LXC容器,无法访问Internet

时间:2017-08-18 07:43:50

标签: containers lxc

我在openSuSE 42.1主机上设置了一个LXC容器。

主机具有完全的Internet访问权限,但容器没有。容器可以ping主机,但LAN或Internet上没有其他内容。

我认为问题可能是如何在主机上配置网桥,但我看不出如何解决这个问题。

主机有eth0和br0。已为br0分配了静态IP地址等。

在YAST中,默认IPv4网关为192.168.2.1,设备为br0

以下是主机的网络详细信息

route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         gateway.localdo 0.0.0.0         UG    0      0        0 br0
192.168.2.0    *               255.255.255.0   U     0      0        0 br0

netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         192.168.2.1    0.0.0.0         UG        0 0          0 br0
192.168.2.0    0.0.0.0         255.255.255.0   U         0 0          0 br0

ifconfig -a
br0       Link encap:Ethernet  HWaddr 08:00:27:E5:C3:27  
          inet addr:192.168.2.197  Bcast:192.168.2.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fee5:c327/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:266675 errors:0 dropped:0 overruns:0 frame:0
          TX packets:60989 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:1391858642 (1327.3 Mb)  TX bytes:4049229 (3.8 Mb)

eth0      Link encap:Ethernet  HWaddr 08:00:27:E5:C3:27  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1259099 errors:0 dropped:5 overruns:0 frame:0
          TX packets:220712 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:1449135910 (1382.0 Mb)  TX bytes:51279387 (48.9 Mb)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:11033 errors:0 dropped:0 overruns:0 frame:0
          TX packets:11033 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:968389 (945.6 Kb)  TX bytes:968389 (945.6 Kb)

vethYW604 Link encap:Ethernet  HWaddr FE:A8:5F:48:80:7E  
          inet6 addr: fe80::fca8:5fff:fe48:807e/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:251 errors:0 dropped:0 overruns:0 frame:0
          TX packets:120979 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:75398 (73.6 Kb)  TX bytes:71086180 (67.7 Mb)

gateway.localdomain解析为192.168.2.1

容器配置文件是:

lxc.network.type = empty
lxc.rootfs = /var/lib/lxc/TestLXC/rootfs
lxc.include = /usr/share/lxc/config/opensuse.common.conf
lxc.arch = x86_64
lxc.utsname = TestLXC
lxc.mount.auto = cgroup:mixed proc:mixed sys:mixed

lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = br0
lxc.network.name = eth0

lxc.network.hwaddr = 08:00:27:e5:c3:29
lxc.aa_allow_incomplete = 1

lxc.network.ipv4 = 192.168.2.221/24
lxc.network.ipv4.gateway = 192.168.2.197

它的网络详细信息是:

route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         192.168.2.197  0.0.0.0         UG    0      0        0 eth0
192.168.2.0    *               255.255.255.0   U     0      0        0 eth0

netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         192.168.2.197  0.0.0.0         UG        0 0          0 eth0
192.168.2.0    0.0.0.0         255.255.255.0   U         0 0          0 eth0

ifconfig -a
eth0      Link encap:Ethernet  HWaddr 08:00:27:E5:C3:29  
          inet addr:192.168.2.221  Bcast:192.168.2.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fee5:c329/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:133802 errors:0 dropped:0 overruns:0 frame:0
          TX packets:280 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:78627055 (74.9 Mb)  TX bytes:82972 (81.0 Kb)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:26 errors:0 dropped:0 overruns:0 frame:0
          TX packets:26 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:2152 (2.1 Kb)  TX bytes:2152 (2.1 Kb)

任何人都可以建议我如何让我的LXC容器拥有完整的网络和Internet访问权限。

由于

1 个答案:

答案 0 :(得分:0)

您是否在主机上设置了echo 1 > /proc/sys/net/ipv4/ip_forward