Hello.
Is it possible to run LXC inside my linodes in a manner so that I can assign IP addresses that are 'visible' from outside the linode hosting the containers?
I have a linode, which has a public IP and private IPs.
I have installed lxc packages (I'm using Ubuntu Trusty) and fired up lxc container with default configuration. That works fine. I got lxcbr0 interface on my linode host, I got iptables rules that do NAT for the lxc network (where lxcbr0 is the gateway), and everything works ok. The lxc gets IP from 10.0.3.0/24 network, and can reach internet (I can ping google and so on). Of course, I can't reach lxc from the internet (without doing port forwarding using iptables or some other means).
Then Linode gave me another (private) IP for my linode, from 192.168.x.x range. I changed my linode host configuration - I added br0 interface which is bridge for eth0:
Code:
root@linodehost:~# cat /etc/network/interfaces
auto lo
iface lo inet loopback
auto br0
iface br0 inet dhcp
bridge_ports eth0
bridge_stp off
auto br0:1
iface br0:1 inet static
address 192.168.aa.bb/17
This is how my routes look:
Code:
root@linodehost:~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 176.58.111.1 0.0.0.0 UG 0 0 0 br0
10.0.3.0 0.0.0.0 255.255.255.0 U 0 0 0 lxcbr0
176.58.111.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
192.168.128.0 0.0.0.0 255.255.128.0 U 0 0 0 br0
root@linodehost:~#
This all works fine, I can access the public ip (176.58.1xx.yyy) of my linode from the internet, and private IP from other linodes.
However when I change my lxc confuration so that it uses br0:
Code:
root@linodehost:~# grep network /var/lib/lxc/ticketshop-dev/config
lxc.network.type = veth
#lxc.network.link = lxcbr0
lxc.network.link = br0
lxc.network.flags = up
lxc.network.hwaddr = 00:16:3e:XX:XX:XX
root@linodehost:~#
And then configure linode-assigned private IP to the container:
Code:
root@lxc01:~# cat /etc/network/interfaces
auto lo
iface lo inet loopback
auto eth0
#iface eth0 inet dhcp
iface eth0 inet static
address 192.168.203.66/17
# netmask 255.255.255.0
gateway 192.168.aa.bb # the private IP address on br0:1 on the host
dns-nameserver 8.8.8.8
root@ticketshop-dev:~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.207.60 0.0.0.0 UG 0 0 0 eth0
192.168.128.0 0.0.0.0 255.255.128.0 U 0 0 0 eth0
I can ping the gateway:
Code:
root@ticketshop-dev:~# ping 192.168.207.60
PING 192.168.207.60 (192.168.207.60) 56(84) bytes of data.
64 bytes from 192.168.207.60: icmp_seq=1 ttl=64 time=0.057 ms
64 bytes from 192.168.207.60: icmp_seq=2 ttl=64 time=0.092 ms
^C
--- 192.168.207.60 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.057/0.074/0.092/0.019 ms
But I can't get out:
Code:
root@ticketshop-dev:~# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
From 192.168.207.60: icmp_seq=2 Redirect Host(New nexthop: 192.168.207.60)
From 192.168.207.60: icmp_seq=3 Redirect Host(New nexthop: 192.168.207.60)
From 192.168.207.60: icmp_seq=4 Redirect Host(New nexthop: 192.168.207.60)
^C
--- 8.8.8.8 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 2999ms
What am I doing wrong? Is such configuration possible on Linode network? I'm assuming that I'm configuring wrong gateway inside my lxc, but I'm not sure what would the proper gateway be?
FAQ
Search
Members
Register
Login [ Anonymous ]
