LXC containers LAN and Internet Access

Riley · May 28, 2018, 1:21pm

Hi. I am new to LXC. I am struggling to get networking setup correctly on my LXC host.

My lxc host is behind a nginx gateway running on different server. So I want traffic to sent to containers from GW -> host -> container.

On the host my network config:

auto eth0
iface eth0 inet manual

auto br0
iface br0 inet static
    address 10.0.0.10
    network 10.0.0.0
    gateway 10.0.0.1
    broadcast 10.0.0.255
    netmask 255.255.255.0
    dns-nameservers 8.8.8.8 8.8.4.4
    bridge_ports eth0
    bridge_fd 0
    bridge_maxwait 0

and on my container I specify Static IP and set lxc host as gateway.

I can ping host and containers and the other way. However I dont have any LAN (10.0.0.0) and Internet access from containers.

The containers are using the correct network profile:

I have enabled IP Forwarding on the LXC host and tried different iptables examples as found on internet, but no luck.

Can someone please assist me as this is driving me up the wall.

stgraber · May 28, 2018, 2:19pm

A few things to check that may help:

If the host is a virtual machine, there may be some MAC filtering going on at the VM layer
Check with tcpdump that your traffic is properly headed out of your host to your other machines
The other machines likely won’t have your host (10.0.0.10 ) as their gateway for the containers and will instead go through 10.0.0.1 so you should make sure that 10.0.0.1 can reach your containers properly.

Maniaxx · May 28, 2018, 9:15pm

Most containers don’t come with a /etc/resolv.conf. Try to ping 8.8.8.8. If it works populate it with something like this:

nameserver 8.8.8.8
nameserver 8.8.4.4

Riley · May 29, 2018, 9:10am

Hi Stéphane. The container host is running is a VM running on a Hyper-V host. I have checked with tcpdump on the host and already confirmed that there was traffic going out and coming in. I have already also checked that GW (10.0.0.1) are not able to reach containers, but only the host.

Riley · May 29, 2018, 9:13am

Hi Maniaxx. My resolv.conf is being generated by network interfaces on the container and already have those nameservers added. What is really weird is when I do a trace to 8.8.8.8 it goes through the gateway(10.0.0.1) , but I am unable to ping my gateway (10.0.0.1).

This is my container network config:

auto eth0
iface eth0 inet static
	address 10.0.0.122
	netmask 255.255.255.0
	gateway 10.0.0.10
	dns-nameservers 8.8.8.8 8.8.4.4

Maniaxx · May 29, 2018, 4:32pm

You maybe need to set a route in the gateway that says that 10.0.0.122 is reachable over 10.0.0.10.