no default gateway on OCI container with dhcp

K

komacke

New Member
Nov 23, 2025
4
0
1
I'm trying out the new OCI image feature. It's very cool!

I use DHCP to manage IP addresses across services from the network. When I launch turnkeylinux templates, IP addressing works fine.

I've tried launching the nginx:latest image from docker hub. It gets an IP address but does not get a gateway. It is not accessible from outside the subnet. It is accessible from within the subnet.

If I assign it a static IP address and gateway, the container is accessible outside the subnet.

I've verified the missing gateway by using lxc-attach, installing iproute2 package, and checking 'ip route'. The gateway is missing. If I manually add the gateway with " ip route add def via <gateway ip address>" then connectivity is enabled and the container is accessible. (Note: to install the ip route package, I had to temporarily assign a static ip address/gateway so the container could get internet connectivity.)

I believe I need to enable "Host-Managed" since the container does not have a dhcp-client. Is this perhaps a difference between turnkeylinux templates? They seem to have udhcpc in them, so maybe this points to the issue.

Dave
 
komacke said:
I believe I need to enable "Host-Managed" since the container does not have a dhcp-client. Is this perhaps a difference between turnkeylinux templates? They seem to have udhcpc in them, so maybe this points to the issue.
Click to expand...
Yes, "host-managed" needs to be enabled, when the container does not run its own internal DHCP client on that network interface.
 
Sounds good. However the issue remains. No default route is assigned to the container in host-managed mode.

Is this a bug with the new OCI support?
 
Are you using IPv4 or IPv6?
Proxmox VE still uses isc-dhcp-client for host-managed interfaces, while turnkeylinux templates use udhcpc as their DHCP client. These two clients behave slightly differently.

Could you please test with the debian-13-standard LXC template? It also uses isc-dhcp-client, so it will show whether the gateway issue appears on regular system containers as well.
 
Last edited:
Hi Filip

This is ipv4 on an OCI-based container. I used the docker ngnix:latest image. It does not have a dhcp client installed so host-managed is necessary (which you confirmed)

The IP address gets set as provided by my external dhcp server. However the default gateway does not get set.

I only mentioned turnkey templates above to confirm they work fine with my external dhcp server, suggesting it is not a problem with my dhcp server. As you request I've tried it with the Debian lxc template and udhcp works fine.

I think proxmox has a bug with OCI images and host-managed set using dhcp where the default gateway does not get set in the container.

Dave
 
Hello Dave
komacke said:
As you request I've tried it with the Debian lxc template and udhcp works fine.
Click to expand...
To clarify: the debian-13-standard template uses isc-dhcp-client (dhclient) by default, not udhcpc. The reason I suggested testing with this template is that Proxmox VE also uses isc-dhcp-client for host-managed interfaces. So this lets us compare behaviour using the same DHCP client.

komacke said:
I think proxmox has a bug with OCI images and host-managed set using dhcp where the default gateway does not get set in the container.
Click to expand...
Proxmox VE's host-managed mode relies on isc-dhcp-client behaviour. I can reproduce a missing default route with isc-dhcp-client when the DHCP server supplies classless static routes (RFC3442 / DHCP option 121) that do not include the default gateway.
In that situation isc-dhcp-client removes the default route, while udhcpc handles that case differently and keeps it.

To confirm whether that is the case here, could you please run this on the host and share the output:
Bash: 
cat /var/lib/lxc/<ID of the nginx container>/hook/dhclient4-*.leases
This will show which options the DHCP server is sending, so we can narrow down the cause.
 
Got it. While I did run the debian 13 template and confirmed it's connectivity and routes, I didn't check which dhcp client was running, so consider the reference to udhcpc to be a typo regarding the debian container.

Here's the output from the leases file for the nginx:latest image-based container (CT 107). Both option 3 and 121 are listed. Does it not respect option 3 when option 121 is listed? I'm thinking that isc-dhcp-client is getting the routing information but proxmox is not applying it to the container.

Code: 
# cat /var/lib/lxc/107/hook/dhclient4-*.leases
lease {
  interface "eth0";
  fixed-address 10.133.120.121;
  option subnet-mask 255.255.255.240;
  option routers 10.133.120.113;
  option dhcp-lease-time 3600;
  option dhcp-message-type 5;
  option domain-name-servers 10.133.120.113;
  option dhcp-server-identifier 10.133.120.113;
  option domain-search "local.mesh.";
  option dhcp-renewal-time 1800;
  option rfc3442-classless-static-routes 8,10,10,133,120,113,20,44,32,112,10,133,120,113,0,10,133,120,113;
  option broadcast-address 10.133.120.127;
  option dhcp-rebinding-time 3150;
  option host-name "test-nginx";
  option domain-name "local.mesh";
  renew 3 2025/11/26 16:44:55;
  rebind 3 2025/11/26 17:13:22;
  expire 3 2025/11/26 17:20:52;

FWIW, the debian 13 container does interpret the full set of classless routes:
Code: 
# ip route
default via 10.133.120.113 dev eth0
10.0.0.0/8 via 10.133.120.113 dev eth0
10.133.120.112/28 dev eth0 proto kernel scope link src 10.133.120.120
44.32.112.0/20 via 10.133.120.113 dev eth0
 
You must log in or register to reply here.
Top Bottom