Skip to content

Instantly share code, notes, and snippets.

@ewxrjk

ewxrjk/gist:ba9a3c970273132bc46300478480537a

Last active August 21, 2016 09:35
Show Gist options
  • Save ewxrjk/ba9a3c970273132bc46300478480537a to your computer and use it in GitHub Desktop.
Save ewxrjk/ba9a3c970273132bc46300478480537a to your computer and use it in GitHub Desktop.
Download ZIP
lxc guest can reach router but not host
Raw
gistfile1.txt
tcpdump on host showing that container (.19) can each other hosts (e.g. .1) but does not get a response to host address (.18)
rjk@araminta:~$ really tcpdump -npi vethE23AI6: host 172.17.207.19
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on vethE23AI6:, link-type EN10MB (Ethernet), capture size 262144 bytes
10:29:25.994201 IP 172.17.207.19.48716 > 172.17.207.1.53: 64233+ A? mirror.anjou.terraraq.org.uk. (46)
10:29:25.994243 IP 172.17.207.19.48716 > 172.17.207.1.53: 58575+ AAAA? mirror.anjou.terraraq.org.uk. (46)
10:29:25.994947 IP 172.17.207.1.53 > 172.17.207.19.48716: 64233* 1/3/2 A 172.17.207.18 (169)
10:29:25.995129 IP 172.17.207.1.53 > 172.17.207.19.48716: 58575* 0/1/0 (98)
10:29:25.995240 IP 172.17.207.19.58774 > 172.17.207.18.80: Flags [S], seq 4164822563, win 29200, options [mss 1460,sackOK,TS val 13201837 ecr 0,nop,wscale 7], length 0
10:29:26.992510 IP 172.17.207.19.58774 > 172.17.207.18.80: Flags [S], seq 4164822563, win 29200, options [mss 1460,sackOK,TS val 13202087 ecr 0,nop,wscale 7], length 0
10:29:28.996504 IP 172.17.207.19.58774 > 172.17.207.18.80: Flags [S], seq 4164822563, win 29200, options [mss 1460,sackOK,TS val 13202588 ecr 0,nop,wscale 7], length 0
^C
7 packets captured
7 packets received by filter
0 packets dropped by kernel
There's definitely something listening on the host on .18:
rjk@araminta:~$ telnet 172.17.207.18 80
Trying 172.17.207.18...
Connected to 172.17.207.18.
Escape character is '^]'.
^]q
telnet> q
Connection closed.
rjk@araminta:~$
Guest IP configuration:
root@guestweb:~# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
6: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 54:52:00:42:60:99 brd ff:ff:ff:ff:ff:ff
inet 172.17.207.19/24 brd 172.17.207.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 2001:470:1f09:11ed:5652:ff:fe42:6099/64 scope global mngtmpaddr dynamic
valid_lft 86106sec preferred_lft 14106sec
inet6 fe80::5652:ff:fe42:6099/64 scope link
valid_lft forever preferred_lft forever
root@guestweb:~# ip -0 route show
default via 172.17.207.1 dev eth0
172.17.207.0/24 dev eth0 proto kernel scope link src 172.17.207.19
2001:470:1f09:11ed::/64 dev eth0 proto kernel metric 256 expires 86101sec
fe80::/64 dev eth0 proto kernel metric 256
default via fe80::204:a7ff:fe05:ac0b dev eth0 proto ra metric 1024 expires 1501sec hoplimit 64
Host IP configuration:
rjk@araminta:~$ ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000
link/ether 00:19:d1:04:d1:76 brd ff:ff:ff:ff:ff:ff
3: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 00:19:d1:04:d1:76 brd ff:ff:ff:ff:ff:ff
inet 172.17.207.18/24 brd 172.17.207.255 scope global br0
valid_lft forever preferred_lft forever
inet 172.17.207.14/24 scope global secondary br0
valid_lft forever preferred_lft forever
inet 172.17.207.15/24 scope global secondary br0
valid_lft forever preferred_lft forever
inet 172.17.207.16/24 scope global secondary br0
valid_lft forever preferred_lft forever
inet 172.17.207.19/24 scope global secondary br0
valid_lft forever preferred_lft forever
inet6 2001:470:1f09:11ed::a/64 scope global
valid_lft forever preferred_lft forever
inet6 2001:470:1f09:11ed::f/64 scope global
valid_lft forever preferred_lft forever
inet6 2001:470:1f09:11ed::e/64 scope global
valid_lft forever preferred_lft forever
inet6 2001:470:1f09:11ed::12/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::219:d1ff:fe04:d176/64 scope link
valid_lft forever preferred_lft forever
7: vethE23AI6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000
link/ether fe:96:85:5f:40:84 brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc96:85ff:fe5f:4084/64 scope link
valid_lft forever preferred_lft forever
8: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN group default qlen 500
link/ether fe:52:00:42:60:3c brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc52:ff:fe42:603c/64 scope link
valid_lft forever preferred_lft forever
rjk@araminta:~$ ip -0 route show
default via 172.17.207.1 dev br0
172.17.207.0/24 dev br0 proto kernel scope link src 172.17.207.18
2001:470:1f09:11ed::/64 dev br0 proto kernel metric 256
fe80::/64 dev br0 proto kernel metric 256
fe80::/64 dev vethE23AI6 proto kernel metric 256
fe80::/64 dev vnet0 proto kernel metric 256
default via 2001:470:1f09:11ed::1 dev br0 metric 1024
Kernel log does not show complaints about martians or firewall output (I log rejections)
& in any case disabling firewall made no difference.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment