How to telnet from host to lxc container ip

pm16 · May 3, 2022, 1:32am

I am tryig to migrate from ubuntu 14 to ubuntu 22 .
i have lxc2.0 running on ubuntu 14 and i could telnet to lxc container ips, however when i created a new contained on ubuntu 22 and tring to telnet it says permission denied

telnet> open 10.0.3.70
Trying 10.0.3.70…
telnet: Unable to connect to remote host: Connection refused
what is missing ?

tomp · May 3, 2022, 7:59am

This sounds like it could be a firewall issue.

Can you show output of ip a, ip r on the host and inside the container, along with sudo iptables-save output.

pm16 · May 4, 2022, 12:08am

Hi Tomp,
Thanks for reply.
Please find the output below …
ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp5s0f0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
link/ether a0:36:9f:44:4e:14 brd ff:ff:ff:ff:ff:ff
3: enp5s0f1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
link/ether a0:36:9f:44:4e:15 brd ff:ff:ff:ff:ff:ff
4: enp5s0f2: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
link/ether a0:36:9f:44:4e:16 brd ff:ff:ff:ff:ff:ff
5: enp5s0f3: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
link/ether a0:36:9f:44:4e:17 brd ff:ff:ff:ff:ff:ff
6: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:30:48:a0:37:a2 brd ff:ff:ff:ff:ff:ff
altname enp8s0f0
inet 10.10.127.26/24 metric 100 brd 10.10.127.255 scope global dynamic eno1
valid_lft 748sec preferred_lft 748sec
inet6 fe80::230:48ff:fea0:37a2/64 scope link
valid_lft forever preferred_lft forever

32: wlp1s0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether f8:16:54:46:bc:e8 brd ff:ff:ff:ff:ff:ff
33: wlp2s0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether f8:16:54:37:11:da brd ff:ff:ff:ff:ff:ff
34: wlp3s0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether f8:16:54:41:34:df brd ff:ff:ff:ff:ff:ff
35: wlp4s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether f4:7b:09:ca:d0:d2 brd ff:ff:ff:ff:ff:ff
37: lxcbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:16:3e:00:00:00 brd ff:ff:ff:ff:ff:ff
inet 10.0.3.1/24 brd 10.0.3.255 scope global lxcbr0
valid_lft forever preferred_lft forever
inet6 fe80::216:3eff:fe00:0/64 scope link
valid_lft forever preferred_lft forever
40: veth6cbZXO@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master lxcbr0 state UP group default qlen 1000
link/ether fe:e4:24:90:42:d7 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::fce4:24ff:fe90:42d7/64 scope link
valid_lft forever preferred_lft forever
42: vethpreycG@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master lxcbr0 state UP group default qlen 1000
link/ether fe:4a:46:3b:67:4e brd ff:ff:ff:ff:ff:ff link-netnsid 1
inet6 fe80::fc4a:46ff:fe3b:674e/64 scope link
valid_lft forever preferred_lft forever
umtts@wifi6ts:~$ ip r
default via 10.10.127.1 dev eno1 proto dhcp src 10.10.127.26 metric 100
10.0.3.0/24 dev lxcbr0 proto kernel scope link src 10.0.3.1
10.10.1.220 via 10.10.127.1 dev eno1 proto dhcp src 10.10.127.26 metric 100
10.10.127.0/24 dev eno1 proto kernel scope link src 10.10.127.26 metric 100
10.10.127.1 dev eno1 proto dhcp scope link src 10.10.127.26 metric 100
10.10.127.221 dev eno1 proto dhcp scope link src 10.10.127.26 metric 100
10.20.1.220 via 10.10.127.1 dev eno1 proto dhcp src 10.10.127.26 metric 100
umtts@wifi6ts:~$ sudo iptables-save
[sudo] password for umtts:

Generated by iptables-save v1.8.7 on Tue May 3 23:59:05 2022

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT

Completed on Tue May 3 23:59:05 2022

umtts@wifi6ts:~$ sudo ufw status
Status: inactive

Thanks

tomp · May 4, 2022, 7:39am

I cannot see the ip a output from the container. Also please can you provide the output of ss -tlpn in the container also. Thanks

pm16 · May 5, 2022, 8:38pm

Hi Tomp,
Results From container:
ubuntu@dut1lan2:~$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0@if40: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:16:3e:58:c9:78 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 10.0.3.176/24 metric 100 brd 10.0.3.255 scope global dynamic eth0
valid_lft 3567sec preferred_lft 3567sec
inet6 fe80::216:3eff:fe58:c978/64 scope link
valid_lft forever preferred_lft forever

ip r
default via 10.0.3.1 dev eth0 proto dhcp src 10.0.3.176 metric 100
10.0.3.0/24 dev eth0 proto kernel scope link src 10.0.3.176 metric 100
10.0.3.1 dev eth0 proto dhcp scope link src 10.0.3.176 metric 100

State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 4096 127.0.0.53%lo:53 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*

Thanks

tomp · May 6, 2022, 8:47am

You were trying to connect to 10.0.3.70 but the container is on IP 10.0.3.176

pm16 · May 6, 2022, 7:56pm

Hi Tomp,
It is not static ip . i tried with new IP

umtts@wifi6ts:~$ sudo lxc-ls --fancy
NAME STATE AUTOSTART GROUPS IPV4 IPV6 UNPRIVILEGED
dut1lan2 RUNNING 0 - 10.0.3.176 - false
u1 STOPPED 0 - - - false
umtts@wifi6ts:~$ telnet 10.0.3.176
Trying 10.0.3.176…
telnet: Unable to connect to remote host: Connection refused

btw , ssh works fine , is telnet blocked in latest LXCs ?

Thanks

tomp · May 6, 2022, 8:34pm

You don’t have a telnet service on that ip.

pm16 · May 6, 2022, 10:12pm

Hi Tomp,
I have an old lxc container , i could telnet to that without any issue

pm16 · May 6, 2022, 10:13pm

Hi Tomp,
Have you tried telneting a lxc from the host machine in your setup ?

I created a lxc container on ubuntu22 and started the LXC , it came up some random ip

[sudo] password for pc1:
NAME STATE AUTOSTART GROUPS IPV4 IPV6 UNPRIVILEGED
dut1lan2 RUNNING 0 - 10.0.3.176 - false
u1 STOPPED 0 - - - false
pc1@wifi6ts:~$

now i am trying to telnet to 10.0.3.76 from host machine . what am i missing ?

tomp · May 7, 2022, 5:38am

Your ss output shows no Telnet service running inside your container, hence connection refused.

pm16 · May 9, 2022, 2:28pm

Hi Tomp,
I have configured a static IP (10.0.3.102)and started telnet service inside container but now i am getting a diffrent error.

us@wifi6ts:~$ telnet 10.0.3.102
Trying 10.0.3.102…
Connected to 10.0.3.102.
Escape character is ‘^]’.
Connection closed by foreign host.

Image to show telnet is running on lxc.

pm16 · May 10, 2022, 9:40pm

Hi Tomp,
Did you get time to check this?

Thanks

tomp · May 11, 2022, 7:26am

I’m not familiar with running telnetd, have you checked your logs inside the container?
It seems like the port is open now, but the service is hanging.

pm16 · May 11, 2022, 8:54pm

Hi Tomp ,
Looks this file had an error “/etc/xinetd.conf” ;
i fix that by checking the status using
“sudo systemctl status inetd” and
restarted the service using
“sudo /etc/init.d/xinetd restart”

Thanks,
Pankaj