Last active
August 21, 2016 09:35
-
-
Save ewxrjk/ba9a3c970273132bc46300478480537a to your computer and use it in GitHub Desktop.
lxc guest can reach router but not host
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
tcpdump on host showing that container (.19) can each other hosts (e.g. .1) but does not get a response to host address (.18) | |
rjk@araminta:~$ really tcpdump -npi vethE23AI6: host 172.17.207.19 | |
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode | |
listening on vethE23AI6:, link-type EN10MB (Ethernet), capture size 262144 bytes | |
10:29:25.994201 IP 172.17.207.19.48716 > 172.17.207.1.53: 64233+ A? mirror.anjou.terraraq.org.uk. (46) | |
10:29:25.994243 IP 172.17.207.19.48716 > 172.17.207.1.53: 58575+ AAAA? mirror.anjou.terraraq.org.uk. (46) | |
10:29:25.994947 IP 172.17.207.1.53 > 172.17.207.19.48716: 64233* 1/3/2 A 172.17.207.18 (169) | |
10:29:25.995129 IP 172.17.207.1.53 > 172.17.207.19.48716: 58575* 0/1/0 (98) | |
10:29:25.995240 IP 172.17.207.19.58774 > 172.17.207.18.80: Flags [S], seq 4164822563, win 29200, options [mss 1460,sackOK,TS val 13201837 ecr 0,nop,wscale 7], length 0 | |
10:29:26.992510 IP 172.17.207.19.58774 > 172.17.207.18.80: Flags [S], seq 4164822563, win 29200, options [mss 1460,sackOK,TS val 13202087 ecr 0,nop,wscale 7], length 0 | |
10:29:28.996504 IP 172.17.207.19.58774 > 172.17.207.18.80: Flags [S], seq 4164822563, win 29200, options [mss 1460,sackOK,TS val 13202588 ecr 0,nop,wscale 7], length 0 | |
^C | |
7 packets captured | |
7 packets received by filter | |
0 packets dropped by kernel | |
There's definitely something listening on the host on .18: | |
rjk@araminta:~$ telnet 172.17.207.18 80 | |
Trying 172.17.207.18... | |
Connected to 172.17.207.18. | |
Escape character is '^]'. | |
^]q | |
telnet> q | |
Connection closed. | |
rjk@araminta:~$ | |
Guest IP configuration: | |
root@guestweb:~# ip addr show | |
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default | |
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 | |
inet 127.0.0.1/8 scope host lo | |
valid_lft forever preferred_lft forever | |
inet6 ::1/128 scope host | |
valid_lft forever preferred_lft forever | |
6: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 | |
link/ether 54:52:00:42:60:99 brd ff:ff:ff:ff:ff:ff | |
inet 172.17.207.19/24 brd 172.17.207.255 scope global eth0 | |
valid_lft forever preferred_lft forever | |
inet6 2001:470:1f09:11ed:5652:ff:fe42:6099/64 scope global mngtmpaddr dynamic | |
valid_lft 86106sec preferred_lft 14106sec | |
inet6 fe80::5652:ff:fe42:6099/64 scope link | |
valid_lft forever preferred_lft forever | |
root@guestweb:~# ip -0 route show | |
default via 172.17.207.1 dev eth0 | |
172.17.207.0/24 dev eth0 proto kernel scope link src 172.17.207.19 | |
2001:470:1f09:11ed::/64 dev eth0 proto kernel metric 256 expires 86101sec | |
fe80::/64 dev eth0 proto kernel metric 256 | |
default via fe80::204:a7ff:fe05:ac0b dev eth0 proto ra metric 1024 expires 1501sec hoplimit 64 | |
Host IP configuration: | |
rjk@araminta:~$ ip addr show | |
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default | |
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 | |
inet 127.0.0.1/8 scope host lo | |
valid_lft forever preferred_lft forever | |
inet6 ::1/128 scope host | |
valid_lft forever preferred_lft forever | |
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000 | |
link/ether 00:19:d1:04:d1:76 brd ff:ff:ff:ff:ff:ff | |
3: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default | |
link/ether 00:19:d1:04:d1:76 brd ff:ff:ff:ff:ff:ff | |
inet 172.17.207.18/24 brd 172.17.207.255 scope global br0 | |
valid_lft forever preferred_lft forever | |
inet 172.17.207.14/24 scope global secondary br0 | |
valid_lft forever preferred_lft forever | |
inet 172.17.207.15/24 scope global secondary br0 | |
valid_lft forever preferred_lft forever | |
inet 172.17.207.16/24 scope global secondary br0 | |
valid_lft forever preferred_lft forever | |
inet 172.17.207.19/24 scope global secondary br0 | |
valid_lft forever preferred_lft forever | |
inet6 2001:470:1f09:11ed::a/64 scope global | |
valid_lft forever preferred_lft forever | |
inet6 2001:470:1f09:11ed::f/64 scope global | |
valid_lft forever preferred_lft forever | |
inet6 2001:470:1f09:11ed::e/64 scope global | |
valid_lft forever preferred_lft forever | |
inet6 2001:470:1f09:11ed::12/64 scope global | |
valid_lft forever preferred_lft forever | |
inet6 fe80::219:d1ff:fe04:d176/64 scope link | |
valid_lft forever preferred_lft forever | |
7: vethE23AI6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000 | |
link/ether fe:96:85:5f:40:84 brd ff:ff:ff:ff:ff:ff | |
inet6 fe80::fc96:85ff:fe5f:4084/64 scope link | |
valid_lft forever preferred_lft forever | |
8: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN group default qlen 500 | |
link/ether fe:52:00:42:60:3c brd ff:ff:ff:ff:ff:ff | |
inet6 fe80::fc52:ff:fe42:603c/64 scope link | |
valid_lft forever preferred_lft forever | |
rjk@araminta:~$ ip -0 route show | |
default via 172.17.207.1 dev br0 | |
172.17.207.0/24 dev br0 proto kernel scope link src 172.17.207.18 | |
2001:470:1f09:11ed::/64 dev br0 proto kernel metric 256 | |
fe80::/64 dev br0 proto kernel metric 256 | |
fe80::/64 dev vethE23AI6 proto kernel metric 256 | |
fe80::/64 dev vnet0 proto kernel metric 256 | |
default via 2001:470:1f09:11ed::1 dev br0 metric 1024 | |
Kernel log does not show complaints about martians or firewall output (I log rejections) | |
& in any case disabling firewall made no difference. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment