No access to LXC containers from the network

Following the steps described in https://insights.ubuntu.com/2016/04/...br0-explained/ and some other tutorials, I set up a bridged configuration to make my LXC containers visible in the network. So far, I'm able to ping the containers from the host and vice versa, but not from the network. The host can be pinged from the network. Tests were performed under a fresh installation of Ubuntu Server 16.04, bridge-utils installed, lxdbr0 disabled, no firewall rules. All IPs are static.

Code:

# cat /etc/network/interfaces

auto lo

iface lo inet loopback



auto br0

iface br0 inet static

        bridge_ports ens160

        bridge_stp on

        bridge_fd 0

        bridge_waitport 0

        address 172.16.1.10

        netmask 255.255.255.0

        network 172.16.1.0

        broadcast 172.16.1.255

        gateway 172.16.1.254

        dns-nameservers 172.16.1.2

        dns-search mydomain.de



# ip addr

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

    inet 127.0.0.1/8 scope host lo

       valid_lft forever preferred_lft forever

    inet6 ::1/128 scope host

       valid_lft forever preferred_lft forever

2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br0 state UP group default qlen 1000

    link/ether 00:50:56:af:1c:0a brd ff:ff:ff:ff:ff:ff

    inet6 fe80::250:56ff:feaf:1c0a/64 scope link

       valid_lft forever preferred_lft forever

3: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000

    link/ether 00:50:56:af:1c:0a brd ff:ff:ff:ff:ff:ff

    inet 172.16.1.10/24 brd 172.16.1.255 scope global br0

       valid_lft forever preferred_lft forever

    inet6 fe80::250:56ff:feaf:1c0a/64 scope link

       valid_lft forever preferred_lft forever

5: veth4LJE6P@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br0 state UP group default qlen 1000

    link/ether fe:6e:1d:4e:99:36 brd ff:ff:ff:ff:ff:ff link-netnsid 0

    inet6 fe80::fc6e:1dff:fe4e:9936/64 scope link

       valid_lft forever preferred_lft forever



# brctl show

bridge name     bridge id               STP enabled     interfaces

br0             8000.005056af1c0a       yes             ens160

                                                        veth4LJE6P



# cat /etc/default/lxd-bridge

USE_LXD_BRIDGE="false"

LXD_BRIDGE=""

...



# lxc info tc1

Name: tc1

Architektur: x86_64

Created: 2016/04/21 13:26 UTC

Status: Running

Type: persistent

Profiles: bridge

Pid: 3639

Ips:

  eth0: inet    172.16.1.20   veth4LJE6P

  eth0: inet6   fe80::216:3eff:febb:b5da        veth4LJE6P

  lo:   inet    127.0.0.1

  lo:   inet6   ::1

Resources:

  Processes: 18

  Disk usage:

    root: 62.23MB

  Memory usage:

    Memory (current): 70.39MB

    Memory (peak): 116.78MB

  Network usage:

    eth0:

      Bytes received: 6.35MB

      Bytes sent: 16.29kB

      Packets received: 74256

      Packets sent: 387

    lo:

      Bytes received: 9.14kB

      Bytes sent: 9.14kB

      Packets received: 116

      Packets sent: 116



# lxc profile show bridge

name: bridge

config:

  environment.http_proxy: http://[fe80::1%eth0]:13128

  user.network_mode: link-local

description: ""

devices:

  eth0:

    name: eth0

    nictype: bridged

    parent: br0

    type: nic



# lxc exec tc1 -- cat /etc/network/interfaces.d/eth0.cfg

auto eth0

iface eth0 inet static

        address 172.16.1.20

        netmask 255.255.255.0

        network 172.16.1.0

        broadcast 172.16.1.255

        gateway 172.16.1.254

        dns-nameservers 172.16.1.2

        dns-search mydomain.de

I also tested the macvlan setup described in the link mentioned before. In the macvlan setup just the containers can ping each other.

Did I forget something? Any help would be appreciated, thanks!

No access to LXC containers from the network

Trending Articles

Practice Sheet of Right form of verbs for HSC Students

Download: FK ft Shenky – Nakuyewa ”Prod by: Shenky”

How to win at Markstrat (Markstrat Tips and Tricks) – Vodites

Ominde Commission Report and Recommendations – Ominde Report of 1964

Bureau of Internal Revenue: Regional Offices (Directory)

GO 53 on Enhancement of Ex-gratia upto 5 Lakhs Toddy Tappers in Telangana

Cakewalk CA-2A Leveling Amplifier v2.0.1.97 WiN, v2.0.1.96 OSX Incl Keygen

Mp3 Download: Mdu - Kunjenjenjena

How the kill the job , when DTP request running for long hours.

Microsoft Intune から展開しているアプリのアップデートについて

18-year-old girl was beaten for half an hour by two Northampton men in 'an...

Car crash in Dunton Bassett leaves driver in critical condition

Macky 2, Two Others In Road Accident

Application log 00000000000000089514: Could not convert queue DLVST90CLNT

Detroit mafia: D’Anna Brothers agree to plea deal

Delivery block field greyed out using VA02

Muloraki Au

【個人撮影】スマホのプライベート映像♪「中に出さないで///」カラオケ屋での生ハメ撮りが流出ｗ【リベンジポルノ】＠PornHub

BREAKING NEWS: Diamond Platnumz Is Reported Dead After Ghastly Car Accident

FIAT 500 B0111 B0112