LXC Unreachable from Outside; no Ping replies

Jul 6, 2018
2
0
21
30
Germany
Hello fellow friends,
i've just set up a Proxmox VE (newest stable release) Setup on a KVM from Netcup.
Also i've got a secondary IP for use at this Server.

What my plans are:

- Hypervisor with one external IP
- A LXC-Container with another external IP

Future:
- Hypervisor on external IP
- up to 16 bridges each with another local network for interconnecting the LXC-Containers (Failure-Safeing)
- at least one Container from each bridge reachable from external via an ip bought from my hoster

This is my HOST network-config:

Code:
auto lo
iface lo inet loopback

iface ens3 inet manual

auto vmbr0
iface vmbr0 inet static

        address 94.16.xxx.232
        netmask 255.255.252.0
        gateway 94.16.xxx.1
        bridge_ports ens3
        bridge_stp off
        bridge_fd 1

        pointopoint 94.16.xxx.1
        bridge_hello 2
        bridge_maxage 12
        bridge_maxwait 0

        post-up route add 46.38.xxx.250/32 dev vmbr0

Also i've set
Code:
sysctl -w net.ipv4.ip_forward=1
sysctl -w net.ipv6.conf.all.forwarding=1
sysctl -w net.ipv6.conf.all.proxy_ndp=1
Firewall and iptables are off or empty.

The container network is set up like this:

Code:
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
        address 46.38.xxx.250
        netmask 255.255.255.255
        post-up ip route add 94.16.xxx.232 dev eth0
        post-up ip route add default via 94.16.xxx.232 dev eth0
        pre-down ip route del default via 94.16.xx.232 dev eth0
        pre-down ip route del 94.16.xxx.232 dev eth0
So far so good.
Now i get into trouble. if i want to ping my container, the ICMP-Request get lost between my hypervisor and the container. In Conclusion, i can reach the outside world from inside the container but as far as i want a respond its getting lost in the internal network.

For setup i used a "tutorial" as far as it is suitable for me (German):: anysrc:Netcup KVM vServer und LXC Container

I'll hope you can help me with this problem im worring with...
 
Code:
auto lo
iface lo inet loopback

iface ens3 inet manual

auto vmbr0
iface vmbr0 inet static

        address 94.16.xxx.232
        netmask 255.255.252.0
        gateway 94.16.xxx.1
        bridge_ports ens3
        bridge_stp off
        bridge_fd 1

        pointopoint 94.16.xxx.1
        bridge_hello 2
        bridge_maxage 12
        bridge_maxwait 0

        post-up route add 46.38.xxx.250/32 dev vmbr0

Is the router told to route packets for 46.38.xxx.250 to the host?

The container network is set up like this:

Code:
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
        address 46.38.xxx.250
        netmask 255.255.255.255
        post-up ip route add 94.16.xxx.232 dev eth0
        post-up ip route add default via 94.16.xxx.232 dev eth0
        pre-down ip route del default via 94.16.xx.232 dev eth0
        pre-down ip route del 94.16.xxx.232 dev eth0
So far so good.
Now i get into trouble. if i want to ping my container, the ICMP-Request get lost between my hypervisor and the container. In Conclusion, i can reach the outside world from inside the container but as far as i want a respond its getting lost in the internal network.

Where is the container's interface brided to? vmbr0? In that case packets must be sent directly sent from container to router and vice versa. IMHO the containers interface should be bridged to an "Internal network" (e.g. vmbr1) - in that case the routing advice has to be

[/CODE]
route add 46.38.xxx.250/32 dev vmbr1
[/CODE]

For setup i used a "tutorial" as far as it is suitable for me (German):: anysrc:Netcup KVM vServer und LXC Container


That does not look like a tutorial - it's just a collection of posts, and it's not sure if the ideas will work ..
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!