Hello,
I often have the issue that my lxc container is not able to connect to the internet, when I check with lxc list I am not able to see an IPv4 IP address (IPv6 is still available) which I lost, because when I started with my configuration within the container (for example installing an nginx) I was able to connect to the internet.
My problem is that I am not able to describe on which action I loose this IP address. All I can say is that I need to reboot the host in order to give the container an IP address. Simple start and stop the container does not solve the issue. Furthermore when I see the problem I didn’t change any settings on the IP address.
Hi Marc,
Could you post the output of your those two commands?
lxc network ls
and lxc network show <managed_network_name>
Regards.
Hello cemzafer,
please find the output requested from your side:
$ lxc network ls
+--------+----------+---------+-------------+---------+
| NAME | TYPE | MANAGED | DESCRIPTION | USED BY |
+--------+----------+---------+-------------+---------+
| enp4s0 | physical | NO | | 0 |
+--------+----------+---------+-------------+---------+
| lxdbr0 | bridge | YES | | 3 |
+--------+----------+---------+-------------+---------+
$ lxc network show lxdbr0
config:
ipv4.address: 10.215.253.1/24
ipv4.nat: "true"
ipv6.address: fd42:401d:5157:5e51::1/64
ipv6.nat: "true"
description: ""
name: lxdbr0
type: bridge
used_by:
- /1.0/instances/Ubuntu2004-Master
- /1.0/instances/lxc1
- /1.0/profiles/default
managed: true
status: Created
locations:
- none
$ lxc list
+-------------------+---------+------+-----------------------------------------------+-----------+-----------+
| NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS |
+-------------------+---------+------+-----------------------------------------------+-----------+-----------+
| Ubuntu2004-Master | STOPPED | | | CONTAINER | 4 |
+-------------------+---------+------+-----------------------------------------------+-----------+-----------+
| lxc1 | RUNNING | | fd42:400d:5141:5c51:216:3eff:fead:7a5d (eth0) | CONTAINER | 4 |
+-------------------+---------+------+-----------------------------------------------+-----------+-----------+
I changed a couple of numbers within the IPv6 IP, so please ignore it.
Thanks for the outputs, what is the distribution that not getting the ipv4 address?
Regards.
The lxc1 container. Please have a look at my output. There is a IPV6 but no IPV6 address.
To make the story short you can overcome that problem as follows,
lxc exec lxc1 bash
and execute the dhclient -v eth0 in the container. I’m asking what kind of distribution that lxc1 is? I mean Centos, Fedora, Debian, Ubuntu. I’m not an expert but that could be NetworkManager bug. I assume that problem exist just on RedHat based distributons.
Regards.
I am sorry I missunderstood your question. The lxc1 is a Ubuntu 20.04.
I use zsh within the container, therefore I used the following command to login.
$ lxc exec lxc1 -- sudo /bin/zsh
For me it seems to be that the container does not receive any IP address.
# dhclient -v eth0 1 ⨯
Internet Systems Consortium DHCP Client 4.4.1
Copyright 2004-2018 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Listening on LPF/eth0/00:16:3e:xx:xx:xx
Sending on LPF/eth0/00:16:3e:xx:xx:xx
Sending on Socket/fallback
DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 3 (xid=0xd72d6b3f)
DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 8 (xid=0xd72d6b3f)
DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 9 (xid=0xd72d6b3f)
DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 14 (xid=0xd72d6b3f)
DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 14 (xid=0xd72d6b3f)
DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 20 (xid=0xd72d6b3f)
DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 15 (xid=0xd72d6b3f)
DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 13 (xid=0xd72d6b3f)
DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 21 (xid=0xd72d6b3f)
DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 10 (xid=0xd72d6b3f)
...
Humm strange, are you sure dnsmasq running on the host?
What is the output of this command? ps -fauxx | grep -i dnsmasq
Looks good for me
$ ps -fauxx | grep -i dnsmasq
xxxxxx 1476435 0.0 0.0 6644 704 pts/0 S+ 21:23 0:00 \_ grep --color=auto -i dnsmasq
lxd 1898 0.0 0.0 43640 3440 ? Ss Aug02 0:01 \_ dnsmasq --keep-in-foreground --strict-order --bind-interfaces --except-interface=lo --pid-file= --no-ping --interface=lxdbr0 --quiet-dhcp --quiet-dhcp6 --quiet-ra --listen-address=10.215.253.1 --dhcp-no-override --dhcp-authoritative --dhcp-leasefile=/var/snap/lxd/common/lxd/networks/lxdbr0/dnsmasq.leases --dhcp-hostsfile=/var/snap/lxd/common/lxd/networks/lxdbr0/dnsmasq.hosts --dhcp-range 10.215.253.2,10.215.253.254,1h --listen-address=fd42:400d:5167:5c51::1 --enable-ra --dhcp-range ::,constructor:lxdbr0,ra-stateless,ra-names -s lxd --interface-name _gateway.lxd,lxdbr0 -S /lxd/ --conf-file=/var/snap/lxd/common/lxd/networks/lxdbr0/dnsmasq.raw -u lxd -g lxd
Can I get the output of the ss -tlnp
output?
Do you want the listen ports for the host or the container ?
Please find the output for my host.
$ ss -tlnp
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 32 10.215.253.1:53 0.0.0.0:*
LISTEN 0 4096 127.0.0.53%lo:53 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 32 [fd42:xxxx:xxxx:xxxx::1]:53 [::]:*
LISTEN 0 128 [::]:22 [::]:*
Can you post the output of sudo lsof -i :53
as well on the host? Also which distribution are you using on host?
Thanks.
Hi,
please find the output from my host
# lsof -i :53
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
systemd-r 1457 systemd-resolve 12u IPv4 23131 0t0 UDP localhost:domain
systemd-r 1457 systemd-resolve 13u IPv4 23132 0t0 TCP localhost:domain (LISTEN)
dnsmasq 1898 lxd 8u IPv4 25355 0t0 UDP <host-name>:domain
dnsmasq 1898 lxd 9u IPv4 25356 0t0 TCP <host-name>:domain (LISTEN)
dnsmasq 1898 lxd 10u IPv6 25357 0t0 UDP <host-name>:domain
dnsmasq 1898 lxd 11u IPv6 25358 0t0 TCP <host-name>:domain (LISTEN)
What is that <host-name>
stands for?
Hi,
stands for the official hostname part of the fqdn of my server. For example for the fqdn discuss.linuxcontainers.org the word “discuss” would be the .
I am sorry for masking my hostname but I would like to avoid to insert my real existing IP and hostnames.
Humm, then everything seems good to me, maybe an expert has idea about that issue.
One last thing, what is your host distribution and lxd version?
Are you using any firewall? Can you check it out something may be blockout the port 53? Maybe you can test with tcpdump?
Thanks.
For your first questions: I use Ubuntu 20.04 as host and as OS within the container. I use LXD in version 4.0.7.
Can you check it out systemctl status ufw
and ufw status verbose
outputs?
I don’t use ufw, I use iptables directly but thank you for your hint.
I used a iptables script to reset my iptables rules. This iptables bash script did not include the rule that lxc creates by itself (for example allow tcp port 53 and 67).
Is there a way to force lxd to add this rules to iptables like lxd did after the installation of lxd ?