I spent the day to understand what/where I could investigate but I am blocked, and need advice.
I was using LXD 3.01 on Debian buster, and this worked perfectly well.
My installation ( lxc, lxd) was built from the git repo sources, which I did ‘myself’ (read the doc and ran the commands :))
I upgraded my Debian host lately (stretch now running with kernel 4.19), and did not pay attention to my containers outgoing connections, and besides this, everything was OK.
Last Friday I needed to connect from my containers to external sites and discovered that outgoing connection was not working anymore.
I updated and rebuild lxc/lxd with the latest releases: now 3.9/3.1 but this did not clear out the issue.
Since my Debian Stretch was upgraded with kernel 4.19 I tried to figure out what changed in Debian that could broke my outgoing connections. But did not find out.
I recreated new containers and new connections but this did not work neither.
I run the following commands (from How to add a network interface in lxc?)
- lxc network create br-c1
- lxc init ubuntu:16.04 c1
- lxc config device add c1 eth0 nic nictype=bridged parent=br-c1 name=eth0
- lxc start c1
The container has an IP address, I can ping it from my host, but cannot ping outside
root@c1:~# ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:16:3e:22:1f:ad
inet addr:10.119.57.88 Bcast:10.119.57.255 Mask:255.255.255.0
inet6 addr: fe80::216:3eff:fe22:1fad/64 Scope:Link
inet6 addr: fd42:93fd:fa8e:bfdd:216:3eff:fe22:1fad/64 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:732 errors:0 dropped:0 overruns:0 frame:0
TX packets:139 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:85924 (85.9 KB) TX bytes:11575 (11.5 KB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
tcdump from my host while pinging linuxcontainers and this is the different outputs:
root@c1:~# ping linuxcontainers.org -c 3
PING linuxcontainers.org (149.56.148.5) 56(84) bytes of data.
— linuxcontainers.org ping statistics —
3 packets transmitted, 0 received, 100% packet loss, time 2027ms
$host> sudo tcpdump -i br-c1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on br-c1, link-type EN10MB (Ethernet), capture size 262144 bytes
16:08:13.846944 IP 10.119.57.88.45966 > oa25367-ux.domain: 10371+ A? linuxcontainers.org. (37)
16:08:13.849147 IP oa25367-ux.domain > 10.119.57.88.45966: 10371 1/0/0 A 149.56.148.5 (53)
16:08:13.849412 IP 10.119.57.88 > rproxy.stgraber.org: ICMP echo request, id 437, seq 1, length 64
16:08:14.853173 IP 10.119.57.88 > rproxy.stgraber.org: ICMP echo request, id 437, seq 2, length 64
16:08:15.877135 IP 10.119.57.88 > rproxy.stgraber.org: ICMP echo request, id 437, seq 3, length 64
16:08:18.853078 ARP, Request who-has 10.119.57.88 tell oa25367-ux, length 28
16:08:18.853085 ARP, Request who-has oa25367-ux tell 10.119.57.88, length 28
16:08:18.853134 ARP, Reply oa25367-ux is-at fe:33:ad:9c:9e:87 (oui Unknown), length 28
16:08:18.853135 ARP, Reply 10.119.57.88 is-at 00:16:3e:22:1f:ad (oui Unknown), length 28
How can I help and be helped to clarify this kind of issue?
Thanks in advance for your support.