Hi there. I’ve been trying to setup an environment where my host machine remains exposed to the internet and my containers host services, with the host acting as a proxy for traffic coming in. The issue I’m encountering is that my containers will not connect to the internet. To clarify, I’m not speaking about traffic going into the container from the internet, rather I’m talking about the container connecting to the internet to perform basic functions such as pinging google or updating packages.
Both the container and host environment are on ubuntu 16.04 LTS and the container is able to successfully ping the host and any other containers I happen to create. I have tried various solutions found online using google that involve creating iptables rules for routing traffic to and from the container, to no avail. Otherwise this is a fresh out-of-the-box install.
Oddly enough, in all of my testing environments save for one, this occurs. The one environment where the container is able to reach the internet without any additional configuration past lxd init is a home hosted setup with a modem/router acting as the network’s DHCP server, which is the only thing I can think of that could influence the container in such a way to provide internet access.
To clarify, the hosts have no issue with connecting to the internet. Only the containers do.
EDIT To clarify again, the hosts are also containers, so that’s nested containers. The 2nd layer of nesting cannot reach the internet, with the exception of that home hosted setup I mentioned earlier.
Hi. I tried this just now, and it didn’t do anything. Except when I placed it above the existing nameserver (the lxd host), it would stop resolving domains.
If using macvlan, sometimes macvlan doesn’t stack well and drops traffic (but that should drop all of it)
If using a bridge on the physical host and then a bridge in the host containers, then maybe there’s some kind of subnet conflict going on which would ultimately break routing.
Somewhat similar to the previous one, but maybe you’re missing a layer of NAT somewhere in there.
It’d be useful to know the LXD release used on the physical host and on the host containers as well as the network setup in place including subnets at every level and any iptables rules in place.
inside the lxc containers a standard lxd init is preformed creating the default lxdbr0 bridge inside the container.
Creating a lxc container using default settings, the nested containers does not recieve internet (lxc launch ubunbu:16.04)
Created a container with the macvlan profile and nesting support, and it successfully got the network settings from DHCP (my LAN router). If you are using static network settings, you need to make sure that the IP address, the route and the DNS are OK.
Inside the nested container, I configured LXD with the default settings for nested containers.
I created a container inside the nested container, and that container had access to the Internet.
I believe your issue is with your static network settings of the nested container. What you need to do, is write here in detail how you set up statically the network settings of the nested containers.