[SOLVED] LXC on internal network only cannot access internet

H

Hendrik

New Member
Aug 6, 2016
5
0
1
44
Hi guys

I got myself a new host at SoYouStart/OVH and set it up with the Proxmox VE 4.2 template. Now I'm trying to set up some LXC containers on an internal network (10.0.0.0/24). All the containers can ping each other and also the host (10.0.0.1) yet when I'm trying to ping e.g. 8.8.8.8 it doesn't work (it's just stuck). The only LXC container that can access the internet is the one that has two network interfaces (eth0 = sys failover ip, eth1 = internal ip).

You can see the network configuration at http://imgur.com/a/kxHCu. In the past this configuration was working with another server at OVH/SYS but now it isn't working anymore (both on the old server and the new one). Has something changed or am I missing something? Any help is much appreciated.

Cheers
Hendrik
 
please add your configuration example in this forum, links to third party sites are not suitable (as they disappear soon).
 
Hi Tom

Thanks for the reply, following is the network config of host and container.

Code: 
root@playground:~# cat /etc/network/interfaces
auto lo
iface lo inet loopback

iface eth0 inet manual

auto vmbr1
iface vmbr1 inet static
        address  10.0.0.1
        netmask  255.255.255.0
        bridge_ports dummy0
        bridge_stp off
        bridge_fd 0
        post-up /etc/pve/kvm-networking.sh

auto vmbr0
iface vmbr0 inet static
        address  188.165.xxx.yyy
        netmask  255.255.255.0
        gateway  188.165.xxx.254
        broadcast  188.165.xxx.255
        bridge_ports eth0
        bridge_stp off
        bridge_fd 0
        network 188.165.xxx.0

root@playground:~# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         vss-gw-6k.fr.eu 0.0.0.0         UG    0      0        0 vmbr0
10.0.0.0        *               255.255.255.0   U     0      0        0 vmbr1
188.165.xxx.0   *               255.255.255.0   U     0      0        0 vmbr0

Code: 
root@entry:~# cat /etc/network/interfaces
source-directory /etc/network/interfaces.d

auto eth0
iface eth0 inet static
        address 87.98.aaa.bbb
        netmask 255.255.255.0
# --- BEGIN PVE ---
        post-up ip route add 188.165.xxx.254 dev eth0
        post-up ip route add default via 188.165.xxx.254 dev eth0
        pre-down ip route del default via 188.165.xxx.254 dev eth0
        pre-down ip route del 188.165.xxx.254 dev eth0
# --- END PVE ---

auto eth1
iface eth1 inet static
        address 10.0.0.100
        netmask 255.255.255.0
        gateway 10.0.0.1

root@entry:~# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         vss-gw-6k.fr.eu 0.0.0.0         UG    0      0        0 eth0
10.0.0.0        *               255.255.255.0   U     0      0        0 eth1
87.98.aaa.0     *               255.255.255.0   U     0      0        0 eth0
vss-gw-6k.fr.eu *               255.255.255.255 UH    0      0        0 eth0

Code: 
root@build:~# cat /etc/network/interfaces
source-directory /etc/network/interfaces.d

auto eth1
iface eth1 inet static
        address 10.0.0.101
        netmask 255.255.255.0
        gateway 10.0.0.1

root@build:~# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         10.0.0.1        0.0.0.0         UG    0      0        0 eth1
10.0.0.0        *               255.255.255.0   U     0      0        0 eth1

I've only used the web interface to set up the containers and network configs. In the past this was working fine but now it seems that I'm missing something.

Cheers
Hendrik
 
Hi

It seems that when I follow the Masquerading example at https://pve.proxmox.com/wiki/Network_Model the containers do have internet access again.

Code: 
iptables -t nat -A POSTROUTING -s '10.0.0.0/24' -o vmbr0 -j MASQUERADE

I used to use this rule with Proxmox 3 and OpenVZ containers but I cannot remember that I had used this with Proxmox 4 and LXC before. Anyway it works now which is fine to me.

Cheers
Hendrik
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back