[systemd-devel] systemd-nspawn -n containers can not talk to the outside world
Király, István
laking at d250.hu
Sat Oct 22 02:46:32 UTC 2016
Hello list, ..
I'm not 100% sure if this is a bug or not, it fells like a bug but its too
big for that is has been overseen, so I would be happy if someone could
help me to clarify this. I do all these test in virtualbox instances that
are bridged to my home router on 192.168.88.1 / 255.25.255.0.
Steps to reproduce:
- Install fedora 24 server or fedora 25 beta server
- Add an ssh key for root shell access
- Disable SElinux, reboot
dnf -y update
dnf -y install mc
dnf -y install systemd-container
dnf -y --releasever=24 --installroot=/a install dnf initscripts passwd
rsyslog vim-minimal openssh-server openssh-clients dhclient chkconfig
rootfiles policycoreutils fedora-repos fedora-release mc
( .. or 25, with systemd 231)
systemctl enable systemd-networkd
systemctl start systemd-networkd
systemd-nspawn -D /a passwd
( .. and add a password)
systemd-nspawn --boot -n -D /a
( .. and enter the container)
In the container then
systemctl enable systemd-networkd
systemctl start systemd-networkd
And here, ping 8.8.8.8 returns Destination Host Unreachable
I can ping my host's router-given NIC-IP, but not the router itself.
Ping from the host is OK, pings the world just fine.
According to the systemd-nspawn documentation, this is the default -n
switch behaviour and I qoute: "automatic IP communication from the
container to the host is thus available, with further connectivity to the
external network."
So it should ping the router, and the world, but it does not. Is this a bug
then? Should I create an issue on github? Or did I misunderstand something?
Some additional command outputs:
[root at host ~]# networkctl status -a
● 1: lo (...)
● 2: enp0s3
Link File: /usr/lib/systemd/network/99-default.link
Network File: n/a
Type: ether
State: routable (unmanaged)
Path: pci-0000:00:03.0
Driver: e1000
Vendor: Intel Corporation
Model: 82540EM Gigabit Ethernet Controller (PRO/1000 MT Desktop
Adapter)
HW Address: 08:00:27:cb:fb:71 (Cadmus Computer Systems)
Address: 192.168.88.28
fe80::508c:2144:7c6c:4076
Gateway: 192.168.88.1 ( .. this is perfect)
● 4: ve-b
Link File: /usr/lib/systemd/network/99-default.link
Network File: /usr/lib/systemd/network/80-container-ve.network
Type: ether
State: routable (configured)
Driver: veth
HW Address: a6:38:8f:f7:58:97
Address: 10.0.0.1
10.0.0.17
169.254.188.19
fe80::a438:8fff:fef7:5897
Connected To: b on port host0
[root at b ~]# networkctl status -a
● 1: lo
Link File: n/a
Network File: n/a
Type: loopback
State: carrier (unmanaged)
Address: 127.0.0.1
::1
● 2: host0
Link File: n/a
Network File: /usr/lib/systemd/network/80-container-host0.network
Type: ether
State: degraded (configuring)
HW Address: a2:ae:b2:6d:55:8d
Address: 169.254.252.51
fe80::a0ae:b2ff:fe6d:558d
Connected To: n/a on port ve-b
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
default router 0.0.0.0 UG 100 0 0
enp0s3
default 0.0.0.0 0.0.0.0 U 2048 0 0 ve-b
10.0.0.0 0.0.0.0 255.255.255.240 U 0 0 0 ve-b
10.0.0.16 0.0.0.0 255.255.255.240 U 0 0 0 ve-b
link-local 0.0.0.0 255.255.0.0 U 0 0 0 ve-b
192.168.88.0 0.0.0.0 255.255.255.0 U 100 0 0
enp0s3
Thank you in advance.
Greetings, ...
--
Király István
+36 209 753 758
LaKing at D250.hu
<http://d250.hu/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20161022/10764917/attachment.html>
More information about the systemd-devel
mailing list