My use case involves having LXC containers connect to 169.254.169.254 (inside the guest).
This IP (169.254.169.254) is added to "lo" interface on host (ip a add 169.254.169.254 dev lo).
On Proxmox 3, this worked well. I had a server running on host, binding to 169.254.169.254:80 and guests were able to connect to it (OpenVZ).
After ugprade to Proxmox 4, I believe this setup worked for a short time but then stopped working. I can neither ping 169.254.169.254 from inside a guest, nor connect to the metadata (HTTP) server on it.
I am not able to identify what has changed that is preventing the connection.
Setup details:
- no iptables rules on guest or host
- Proxmox Firewall is disabled
- host installed from OVH Proxmox 3 image
- upgraded to Proxmox 4 (with no issues)
- LXC containers have their own MAC, eth0 on guest is connected to vmbr0, which is simply provided by eth0 on host
Edit: The confusion results from a delay that OVH's gateways have in filtering ARP (?!). The setup works in routed mode, when the guest's gateway is the host and ip_forwarding is enabled. In bridged mode, when the gateway is OVH (and virtual MACs are used) the gateway will not route 169.254.169.254.
This IP (169.254.169.254) is added to "lo" interface on host (ip a add 169.254.169.254 dev lo).
On Proxmox 3, this worked well. I had a server running on host, binding to 169.254.169.254:80 and guests were able to connect to it (OpenVZ).
After ugprade to Proxmox 4, I believe this setup worked for a short time but then stopped working. I can neither ping 169.254.169.254 from inside a guest, nor connect to the metadata (HTTP) server on it.
I am not able to identify what has changed that is preventing the connection.
Setup details:
- no iptables rules on guest or host
- Proxmox Firewall is disabled
- host installed from OVH Proxmox 3 image
- upgraded to Proxmox 4 (with no issues)
- LXC containers have their own MAC, eth0 on guest is connected to vmbr0, which is simply provided by eth0 on host
Edit: The confusion results from a delay that OVH's gateways have in filtering ARP (?!). The setup works in routed mode, when the guest's gateway is the host and ip_forwarding is enabled. In bridged mode, when the gateway is OVH (and virtual MACs are used) the gateway will not route 169.254.169.254.
Last edited: