You are not logged in.
- Topics: Active | Unanswered
#1 2015-05-12 21:21:44
- joehillen
- Member
- Registered: 2015-01-08
- Posts: 20
LXC guest cannot receive any packets
I am using vagrant-lxc, and it was working for a while, but one day it stop working. I tried using netctl for a while, but I switched the libvirt in the hopes of getting it working again, and it did... until I restarted 
Here is the situation now.
On the guest:
root@vagrant-base-trusty-amd64:~# ping google.com
PING google.com (173.194.33.101) 56(84) bytes of data.
^C
--- google.com ping statistics ---
7 packets transmitted, 0 received, 100% packet loss, time 6007ms
root@vagrant-base-trusty-amd64:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
6: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 5e:61:d5:bf:7b:78 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.222/24 brd 192.168.122.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::5c61:d5ff:febf:7b78/64 scope link
valid_lft forever preferred_lft forever
root@vagrant-base-trusty-amd64:~# ip r
default via 192.168.122.1 dev eth0
192.168.122.0/24 dev eth0 proto kernel scope link src 192.168.122.222
root@vagrant-base-trusty-amd64:~# ping 192.168.122.1
PING 192.168.122.1 (192.168.122.1) 56(84) bytes of data.
64 bytes from 192.168.122.1: icmp_seq=1 ttl=64 time=0.076 ms
64 bytes from 192.168.122.1: icmp_seq=2 ttl=64 time=0.074 ms
64 bytes from 192.168.122.1: icmp_seq=3 ttl=64 time=0.097 ms
64 bytes from 192.168.122.1: icmp_seq=4 ttl=64 time=0.071 ms
^C
--- 192.168.122.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2998ms
rtt min/avg/max/mdev = 0.071/0.079/0.097/0.013 ms
root@vagrant-base-trusty-amd64:~# ping 192.168.1.100
PING 192.168.1.100 (192.168.1.100) 56(84) bytes of data.
64 bytes from 192.168.1.100: icmp_seq=1 ttl=64 time=0.082 ms
64 bytes from 192.168.1.100: icmp_seq=2 ttl=64 time=0.089 ms
64 bytes from 192.168.1.100: icmp_seq=3 ttl=64 time=0.102 ms
64 bytes from 192.168.1.100: icmp_seq=4 ttl=64 time=0.107 ms
^C
--- 192.168.1.100 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2999ms
rtt min/avg/max/mdev = 0.082/0.095/0.107/0.010 ms
root@vagrant-base-trusty-amd64:~# ping 192.168.1.101
PING 192.168.1.101 (192.168.1.101) 56(84) bytes of data.
^C
--- 192.168.1.101 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2007ms
root@vagrant-base-trusty-amd64:~# ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
^C
--- 192.168.1.1 ping statistics ---
9 packets transmitted, 0 received, 100% packet loss, time 8006msAs you can see, DNS works and I can connect to the host.
On the host:
$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp6s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
inet 192.168.1.100/24 brd 192.168.1.255 scope global dynamic enp6s0
valid_lft 97sec preferred_lft 97sec
3: enp8s0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
4: virbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether xx:xx:xx:xx:xx:xx:brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
5: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc fq_codel master virbr0 state DOWN group default qlen 500
link/ether xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
7: vethG19V8K: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master virbr0 state UP group default qlen 1000
link/ether xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc18:13ff:fe34:9591/64 scope link
valid_lft forever preferred_lft forever
$ ip r
default via 192.168.1.1 dev enp6s0 proto dhcp src 192.168.1.100 metric 1024
192.168.1.0/24 dev enp6s0 proto kernel scope link src 192.168.1.100
192.168.1.1 dev enp6s0 proto dhcp scope link src 192.168.1.100 metric 1024
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1
$ sudo iptables -nvL --line-numbers
Chain INPUT (policy ACCEPT 930 packets, 1731K bytes)
num pkts bytes target prot opt in out source destination
1 586 72820 f2b-SSH tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
2 13 756 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53
3 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
4 5 1640 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:67
5 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 ACCEPT all -- * virbr0 0.0.0.0/0 192.168.122.0/24 ctstate RELATED,ESTABLISHED
2 51 3503 ACCEPT all -- virbr0 * 192.168.122.0/24 0.0.0.0/0
3 0 0 ACCEPT all -- virbr0 virbr0 0.0.0.0/0 0.0.0.0/0
4 0 0 REJECT all -- * virbr0 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
5 0 0 REJECT all -- virbr0 * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
Chain OUTPUT (policy ACCEPT 846 packets, 70698 bytes)
num pkts bytes target prot opt in out source destination
1 5 1716 ACCEPT udp -- * virbr0 0.0.0.0/0 0.0.0.0/0 udp dpt:68
Chain f2b-SSH (1 references)
num pkts bytes target prot opt in out source destination
1 386 57808 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0I tested that packets can get out using netcat to send UDP messages, and I received the messages on a server on the WAN, so I know packets are getting out, but they are not making it back.
I've tried removing lines 4 and 5 from the FORWARD chain, but it didn't help.
Offline