On 25.02.14 at 16:33, arnaud gaboury wrote:

On Tue, Feb 25, 2014 at 1:43 PM, arnaud gaboury wrote:

...

...

Now, I want to start the bridge: # netctl start bridge-hortensia % ping -c 3 8.8.8.8 connect: Network is unreachable

I realized that starting the bridge profile empty the /etc/resolv.conf.

Even if I modified the bridge profile, following the man page:

Description="Example Bridge connection" Interface=br0 Connection=bridge BindsToInterfaces=(enp7s0) IP=no #Adress=('192.168.1.94/24') #Gateway='192.168.1.254' #DNS=('212.147.10.180' '212.147.10.162') DNSDomain=lan DNSSearch=('192.168.1.254') <<< these two last lines are supposed to pass these settings to /etc/resolv.conf

but nada :-(

DNS is just a cherry on the cake, first you need to establish the network connection. I'm not using netctl for some time, but I'm pretty sure it does not launch any DHCP server. If you want to use DHCP, you will need to start the server on your own. I have written several scripts [1-4] to manage a bridge interface for QEMU VMs, see if you can reuse some of it. Especially [2] might be useful for you, though you probably do not need to create the tap interface. Note that the original author of [3] and [4] is Xyne, see his excellent tutorial [5]. [1]: https://github.com/lahwaacz/archlinux-dotfiles/blob/master/Scripts/qemu-laun... [2]: https://github.com/lahwaacz/archlinux-dotfiles/blob/master/Scripts/qemu-tap-... [3]: https://github.com/lahwaacz/archlinux-dotfiles/blob/master/Scripts/nat-launc... [4]: https://github.com/lahwaacz/archlinux-dotfiles/blob/master/Scripts/nat-launc... [5]: http://xyne.archlinux.ca/notes/network/dhcp_with_dns.html Regards, -- jlk

This profile is wrong. Here is the right one: --- $ cat /etc/netctl/lxc_lan_bridge Description="LAN bridge for LXC containers" Connection=bridge Interface=br0 SkipNoCarrier="yes" BindsToInterfaces=() IP=static Address=(10.137.0.1/24) --- Also, since you are running systemd >= 209, you can use networkd. Here are the config files: --- $ cat /etc/systemd/network/lxc_bridge.netdev [NetDev] Name=br0 Kind=bridge $ cat /etc/systemd/network/lxc_bridge.network [Match] Name=br0

[Network] Description=LAN bridge for LXC containers DHCP=false

[Address] Address=10.137.0.1/24 ---

For now, I have a working setup, but I am not satisfied and I think I can improve it. ******* % cat /etc/netctl/dhcp-hortensia Description='A basic dhcp ethernet connection' Interface=enp7s0 Connection=ethernet IP=dhcp ********* This profile is enable and start at boot. Then I manually # start bridge-hortensia *********** % cat /etc/netctl/bridge-hortensia Description="Example Bridge connection" Interface=br0 Connection=bridge BindsToInterfaces=(enp7s0) IP=dhcp *************** What puzzles me is that IF I enable the bridge profile, my system boots with a borken network with an empty /etc/resolv.conf. I would like to overcome this issue. Shall I go static ? Shall I start a specific profile before the other one? Why my resolv.conf is left empty when enabling both profiles ? then my systemd-networkd : ****** % cat /etc/systemd/network/70-dahlia.netdev [Match] #Host=dahlia Virtualization=container [NetDev] Name=br0 Kind=bridge ******************* gabx@hortensia ➤➤ ~ % cat /etc/systemd/network/80-dahlia.network [Match] Virtualization=container MACAddress=14:da:e9:b5:7a:88 [Network] DHCP=yes [Address] Address=192.168.1.94 [Route] Gateway=192.168.1.254 ********************** Nothing on the container side, no netctl profile. This set up leave me with a working network. I can for example http://my_public_ip and then be on the nginx welcome page. But again this set up doesn't sound very academic neither solid to me. last: % ip addr 2: enp7s0: mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000 link/ether 14:da:e9:b5:7a:88 brd ff:ff:ff:ff:ff:ff inet6 fe80::16da:e9ff:feb5:7a88/64 scope link valid_lft forever preferred_lft forever 4: br0: mtu 1500 qdisc noqueue state UP group default link/ether 14:da:e9:b5:7a:88 brd ff:ff:ff:ff:ff:ff inet 192.168.1.94/24 brd 192.168.1.255 scope global br0 valid_lft forever preferred_lft forever inet6 fe80::16da:e9ff:feb5:7a88/64 scope link valid_lft forever preferred_lft forever As you can see, 192.168.1.94/24 is attached to br0, but no IP for my eth interface. Thank you for your help fine tuning this set up. It took me lots of reading and work (yes) to find a way to setup correctly the container network (and other). Documentation on container administered by systemd-nspawn are spare if non existent. I am left with the systemd man page and systemd-dev mailing list for lonely friends.

On Wed, Feb 26, 2014 at 1:37 PM, arnaud gaboury wrote:

--

...

Now: * Populate the iptables FORWARD chain to route traffic from your physical interface to the bridge and back.

I missed totally this part of the setup. I must admit this topic is a little bit new to me. Will try to go this way.

The more I read and try with various set up, the less I understand and the more I break my container :-( I first managed to solve this empty /etc/resolve.conf by using /etc/resolveconf.conf facility. But now, on the container, with the netctl and network files cited before, I can not connect to network anymore. *The weird part is that inside the container, the "$ ip addr " command does not return br0, but only lo. No idea why. * Then, when testing various kind of netctl profiles, I remarked using a static IP in my bridge profile breaks immediately the connection to network on host. At first, I thought it had to do with my empty /etc/resolve.conf, but nada. This file stays now correct. So I am now with 24 hours of more work and a broken network on container! Nice job.