Linode Forum :: LXC inside linodes with 'visible' (public and private) IPs

Linode Forum https://forum.linode.com/

LXC inside linodes with 'visible' (public and private) IPs https://forum.linode.com/viewtopic.php?f=19&t=12359	Page 1 of 1

Author:

mrkiMile [ Wed Oct 28, 2015 4:32 pm ]

Post subject:

LXC inside linodes with 'visible' (public and private) IPs

Hello.

Is it possible to run LXC inside my linodes in a manner so that I can assign IP addresses that are 'visible' from outside the linode hosting the containers?

I have a linode, which has a public IP and private IPs.

I have installed lxc packages (I'm using Ubuntu Trusty) and fired up lxc container with default configuration. That works fine. I got lxcbr0 interface on my linode host, I got iptables rules that do NAT for the lxc network (where lxcbr0 is the gateway), and everything works ok. The lxc gets IP from 10.0.3.0/24 network, and can reach internet (I can ping google and so on). Of course, I can't reach lxc from the internet (without doing port forwarding using iptables or some other means).

Then Linode gave me another (private) IP for my linode, from 192.168.x.x range. I changed my linode host configuration - I added br0 interface which is bridge for eth0:

Code:

root@linodehost:~# cat /etc/network/interfaces
auto lo
iface lo inet loopback

auto br0
iface br0 inet dhcp
    bridge_ports eth0
    bridge_stp off

auto br0:1
iface br0:1 inet static
    address 192.168.aa.bb/17

This is how my routes look:

Code:

root@linodehost:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         176.58.111.1    0.0.0.0         UG    0      0        0 br0
10.0.3.0        0.0.0.0         255.255.255.0   U     0      0        0 lxcbr0
176.58.111.0    0.0.0.0         255.255.255.0   U     0      0        0 br0
192.168.128.0   0.0.0.0         255.255.128.0   U     0      0        0 br0
root@linodehost:~#

This all works fine, I can access the public ip (176.58.1xx.yyy) of my linode from the internet, and private IP from other linodes.

However when I change my lxc confuration so that it uses br0:

Code:

root@linodehost:~# grep network /var/lib/lxc/ticketshop-dev/config
lxc.network.type = veth
#lxc.network.link = lxcbr0
lxc.network.link = br0
lxc.network.flags = up
lxc.network.hwaddr = 00:16:3e:XX:XX:XX
root@linodehost:~#

And then configure linode-assigned private IP to the container:

Code:

root@lxc01:~# cat /etc/network/interfaces
auto lo
iface lo inet loopback

auto eth0
#iface eth0 inet dhcp

iface eth0 inet static
        address 192.168.203.66/17
#        netmask 255.255.255.0
        gateway 192.168.aa.bb  # the private IP address on br0:1 on the host
        dns-nameserver 8.8.8.8

root@ticketshop-dev:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.207.60  0.0.0.0         UG    0      0        0 eth0
192.168.128.0   0.0.0.0         255.255.128.0   U     0      0        0 eth0

I can ping the gateway:

Code:

root@ticketshop-dev:~# ping 192.168.207.60
PING 192.168.207.60 (192.168.207.60) 56(84) bytes of data.
64 bytes from 192.168.207.60: icmp_seq=1 ttl=64 time=0.057 ms
64 bytes from 192.168.207.60: icmp_seq=2 ttl=64 time=0.092 ms
^C
--- 192.168.207.60 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.057/0.074/0.092/0.019 ms

But I can't get out:

Code:

root@ticketshop-dev:~# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
From 192.168.207.60: icmp_seq=2 Redirect Host(New nexthop: 192.168.207.60)
From 192.168.207.60: icmp_seq=3 Redirect Host(New nexthop: 192.168.207.60)
From 192.168.207.60: icmp_seq=4 Redirect Host(New nexthop: 192.168.207.60)
^C
--- 8.8.8.8 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 2999ms

What am I doing wrong? Is such configuration possible on Linode network? I'm assuming that I'm configuring wrong gateway inside my lxc, but I'm not sure what would the proper gateway be?

Author:	rfeliciano [ Fri Oct 30, 2015 2:05 pm ]
Post subject:	Re: LXC inside linodes with 'visible' (public and private) IPs
You won't be able to get out on the private network, it's private. You need to have this route changed: 0.0.0.0 192.168.207.60 0.0.0.0 UG 0 0 0 eth0 All traffic not within 192.168.203.66/17 network needs to go to the publically addressable gateway, not the private one. Also, I haven't done it yet myself, but if you have Linode Support assign you a /64 IPv6 pool, you can simply give each container its own IPv6 address that they can use.

Author:	mrkiMile [ Sun Nov 01, 2015 4:20 am ]
Post subject:	Re: LXC inside linodes with 'visible' (public and private) IPs
Yup, that is correct - Linode will need to let me do that. I can get out from the host as that one has public interface. But, what's confusing is that I can't even connect to my other hosts' private IPs.

Page 1 of 1	All times are UTC-04:00
Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/