lxc vm access outside the host

Question

On Debian 64bit, I configured a lxc like this :

host ip : 172.16.0.25 vm guest on this host : 172.16.0.44

I've done the bridge on my host

auto eth0 
iface eth0 inet manual
        up ifconfig eth0 0.0.0.0 up
        down ifconfig eth0 down

auto br0 
iface br0 inet static
        bridge_ports eth0
        bridge_fd       0
        address 172.16.0.25
        netmask 255.255.255.0
        gateway 172.16.0.52

On guest side, I changed the config with

lxc.utsname = myGuest
lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = br0
lxc.network.name = eth0
lxc.network.hwaddr = 00:FF:12:34:56:78
lxc.network.ipv4 = 172.16.0.44/24

When I run the VM : my host (172.16.0.25) and my guest (172.16.0.44) can ping each other But now, other physical machines on the same network (172.16.0.0) cannot see my guest.

Same issue from my guest that can only see the IP of its host !

In fact I would like to get the same behaviour than a bridge network on VmWare Workstation. What kind of routage VmWare does to be seen "everywhere" on the network ?

(By the way, my host is already on a ESX server, but I think it is not relevant at this level)

Answer 1

Your host is virtualized with VMware, then it is plugged to the virtual switch which does not expect any more mac-addresses to be shown than those of VMware virtualized servers (so not lxc inside the VMware guest). So this is definitely a layer 2 issue: VMWare (at least VSwitch) received paquets with a mac-address different than the host mac-address and drop them. So there would be no way for the guest to reach outside its host, as it should go through the Vswitch to do that.

A workaround is to enabled different mac-addresses on the Vswitch. It is performed by editing settings on the Vswitch (on the VMware host, configuration, networking, select the vswitch your lxc-host is connected to, properties, Edit, security, MAC address changes -> Accept).