Vbox nat network to lxc container

tunc · March 17, 2020, 6:55pm

ROUTER : 192.168.2.200
MACOS HOST : 192.168.2.203
UBUNTU VBOX GUEST : 10.0.2.2 vbox nat network
UBUNTU LXC CONTAINER : 10.0.2.3

from guest to 10.0.2.1 => ok
from guest to internet => ok
from guest to 10.0.2.3 => not

from container to 10.0.2.2 => not
from container to internet => not

guest:~$ cat /etc/netplan/50-cloud-init.yaml

# This file is generated from information provided by the datasource.  Changes
# to it will not persist across an instance reboot.  To disable cloud-init's
# network configuration capabilities, write a file
# /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following:
# network: {config: disabled}
network:
    ethernets:
        enp0s3:
            dhcp4: false
            addresses: [10.0.2.2/24]
            gateway4: 10.0.2.1
            nameservers:
                    addresses: [8.8.8.8]
    version: 2

guest:~$ ip a 

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 08:00:27:91:f9:60 brd ff:ff:ff:ff:ff:ff
    inet 10.0.2.2/24 brd 10.0.2.255 scope global enp0s3
       valid_lft forever preferred_lft forever
    inet6 fe80::a00:27ff:fe91:f960/64 scope link 
       valid_lft forever preferred_lft forever

guest:~$ lxc config show container

architecture: x86_64
config:
  volatile.base_image: 36bac3e793822104ccd7af16e3c29b9db0cdd6dfea9e043c23a68217c2f4d61b
  volatile.enp0s3.hwaddr: 00:16:3e:b7:73:b1
  volatile.enp0s3.name: eth0
  volatile.idmap.base: "0"
  volatile.idmap.next: '[{"Isuid":true,"Isgid":false,"Hostid":100000,"Nsid":0,"Maprange":65536},{"Isuid":false,"Isgid":true,"Hostid":100000,"Nsid":0,"Maprange":65536}]'
  volatile.last_state.idmap: '[{"Isuid":true,"Isgid":false,"Hostid":100000,"Nsid":0,"Maprange":65536},{"Isuid":false,"Isgid":true,"Hostid":100000,"Nsid":0,"Maprange":65536}]'
  volatile.last_state.power: RUNNING
devices:
  enp0s3:
    nictype: macvlan
    parent: enp0s3
    type: nic
ephemeral: false
profiles:
- default
stateful: false
description: ""

container:~$ ip a 

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
17: eth0@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 00:16:3e:b7:73:b1 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 10.0.2.3/24 brd 10.0.2.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::216:3eff:feb7:73b1/64 scope link 
       valid_lft forever preferred_lft forever

container:~$ cat /etc/netplan/50-cloud-init.yaml

# This file is generated from information provided by the datasource.  Changes
# to it will not persist across an instance reboot.  To disable cloud-init's
# network configuration capabilities, write a file
# /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following:
# network: {config: disabled}
network:
    version: 2
    ethernets:
        eth0:
            dhcp4: false
            addresses: [10.0.2.3/24]

How can i reach to container via vbox nat network and reach internet from container ?

tomp · March 20, 2020, 9:36am

I got this working OK, here’s my setup:

UBUNTU VBOX GUEST : 10.0.2.15 vbox nat network via DHCP (enp0s3)

ip a show dev enp0s3
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 08:00:27:4c:e2:0f brd ff:ff:ff:ff:ff:ff
    inet 10.0.2.15/24 brd 10.0.2.255 scope global dynamic enp0s3
       valid_lft 86054sec preferred_lft 86054sec
    inet6 fe80::a00:27ff:fe4c:e20f/64 scope link 
       valid_lft forever preferred_lft forever

ip r
default via 10.0.2.2 dev enp0s3 proto dhcp src 10.0.2.15 metric 100 
10.0.2.0/24 dev enp0s3 proto kernel scope link src 10.0.2.15 
10.0.2.2 dev enp0s3 proto dhcp scope link src 10.0.2.15 metric 100

Install LXD and created a container:

lxc init ubuntu:18.04 c1
lxc config device add c1 eth0 nic nictype=macvlan parent=enp0s3
lxc start c1
lxc ls c1
+------+---------+------------------+------+-----------+-----------+
| NAME |  STATE  |       IPV4       | IPV6 |   TYPE    | SNAPSHOTS |
+------+---------+------------------+------+-----------+-----------+
| c1   | RUNNING | 10.0.2.16 (eth0) |      | CONTAINER | 0         |
+------+---------+------------------+------+-----------+-----------+

lxc exec c1 -- ping 8.8.8.8 -c 5
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=63 time=24.2 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=63 time=24.7 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=63 time=24.8 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=63 time=24.2 ms
64 bytes from 8.8.8.8: icmp_seq=5 ttl=63 time=24.9 ms

--- 8.8.8.8 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4011ms
rtt min/avg/max/mdev = 24.229/24.605/24.927/0.337 ms

lxc exec c1 -- ip a show dev eth0
5: eth0@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 00:16:3e:90:b2:4b brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 10.0.2.16/24 brd 10.0.2.255 scope global dynamic eth0
       valid_lft 86152sec preferred_lft 86152sec
    inet6 fe80::216:3eff:fe90:b24b/64 scope link 
       valid_lft forever preferred_lft forever

lxc exec c1 -- ip r
default via 10.0.2.2 dev eth0 proto dhcp src 10.0.2.16 metric 100 
10.0.2.0/24 dev eth0 proto kernel scope link src 10.0.2.16 
10.0.2.2 dev eth0 proto dhcp scope link src 10.0.2.16 metric 100

However pinging from the guest to the container (10.0.2.15 -> 10.0.2.16) cannot work because macvlan doesn’t allow the host to communicate with the container, this isn’t specific to virtualbox, its just how macvlan (and ipvlan) work.

But container -> internet should work (and does in my example), I believe in your setup you are missing the gateway4 setting from the container’s netplan config.

tunc · March 20, 2020, 3:02pm

Thank you for your interest.

What is the correct way to access to container from host.

Actually i need to access to my container from macos.

(macos)Phpstorm -> sftp to container
(internet browser) -> request to container

bridged network is ok for above scenario but ip addresses change according to router.

tomp · March 20, 2020, 3:55pm

If you dont need guest -> container, and only macos -> container, then you can do this:

In container, setup netplan config statically:

network:
    version: 2
    ethernets:
        eth0:
            dhcp4: false
            addresses: [10.0.2.16/24]
            gateway4: 10.0.2.2
            nameservers:
                    addresses: [8.8.8.8]

Then in vbox config for guest, set port forwarding on guest NIC to forward port 22 and port 80 on your local macos machine to 10.0.2.16.

tunc · March 20, 2020, 4:16pm

thank you.

But i can’t connect internet from container

vbox nat network CIDR 10.0.2.0/24

guest netplan yaml
network:
    version: 2
    ethernets:
        enp0s3:
            dhcp4: false
            addresses: [10.0.2.2/24]
            gateway4: 10.0.2.1
            nameservers:
                    addresses: [8.8.8.8]

container netplan yaml
network:
    version: 2
    ethernets:
        eth0:
            dhcp4: false
            addresses: [10.0.2.3/24]
            gateway4: 10.0.2.1
            nameservers:
                    addresses: [8.8.8.8]

lxc eth0 device configuration
eth0:

    nictype: macvlan
    parent: enp0s3 
    type: nic

tomp · March 20, 2020, 4:52pm

You should try re-enabling dhcp4 and removing static config in the container temporarily to see if DHCP is working and giving out a default gateway.

Does internet work from the VM guest though?

tunc · March 20, 2020, 5:19pm

yes internet works in guest.

i enabled dhcp but internet doesn’t work in container

ip r in container 
default via 10.0.2.1 dev eth0 proto dhcp src 10.0.2.6 metric 100 
10.0.2.0/24 dev eth0 proto kernel scope link src 10.0.2.6 
10.0.2.1 dev eth0 proto dhcp scope link src 10.0.2.6 metric 100

ip r in guest
default via 10.0.2.1 dev enp0s3 proto dhcp src 10.0.2.4 metric 100 
10.0.2.0/24 dev enp0s3 proto kernel scope link src 10.0.2.4 
10.0.2.1 dev enp0s3 proto dhcp scope link src 10.0.2.4 metric 100