I run LXC Linux containers and so I have net.ipv4.ip_forward=1 set on the host so that I can ping internet (google.com) from inside the LXC container.
However, when I run VirtualBox VMs in the same environment and bridge to the wlan wireless interface I get duplicate ICMP packets (DUP!). I can stop the duplicate packets in the VirtualBox VM by setting net.ipv4.ip_forward=0 on the host, but then this breaks the resolution of internet in the LXC containers.
How can I prevent the DUP! pings in the VM and leave net.ipv4.ip_forward=1 set? Thanks.
Related
I am connected to a corporate VPN and need to be able to run docker containers while the VPN is connected due to the fact that the container needs to be able to access corporate endpoints. However, when I am connected with AnyConnect VPN, docker has no internet access at all. Neither to our corporate endpoints or the internet.
I am running CentOS7 as my host operating system.
A simple way to reproduce this issue is to install a minimal linux distro, install AnyConnect VPN, connect to vpn and try to run the following docker container:
docker run -i -t ubuntu:14.04 /bin/bash
Once inside the container I try to ping google dns
[###]$ ping 8.8.8.8
There will be no response. If I disconnect from AnyConnect VPN and retry the above, I get a ping response.
How can I fix this issue?
Ping outside and internet access are different. You could access internet but could not ping as limit by your corporation network. I suggest running busybox
docker run -it --rm busybox
and check the dns setup inside
cat /etc/resolv.conf
From there you may see list of nameserver ip addresses. Now you could try to ping those to make sure they are reachable from inside. If not, you could try
traceroute 1.2.3.4
to see how far you could go from inside container, the first 2 lines should be ip of docker and the host machine, and then the ip of your corporation network
1 172.17.0.1 (172.17.0.1) 0.016 ms 0.011 ms 0.009 ms
2 10.1.249.4 (10.1.249.4) 38.487 ms 35.697 ms 35.558 ms
Usually it's problem of the nameserver generated inside /etc/resolv.conf
file. If it's the case, then you need to check /etc/resolv.conf
in the host machine and update the docker setup to generate the nameservers correctly inside container.
After you make a change to the network interfaces, you often need to restart the docker engine to rebuild all of the routes and iptables entries. With Linux and systemd, use:
systemctl restart docker
I'm trying to get dnsmasq to operate as a DHCP server inside a Docker container, issuing DHCP addresses to machines on the host's physical network. I'm using the Alpine Linux 6MB container from https://hub.docker.com/r/andyshinn/dnsmasq/.
It works fine as a DNS server on port 53 on the host machine, however there is nothing listening on port 67/udp, which is where I'm expecting DHCP to be. I use
dhcping 192.168.2.2, but get "no answer". telnet 192.168.2.2 67 returns "Connection refused".
My dnsmasq.conf file in the container looks like this:
interface=eth0
user=root
domain-needed
bogus-priv
no-resolv
local=/mydomain.io/
no-poll
server=8.8.8.8
server=8.8.4.4
no-hosts
addn-hosts=/etc/dnsmasq_static_hosts.conf
expand-hosts
domain=mydomain.io
dhcp-range=192.168.2.10,192.168.2.250,255.255.255.0,192.168.2.255,5m
# Have windows machine release on shutdown
dhcp-option=vendor:MSFT,2,1i
# No default route
dhcp-option=3
The host machine has a static address of 192.168.2.2.
I start the container like this:
docker run -d --name dns -p 192.168.2.2:67:67/udp -p 192.168.2.2:53:53/udp sitapati/dns
There is no firewall on this machine, which is running Ubuntu 16.04.
Things I've thought of/tried:
is it because eth0 in the container has an address on a completely different subnet? (docker inspect tells me it's 172.17.0.2 on the bridged interface)
does it need to use --net host? I tried that, and it still didn't work.
Yes, the container will have its own interfaces on a virtual subnet (the docker0 bridge network). So it will be trying to offer addresses on that subnet.
Using --net host worked for me, I got the DHCP server working using something like the following command:
docker run --name dnsmasq2 -t -v /vagrant/dnsmasq.conf:/opt/dnsmasq.conf -p 67:67/udp --net host centos
--net host ensures that the container appears to using the host's networking stack rather than its own.
dnsmasq -q -d --conf-file=/opt/dnsmasq.conf --dhcp-broadcast
I also needed to add the --dhcp-broadcast flag to dnsmasq within the container to get it to actually broadcast DHCPOFFER messages on the network. For some reason, dnsmasq was trying to unicast the DHCPOFFER messages, and it was using ARP to try to get an address that had not yet been assigned.
I have two Machines running in VirtualBox, Ubuntu 12.04 LTS with two network adapters (NAT,Internal Network) and Kali Linux with one adapter (Internal Network). I'm also running tor ( SocksPort 9150, ControlPort 9151 ) in Ubuntu. My goal is to have access on the internet from Kali only through tor. So I used ssh port forwarding from kali to ubuntu and also configured firefox to use proxy( 127.0.0.1 - 9150)
kali~# ssh -N -L 9150:10.0.3.2:9150 root#10.0.3.1
With this command i am trying to forward all the traffic into tor.
The connection is established according to netstat and ping is working but when i try to load a page nothing happens and i keep getting the same error message on Kali's terminal
channel 2: open failed : connect failed : connection refused
Am i missing something? Do i need to open a port?
I also tried to use a SOCKS proxy with
ssh -D 9150 root#10.0.3.1
but it didn't work. Please share your thoughts with me, I am waiting for your insights.Thank you.
Internal Network Configuration:
Ubuntu:
IP:10.0.3.1
Broadcast Address:10.0.3.255
Subnet Mask:255.255.255.0
Default Route:10.0.2.2
Primary DNS:192.168.1.1
Kali:
IP:10.0.3.2
Broadcast Address:10.0.3.255
Subnet Mask:255.255.255.0
NAT Configuration:
Ubuntu
IP:10.0.2.15
Broadcast Address:10.0.2.255
Subnet Mask:255.255.255.0
Default Route:10.0.2.2
Primary DNS:192.168.1.1
I created a ubuntu server on vmware. I am using it as a file server. I can access it if I am connecting through the machine which hosts the virtual machine. I am not able to do it from other machines which are on the same network. Thanks in advance!
First of all make sure in the setting of the virtual machine that it is in Bridged Adaptor type connectivity.
Give a static ip to the virtual machine using
sudo ifconfig eth0 10.0.0.100 netmask 255.255.255.0
the above is an example. You got what I mean.
3.Third, Try pinging the virtual machine with the base machine running the vbox to make sure they are connected.
ping ipaddress-basemachine
4 . Now if everything is working fine from there then connect with this virtual machine with other base machine using Remote Desktop Viewer or any other similar application.
Specify, the ip-address of the vbox and username, password. It will be able to connect with it now.
5 . If it still is not able to then try to check the firewall rules on both the virtual box machine and the base machine running the vbox using the command
iptables -L
I've been happily using an Ubuntu 12.04 VM as a webserver with a static IP running on VirtualBox on my Windows 7 machine for a few months (working on it from the host computer, bridged network connection, accessing via SSH from host and sharing folders through windows).
In /etc/network/interfaces, I've got:
address 192.168.1.112
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1
dns-nameservers 194.168.4.100 194.168.8.100
I tried creating a new VM with it on my Win7 laptop by copying across the .vdi and creating a new VirtualBox machine with it, then changing the static IP to 192.168.1.116, but I'm not getting any network... It can't ping anything, when I try to SSH into the VM, it says "connection rejected" and it doesn't show up anywhere in my Windows network.
Can anyone shed any light?
"Perryg" on the VirtualBox forums solved it:
Edit the /etc/udev/rules.d/70-persistent-net.rules, or you can delete the rules and Linux will configure it on the next boot.
That's all there was to it.