[Solved] Networking for LXC container

Hello,

I am trying to use LXC with OpenWrt 18.06.2. I have compiled all the required kernel options and are able to launch after some trial and error containers. However, the containers have no network access! Since LXC-Network is not available, I probably have to create a bridge manually and forward it to WAN. Is there anywhere an introduction on how to do this?

Thank you for your support
alex

Please let us know the target/arch your working with.

Also post your /etc/ LXC config + container LXC config.

Hi Wulfy,

I am working on x86_64 on OpenWRT 18.06.2 but networking is probably similar across plattforms.

/etc/lxc/default.conf
lxc.net.0.type = empty

/etc/lxc/lxc.conf
lxc.lxcpath = /srv/lxc

The config does not contain any networking because I wanted to know how to set it up. Ideally I would like to set-up an masqeraded/independent bridge for all containers and then forward traffic to that bridge as requested. Similar to the set-up on Ubuntu that I have previously used.

Any ideas/help on how to set this up on OpenWRT?

Thank you!

for now though can you check if anything fails from;

lxc-checkconfig ( opkg update && opkg install lxc-checkconfig)

Also can you post ( in code tags ) the output of this command run from your "buildroot" directory;

./scripts/diffconfig.sh | grep -v '^#'

ok, that's good to know. the best bet to begin with is just a basic first interface ( container veth ) bridged to br-lan.

Hi Wulfy,

Thank you for your reply. I hope you can help me to get this up and running.

Output of ./scripts/diffconfig.sh | grep -v '^#'

CONFIG_TARGET_x86=y
CONFIG_TARGET_x86_64=y
CONFIG_TARGET_x86_64_Generic=y
CONFIG_ALL_KMODS=y
CONFIG_ALL_NONSHARED=y
CONFIG_DEVEL=y
CONFIG_BUSYBOX_CUSTOM=y
CONFIG_AUTOREMOVE=y
CONFIG_BUILDBOT=y
CONFIG_BUILD_NLS=y
CONFIG_BUILD_PATENTED=y
CONFIG_BUSYBOX_CONFIG_AR=y
CONFIG_BUSYBOX_CONFIG_BZIP2=y
CONFIG_BUSYBOX_CONFIG_CHVT=y
CONFIG_BUSYBOX_CONFIG_CPIO=y
CONFIG_BUSYBOX_CONFIG_DEALLOCVT=y
CONFIG_BUSYBOX_CONFIG_DEFAULT_SETFONT_DIR=""
CONFIG_BUSYBOX_CONFIG_DPKG=y
CONFIG_BUSYBOX_CONFIG_DPKG_DEB=y
CONFIG_BUSYBOX_CONFIG_DUMPKMAP=y
CONFIG_BUSYBOX_CONFIG_FEATURE_AR_CREATE=y
CONFIG_BUSYBOX_CONFIG_FEATURE_AR_LONG_FILENAMES=y
CONFIG_BUSYBOX_CONFIG_FEATURE_CPIO_O=y
CONFIG_BUSYBOX_CONFIG_FEATURE_CPIO_P=y
CONFIG_BUSYBOX_CONFIG_FEATURE_GUNZIP_LONG_OPTIONS=y
CONFIG_BUSYBOX_CONFIG_FEATURE_GZIP_LEVELS=y
CONFIG_BUSYBOX_CONFIG_FEATURE_GZIP_LONG_OPTIONS=y
CONFIG_BUSYBOX_CONFIG_FEATURE_LOADFONT_PSF2=y
CONFIG_BUSYBOX_CONFIG_FEATURE_LOADFONT_RAW=y
CONFIG_BUSYBOX_CONFIG_FEATURE_LZMA_FAST=y
CONFIG_BUSYBOX_CONFIG_FEATURE_RESIZE_PRINT=y
CONFIG_BUSYBOX_CONFIG_FEATURE_SEAMLESS_BZ2=y
CONFIG_BUSYBOX_CONFIG_FEATURE_SEAMLESS_LZMA=y
CONFIG_BUSYBOX_CONFIG_FEATURE_SEAMLESS_XZ=y
CONFIG_BUSYBOX_CONFIG_FEATURE_SEAMLESS_Z=y
CONFIG_BUSYBOX_CONFIG_FEATURE_SETCONSOLE_LONG_OPTIONS=y
CONFIG_BUSYBOX_CONFIG_FEATURE_SETFONT_TEXTUAL_MAP=y
CONFIG_BUSYBOX_CONFIG_FEATURE_TAR_AUTODETECT=y
CONFIG_BUSYBOX_CONFIG_FEATURE_TAR_LONG_OPTIONS=y
CONFIG_BUSYBOX_CONFIG_FEATURE_TAR_NOPRESERVE_TIME=y
CONFIG_BUSYBOX_CONFIG_FEATURE_TAR_OLDGNU_COMPATIBILITY=y
CONFIG_BUSYBOX_CONFIG_FEATURE_TAR_OLDSUN_COMPATIBILITY=y
CONFIG_BUSYBOX_CONFIG_FEATURE_TAR_TO_COMMAND=y
CONFIG_BUSYBOX_CONFIG_FEATURE_TAR_UNAME_GNAME=y
CONFIG_BUSYBOX_CONFIG_FGCONSOLE=y
CONFIG_BUSYBOX_CONFIG_KBD_MODE=y
CONFIG_BUSYBOX_CONFIG_LOADFONT=y
CONFIG_BUSYBOX_CONFIG_LOADKMAP=y
CONFIG_BUSYBOX_CONFIG_LZCAT=y
CONFIG_BUSYBOX_CONFIG_LZMA=y
CONFIG_BUSYBOX_CONFIG_LZOP=y
CONFIG_BUSYBOX_CONFIG_LZOPCAT=y
CONFIG_BUSYBOX_CONFIG_OPENVT=y
CONFIG_BUSYBOX_CONFIG_RESIZE=y
CONFIG_BUSYBOX_CONFIG_RPM=y
CONFIG_BUSYBOX_CONFIG_RPM2CPIO=y
CONFIG_BUSYBOX_CONFIG_SETCONSOLE=y
CONFIG_BUSYBOX_CONFIG_SETFONT=y
CONFIG_BUSYBOX_CONFIG_SETKEYCODES=y
CONFIG_BUSYBOX_CONFIG_SETLOGCONS=y
CONFIG_BUSYBOX_CONFIG_SHOWKEY=y
CONFIG_BUSYBOX_CONFIG_UNCOMPRESS=y
CONFIG_BUSYBOX_CONFIG_UNLZMA=y
CONFIG_BUSYBOX_CONFIG_UNLZOP=y
CONFIG_BUSYBOX_CONFIG_UNXZ=y
CONFIG_BUSYBOX_CONFIG_UNZIP=y
CONFIG_BUSYBOX_CONFIG_XZ=y
CONFIG_BUSYBOX_CONFIG_XZCAT=y
CONFIG_IMAGEOPT=y
CONFIG_KERNEL_AIO=y
CONFIG_KERNEL_BIG_KEYS=y
CONFIG_KERNEL_BLK_CGROUP=y
CONFIG_KERNEL_BLK_DEV_BSG=y
CONFIG_KERNEL_BTRFS_FS_POSIX_ACL=y
CONFIG_KERNEL_CGROUPS=y
CONFIG_KERNEL_CGROUP_CPUACCT=y
CONFIG_KERNEL_CGROUP_DEVICE=y
CONFIG_KERNEL_CGROUP_FREEZER=y
CONFIG_KERNEL_CGROUP_PERF=y
CONFIG_KERNEL_CGROUP_PIDS=y
CONFIG_KERNEL_CGROUP_SCHED=y
CONFIG_KERNEL_CIFS_ACL=y
CONFIG_KERNEL_CPUSETS=y
CONFIG_KERNEL_DEVKMEM=y
CONFIG_KERNEL_DEVMEM=y
CONFIG_KERNEL_DEVPTS_MULTIPLE_INSTANCES=y
CONFIG_KERNEL_DYNAMIC_DEBUG=y
CONFIG_KERNEL_ENCRYPTED_KEYS=m
CONFIG_KERNEL_EXT4_FS_POSIX_ACL=y
CONFIG_KERNEL_F2FS_FS_POSIX_ACL=y
CONFIG_KERNEL_FANOTIFY=y
CONFIG_KERNEL_FHANDLE=y
CONFIG_KERNEL_FREEZER=y
CONFIG_KERNEL_FS_POSIX_ACL=y
CONFIG_KERNEL_FTRACE=y
CONFIG_KERNEL_HFSPLUG_FS_POSIX_ACL=y
CONFIG_KERNEL_HFS_FS_POSIX_ACL=y
CONFIG_KERNEL_IPC_NS=y
CONFIG_KERNEL_JFFS2_FS_POSIX_ACL=y
CONFIG_KERNEL_JFS_POSIX_ACL=y
CONFIG_KERNEL_KEYS=y
CONFIG_KERNEL_KPROBES=y
CONFIG_KERNEL_KPROBE_EVENT=y
CONFIG_KERNEL_LXC_MISC=y
CONFIG_KERNEL_MEMCG=y
CONFIG_KERNEL_MEMCG_KMEM=y
CONFIG_KERNEL_MEMCG_SWAP=y
CONFIG_KERNEL_MM_OWNER=y
CONFIG_KERNEL_NAMESPACES=y
CONFIG_KERNEL_NETPRIO_CGROUP=y
CONFIG_KERNEL_NET_CLS_CGROUP=y
CONFIG_KERNEL_NET_NS=y
CONFIG_KERNEL_NFSD_V2_ACL_SUPPORT=y
CONFIG_KERNEL_NFSD_V3_ACL_SUPPORT=y
CONFIG_KERNEL_NFS_ACL_SUPPORT=y
CONFIG_KERNEL_NFS_V3_ACL_SUPPORT=y
CONFIG_KERNEL_PERF_EVENTS=y
CONFIG_KERNEL_PERSISTENT_KEYRINGS=y
CONFIG_KERNEL_PID_NS=y
CONFIG_KERNEL_POSIX_MQUEUE=y
CONFIG_KERNEL_PROC_PAGE_MONITOR=y
CONFIG_KERNEL_PROC_PID_CPUSET=y
CONFIG_KERNEL_PROVE_LOCKING=y
CONFIG_KERNEL_REISER_FS_POSIX_ACL=y
CONFIG_KERNEL_RESOURCE_COUNTERS=y
CONFIG_KERNEL_TMPFS_POSIX_ACL=y
CONFIG_KERNEL_USER_NS=y
CONFIG_KERNEL_UTS_NS=y
CONFIG_KERNEL_XFS_POSIX_ACL=y
CONFIG_PACKAGE_aircard-pcmcia-firmware=y
CONFIG_PACKAGE_amd64-microcode=y
CONFIG_PACKAGE_ar3k-firmware=y
CONFIG_PACKAGE_ath10k-firmware-qca4019=y
CONFIG_PACKAGE_ath10k-firmware-qca4019-ct=y
CONFIG_PACKAGE_ath10k-firmware-qca4019-ct-htt=y
CONFIG_PACKAGE_ath10k-firmware-qca6174=y
CONFIG_PACKAGE_ath10k-firmware-qca9887=y
CONFIG_PACKAGE_ath10k-firmware-qca9887-ct=y
CONFIG_PACKAGE_ath10k-firmware-qca9887-ct-htt=y
CONFIG_PACKAGE_ath10k-firmware-qca9888=y
CONFIG_PACKAGE_ath10k-firmware-qca9888-ct=y
CONFIG_PACKAGE_ath10k-firmware-qca9888-ct-htt=y
CONFIG_PACKAGE_ath10k-firmware-qca988x=y
CONFIG_PACKAGE_ath10k-firmware-qca988x-ct=y
CONFIG_PACKAGE_ath10k-firmware-qca988x-ct-htt=y
CONFIG_PACKAGE_ath10k-firmware-qca9984=y
CONFIG_PACKAGE_ath10k-firmware-qca9984-ct=y
CONFIG_PACKAGE_ath10k-firmware-qca9984-ct-htt=y
CONFIG_PACKAGE_ath10k-firmware-qca99x0=y
CONFIG_PACKAGE_ath10k-firmware-qca99x0-ct=y
CONFIG_PACKAGE_ath10k-firmware-qca99x0-ct-htt=y
CONFIG_PACKAGE_ath6k-firmware=y
CONFIG_PACKAGE_ath9k-htc-firmware=y
CONFIG_PACKAGE_b43legacy-firmware=y
CONFIG_PACKAGE_block-mount=y
CONFIG_PACKAGE_bnx2-firmware=y
CONFIG_PACKAGE_brcmfmac-firmware-4329-sdio=y
CONFIG_PACKAGE_brcmfmac-firmware-43362-sdio=y
CONFIG_PACKAGE_brcmfmac-firmware-43430-sdio=y
CONFIG_PACKAGE_brcmfmac-firmware-43602a1-pcie=y
CONFIG_PACKAGE_brcmfmac-firmware-4366b1-pcie=y
CONFIG_PACKAGE_brcmfmac-firmware-usb=y
CONFIG_PACKAGE_brcmsmac-firmware=y
CONFIG_PACKAGE_carl9170-firmware=y
CONFIG_PACKAGE_e100-firmware=y
CONFIG_PACKAGE_edgeport-firmware=y
CONFIG_PACKAGE_hostapd-common=y
CONFIG_PACKAGE_ibt-firmware=y
CONFIG_PACKAGE_intel-microcode=y
CONFIG_PACKAGE_iucode-tool=y
CONFIG_PACKAGE_iw=y
CONFIG_PACKAGE_iwl3945-firmware=y
CONFIG_PACKAGE_iwl4965-firmware=y
CONFIG_PACKAGE_iwlwifi-firmware-iwl100=y
CONFIG_PACKAGE_iwlwifi-firmware-iwl1000=y
CONFIG_PACKAGE_iwlwifi-firmware-iwl105=y
CONFIG_PACKAGE_iwlwifi-firmware-iwl135=y
CONFIG_PACKAGE_iwlwifi-firmware-iwl2000=y
CONFIG_PACKAGE_iwlwifi-firmware-iwl2030=y
CONFIG_PACKAGE_iwlwifi-firmware-iwl3160=y
CONFIG_PACKAGE_iwlwifi-firmware-iwl3168=y
CONFIG_PACKAGE_iwlwifi-firmware-iwl5000=y
CONFIG_PACKAGE_iwlwifi-firmware-iwl5150=y
CONFIG_PACKAGE_iwlwifi-firmware-iwl6000g2=y
CONFIG_PACKAGE_iwlwifi-firmware-iwl6000g2a=y
CONFIG_PACKAGE_iwlwifi-firmware-iwl6000g2b=y
CONFIG_PACKAGE_iwlwifi-firmware-iwl6050=y
CONFIG_PACKAGE_iwlwifi-firmware-iwl7260=y
CONFIG_PACKAGE_iwlwifi-firmware-iwl7265=y
CONFIG_PACKAGE_iwlwifi-firmware-iwl7265d=y
CONFIG_PACKAGE_iwlwifi-firmware-iwl8260c=y
CONFIG_PACKAGE_iwlwifi-firmware-iwl8265=y
CONFIG_PACKAGE_kmod-ath=y
CONFIG_PACKAGE_kmod-ath10k-ct=y
CONFIG_PACKAGE_kmod-cfg80211=y
CONFIG_PACKAGE_kmod-crypto-acompress=y
CONFIG_PACKAGE_kmod-cryptodev=m
CONFIG_PACKAGE_kmod-fs-afs=m
CONFIG_PACKAGE_kmod-fs-exfat=m
CONFIG_PACKAGE_kmod-lib-lz4=y
CONFIG_PACKAGE_kmod-lib-lzo=y
CONFIG_PACKAGE_kmod-mac80211=y
CONFIG_PACKAGE_kmod-rfkill=m
CONFIG_PACKAGE_kmod-rxrpc=m
CONFIG_PACKAGE_kmod-zram=y
CONFIG_PACKAGE_libbfd=m
CONFIG_PACKAGE_libbz2=m
CONFIG_PACKAGE_libdw=m
CONFIG_PACKAGE_libelf1=m
CONFIG_PACKAGE_libertas-sdio-firmware=y
CONFIG_PACKAGE_libertas-spi-firmware=y
CONFIG_PACKAGE_libertas-usb-firmware=y
CONFIG_PACKAGE_libiconv-full=m
CONFIG_PACKAGE_libintl-full=m
CONFIG_PACKAGE_libiwinfo=y
CONFIG_PACKAGE_libiwinfo-lua=y
CONFIG_PACKAGE_liblua=y
CONFIG_PACKAGE_libopcodes=m
CONFIG_PACKAGE_libubus-lua=y
CONFIG_PACKAGE_libunwind=m
CONFIG_PACKAGE_lua=y
CONFIG_PACKAGE_mt7601u-firmware=y
CONFIG_PACKAGE_mwifiex-pcie-firmware=y
CONFIG_PACKAGE_mwifiex-sdio-firmware=y
CONFIG_PACKAGE_mwl8k-firmware=y
CONFIG_PACKAGE_objdump=m
CONFIG_PACKAGE_p54-pci-firmware=y
CONFIG_PACKAGE_p54-spi-firmware=y
CONFIG_PACKAGE_p54-usb-firmware=y
CONFIG_PACKAGE_perf=m
CONFIG_PACKAGE_prism54-firmware=y
CONFIG_PACKAGE_rpcd=y
CONFIG_PACKAGE_rs9113-firmware=y
CONFIG_PACKAGE_rt2800-pci-firmware=y
CONFIG_PACKAGE_rt2800-usb-firmware=y
CONFIG_PACKAGE_rt61-pci-firmware=y
CONFIG_PACKAGE_rt73-usb-firmware=y
CONFIG_PACKAGE_rtl8188eu-firmware=y
CONFIG_PACKAGE_rtl8192ce-firmware=y
CONFIG_PACKAGE_rtl8192cu-firmware=y
CONFIG_PACKAGE_rtl8192de-firmware=y
CONFIG_PACKAGE_rtl8192se-firmware=y
CONFIG_PACKAGE_rtl8192su-firmware=y
CONFIG_PACKAGE_rtl8821ae-firmware=y
CONFIG_PACKAGE_ti-3410-firmware=y
CONFIG_PACKAGE_ti-5052-firmware=y
CONFIG_PACKAGE_uhttpd=y
CONFIG_PACKAGE_wireless-regdb=y
CONFIG_PACKAGE_wireless-tools=y
CONFIG_PACKAGE_wl12xx-firmware=y
CONFIG_PACKAGE_wl18xx-firmware=y
CONFIG_PACKAGE_zlib=m
CONFIG_PACKAGE_zram-swap=y
CONFIG_TARGET_IMAGES_PAD=y
CONFIG_TARGET_ROOTFS_PARTSIZE=4096
CONFIG_USE_FS_ACL_ATTR=y
CONFIG_USE_RFKILL=y
CONFIG_USE_SPARSE=y
CONFIG_VDI_IMAGES=y
CONFIG_VERSIONOPT=y
CONFIG_VERSION_BUG_URL=""
CONFIG_VERSION_CODE=""
CONFIG_VERSION_CODE_FILENAMES=y
CONFIG_VERSION_DIST="OpenWrt"
CONFIG_VERSION_FILENAMES=y
CONFIG_VERSION_HOME_URL=""
CONFIG_VERSION_HWREV=""
CONFIG_VERSION_MANUFACTURER=""
CONFIG_VERSION_MANUFACTURER_URL=""
CONFIG_VERSION_NUMBER=""
CONFIG_VERSION_PRODUCT=""
CONFIG_VERSION_REPO="http://downloads.openwrt.org/releases/18.06.2"
CONFIG_VERSION_SUPPORT_URL=""

Output of lxc-checkconfig

Kernel configuration not found at /proc/config.gz; searching...
lxc-checkconfig: unable to retrieve kernel configuration
Try recompiling with IKCONFIG_PROC, installing the kernel headers,
or specifying the kernel configuration path with:
  CONFIG=<path> lxc-checkconfig

I was wondering about that because I used the option

PACKAGE_kmod-ikconfig [=m]

So I do not understand why lxc-checkconfig cannot find my kernel configuration. However, when I point lxc-config manually to the .config in buildroot I get a multitude of error messages:

--- Namespaces ---
Namespaces: required
Utsname namespace: missing
Ipc namespace: required
Pid namespace: required
User namespace: missing
Network namespace: missing
--- Control groups ---
Cgroups: missing
Cgroup v1 mount points: 
csys/fs/cgroup
Cgroup v2 mount points: 
Cgroup v1 systemd controller: missing
Cgroup v1 freezer controller: missing
Cgroup v1 clone_children flag: enabled
Cgroup device: missing
Cgroup sched: missing
Cgroup cpu account: missing
Cgroup memory controller: missing
--- Misc ---
Veth pair device: missing
Macvlan: missing
Vlan: missing
Bridges: missing
Advanced netfilter: missing
CONFIG_NF_NAT_IPV4: missing
CONFIG_NF_NAT_IPV6: missing
CONFIG_IP_NF_TARGET_MASQUERADE: missing
CONFIG_IP6_NF_TARGET_MASQUERADE: missing
CONFIG_NETFILTER_XT_TARGET_CHECKSUM: missingCONFIG_NETFILTER_XT_MATCH_COMMENT: missing
FUSE (for use with lxcfs): missing
--- Checkpoint/Restore ---
checkpoint restore: missing
CONFIG_FHANDLE: missing
CONFIG_EVENTFD: missing
CONFIG_EPOLL: missing
CONFIG_UNIX_DIAG: missing
CONFIG_INET_DIAG: missing
CONFIG_PACKET_DIAG: missing
CONFIG_NETLINK_DIAG: missing

I am really struggeling to understand a lot of these errors, because I have included the options as modules that lxc-checkconfig is complaining about. Here are 2 examples:

Cgroups: missing, but: CONFIG_KERNEL_CGROUPS=y
or: Veth pair device: missing, but: CONFIG_PACKAGE_kmod-veth=m

What am I doing wrong? As I said, I can start and attach LXC containers, but I have no network access inside the container.

install the veth module package, I don't remember it's full name but something like kmod-veth or kmod-network-veth or similar

Hello dlakelan,

I have already included the package in the confirguration
CONFIG_PACKAGE_kmod-veth=m
I think that is the correct one. My problem is the configuration of the interface.

Thank you,
Alex

can you actually manually create a veth? you seemed to have errors associated with not being able to make one. have you installed the ip-full package?

ip link add type veth

Please post the output of opkg list-installed | egrep "lxc|veth"

liblxc - 2.1.1-2
lxc - 2.1.1-2
lxc-attach - 2.1.1-2
lxc-autostart - 2.1.1-2
lxc-cgroup - 2.1.1-2
lxc-checkconfig - 2.1.1-2
lxc-common - 2.1.1-2
lxc-config - 2.1.1-2
lxc-configs - 2.1.1-2
lxc-console - 2.1.1-2
lxc-create - 2.1.1-2
lxc-destroy - 2.1.1-2
lxc-execute - 2.1.1-2
lxc-freeze - 2.1.1-2
lxc-hooks - 2.1.1-2
lxc-info - 2.1.1-2
lxc-init - 2.1.1-2
lxc-ls - 2.1.1-2
lxc-lua - 2.1.1-2
lxc-monitor - 2.1.1-2
lxc-monitord - 2.1.1-2
lxc-snapshot - 2.1.1-2
lxc-start - 2.1.1-2
lxc-stop - 2.1.1-2
lxc-templates - 2.1.1-2
lxc-unfreeze - 2.1.1-2
lxc-unshare - 2.1.1-2
lxc-usernsexec - 2.1.1-2
lxc-wait - 2.1.1-2

Output of ip link add type veth is
ip: RTNETLINK answers: Not supported

At least 'kmod-veth' is missing!

As stated, I have compiled with the config:
CONFIG_PACKAGE_kmod-veth=m
So it should be included, no?

So how do I install that? If i try opkg I get the following message:

Installing kmod-veth (4.14.95-1) to root... 
Downloading http://downloads.openwrt.org/releases/18.06.2/targets/x86/64/packages/kmod-veth_4.14.95-1_x86_64.ipk
Collected errors:
 * satisfy_dependencies_for: Cannot satisfy the following dependencies for kmod-veth: *      kernel (= 4.14.95-1-83ad3e3d0a55dcd3f120c5ac4bdc92ba)
 * opkg_install_cmd: Cannot install package kmod-veth.

So I probably need to install it from my buildroot. How do I do that?

You're already using your own buildroot? If so, navigate e.g. to /source/bin/targets/x86/64/packages copy the kmod-veth module via scp to your router and install it directly via opkg.

In general, all required (kernel) modules should be included with 'y' in your build.

OK, thank you. Will change and get back to you. However, quick question: There is normally a difference in compiling Kernel between 'y' and 'm' in that 'm' can be loded at runtime whereas 'y' is included in the kernel even if it is not needed. So making everything 'y' might lead to a bloated kernel. So how does this work with OpenWrt?

fwiw basic net works with some basic mods to;

cat /etc/lxc/default.conf

lxc.net.0.type = veth
lxc.net.0.link = br-lan
lxc.net.0.flags = up
lxc.net.0.hwaddr = 00:16:3e:11:22:33

cat /srv/lxc/debian-jessie/config

#lxc.net.0.type = empty
lxc.net.0.type = veth
lxc.net.0.link = br-lan
lxc.net.0.flags = up
lxc.net.0.hwaddr = 00:16:3e:0a:2f:ca

VIRTUALBOX HOST
there is an additional setup "if" your LXC-HOST-OS is inside a VIRTUALBOX in that the LAN interface MUST be set to PROMISC-ALL! ( in the VBOX-GUI )

Here is my lxc-checkconfig ( missing | not loaded ) for brevvity.

root@OpenWrt:/# lxc-checkconfig | grep missing
Cgroup v1 systemd controller: missing
Cgroup v1 freezer controller: missing
Cgroup cpu account: missing
Cgroup memory controller: missing
Cgroup cpuset: missing
CONFIG_IP6_NF_TARGET_MASQUERADE: missing
CONFIG_FHANDLE: missing

root@OpenWrt:/# lxc-checkconfig | grep 'not loaded'
Vlan: enabled, not loaded
Bridges: enabled, not loaded
Advanced netfilter: enabled, not loaded
CONFIG_NF_NAT_IPV4: enabled, not loaded
CONFIG_NF_NAT_IPV6: enabled, not loaded
CONFIG_IP_NF_TARGET_MASQUERADE: enabled, not loaded
CONFIG_NETFILTER_XT_TARGET_CHECKSUM: enabled, not loaded
CONFIG_NETFILTER_XT_MATCH_COMMENT: enabled, loaded

These commands are really useful....

cat /proc/net/arp
brctl show
ifconfig -a

Get this far then take it further....

Dear Wulfy and dibdot,

Thank you so much for your help. Apologies for my delay in getting back. I had to compile and try over and over again but it is now working! I have network access in my containers!

One remaining question is the bridge: Currently the container use the "br-lan" bridge which is also used for the Wifi clients. How can I set-up a seperate bridge with a seperate IP range for the containers and forward traffinc from the WAN to that bridge?

Thank you again for your support!
Alex

if you have space it's compile time again

these might be optional but i've put them in my image so;

ip-full
ip-bridge
( in network -> routing maybe )
dnsmasq-full ( in base system )
kmod-tun ( not required for basic )
kmod-gre ( not required for basic )
openvswitch, macvlan.... are kinda cool but leave them for now....

change the bridge interface back to lxcbr0 or whatever it was and see if the container is getting ip's - they should be a new range - you might need lxc-netSOMETHING for that ....... ( yet to try this i've been working manually - you might need to reboot the router to be on the safe side - not mandatory but expedites a few low level things )

let me know how that goes....

Basically like you mention, with the caveat that the system likes m and not y so much.... the kernel is usually a fixed size on most router partitions so like most *nix's these days..... and to not break routers m is used wherever possible ( not required for boot + network access )

For extroots and x86, personally I prefer y..... but you can run into trouble with the build system wanting it to be m and a few other sideways conflicts....

-if you have space and use it all the time use y faster ( or m updatable )
-if you need it for boot use y
-otherwise use m

Solution summary:

For anybody that is reading this post and runs into similar problems, here is a summary of the steps that I took:

1. You need to compile OpenWRT with the required kernel settings. The binary image unfortunately does not have these settings. An introduction can be found here:
   http://www.gnuton.org/blog/2016/02/lxc-on-openwrt/

2. The buildroot is very tricky: Most kernel modules (inkl. the kmod-veth) that is needed for network acces are not installed in the image. You need to manually install them with opkg filename form the packages subdirectory of of the target directory. You need to manually install BEFORE opkg update because otherwise OpenWRT will install the version from the server that is not compatible with your kernel.

3. Use the settings from wulfy23 for cat /etc/lxc/default.conf and cat /srv/lxc/debian-jessie/config

... end voila! Network access!

Haha, then I have to compile again. However, I think I only need to recompile for the Kernel Mods. Normal apps (like all the LXC stuff) I can just install with opkg from the openwrt server.