I have two Virtual Machine both installed Ubuntu 16.04.6. and first VM installed LXC container. the network between container and its hosting machine is OK. but the second VM cannot reach&ping the container on first VM.
the default.conf for lxc is below.
root@openstack-1:~# cat /etc/lxc/default.conf
lxc.network.type = veth
lxc.network.name = eth0
lxc.network.link = lxcbr0
lxc.network.flags = up
lxc.network.hwaddr = 00:16:3e:xx:xx:xx
the dnsmasq config for lxc is below.
root@openstack-1:~# cat /etc/dnsmasq.d-available/lxc
# Tell any system-wide dnsmasq instance to make sure to bind to interfaces
# instead of listening on 0.0.0.0
# WARNING: changes to this file will get lost if lxc is removed.
bind-interfaces
except-interface=lxcbr0
Has been blocked here for a long time, is there anyone know the reason?
Your containers appear to be on a standalone lxcbr0 bridge which NATs to the outside.
So containers will have outgoing connectivity just fine, but unless you’ve configured your network to route that private subnet to the VM hosting the containers, you can’t have other systems reach the containers.
I have used the following 3 ways of connecting from host A to container C of host H. Assuming that the IP address of C is 10.20.1.2, then:
Via a router configuration. If both A and H are on the same LAN and you have a configurable router on that LAN, perhaps you can configure the router to route packets for the host H LXC network (10.20.1.x), via H. This would then work for any host A on the same LAN.
You can configure host A to route packets to (10.20.1.x) via host H:
route add -net 10.20.1.0 netmask 255.255.255.0 gw H
Public hosts can reach C indirectly by configuring DNAT on host H, using a firewall. I use shorewall to map port 22 (SSH) of each container to a separate port on host H. I also typically map port 80 (HTTP) and 443 (HTTPS) to a container that runs haproxy and forwards each request to another container, based on the host header or other properties of the request.