BBVA/kvm

No internet connection inside guest

SteveOswald opened this issue · 1 comments

SteveOswald commented

Hi,

my guest system is unable to connect to any host outside the given docker-network. I can connect to docker containers within the same networks, but even ping to 8.8.8.8 fails without response. I even can ping the gateway defined for the network with no problem. The other docker containers can also connect to my guest via it's docker ip. Have you got any idea?

My log output:

INFO: KVM acceleration enabled
DEBUG: Container original MAC address: 02:42:0a:fe:65:fa
++ local iface=eth0
++ local mode=macvlan
+++ generateNetdevNames macvlan
+++ devicetype=macvlan
+++ netdevinterfaces=($(ip link show | awk "/$devicetype/ { print $2 }" | cut -d '@' -f 1 | tr -d :))
++++ ip link show
++++ awk '/macvlan/ { print $2 }'
++++ cut -d @ -f 1

++++ tr -d :
+++ local netdevinterfaces
++++ cat /dev/urandom
++++ tr -dc a-f0-9
++++ fold -w 6
++++ head -n 1
+++ local randomID=81b16a
+++ containsElement macvlan81b16a
+++ local e

+++ return 1
+++ echo 81b16a
++ local deviceID=81b16a
++ local bridgeName=macvlan81b16a
++ [[ macvlan == \b\r\i\d\g\e ]]
++ vtapdev=macvtap81b16a
+++ ip link add link eth0 name macvtap81b16a type macvtap mode bridge
++ ip link set macvtap81b16a address 02:42:0a:fe:65:fa
++ ip link set macvtap81b16a up
++ ip link add link eth0 name macvlan81b16a type macvlan mode bridge
++ ip link set macvlan81b16a up
++ IFS=:
++ read major minor
+++ cat /sys/devices/virtual/net/macvtap81b16a/tap2/dev
++ mknod /dev/macvtap81b16a c 247 1

x
INFO: DHCP configured to serve IP 10.254.101.250/24 via macvlan81b16a (attached to container's eth0)
DEBUG: bridgeName: macvlan81b16a
INFO: Lauching dnsmasq
DEBUG: dnsmasq options: --dhcp-range=10.254.101.250,10.254.101.250 --dhcp-host=02:42:0a:fe:65:fa,,10.254.101.250,b74e57122277,infinite --dhcp-option=option:netmask,255.255.255.0 --dhcp-option=option:dns-server,127.0.0.11 --dhcp-option=option:router,10.254.101.254 --dhcp-option=option:domain-search, --dhcp-option=option:domain-name,
INFO: Launching qemu-kvm
DEBUG: Launching /usr/libexec/qemu-kvm -drive if=virtio,file=/image/image -nodefaults -device virtio-balloon-pci,id=balloon0 -realtime mlock=off -msg timestamp=on -chardev pty,id=charserial0 -device isa-serial,chardev=charserial0,id=serial0 -serial stdio -enable-kvm -machine accel=kvm,usb=off -vga qxl -display none -m 1024 -smp 4,sockets=4,cores=1,threads=1 -vnc 10.254.250.71:1 -k de -device virtio-net-pci,netdev=net0,mac=02:42:0a:fe:65:fa -netdev tap,id=net0,vhost=on,fd=3 3<>/dev/macvtap81b16a
char device redirected to /dev/pts/0 (label charserial0)

IP config inside docker container:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: macvtap81b16a@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 500
link/ether 02:42:0a:fe:65:fa brd ff:ff:ff:ff:ff:ff
3: macvlan81b16a@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
link/ether be:39:f7:05:5f:74 brd ff:ff:ff:ff:ff:ff
inet 10.254.100.250/23 scope global macvlan81b16a
valid_lft forever preferred_lft forever
139: eth0@if140: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether fe:05:f4:4d:f0:ff brd ff:ff:ff:ff:ff:ff link-netnsid 0
141: eth1@if142: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether 02:42:0a:fe:fa:47 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 10.254.250.71/24 brd 10.254.250.255 scope global eth1
valid_lft forever preferred_lft forever

methadata commented

Hi Steve,

After some years without using this container image, I've tried it from scratch, with some minor issues with the VM image. Anyway, I was able to ping 8.8.8.8 from the VM. Thus, I suspect that maybe your issue is more related with your host's IP stack (routing, irewall maybe?) rather than the container image itself.

To try to clarify it, it would be great to answer the following questions:

  • Are the other containers in the Docker Network able to ping the Internet?
  • Can you attach a container to the same network and ping the outside world?
  • Which VM OS image are you using?

Also, a tcpdump capture would be useful to see where the packets are being dropped. Try to capture packets in your bridge device, like:
tcpdump -n -e -i cni-podman0
(replace cni-podman0 with your actual bridge)

cheers,
/Fer