LXC。容器的IP來自與主機相同的網絡

Question

我正在嘗試LXC。現在我想將IP分配給來自與LXC主機相同網絡的guest（容器）。作爲主機操作系統，我使用Ubuntu 14.04.3，並作爲來賓 - Ubuntu 15.10。

LXC主機使用我的家庭路由器訪問互聯網（默認網關），LXC主機具有IP - 192.168.1.50（網絡 - 192.168.1.0/24）和網關（路由器）地址 - 192.168 .1.1。

所以現在我想分配192.168.1.51從同一個網絡到LXC客人。爲此我已經配置BR0接口主機LXC機器上：

root@lxc-host:~# cat /etc/network/interfaces 
# This file describes the network interfaces available on your system 
# and how to activate them. For more information, see interfaces(5). 

# The loopback network interface 
auto lo 
iface lo inet loopback 

# The primary network interface 
auto eth0 
iface eth0 inet manual 

auto br0 
iface br0 inet static 
     address 192.168.1.50 
     netmask 255.255.255.0 
     gateway 192.168.1.1 
     dns-nameservers 8.8.8.8 
     bridge_ports eth0 
     bridge_stp off 
     bridge_fd 0 
     bridge_maxwait 0 

這種配置上網後和內部網絡工作：

root@lxc-host:~# ifconfig 
br0  Link encap:Ethernet HWaddr 08:00:27:5a:39:b5 
      inet addr:192.168.1.50 Bcast:192.168.1.255 Mask:255.255.255.0 
      inet6 addr: fe80::a00:27ff:fe5a:39b5/64 Scope:Link 
      inet6 addr: fdee:cbcd:a595:0:a00:27ff:fe5a:39b5/64 Scope:Global 
      inet6 addr: fdee:cbcd:a595:0:91b8:6067:2b5c:e58d/64 Scope:Global 
      UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 
      RX packets:5001 errors:0 dropped:0 overruns:0 frame:0 
      TX packets:2094 errors:0 dropped:0 overruns:0 carrier:0 
      collisions:0 txqueuelen:0 
      RX bytes:613920 (613.9 KB) TX bytes:307810 (307.8 KB) 

eth0  Link encap:Ethernet HWaddr 08:00:27:5a:39:b5 
      UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 
      RX packets:4964 errors:0 dropped:0 overruns:0 frame:0 
      TX packets:2109 errors:0 dropped:0 overruns:0 carrier:0 
      collisions:0 txqueuelen:1000 
      RX bytes:681460 (681.4 KB) TX bytes:316156 (316.1 KB) 

... 

root@lxc-host:~# 

據this docs，我已經改變容器配置（ u1是我的Ubuntu的容器）到這樣的視圖：

root@lxc-host:~# cat /var/lib/lxc/u1/config 
# Template used to create this container: /usr/share/lxc/templates/lxc-download 
# Parameters passed to the template: 
# For additional config options, please look at lxc.container.conf(5) 

# Distribution configuration 
lxc.include = /usr/share/lxc/config/ubuntu.common.conf 
lxc.arch = x86_64 

# Container specific configuration 
lxc.rootfs = /var/lib/lxc/u1/rootfs 
lxc.utsname = u1 

# Network configuration 
lxc.network.type = veth 
lxc.network.link = br0 
lxc.network.flags = up 
lxc.network.hwaddr = 00:16:3e:a1:c2:fe 
lxc.network.ipv4 = 192.168.1.51/24 

# define a gateway to have access to the internet 
lxc.network.ipv4.gateway = 192.168.1.1 

現在集裝箱的網絡配置看起來是這樣的：

root@lxc-host:~# cat /var/lib/lxc/u1/rootfs/etc/network/interfaces 
# This file describes the network interfaces available on your system 
# and how to activate them. For more information, see interfaces(5). 

# The loopback network interface 
auto lo 
iface lo inet loopback 

# The primary network interface 
auto eth0 
iface eth0 inet static 
address 192.168.1.51 
netmask 255.255.255.0 
gateway 192.168.1.1 
dns-nameservers 8.8.8.8 
root@lxc-host:~# 

容器重啓後，eth0的是真正使用192.168.1.51，容器可以ping LXC主機IP 192.168.1.50但不能ping任何其他IP地址，包括像網關內部IP 192.168.1.1等。

root@u1:~# ip a 
1: lo... 
5: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 
    link/ether 00:16:3e:a1:c2:fe brd ff:ff:ff:ff:ff:ff 
    inet 192.168.1.51/24 brd 192.168.1.255 scope global eth0 
... 

root@u1:~# ping 192.168.1.50 
PING 192.168.1.50 (192.168.1.50) 56(84) bytes of data. 
64 bytes from 192.168.1.50: icmp_seq=1 ttl=64 time=0.064 ms 
64 bytes from 192.168.1.50: icmp_seq=2 ttl=64 time=0.064 ms 
^C 
--- 192.168.1.50 ping statistics --- 
2 packets transmitted, 2 received, 0% packet loss, time 999ms 
rtt min/avg/max/mdev = 0.064/0.064/0.064/0.000 ms 

root@u1:~# ping 192.168.1.1 
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data. 
From 192.168.1.51 icmp_seq=1 Destination Host Unreachable 
From 192.168.1.51 icmp_seq=2 Destination Host Unreachable 
From 192.168.1.51 icmp_seq=3 Destination Host Unreachable 
^C 
--- 192.168.1.1 ping statistics --- 
4 packets transmitted, 0 received, +3 errors, 100% packet loss, time 2999ms 
pipe 3 

root@u1:~# ping 8.8.8.8 
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. 
^C 
--- 8.8.8.8 ping statistics --- 
3 packets transmitted, 0 received, 100% packet loss, time 1999ms 

root@u1:~# route -n 
Kernel IP routing table 
Destination  Gateway   Genmask   Flags Metric Ref Use Iface 
0.0.0.0   192.168.1.1  0.0.0.0   UG 0  0  0 eth0 
192.168.1.0  0.0.0.0   255.255.255.0 U  0  0  0 eth0 
root@u1:~# 

我在哪裏錯了？停止Apparmor，在LXC主機上清除iptables。

Answer 1

此問題與Virtualbox可視化有關（但我知道有些人在使用Hyper-V時遇到類似問題）。

在這種情況下看起來像LXC不能共享br0接口。

隨着真正的硬件，我沒有問題了。

Answer 2

如果你是新的LXC我建議你閱讀斯蒂芬·格拉貝的10部分博客系列：

https://www.stgraber.org/2013/12/20/lxc-1-0-blog-post-series/

和Flockport已經開始了一個偉大的網站有很多的LXC主題特別是在LXC從MACVlan聯網VXLAN到VPN等

https://www.flockport.com/guides/