lxc - 主机无法访问容器公共 ip
问题描述
我用 lxc 桥(lxcbr0)设置了一个新的 lxc 服务器(ubuntu 20.04,lxc 4.0.6)并创建了一个新的 ubuntu 容器,到目前为止一切都很好,容器网络工作没有问题。
但是我需要容器是公开可用的,所以我在主机公共 ip (br1) 上放置了一个网桥,并将公共 ip 添加到容器配置中。没什么特别的,我已经在几台服务器上配置了。当我启动容器时,两个 ip 地址都出现了,但公共地址无法访问(我什至无法 ping 它)。
ip 转发在 sysctl 中设置,我在主机桥上授权转发。我有一台具有 lxc 4.0.2 的类似服务器,并且相同的设置正在工作。
我的主机网络配置:
br1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet xxx.xx.xx.xx netmask 255.255.255.255 broadcast 0.0.0.0
inet6 xxx prefixlen 64 scopeid 0x20<link>
inet6 xxx prefixlen 56 scopeid 0x0<global>
ether 0c:42:a1:xx:0f:a4 txqueuelen 1000 (Ethernet)
RX packets 65436 bytes 153471357 (153.4 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 59551 bytes 5338005 (5.3 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
enp193s0f0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether 0c:42:a1:xx:0f:a4 txqueuelen 1000 (Ethernet)
RX packets 158338 bytes 162575837 (162.5 MB)
RX errors 0 dropped 5298 overruns 0 frame 0
TX packets 59998 bytes 5742821 (5.7 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 63 bytes 6191 (6.1 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 63 bytes 6191 (6.1 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lxcbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 10.0.3.1 netmask 255.255.255.0 broadcast 10.0.3.255
inet6 fe80::216:3eff:fe00:0 prefixlen 64 scopeid 0x20<link>
ether 00:16:3e:00:00:00 txqueuelen 1000 (Ethernet)
RX packets 36 bytes 4049 (4.0 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 24 bytes 3288 (3.2 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
% sudo lxc-ls -f
NAME STATE AUTOSTART GROUPS IPV4 IPV6 UNPRIVILEGED
my_container RUNNING 0 - 10.0.3.163, 54.XX.242.98 - false
% ping -c 3 54.XX.242.98
PING 54.XX.242.98 (54.XX.242.98) 56(84) bytes of data.
--- 54.XX.242.98 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2035ms
容器配置:
# Template used to create this container: /usr/share/lxc/templates/lxc-ubuntu
# Parameters passed to the template:
# For additional config options, please look at lxc.container.conf(5)
# Uncomment the following line to support nesting containers:
#lxc.include = /usr/share/lxc/config/nesting.conf
# (Be aware this has security implications)
# Common configuration
lxc.include = /usr/share/lxc/config/ubuntu.common.conf
# Container specific configuration
lxc.rootfs.path = dir:/var/lib/lxc/my_container/rootfs
lxc.uts.name = my_container
lxc.arch = amd64
# Network configuration
lxc.net.0.type = veth
lxc.net.0.link = lxcbr0
lxc.net.0.flags = up
lxc.net.0.hwaddr = 00:16:3e:4b:3a:53
lxc.net.1.name = eth1
lxc.net.1.type = veth
lxc.net.1.link = br1
lxc.net.1.flags = up
lxc.net.1.hwaddr = 02:00:00:3d:49:81
lxc.net.1.ipv4.address = 54.XX.242.98/28
lxc.net.1.ipv4.gateway = auto
我还尝试从另一个 ubuntu 20.04 服务器上复制一个工作容器,它不起作用。我可以向我的容器公共网络添加一条路由,以便能够访问它(至少暂时),但我以前从未这样做过。有任何想法吗 ?谢谢 !
解决方案
推荐阅读
- java - 为什么 Java 和 DB 时区会自动更改?
- python - 如何在登录 Power BI 时读取手机号码上发送的 otp。(必须避免多因素身份验证器)
- crystal-reports - Crystal Report 2016,使用没有汇总字段的中位数
- python - 在python中的类下敲击方法时,来自方法警告的功能即将到来
- python - Tkinter 与泡菜。Pyinstaller 可执行文件问题
- swift - 如何使 Text 具有与 Box 相同的位置和方向?
- angular - 如何通过以角度更改另一个下拉列表来过滤一个下拉列表
- angular - 如何根据 Typescript 中的函数动态更改 div id?
- excel - 无法粘贴特殊
- postgresql - POSTGRES COPY FROM PROGRAM 到具有未知列的动态表中