2

我们正在尝试在 SLES 11.3 中使用 LXC 容器配置 NAT 和 Bridge。我们收到错误无法启动容器

以下是屏幕转储。br0是外网,br1是内网

 brctl show

bridge name     bridge id               STP enabled     interfaces
br0             8000.001ec9d3ad09       no              eth0
br1             8000.000000000000       no

我们有 br0 与 eth0 桥接。以下是br0配置

    ifconfig br0

   br0     Link encap:Ethernet  HWaddr 00:1E:C9:D3:AD:09
           inet addr:10.31.96.176  Bcast:10.31.99.255  Mask:255.255.252.0
           inet6 addr: 3ffe:80c0:22c:8021:21e:c9ff:fed3:ad09/64 Scope:Global
           inet6 addr: fe80::21e:c9ff:fed3:ad09/64 Scope:Link
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:4054175 errors:0 dropped:748956 overruns:0 frame:0
           TX packets:9689 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:352965801 (336.6 Mb)  TX bytes:1382473 (1.3 Mb)

br1 是另一个用于容器内部网络的网桥

br1       Link encap:Ethernet  HWaddr 00:00:00:00:00:00
          inet addr:192.168.0.1  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::70d4:cbff:fe18:6548/64 Scope:Link
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:7 errors:0 dropped:0 overruns:0 frame:0
          TX packets:13 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:520 (520.0 b)  TX bytes:1070 (1.0 Kb)

下面是 LXC 配置

  lxc.network.type = veth
  lxc.network.name = net0
  lxc.network.ipv4 = 192.168.0.100/24
  lxc.network.link = br1
  lxc.network.flags = up
  lxc.network.ipv4.gateway=192.168.0.1

我们确实按照http://www.pdxsys.com/articles/lxc/lxc2/在 br0 和 br1 之间执行 NAT

 iptables -A INPUT    -p udp -m state --state ESTABLISHED,RELATED -j ACCEPT
 iptables -A INPUT    -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT
 iptables -A FORWARD  -p udp -m state --state ESTABLISHED,RELATED -j ACCEPT
 iptables -A FORWARD  -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT

 iptables -A POSTROUTING -t nat -s 192.168.0.0/24 -j MASQUERADE

 iptables -t nat -A PREROUTING -p tcp -d 10.31.96.176 --dport 80 -j DNAT --to 192.168.0.100

 iptables -A FORWARD -p tcp -d 192.168.0.100 --dport 80 -j ACCEPT

其中 192.168.0.100 是 lxc-container ip 而 10.31.96.176 是主机 ip

当我们尝试启动来宾时,我们收到以下错误

 lxc-start -n TEST1 -l DEBUG -o /root/test.log
 lxc-start: failed to setup ipv4 gateway for 'eth0': No such process
 lxc-start: failed to setup netdev
 lxc-start: failed to setup the network for 'TEST1'
 lxc-start: failed to setup the container
 lxc-start: invalid sequence number 1. expected 2
 lxc-start: failed to spawn 'TEST1'

我们如何解决这个问题?

4

0 回答 0