[SOLVED] Container cannot reach internet

AaronWalker

New Member
Feb 18, 2017
25
2
3
29
Proxmox 4.4 with CentOS 7 guest in container.

Host can reach the internet, but containers cannot.
It seems others have had similar problems but I cannot find a solution.

Host
/etc/network/interfaces
Code:
auto lo

iface lo inet loopback

auto eth0
iface eth0 inet static
        address  192.168.0.2
        netmask  255.255.255.0
        gateway  192.168.0.1

auto vmbr0
iface vmbr0 inet static
        address  10.10.10.1
        netmask  255.255.255.0
        bridge_ports none
        bridge_stp off
        bridge_fd 0

        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up   iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 192.168.0.2
        post-down iptables -t nat -D POSTROUTING -o eth0 -j SNAT --to 192.168.0.2

Host ip route
Code:
default via 192.168.0.1 dev eth0
10.10.10.0/24 dev vmbr0  proto kernel  scope link  src 10.10.10.1
192.168.0.0/24 dev eth0  proto kernel  scope link  src 192.168.0.2

Host iptables -t nat -L
Code:
...

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
SNAT       all  --  anywhere             anywhere             to:192.168.0.2

Guest ip route
Code:
default via 10.10.10.1 dev eth0
10.10.10.0/24 dev eth0  proto kernel  scope link  src 10.10.10.2
169.254.0.0/16 dev eth0  scope link  metric 1009
 
Your config looks OK.
To sort network vs routing problems, are you able to ping your gateway from the container ?
 
I am having the exact same problem, I have a proxmox based host with internet connection but the guest vm (CentOS7 ) has no connection, I assigned a mac in bridged mode and still nothing.
 
Yes, I can. When I use the default configuration, it works.
However, in the Networking documents, it says the routing mode is better.

Here is my working configuration:
Code:
auto lo
iface lo inet loopback

iface eth0 inet manual

auto vmbr0
iface vmbr0 inet static
        address  192.168.0.2
        netmask  255.255.255.0
        gateway  192.168.0.1
        bridge_ports eth0
        bridge_stp off
        bridge_fd 0
 
Yes, I can. When I use the default configuration, it works.
However, in the Networking documents, it says the routing mode is better.

Here is my working configuration:
Code:
auto lo
iface lo inet loopback

iface eth0 inet manual

auto vmbr0
iface vmbr0 inet static
        address  192.168.0.2
        netmask  255.255.255.0
        gateway  192.168.0.1
        bridge_ports eth0
        bridge_stp off
        bridge_fd 0

I suppose in that configuration, you're assigning an IP adress to your container in the 192.168.0.0/24 network. There is nothing wrong with this setup. The only case where we recommend routing over bridging is when your hoster does not allow the extra mac address of the bridging mode. If your server is hosted in your own infrastructure ( home or business ) you're not concerned with this limitation.