How to make your LXD containers get IP addresses from your LAN using macvlan

WARNING #1: By using macvlan, your computer’s network interface will appear on the network to have more than one MAC address. This is fine for Ethernet networks. However, if your interface is a Wireless interface (with security like WPA/WPA2), then the access point will ignore any other MAC addresses coming from your computer. Therefore, all these will not work in that specific case.

WARNING #2: If your host is in a virtual machine, then it is likely that the VM software will block the DHCP requests of the containers. There are options on both VMWare and Virtualbox to allow Promiscuous mode (somewhere in their Network settings). You need to enable that. Keep in mind that people reported success only on VMWare. If you make it work on VirtualBox as well, please do report below.

In LXD, you have the host and then you have the many containers on this host. The host is the computer where LXD is running. By default, all containers run hidden in a private network on the host. The containers are not accessible from the local network, nor from the Internet. However, they have network access to the Internet through the host.

How can we get some containers to receive an IP address from the LAN and be accessible on the LAN?

This can be achieved using macvlan (L2) virtual network interfaces, a feature provided by the Linux kernel.

In this post, we are going to create a new LXD profile and configure macvlan in it. Then, we launch new containers under the new profile, or attach existing containers to the new profile (so they get as well a LAN IP address).

Creating a new LXD profile for macvlan

Let’s see what LXD profiles are available.

$ lxc profile list
+------------+---------+
| NAME       | USED BY |
+------------+---------+
| default    | 11      |
+------------+---------+

There is a single profile, called default, the default profile. It is used by 11 LXD containers on this system.

We make a copy of this default profile. The new profile is called lanprofile.

$ lxc profile copy default lanprofile

$ lxc profile list
+------------+---------+
| NAME       | USED BY |
+------------+---------+
| default    | 11      |
+------------+---------+
| lanprofile | 0       |
+------------+---------+

What are the default settings of a new profile?

$ lxc profile show lanprofile
config:
 environment.TZ: ""
description: Default LXD profile
devices:
 eth0:
   nictype: bridged
   parent: lxdbr0
   type: nic
 root:
   path: /
   pool: default
   type: disk
name: lanprofile
used_by: []

We just need to change the nictype and parent to the appropriate new values and we are then ready to go. The nictype will be macvlan. The parent will be the network interface of the host. Let’s identify the correct parent, using the ip route command.

$ ip route show default 0.0.0.0/0
default via 192.168.1.1 dev enp5s12 proto static metric 100

This command shows the default network route. It also shows the name of the device (dev), which is in this case enp5s12. (Before systemd, those used to be eth0 or wlan0. Now, the name varies among computers).

Now we are ready to edit the nictype and parent fields in the lanprofile LXD profile. We use the lxc profile command to set a device parameter for the profile lanprofile. We set device.eth0.nictype to macvlan, and device.eth0.parent to enp5s12.

$ lxc profile device set lanprofile eth0 nictype macvlan

$ lxc profile device set lanprofile eth0 parent enp5s12

Here is the update lanprofile.

$ lxc profile show lanprofile
config:
  environment.TZ: ""
description: Default LXD profile
devices:
  eth0:
    nictype: macvlan
    parent: enp5s12
    type: nic
  root:
    path: /
    pool: default
    type: disk
name: lanprofile
used_by: []

Well, that’s it. We are now ready to launch containers using this new profile, and they will get an IP address from the DHCP server of the LAN.

Launching LXD containers with the new profile

Let’s launch two containers using the new lanprofile profile and then check their IP address.

$ lxc launch -p lanprofile ubuntu:16.04 net1
Creating net1
Starting net1

$ lxc launch -p lanprofile ubuntu:16.04 net2
Creating net2
Starting net2


$ lxc exec net1 ip route
default via 192.168.1.1 dev eth0 
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.6

$ lxc exec net2 ip route
default via 192.168.1.1 dev eth0 
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.7

Both containers got their IP address from the LAN router.

Here is the router administration screen that shows the two containers. I edited the names by adding LXD in the front to make them look nicer. The containers look and feel as just like new LAN computers!

Let’s ping from one container to the other.

$ lxc exec net1 -- ping -c 3 192.168.1.7
PING 192.168.1.7 (192.168.1.7) 56(84) bytes of data.
64 bytes from 192.168.1.7: icmp_seq=1 ttl=64 time=0.064 ms
64 bytes from 192.168.1.7: icmp_seq=2 ttl=64 time=0.067 ms
64 bytes from 192.168.1.7: icmp_seq=3 ttl=64 time=0.082 ms

--- 192.168.1.7 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2036ms
rtt min/avg/max/mdev = 0.064/0.071/0.082/0.007 ms

Let’s ping from a computer on the LAN to a container.

This is a screenshot of my phone that is pinging the net2 LXD container. Both on the same LAN.

Troubleshooting

Help! I cannot ping between the host and the containers!

To be able to get the host and containers to communicate with each other, you need some additional changes to the host in order to get added to the macvlan as well. It discusses it here, though I did not test because I do not need communication of the containers with the host. If you test it, please report below.

Help! I do not get anymore those net1.lxd, net2.lxd fancy hostnames!

The default LXD DHCP server assigns hostnames like net1.lxd, net2.lxd to each container. Then, you can get the containers to communicate with each other using the hostnames instead of the IP addresses.

When using the LAN DHCP server, you would need to configure it as well to produce nice hostnames.

Help! Can these new macvlan containers read my LAN network traffic?

The new macvlan LXD containers (that got a LAN IP address) can only see their own traffic and also any LAN broadcast packets. They cannot see the traffic meant for the host, nor the traffic for the other containers.

Permanent link to this article: https://blog.simos.info/how-to-make-your-lxd-container-get-ip-addresses-from-your-lan/

34 comments

6 pings

Skip to comment form

    • brian mullan on January 22, 2018 at 23:48
    • Reply

    Great write-up Simos…

  1. Great – thanks for the brilliant written article – it works now!

    • Byung Gon on May 2, 2018 at 07:18
    • Reply

    I did it with the above post, but the container vm can not get the ip address. Tell me how to fix the problem.
    The test environment is DHCP.

    [root@ns01 ~]# uname -a
    Linux ns01 3.10.0-693.21.1.el7.x86_64 #1 SMP Wed Mar 7 19:03:37 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux (centos 7)

    [root@ns01 ~]# lxc list
    +——+———+——+——+————+———–+
    | NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS |
    +——+———+——+——+————+———–+
    | c2 | RUNNING | | | PERSISTENT | 0 |
    +——+———+——+——+————+———–+

    [root@ns01 ~]# lxc profile show lanprofile
    config: {}
    description: Default LXD profile
    devices:
    eth0:
    name: eth0
    nictype: macvlan
    parent: ens160
    type: nic
    root:
    path: /
    pool: default
    type: disk
    name: lanprofile
    used_by:
    – /1.0/containers/c2

    [root@ns01 ~]# ifconfig ens160
    ens160: flags=4163 mtu 1500
    inet 192.168.50.30 netmask 255.255.255.0 broadcast 192.168.50.255
    inet6 fe80::9e56:786c:39be:e30a prefixlen 64 scopeid 0x20
    ether 00:0c:29:22:66:3e txqueuelen 1000 (Ethernet)
    RX packets 4342 bytes 1841714 (1.7 MiB)
    RX errors 0 dropped 12 overruns 0 frame 0
    TX packets 2515 bytes 262656 (256.5 KiB)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

    [root@ns01 ~]# ip route show 0.0.0.0/0
    default via 192.168.50.1 dev ens160 proto static metric 100

    ======= below c2 (centos 7) ======
    [root@c2 ~]# ip -d link show eth0
    7: eth0@if2: mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1000
    link/ether 00:16:3e:f4:6f:8d brd ff:ff:ff:ff:ff:ff link-netnsid 0 promiscuity 0
    macvlan mode bridge addrgenmode eui64

    Thanks.

    1. Do you use a VM for the host? If so, then the VM might be the issue.
      Also, if the host is on a wireless interface, then that’s definitely the issue.

    • Ray Jender on May 26, 2018 at 14:47
    • Reply

    I am getting this error when I try to start a macvlan container :

    ray@USN-LPC:/var/lib/lxd/containers$ lxc start LPC2
    error: Failed to run: /usr/bin/lxd forkstart LPC2 /var/lib/lxd/containers /var/log/lxd/LPC2/lxc.conf:
    Try `lxc info –show-log LPC2` for more info

    ray@USN-LPC:/var/lib/lxd/containers$ lxc info LPC2
    Name: LPC2
    Remote: unix://
    Architecture: x86_64
    Created: 2018/05/26 13:14 UTC
    Status: Stopped
    Type: persistent
    Profiles: lanprofile

    ray@USN-LPC:/var/lib/lxd/containers$ lxc profile show lanprofile
    config:
    environment.http_proxy: “”
    user.network_mode: “”
    description: Default LXD profile
    devices:
    eth0:
    nictype: macvlan
    parent: enp0s3
    type: nic
    root:
    path: /
    pool: lxdpool
    type: disk
    name: lanprofile
    used_by:
    – /1.0/containers/LPC2

    Ideas?

    Thanks.

    Ray

    1. What does *lxc info –show-log LPC2* show? It should give a hint of the exact error.

  2. This worked perfectly on a CentOS 7.5 1804 (core) host on 8/21/2018. I created an LXD ZFS-backed container for Ubuntu 18.04 exactly as you describe, and it automatically got an address assigned on my home network LAN by the DHCP server on that LAN. The private network on the host that LXD gave me was useless, but the methods you illustrate here are very useful. Thanks for your work, and for the clarity of exposition as well! Bravo!

    1. Thanks Robert for the kind words!

    • Wouter on September 11, 2018 at 18:34
    • Reply

    Thanks for your article. I did not succeed with macvlan. On Ubuntu 17.10 server I have a container running with the name proxy:

    root@box:~# lxc list
    +——-+———+——+——+————+———–+
    | NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS |
    +——-+———+——+——+————+———–+
    | proxy | RUNNING | | | PERSISTENT | 0 |

    with this MAC:

    root@box:~# lxc exec proxy ifconfig |grep ether
    ether 00:16:3e:23:71:a9 txqueuelen 1000 (Ethernet)

    that should be getting an IP; at least, the container is asking for one and is offered one:
    Sep 11 12:06:51 box dhcpd[5314]: DHCPDISCOVER from 00:16:3e:23:71:a9 via enp1s0f1
    Sep 11 12:06:51 box dhcpd[5314]: DHCPOFFER on 192.168.12.25 to 00:16:3e:23:71:a9 via enp1s0f1

    but is not:

    root@box:/var/log# lxc exec proxy ip a |grep inet\ 192
    root@box:/var/log# lxc exec proxy ifconfig |grep 192

    and ICMP doesnt work:
    root@box:/var/log# ping 192.168.12.25 -c1
    PING 192.168.12.25 (192.168.12.25) 56(84) bytes of data.
    From 192.168.12.1 icmp_seq=1 Destination Host Unreachable

    root@box:/var/log# lxc profile show lanprofile |grep “nictype|parent”
    nictype: macvlan
    parent: enp1s0f1

    I stopped and started the container several times and also did a reinstall / reinit of lxd several times. Please help :).

    root@box:/var/log# lxc –version
    2.18

    root@box:/var/log# lxc network list |grep “lx|enp1s0f1”
    | enp1s0f1 | physical | NO | | 1 |
    | lxcbr0 | bridge | NO | | 0 |
    | lxdbr0 | bridge | YES | | 0 |

    1. Since your container requests an IP address and is offered one, then any problem should be related to the operating system of the container. I cannot think of the scenario that the DHCPOFFER being somehow blocked and not reaching the container. You can get the DHCP client in the container to output debugging information in order to see how it processes the DHCPOFFER.

      In addition, I notice that you are running LXD 2.18. If I remember correctly, you probably use a PPA or the backports repository. I suggest to upgrade to the snap package, which currently has LXD 3.4. An upgrade should not directly fix the issue that you are facing. However, version 2.18 of LXD is not supported as far as I remember. Only version 2.0.11 (Ubuntu 16.04), 3.0.x (Ubuntu 18.04) are supported until the EOL of the corresponding LTS Ubuntu version.

        • Wouter on September 12, 2018 at 08:38

        I was runnng 2.18 and upgraded via backports (thanks for the hint) to 2.21. No luck. Also, I launched both 16.04 and 18.04 containers with 2.21: no luck. dhclient -v eth0 says
        Listening on LPF/eth0/00:16:3e:db:e2:ce
        Sending on LPF/eth0/00:16:3e:db:e2:ce
        Sending on Socket/fallback
        DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 3 (xid=0x548c1235)
        how… I don’t understand, but it seems the answer (DHCPOFFER) is not received. Giving up for now. First, find time to reinstall the box with Ubuntu 18.04 and then further with LXD 3.x.

        thanks

      1. If there was virtualization in play (like VirtualBox), then this would be explained easily. There is an issue with Virtualbox and the result is exactly what you describe. That is, the container does not receive the DHCPOFFER in order to continue with the rest of the protocol. The workaround in Virtualbox would be to put the host’s interface in promiscuous mode.

    • Wouter on September 12, 2018 at 17:03
    • Reply

    @Simos Xenitellis on September 12, 2018 at 16:24
    thanks for thinking with me. Its Ubuntu 17.10 on bare metal. Also, I installed the snap package with lxd 3.x (couldnt wait for finding time to install 18.04 :)) and it’s the same. Both 16.04 and 18.04 containers request DHCP, an offer is sent but not received.

    1. The macvlan functionality works in LXD, therefore I assume there is some issue with the network driver or network settings.

      I do not have the full picture. From the interface name (enp1s0f1), I assume it’s the second network interface of two? Can you verify with tshark that the DHCPOFFER is sent to the correct network interface?

        • Wouter on September 13, 2018 at 08:44

        Yes, enp1s0f1 is the second part of this NIC
        https://www.intel.com/content/dam/www/public/us/en/documents/datasheets/ethernet-controller-i350-datasheet.pdf
        Yes, I did tcpdump on enp1s0f1 and saw the DHCPOFFER there; it’s also the only interface where dhcpd is listening on.

      1. I think that this stage you can post this issue on https://discuss.linuxcontainers.org/
        If it is a bug in LXD, it should be then reported on Github so that it gets fixed.

    • gunnar on October 5, 2018 at 05:18
    • Reply

    I can confirm that this is not working on a VirtualBox VM (ubuntu 18.04) as LXD host.

      • gunnar on October 5, 2018 at 05:26
      • Reply

      side comment … if u have a proxmox hist inside a VirtualBox VM there is no problem whatsoever to get public IP’s for containers working (shared adapter, no promiscous mode). So whether anyone could break down how proxmox handles networking for LXC containers cure might be around the corner.

        • Pilot on April 2, 2019 at 14:24

        LXC containers can receive address from DHCP either you have to use
        1. The “Adapter Type” should be set to “PCnet-FAST III” (not the default, which is an Intel PRO/1000 variant), see https://www.virtualbox.org/ticket/6519
        2. “Promiscuous Mode” should be set to “Allow All”.

        as mentioned here https://forums.virtualbox.org/viewtopic.php?t=59215

        or you can use Intel PRO/1000 variant but then you have to create a br0 manually in host and add host’s nic to br0 through /etc/network/interfaces or through netplan. Then assign br0 to containers and of course Promiscuous Mode” should be set to Allow All.

    1. I have tried with Virtualbox (LXD running on Ubuntu 18.04 in a VirtualBox VM).
      I set up the Promiscuous setting in Virtualbox but macvlan did not work either.

      But when you set as well the host’s Ethernet interface in PROMISC mode, then it works.
      You can set it to PROMISC mode

      ip link set eth5 promisc on

      or

      ifconfig eth5 promisc

      When you run proxmox, is the interface in PROMISC mode?

    • Tim Crosby on November 29, 2018 at 13:25
    • Reply

    I have followed this article and another youtube video and have created a set of LXD containers all using Ubuntu 18.04. I want to expose one of the containers to the internet since it is the primary web server for this system. All of the systems are using Static IP using MacVlan and have been configured with netplan 50-cloud.

    Host System – IP 192.168.86.100
    LXC System – NextCloud Server – 192.168.86.101
    LXC System – OnlyOffice Document Server – 192.168.86.102

    I can ping from my workstation to each of the systems, and from the system back to my work station, but when I try to ping from 2 or 3 to 1, it gets no response. I ping from 1 to 2 or 3, I get no response. I port forward to #2 on port 80. I try to access it from the web, I get page not found. I am sure I missed something, but have not found the magic key. Any thoughts?

    • AS on June 8, 2019 at 02:17
    • Reply

    I got this method working, but have found I can’t set static ip’s on the containers – Did you experience anything similar? – Do you think it might be because the network is no longer managed/ or a bug? – It’s driving me mad

    lxc network list
    +—————-+———-+———+————-+———+
    | NAME | TYPE | MANAGED | DESCRIPTION | USED BY |
    +—————-+———-+———+————-+———+
    | enp3s0 | physical | NO | | 0 |
    +—————-+———-+———+————-+———+
    | enp3s0.102 | vlan | NO | | 2 |
    +—————-+———-+———+————-+———+

    lxc config device set disco-test-002 eth0 ipv4.address 172.16.102.33

    lxc config device get disco-test-002 eth0 ipv4.address
    172.16.102.33

    lxc list # After restart etc etc, ip returns to the dhcp leased address
    +—————-+———+———————-+——+————+———–+
    | NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS |
    +—————-+———+———————-+——+————+———–+
    | disco-test-001 | RUNNING | 172.16.102.11 (eth0) | | PERSISTENT | |
    +—————-+———+———————-+——+————+———–+
    | disco-test-002 | RUNNING | 172.16.102.16 (eth0) | | PERSISTENT | |
    +—————-+———+———————-+——+————+———–+

    lxc version
    Client version: 3.13
    Server version: 3.13

    lxc config show disco-test-002
    architecture: x86_64
    config:
    image.architecture: amd64
    image.description: Ubuntu disco amd64 (20190607_07:42)
    image.os: Ubuntu
    image.release: disco
    image.serial: “20190607_07:42”
    volatile.base_image: fd3f73af851567ca5a4a3083b305a9e4c89fb0e52e74e9da3d095311b36f992b
    volatile.eth0.hwaddr: 00:16:3e:26:84:9a
    volatile.eth0.name: eth0
    volatile.idmap.base: “0”
    volatile.idmap.current: ‘[{“Isuid”:true,”Isgid”:false,”Hostid”:1000000,”Nsid”:0,”Maprange”:1000000000},{“Isuid”:false,”Isgid”:true,”Hostid”:1000000,”Nsid”:0,”Maprange”:1000000000}]’
    volatile.idmap.next: ‘[{“Isuid”:true,”Isgid”:false,”Hostid”:1000000,”Nsid”:0,”Maprange”:1000000000},{“Isuid”:false,”Isgid”:true,”Hostid”:1000000,”Nsid”:0,”Maprange”:1000000000}]’
    volatile.last_state.idmap: ‘[{“Isuid”:true,”Isgid”:false,”Hostid”:1000000,”Nsid”:0,”Maprange”:1000000000},{“Isuid”:false,”Isgid”:true,”Hostid”:1000000,”Nsid”:0,”Maprange”:1000000000}]’
    volatile.last_state.power: RUNNING
    devices:
    eth0:
    ipv4.address: 172.16.102.33
    nictype: macvlan
    parent: enp3s0.102
    type: nic
    ephemeral: false
    profiles:
    – default
    stateful: false
    description: “”

    1. When you use macvlan, the container’s networking is not managed anymore by LXD (“unmanaged”).
      Therefore, commands like “lxc config device set disco-test-002 eth0 ipv4.address 172.16.102.33” have no effect to such containers.

      With macvlan, it is up to you to configure the networking of a container, and LXD cannot do the configuration for you. Having said that, one option to set a static network configuration to a container using macvlan, is to use “cloud-init” in LXD. LXD supports cloud-init configuration, and passes it directly to the container. See me other post on cloud-init.

  3. Hi, what about case if we run lxd on virtualbox machines (by vagrant) ?

    it use nat network for internet access and hostonly network for connect vm machines.

    I run lxd on first vm, and if i use default network settings with lxdbr0, i have internet connection inside containers, but can’t access to container by ip from another vm in same network

    if i create in vagrant additional private network with dhcp ip resolving (eth2) and define in lxd profile macvlan based on this device – i have access to container ip from another vm, but internet access not available inside containers

    1. For testing, it is better to try first without Vagrant. Once you get a working configuration, you can automate with Vagrant.

      There are several combinations for the networking in VirtualBox virtual machines as shown in the table below,
      https://www.thomas-krenn.com/en/wiki/Network_Configuration_in_VirtualBox

      You mention that you have two VirtualBox VMs, both with “Host-only networking”? If that is the case, then according to the table any containers inside these VMs do not have Internet connectivity.

      I consider the two following scenarios of using LXD with macvlan, inside a VirtualBox virtual machine:

      1. A VirtualBox virtual machine with “Bridged networking” (it takes an IP address from the LAN), then configure LXD in this VM so that the containers also take IP addresses from the LAN (using macvlan).
      2. Same as before, but with two Virtualbox virtual machines with same configuration. Have the LXD containers get IP addresses from the LAN, then access each other, the VMs and the Internet.

      For this to work, you need to

      a1. Set in Virtualbox the Networking to “Bridged networking”.

      a2. In the Advanced tab, change the “Promiscuous Mode” setting from “Deny” to “Allow All”. It has to be “Allow All” for this to work.

      b. Start the VM and setup LXD. Create a LXD profile for macvlan (perhaps edit the “default” profile and add in there there configuration for macvlan.

      c. In the VM, set the network interface into promiscuous mode as well. For example, “sudo ip link set enp0s3 promisc on”.

      d. Create a LXD container with macvlan configuration. It will be able to get an IP address from your LAN and all will work fine.

      e. Repeat with multiple VMs. The LXD containers will be able to access each other, the LAN, the VMs and the Internet.

      1. Thanks for reply. So internet access from containers inside VM possible only with bridged vagrant mode, and there are no way to create any additional ip rules inside VM for containers?

        And also one moment, internet access for my work machine provided by router, i have static ip, not dhcp mode

      2. for clear explanation, i don’t need access from internet to containers, only from containers to internet. And network example – green lines – ping success, red – failed https://drive.google.com/file/d/1X92O94P1hxGkWMulTq1_tqOXFqErWvnQ/view?usp=sharing

      3. According to the table at https://www.thomas-krenn.com/en/wiki/Network_Configuration_in_VirtualBox#Network_Address_Translation_Service
        there are three different network settings for the VM (therefore, the containers) to access the Internet. See the column “Access Guest -> external Network”.

        It is OK if your work machine is assigned a static IP. If there is no DHCP server, then you would have to setup manually the networking of each “macvlan” container.

        In the network diagram, VM1 is using NAT networking. Which means that the VM is not accessible directly by the LXD containers of VM2.

  4. Thanks a lot! It was very helpful!

    • Nathan on October 3, 2019 at 14:32
    • Reply

    Hi Simos,

    Thanks for the instructions provided above! I’ve followed them to the letter on several machines, but consistently see the same problem: my interface is consistently dropping packets.

    I’m referring to the host’s interface. The interface consistently drops 1 packet, roughly every 30 seconds. I have tested this with multiple containers running, but the packet loss remains constant (no increase with more containers).

    I’ve tested this in both ubuntu 16.04 and 18.04 across 3 different hosts, both have the same result. This happens whether the interface is in promiscuous mode or not.

    Do you have any idea what the cause could be?

    1. Hi Nathan,

      I have not noticed this issue. I suspect it would be a Linux kernel issue.
      Can you post some instructions on how to automate this check of the dropped packet?
      It would be good to be able to replicate before reporting.

        • Nathan on October 7, 2019 at 09:06

        Hi Simos,

        Thanks for your response. I’ve put together a quick way to monitor the issue this morning:

        #!/bin/bash
        interface=$1
        
        while true; do
                echo "$(date +%F\ %T%z) | $interface -- $(ifconfig "$interface" | grep 'RX packets' | sed 's/  */ /g' | cut -d' ' -f4)"
                sleep 2
        
            read -t 0.25 -N 1 input
            if [ "$input" = 'q' -o "$input" = 'Q' ]; then
                    break
            fi
        
        
        done
        

        The name of the interface being monitored should be supplied as an argument.

        The kernel releases that I’ve tested this on are ‘4.4.0-112-generic’ and ‘5.0.0-29-generic’ on Ubuntu 16.04.5 and 18.04.3 respectively.

      1. Thanks!

        There is a tool, dropwatch, at https://github.com/nhorman/dropwatch which may show some extra information on the cause of the packet drop.

        I tried with Linux 4.15 but could not replicate (see dropped packets in ifconfig output of the host’s interface, when a container was using the macvlan over that interface).

        • Nathan on October 8, 2019 at 09:31

        Hi Simos,

        Thanks for looking into this. Unfortunately, dropwatch hasn’t yielded any helpful information: I get long lists of ‘dropped packets’ whether packets are being dropped or not. The lists are similar and cover the same range of addresses regardless of whether packets are being dropped or not.

        I will continue to investigate and update you if I find the source of the problem.

  1. […] How to make your LXD containers get IP addresses from your LAN using macvlan […]

  2. […] of using a bridge, I will try to expose the containers directly on the LAN with macvlan. This guide is helpful. I change the default profile to use […]

  3. […] and the networking. The default LXD profile is suitable for this. You may use a bridge profile or macvlan profile […]

  4. […] post I used for setting up macvlan for the containers linked to this post, which explains how to have […]

  5. […] that, and HUGE thanks to this concise post by Simos Xenitellis, we can now configure a new profile with Macvlan for VMs that need a public IP. Simos’ post […]

  6. […] can also expose the Kali container on the network using either a bridge or macvlan, and it is as if it was a separate and independent […]

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: