Networking issues in LXC Container

Strive · March 22, 2020, 12:43pm

Hi,

I followed the link [https://openwrt.org/docs/guide-user/virtualization/virtualbox-vm] and created a VM inside Virtual Box.

The VMs Configurations are as follows:

lxc-checkconfig
--- Namespaces ---
Namespaces: enabled
Utsname namespace: enabled
Ipc namespace: enabled
Pid namespace: enabled
User namespace: enabled
Network namespace: enabled

--- Control groups ---
Cgroups: enabled

Cgroup v1 mount points: 
/sys/fs/cgroup

Cgroup v2 mount points: 

Cgroup v1 systemd controller: /usr/bin/lxc-checkconfig: line 167: printf \033[1;31m: not found

Cgroup v1 freezer controller: /usr/bin/lxc-checkconfig: line 174: printf \033[1;31m: not found

Cgroup v1 clone_children flag: enabled
Cgroup device: enabled
Cgroup sched: enabled
Cgroup cpu account: enabled
Cgroup memory controller: enabled
Cgroup cpuset: enabled

--- Misc ---
Veth pair device: enabled, loaded
Macvlan: enabled, loaded
Vlan: enabled, not loaded
Bridges: enabled, not loaded
Advanced netfilter: enabled, not loaded
CONFIG_NF_NAT_IPV4: enabled, loaded
CONFIG_NF_NAT_IPV6: missing
CONFIG_IP_NF_TARGET_MASQUERADE: enabled, loaded
CONFIG_IP6_NF_TARGET_MASQUERADE: missing
CONFIG_NETFILTER_XT_TARGET_CHECKSUM: missing
CONFIG_NETFILTER_XT_MATCH_COMMENT: enabled, loaded
FUSE (for use with lxcfs): missing

--- Checkpoint/Restore ---
checkpoint restore: missing
CONFIG_FHANDLE: missing
CONFIG_EVENTFD: enabled
CONFIG_EPOLL: enabled
CONFIG_UNIX_DIAG: missing
CONFIG_INET_DIAG: missing
CONFIG_PACKET_DIAG: missing
CONFIG_NETLINK_DIAG: missing
File capabilities: enabled

brctl show
bridge name	   bridge id		     STP enabled	   interfaces
br-mng		   7fff.0800272bc85f	 no		           eth0
							                           vethXH0YJS

cat /proc/net/arp
IP address       HW type     Flags       HW address            Mask     Device
10.0.XX.XX        0x1         0x2         52:54:00:12:35:02     *        eth1
192.168.XX.XX     0x1         0x2         0a:00:27:00:00:03     *        br-mng

The /etc/lxc/default.conf has the following entries

lxc.net.0.type = veth
lxc.network.link = br-mng
lxc.network.flags = up
lxc.network.hwaddr = 08:00:27:2b:c8:5f

ifconfig -a output on the VM is:

br-mng    Link encap:Ethernet  HWaddr 08:00:27:2B:C8:5F  
                --- Some lines ---

eth0      Link encap:Ethernet  HWaddr 08:00:27:2B:C8:5F  
          		  --- Some lines ---

eth1      Link encap:Ethernet  HWaddr 08:00:27:79:CB:CF  
              --- Some lines ---

eth2      Link encap:Ethernet  HWaddr 08:00:27:4F:C7:A5  
             --- Some lines ---

lo        Link encap:Local Loopback  
           --- Some lines ---

vethXH0YJS Link encap:Ethernet  HWaddr FE:61:34:FE:61:12 
          --- Some lines ---

I created a OpenWRT 19.07 LXC container inside the VM. The container starts fine and i am able to perform lxc-attach and other basic operations.
In VM, the entries of /srv/lxc/MyContainer/config are:

lxc.net.0.type = veth
lxc.net.0.link = br-mng
lxc.net.0.flags = up
lxc.net.0.hwaddr = 08:00:27:2B:C8:5F

However the container doesn't have network access.

When i try to run opkg update command inside MyContainer, it throws error message Failed to establish connection

The ifconfig -a inside container show the entries as:

eth0      Link encap:Ethernet  HWaddr 08:00:27:2B:C8:5F
             --- Some Lines ---
lo        Link encap:Local Loopback
          --- Some Lines ---

The brctl show and /proc/net/arp commands give blank response inside container

Note: I also tried changing lxc.net.0.hwaddr of container as 08:00:27:79:CB:CF. Even this did not work.

Could you please help me to have network access from inside container.

Am i missing anything?

anon50098793 · March 22, 2020, 6:25pm

Good job! Not the easiest thing to do...

Not seeing anything obvious... ( try leaving the mac option out of the container config file? )...

You could also start with full log to file I suppose... might yield something...

Strive · March 22, 2020, 6:42pm

@anon50098793 thanks for the response.

I commented out the lxc.net.0.hwaddr line in container config file. Still same issue. Network unavailable inside container.

Additional Info:

I have set Promiscuous mode in Virtual Box as Allow All. Irrespective of the option that i choose in this dropdown, network is not available inside the conatiner
When i execute the command lxc-ls -f, i see the IPv4 address as 192.168.1.1 for a brief moment and then it disappears and it is shown as -

anon50098793 · March 22, 2020, 6:54pm

Yeah... what's your hostOS / version? ( disabled apparmour / selinux et. al.? )... ( try using the default lxc br ... )

try asking in the related OS forum or LXC forum... things sort of point toward the hostOS...

Strive · March 22, 2020, 7:02pm

Laptop OS: Debian GNU/Linux bullseye/sid, 9.12 [Network is available. Everything is fine]

VM OS: OpenWRT 19.07.2 [Network is available. Everything is fine]

Container OS: OpenWRT 19.07 [Network Unavailable]

Strive · March 25, 2020, 12:17pm

lxc-net service is not available in my OpenWRT virtual machine. I think this is the reason for networking issues inside the container.

unable to install lxc-net package. I am getting error as package not found.

Strive · March 28, 2020, 4:13pm

Finally, the issue is solved.

The issue in case was Adapter-1 of the VM (in virtual box) was host only adapter. I had three adapters:
Adapter-1: Host Only
Adapter-2: NAT
Adapter-3: Bridged

Having only NAT and Bridged worked for me.

Other configurations are same as mentioned in my question.

system · April 7, 2020, 4:13pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.