LXC Container, no Internet access -


i'm setting lxc container on opensuse 42.1 host.

the host has full internet access container hasn't. container can ping host, nothing else on lan or internet.

i think issue how bridge configured on host, can't see how resolve this.

the host has eth0 , br0. br0 has been assigned static ip address etc.

in yast have default ipv4 gateway 192.168.2.1 , device br0

here network detail host

route kernel ip routing table destination     gateway         genmask         flags metric ref    use iface default         gateway.localdo 0.0.0.0         ug    0      0        0 br0 192.168.2.0    *               255.255.255.0   u     0      0        0 br0  netstat -rn kernel ip routing table destination     gateway         genmask         flags   mss window  irtt iface 0.0.0.0         192.168.2.1    0.0.0.0         ug        0 0          0 br0 192.168.2.0    0.0.0.0         255.255.255.0   u         0 0          0 br0  ifconfig -a br0       link encap:ethernet  hwaddr 08:00:27:e5:c3:27             inet addr:192.168.2.197  bcast:192.168.2.255  mask:255.255.255.0           inet6 addr: fe80::a00:27ff:fee5:c327/64 scope:link           broadcast running multicast  mtu:1500  metric:1           rx packets:266675 errors:0 dropped:0 overruns:0 frame:0           tx packets:60989 errors:0 dropped:0 overruns:0 carrier:0           collisions:0 txqueuelen:0            rx bytes:1391858642 (1327.3 mb)  tx bytes:4049229 (3.8 mb)  eth0      link encap:ethernet  hwaddr 08:00:27:e5:c3:27             broadcast running multicast  mtu:1500  metric:1           rx packets:1259099 errors:0 dropped:5 overruns:0 frame:0           tx packets:220712 errors:0 dropped:0 overruns:0 carrier:0           collisions:0 txqueuelen:1000            rx bytes:1449135910 (1382.0 mb)  tx bytes:51279387 (48.9 mb)  lo        link encap:local loopback             inet addr:127.0.0.1  mask:255.0.0.0           inet6 addr: ::1/128 scope:host           loopback running  mtu:65536  metric:1           rx packets:11033 errors:0 dropped:0 overruns:0 frame:0           tx packets:11033 errors:0 dropped:0 overruns:0 carrier:0           collisions:0 txqueuelen:0            rx bytes:968389 (945.6 kb)  tx bytes:968389 (945.6 kb)  vethyw604 link encap:ethernet  hwaddr fe:a8:5f:48:80:7e             inet6 addr: fe80::fca8:5fff:fe48:807e/64 scope:link           broadcast running multicast  mtu:1500  metric:1           rx packets:251 errors:0 dropped:0 overruns:0 frame:0           tx packets:120979 errors:0 dropped:0 overruns:0 carrier:0           collisions:0 txqueuelen:1000            rx bytes:75398 (73.6 kb)  tx bytes:71086180 (67.7 mb)

gateway.localdomain resolves 192.168.2.1

the containers config file is:

lxc.network.type = empty lxc.rootfs = /var/lib/lxc/testlxc/rootfs lxc.include = /usr/share/lxc/config/opensuse.common.conf lxc.arch = x86_64 lxc.utsname = testlxc lxc.mount.auto = cgroup:mixed proc:mixed sys:mixed  lxc.network.type = veth lxc.network.flags = lxc.network.link = br0 lxc.network.name = eth0  lxc.network.hwaddr = 08:00:27:e5:c3:29 lxc.aa_allow_incomplete = 1  lxc.network.ipv4 = 192.168.2.221/24 lxc.network.ipv4.gateway = 192.168.2.197

and it's network details are:

route kernel ip routing table destination     gateway         genmask         flags metric ref    use iface default         192.168.2.197  0.0.0.0         ug    0      0        0 eth0 192.168.2.0    *               255.255.255.0   u     0      0        0 eth0  netstat -rn kernel ip routing table destination     gateway         genmask         flags   mss window  irtt iface 0.0.0.0         192.168.2.197  0.0.0.0         ug        0 0          0 eth0 192.168.2.0    0.0.0.0         255.255.255.0   u         0 0          0 eth0  ifconfig -a eth0      link encap:ethernet  hwaddr 08:00:27:e5:c3:29             inet addr:192.168.2.221  bcast:192.168.2.255  mask:255.255.255.0           inet6 addr: fe80::a00:27ff:fee5:c329/64 scope:link           broadcast running multicast  mtu:1500  metric:1           rx packets:133802 errors:0 dropped:0 overruns:0 frame:0           tx packets:280 errors:0 dropped:0 overruns:0 carrier:0           collisions:0 txqueuelen:1000            rx bytes:78627055 (74.9 mb)  tx bytes:82972 (81.0 kb)  lo        link encap:local loopback             inet addr:127.0.0.1  mask:255.0.0.0           inet6 addr: ::1/128 scope:host           loopback running  mtu:65536  metric:1           rx packets:26 errors:0 dropped:0 overruns:0 frame:0           tx packets:26 errors:0 dropped:0 overruns:0 carrier:0           collisions:0 txqueuelen:0            rx bytes:2152 (2.1 kb)  tx bytes:2152 (2.1 kb)

can advise how can lxc container have full network , internet access.

thanks

have set echo 1 > /proc/sys/net/ipv4/ip_forward on host machine?


Comments

Post a Comment

Popular posts from this blog

Is there a better way to structure post methods in Class Based Views -

i'm using class based views in django , never specify url in ajax calls , omit action parameter in form because know these requests go through post method of class based view. notice view - profile page make many requests depending on user updating on page - post method become convoluted , if/else mess example: def post(self, request, *args, **kwargs): # handle user changing available date if request.post.get('availabledate') != none: self.updateavailabledate(request) return jsonresponse({'result':'success'}) if request.post.get('newprojectname') != none: creative_user = creativeuserprofile.objects.get(id = request.user.id) project = project.create_project(creative_user, request.post['newprojectname']) project.save() return jsonresponse({'projectid': project.id }) if request.post.get('projectimage') != none , request.files['file']: proj...
Read more

performance - Why is XCHG reg, reg a 3 micro-op instruction on modern Intel architectures? -

i'm doing micro-optimization on performance critical part of code , came across sequence of instructions (in at&t syntax): add %rax, %rbx mov %rdx, %rax mov %rbx, %rdx i thought had use case xchg allow me shave instruction , write: add %rbx, %rax xchg %rax, %rdx however, dimay found agner fog's instruction tables , xchg 3 micro-op instruction 2 cycle latency on sandy bridge, ivy bridge, broadwell, haswell , skylake. 3 whole micro-ops , 2 cycles of latency! 3 micro-ops throws off 4-1-1-1 cadence , 2 cycle latency makes worse original in best case since last 2 instructions in original might execute in parallel. now... cpu might breaking instruction micro-ops equivalent to: mov %rax, %tmp mov %rdx, %rax mov %tmp, %rdx where tmp anonymous internal register , suppose last 2 micro-ops run in parallel latency 2 cycles. given register renaming occurs on these micro-architectures, though, doesn't make sense me done way. why wouldn't register renamer ...
Read more

c# - Asp.net web api : redirect unauthorized requst to forbidden page -

im trying redirect unauthorized request forbidden page instead i'm getting forbidden page in response body , how can fix ? here's startup class : app.createperowincontext(storecontext.create); app.createperowincontext<applicationusermanager>(applicationusermanager.create); app.createperowincontext<applicationsigninmanager>(applicationsigninmanager.create); app.usecookieauthentication(new cookieauthenticationoptions { authenticationtype = defaultauthenticationtypes.applicationcookie, expiretimespan = timespan.fromdays(30), }); app.useexternalsignincookie(defaultauthenticationtypes.externalcookie); app.usetwofactorsignincookie(defaultauthenticationtypes.twofactorcookie, timespan.fromminutes(5)); app.usetwofactorrememberbrowsercookie(defaultauthenticationtypes.twofactorrememberbrowsercookie); the method im trying reach : [httpget] [authorize(roles = "admin")] public string getcurrentusername() { return userman...
Read more