Traffic from one LXC container leaks to other containers

malabida

New Member
May 12, 2022
13
0
1
I am having problems in several LXC containers as the traffic from one of them is leaking to others and being processed by the others thus multiplying the processing. I have enabled the firewall and added a rule that only allows traffic from the IP assigned to the container but it is still happening. What can it be?

Thanks in advance for your help.
 
Example:
  1. LXC 1
  2. LXC 2
  3. VM 1
Remote -> LXC 1
Remote ~> LXC 2
Remote ~> VM 1
LXC 1 -> Remote
 
could you post your /etc/network/interfaces and your config file for lxc1 and lxc2 (/etc/pve/lxc/xxx.conf)
 
/etc/network/interfaces
Code:
auto lo
iface lo inet loopback

iface enp33s0f0 inet manual

auto vmbr0
iface vmbr0 inet static
  address 141.95.169.xxx/24
  gateway 141.95.169.254
  bridge-ports enp33s0f0
  bridge-stp off
  bridge-fd 0
  hwaddress D0:50:99:FF:9F:78

/etc/pve/lxc/100.conf
Code:
arch: amd64
cores: 1
hostname: xxxxx
memory: 1024
net0: name=eth0,bridge=vmbr0,gw=137.74.78.254,hwaddr=00:50:56:xx:xx:xx,ip=137.74.78.xxx/32,type=veth
ostype: ubuntu
rootfs: local:100/vm-100-disk-0.raw,size=8G
swap: 0
unprivileged: 1

/etc/pve/lxc/101.conf
Code:
arch: amd64
cores: 16
hostname: xxxxx
memory: 8192
net0: name=eth0,bridge=vmbr0,firewall=1,gw=137.74.78.254,hwaddr=02:00:00:xx:xx:xx,ip=137.74.xxx.xxx/32,type=veth
ostype: debian
rootfs: local:101/vm-101-disk-0.raw,size=8G
swap: 0
 
I managed to fix it by removing two extra interfaces I had in one LXC container and removing an extra one in another container of the same type. This seems to have mitigated the problem completely. I don't know if this is a bug or expected behaviour.
 
Your network setup seemed sensible, and just out of curiosity I generated traffic to one container while running wireshark in the other and saw no sign of any leakage. I was going to suggest that you consider multiple bridges in a routed config but it seems that's not necessary
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!