Can not 'apt update' on LXC

R

renamed

Member
May 10, 2019
6
0
21
38
hey there,

I am new to this amazing project. I have installed latest version of Proxmox, and everything is just fine. But, I have some issue that I can not update /or install the apps on my LXCs or VMs, it says unable to reach the network.

I can ping both domain or public IP (such as Google domain) from LXC or VM.

Do I miss something? or, need some additional configuration!?

Any Idea?!

Thank you
 
please post:
* the containers config `pct config $vmid`
* the output of the ping/curl to the public ips
* the output of the `apt update` command that fails
* the network config inside the container (assuming the container is debian that's the file '/etc/network/interfaces')
(please use code tags for the pasted output)
thanks
 
  • Like
Reactions: renamed
1. pct config OUTPUT

Code: 
root@osi-server:~# pct config 100
arch: amd64
cores: 1
hostname: smsbulk
memory: 512
net0: name=eth0,bridge=vmbr0,firewall=1,gw=192.168.254.254,hwaddr=4A:70:22:70:AF:34,ip=192.168.254.107/24,type=veth
ostype: ubuntu
rootfs: local-lvm:vm-100-disk-0,size=8G
swap: 512
unprivileged: 1

2. PING OUTPUT

Code: 
root@smsbulk:~# ping google.com
PING google.com (74.125.130.102) 56(84) bytes of data.
64 bytes from sb-in-f102.1e100.net (74.125.130.102): icmp_seq=1 ttl=43 time=63.1 ms
64 bytes from sb-in-f102.1e100.net (74.125.130.102): icmp_seq=2 ttl=43 time=63.2 ms
64 bytes from sb-in-f102.1e100.net (74.125.130.102): icmp_seq=3 ttl=43 time=63.1 ms
64 bytes from sb-in-f102.1e100.net (74.125.130.102): icmp_seq=4 ttl=43 time=62.9 ms
64 bytes from sb-in-f102.1e100.net (74.125.130.102): icmp_seq=5 ttl=43 time=63.1 ms
64 bytes from sb-in-f102.1e100.net (74.125.130.102): icmp_seq=6 ttl=43 time=62.9 ms
64 bytes from sb-in-f102.1e100.net (74.125.130.102): icmp_seq=7 ttl=43 time=62.10 ms
64 bytes from sb-in-f102.1e100.net (74.125.130.102): icmp_seq=8 ttl=43 time=62.9 ms
64 bytes from sb-in-f102.1e100.net (74.125.130.102): icmp_seq=9 ttl=43 time=63.0 ms
^C
--- google.com ping statistics ---
9 packets transmitted, 9 received, 0% packet loss, time 20ms
rtt min/avg/max/mdev = 62.867/63.007/63.197/0.258 ms

Code: 
root@smsbulk:~# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=53 time=65.5 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=53 time=65.5 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=53 time=65.4 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=53 time=65.4 ms
64 bytes from 8.8.8.8: icmp_seq=5 ttl=53 time=65.6 ms
64 bytes from 8.8.8.8: icmp_seq=6 ttl=53 time=65.4 ms
64 bytes from 8.8.8.8: icmp_seq=7 ttl=53 time=65.7 ms
^C
--- 8.8.8.8 ping statistics ---
7 packets transmitted, 7 received, 0% packet loss, time 14ms
rtt min/avg/max/mdev = 65.384/65.491/65.654/0.088 ms

3. APT-UPDATE

see attached image

4. Network Config

Code: 
root@osi-server:~# cat /etc/network/interfaces
auto lo
iface lo inet loopback

iface enp0s25 inet manual

auto vmbr0
iface vmbr0 inet static
        address 192.168.254.106
        netmask 255.255.255.0
        gateway 192.168.254.254
        bridge_ports enp0s25
        bridge_stp off
        bridge_fd 0
 

Attachments

  • apt-update.png
    apt-update.png
    119.2 KB · Views: 43
hmm - you're trying to connect to the mirror via ipv6 - and this seems not working.
* please post the output of `ip -details addr` and `ip -6 route`

Either something in your network tries to provide routes for ipv6 (but doesn't actually have connectivity), or there is a firewall etc. in place

One (rather radical) method for working around this is to disable ipv6 on the container (or on the complete node - since I'm not sure that you can do that in a container):
`sysctl -w net.ipv6.conf.all.disable_ipv6=1`
(this needs to be done on each reboot - or you put the equivalent statement in /etc/syctl.conf or /etc/sysctl.d/99-local.conf)
 
  • Like
Reactions: renamed


Hi Stokio,

1. Here is the output of 'ip -details addr'
Code: 
root@osi-server:~# ip -details addr

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 promiscuity 0 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp0s25: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr0 state UP group default qlen 1000
    link/ether b8:ac:6f:a1:ff:9d brd ff:ff:ff:ff:ff:ff promiscuity 1
    bridge_slave state forwarding priority 32 cost 4 hairpin off guard off root_block off fastleave off learning on flood on port_id 0x8001 port_no 0x1 designated_port 32769 designated_cost 0 designated_bridge 8000.b8:ac:6f:a1:ff:9d designated_root 8000.b8:ac:6f:a1:ff:9d hold_timer    0.00 message_age_timer    0.00 forward_delay_timer    0.00 topology_change_ack 0 config_pending 0 proxy_arp off proxy_arp_wifi off mcast_router 1 mcast_fast_leave off mcast_flood on neigh_suppress off group_fwd_mask 0x0 group_fwd_mask_str 0x0 vlan_tunnel off numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535
3: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether b8:ac:6f:a1:ff:9d brd ff:ff:ff:ff:ff:ff promiscuity 0
    bridge forward_delay 0 hello_time 200 max_age 2000 ageing_time 30000 stp_state 0 priority 32768 vlan_filtering 0 vlan_protocol 802.1Q bridge_id 8000.b8:ac:6f:a1:ff:9d designated_root 8000.b8:ac:6f:a1:ff:9d root_port 0 root_path_cost 0 topology_change 0 topology_change_detected 0 hello_timer    0.00 tcn_timer    0.00 topology_change_timer    0.00 gc_timer   81.27 vlan_default_pvid 1 vlan_stats_enabled 0 group_fwd_mask 0 group_address 01:80:c2:00:00:00 mcast_snooping 1 mcast_router 1 mcast_query_use_ifaddr 0 mcast_querier 0 mcast_hash_elasticity 4 mcast_hash_max 512 mcast_last_member_count 2 mcast_startup_query_count 2 mcast_last_member_interval 100 mcast_membership_interval 26000 mcast_querier_interval 25500 mcast_query_interval 12500 mcast_query_response_interval 1000 mcast_startup_query_interval 3124 mcast_stats_enabled 0 mcast_igmp_version 2 mcast_mld_version 1 nf_call_iptables 0 nf_call_ip6tables 0 nf_call_arptables 0 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535
    inet 192.168.254.106/24 brd 192.168.254.255 scope global vmbr0
       valid_lft forever preferred_lft forever
    inet6 fe80::baac:6fff:fea1:ff9d/64 scope link
       valid_lft forever preferred_lft forever
5: veth100i0@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr100i0 state UP group default qlen 1000
    link/ether fe:84:38:df:cf:70 brd ff:ff:ff:ff:ff:ff link-netnsid 0 promiscuity 1
    veth
    bridge_slave state forwarding priority 32 cost 2 hairpin off guard off root_block off fastleave off learning on flood on port_id 0x8002 port_no 0x2 designated_port 32770 designated_cost 0 designated_bridge 8000.96:66:1b:7a:2c:bc designated_root 8000.96:66:1b:7a:2c:bc hold_timer    0.00 message_age_timer    0.00 forward_delay_timer    0.00 topology_change_ack 0 config_pending 0 proxy_arp off proxy_arp_wifi off mcast_router 1 mcast_fast_leave off mcast_flood on neigh_suppress off group_fwd_mask 0x0 group_fwd_mask_str 0x0 vlan_tunnel off numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535
6: fwbr100i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 96:66:1b:7a:2c:bc brd ff:ff:ff:ff:ff:ff promiscuity 0
    bridge forward_delay 0 hello_time 200 max_age 2000 ageing_time 30000 stp_state 0 priority 32768 vlan_filtering 0 vlan_protocol 802.1Q bridge_id 8000.96:66:1b:7a:2c:bc designated_root 8000.96:66:1b:7a:2c:bc root_port 0 root_path_cost 0 topology_change 0 topology_change_detected 0 hello_timer    0.00 tcn_timer    0.00 topology_change_timer    0.00 gc_timer   81.27 vlan_default_pvid 1 vlan_stats_enabled 0 group_fwd_mask 0 group_address 01:80:c2:00:00:00 mcast_snooping 1 mcast_router 1 mcast_query_use_ifaddr 0 mcast_querier 0 mcast_hash_elasticity 4 mcast_hash_max 512 mcast_last_member_count 2 mcast_startup_query_count 2 mcast_last_member_interval 100 mcast_membership_interval 26000 mcast_querier_interval 25500 mcast_query_interval 12500 mcast_query_response_interval 1000 mcast_startup_query_interval 3124 mcast_stats_enabled 0 mcast_igmp_version 2 mcast_mld_version 1 nf_call_iptables 0 nf_call_ip6tables 0 nf_call_arptables 0 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535
7: fwpr100p0@fwln100i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP group default qlen 1000
    link/ether c2:79:d0:7e:59:56 brd ff:ff:ff:ff:ff:ff promiscuity 1
    veth
    bridge_slave state forwarding priority 32 cost 2 hairpin off guard off root_block off fastleave off learning on flood on port_id 0x8002 port_no 0x2 designated_port 32770 designated_cost 0 designated_bridge 8000.b8:ac:6f:a1:ff:9d designated_root 8000.b8:ac:6f:a1:ff:9d hold_timer    0.00 message_age_timer    0.00 forward_delay_timer    0.00 topology_change_ack 0 config_pending 0 proxy_arp off proxy_arp_wifi off mcast_router 1 mcast_fast_leave off mcast_flood on neigh_suppress off group_fwd_mask 0x0 group_fwd_mask_str 0x0 vlan_tunnel off numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535
8: fwln100i0@fwpr100p0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr100i0 state UP group default qlen 1000
    link/ether 96:66:1b:7a:2c:bc brd ff:ff:ff:ff:ff:ff promiscuity 1
    veth
    bridge_slave state forwarding priority 32 cost 2 hairpin off guard off root_block off fastleave off learning on flood on port_id 0x8001 port_no 0x1 designated_port 32769 designated_cost 0 designated_bridge 8000.96:66:1b:7a:2c:bc designated_root 8000.96:66:1b:7a:2c:bc hold_timer    0.00 message_age_timer    0.00 forward_delay_timer    0.00 topology_change_ack 0 config_pending 0 proxy_arp off proxy_arp_wifi off mcast_router 1 mcast_fast_leave off mcast_flood on neigh_suppress off group_fwd_mask 0x0 group_fwd_mask_str 0x0 vlan_tunnel off numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535

2. Output of 'ip -6 route'
Code: 
root@osi-server:~# ip -6 route
fe80::/64 dev vmbr0 proto kernel metric 256 pref medium

3. I have tried your method for both (node and LXC), but I am still out of luck.

4. We do have firewall, but it seems fine as long as everything works well on 'node'.

Thanks,
 
renamed said:
3. I have tried your method for both (node and LXC), but I am still out of luck.
Click to expand...
What's the output of `apt update`, after you set the ipv6_disable sysctl?
 
Here is the output of 'apt update' after disable ipv6 on sysctl.
 

Attachments

  • apt-update-ipv4.png
    apt-update-ipv4.png
    28.2 KB · Views: 42
The connection to 91.189.88.149 got a connection refused.
I tested it here and the port seems open - so I guess you have a firewall in the middle which prevents the container from connecting to the outside
 
Stoiko,

You are right, it was the firewall which blocked the 80 port.

Thanks for your help,

Cheers
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back