000000 no vethoIpQFm
sudo cat /var/lib/lxc/swizzin/config
# Template used to create this container: /usr/share/lxc/templates/lxc-download
# Parameters passed to the template:
# For additional config options, please look at lxc.container.conf(5)
# Uncomment the following line to support nesting containers:
#lxc.include = /usr/share/lxc/config/nesting.conf
# (Be aware this has security implications)
# Distribution configuration
lxc.include = /usr/share/lxc/config/common.conf
lxc.arch = linux64
# Container specific configuration
lxc.rootfs.path = dir:/var/lib/lxc/swizzin/rootfs
lxc.uts.name = swizzin
# Network configuration
lxc.net.0.type = veth
lxc.net.0.link = lxcbr0
lxc.net.0.flags = up
lxc.net.0.hwaddr = 00:16:3e:79:63:8c
#lxc.net.0.ipv4.address = 192.168.1.111/24
#lxc.net.0.ipv4.gateway = 192.168.1.1
sudo lxc-checkconfig
LXC version 5.0.3
--- Namespaces ---
Namespaces: enabled
Utsname namespace: enabled
Ipc namespace: enabled
Pid namespace: enabled
User namespace: enabled
Warning: newuidmap is not setuid-root
Warning: newgidmap is not setuid-root
Network namespace: enabled
--- Control groups ---
Cgroups: enabled
Cgroup namespace: enabled
Cgroup v1 mount points:
Cgroup v2 mount points:
- /sys/fs/cgroup
Cgroup device: enabled
Cgroup sched: enabled
Cgroup cpu account: enabled
Cgroup memory controller: enabled
Cgroup cpuset: enabled
--- Misc ---
Veth pair device: enabled, loaded
Macvlan: enabled, not loaded
Vlan: enabled, not loaded
Bridges: enabled, loaded
Advanced netfilter: enabled, loaded
CONFIG_IP_NF_TARGET_MASQUERADE: enabled, not loaded
CONFIG_IP6_NF_TARGET_MASQUERADE: enabled, not loaded
CONFIG_NETFILTER_XT_TARGET_CHECKSUM: enabled, loaded
CONFIG_NETFILTER_XT_MATCH_COMMENT: enabled, not loaded
FUSE (for use with lxcfs): enabled, not loaded
--- Checkpoint/Restore ---
checkpoint restore: enabled
CONFIG_FHANDLE: enabled
CONFIG_EVENTFD: enabled
CONFIG_EPOLL: enabled
CONFIG_UNIX_DIAG: missing
CONFIG_INET_DIAG: enabled
CONFIG_PACKET_DIAG: missing
CONFIG_NETLINK_DIAG: missing
File capabilities: enabled
Note : Before booting a new kernel, you can check its configuration
usage : CONFIG=/path/to/config /usr/bin/lxc-checkconfig
sudo iptables -L -n -v
Chain INPUT (policy ACCEPT 762 packets, 62023 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT 6 -- lxcbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
0 0 ACCEPT 17 -- lxcbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53
0 0 ACCEPT 6 -- lxcbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
2 626 ACCEPT 17 -- lxcbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:67
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT 0 -- * lxcbr0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT 0 -- lxcbr0 * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
cat /etc/os-release
PRETTY_NAME="postmarketOS edge"
NAME="postmarketOS"
VERSION_ID="edge"
VERSION="edge"
ID="postmarketos"
ID_LIKE="alpine"
HOME_URL="https://www.postmarketos.org/"
SUPPORT_URL="https://gitlab.com/postmarketOS"
BUG_REPORT_URL="https://gitlab.com/postmarketOS/pmaports/issues"
LOGO="postmarketos-logo"
uname -a
Linux fortuna3g 6.6.0-msm8916 #4 SMP PREEMPT Tue Mar 26 11:28:06 UTC 2024 aarch64 Linux
Container :
ping 8.8.8.8 does not work but ping to host works.
sudo ip a show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0@if13: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:16:3e:79:63:8c brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 10.0.3.3/24 metric 100 brd 10.0.3.255 scope global dynamic eth0
valid_lft 2661sec preferred_lft 2661sec
inet6 fe80::216:3eff:fe79:638c/64 scope link
valid_lft forever preferred_lft forever
lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 22.04.4 LTS
Release: 22.04
Codename: jammy
uname -r
6.6.0-msm8916
