Question: can not ping another container through bridge.
s3341458 opened this issue · comments
Finally got to the last step (the network), experiencing a weird issue after trying to test code-6.5 when tried to ping another container. The ping command hangs there without any progressing (no package loss or something).
Really appreciate it If you guys can give me some hints.
However arp commend can get the correct hardware mac address.
container can ping bridge and host eth, however can not ping another container or externel website.
details:
container 1:
/bin/ifconfig
cif-27020 Link encap:Ethernet HWaddr 3A:2C:B8:E3:EA:20
inet addr:192.169.0.11 Bcast:192.169.0.255 Mask:255.255.255.0
inet6 addr: fe80::382c:b8ff:fee3:ea20/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:54 errors:0 dropped:0 overruns:0 frame:0
TX packets:74 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:4100 (4.0 KiB) TX bytes:6228 (6.0 KiB)
/bin/arp -a
? (192.169.0.12) at 16:dd:0d:87:05:d5 [ether] on cif-27020
? (192.169.0.10) at on cif-27020
? (192.169.0.1) at 4a:a3:1c:01:f3:7b [ether] on cif-27020
.....
container 2:
ifconfig
cif-27020 Link encap:Ethernet HWaddr 3A:2C:B8:E3:EA:20
inet addr:192.169.0.11 Bcast:192.169.0.255 Mask:255.255.255.0
inet6 addr: fe80::382c:b8ff:fee3:ea20/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:54 errors:0 dropped:0 overruns:0 frame:0
TX packets:74 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:4100 (4.0 KiB) TX bytes:6228 (6.0 KiB)
.....
/ # /bin/arp -a
(192.169.0.11) at 3a:2c:b8:e3:ea:20 [ether] on cif-33306
(192.169.0.10) at on cif-33306
(192.169.0.1) at 4a:a3:1c:01:f3:7b [ether] on cif-33306
host:
ifconfig
...
testbridge: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.169.0.1 netmask 255.255.255.0 broadcast 192.169.0.255
inet6 fe80::4ccf:70ff:fe3f:d0aa prefixlen 64 scopeid 0x20
ether 4a:a3:1c:01:f3:7b txqueuelen 1000 (Ethernet)
RX packets 422 bytes 29504 (28.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 198 bytes 14380 (14.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
...
brctl show
...
testbridge 8000.4aa31c01f37b no 27020
33306
thank you so so so much :)
Seems like packages are blocked by iptables. May you check the DROP rule or DROP policy on FORWARD chain.
And you can use tcpdump on the veth pair and bridge to diagnose the package flows.
thanks so so so much this is indeed because of the Drop rule on Forward chain.
What is the reason for testing this problem? I also have the problem above.thank you。