Bridging VirtualBox and LXC

I have a Linux box that runs both LXC and VirtualBox side by side. All the containers and VMs are set to bridge mode. Unfortunately for some reason, the VirtualBox VMs can’t talk to LXC containers. Pinging yields a response, but any TCP connection fails. Both LXC and VBox can talk to the host fine. This is how you can resolve the issue.

Virtual Box bridging is done through the vboxnetflt kernel module, which the documentation describes as a net filter driver. This allows almost zero configuration on the system. Problem is, it doesn’t seem to play well with the native bridging support in Linux which LXC uses. Luckily Virtual Box also supports using the native bridging Linux offers, which was how it was done before vboxnetflt driver came about.

Here’s my bridge configuration:

[shell]# brctl show
bridge name bridge id STP enabled interfaces
lan 8000.1c0f69c9a929 no enp3s0
veth9IBF4Y
vethPPT1F1
[/shell]

enp3s0 is our hardware network interface. vethXXX are virtual interfaces are used by LXC containers. You can see there’s no VBox interfaces.

Virtual Box comes with a VBoxTunctl tool that allows us to create TAP tunnel interfaces. We need to create a TAP tunnel that our VMs will use and add it to our bridge ‘lan’. I named the tunnel interface vbox0 so that we know it’s for virtual box.

[shell]# VBoxTunctl -u root -g vboxusers -t vbox0
# ifconfig vbox0 up
# brctl addif lan vbox0[/shell]

After running the above commands, you can now see the vbox0 on our bridge:

[shell] # brctl show
bridge name bridge id STP enabled interfaces
lan 8000.1c0f69c9a929 no enp3s0
vbox0
veth9IBF4Y
vethPPT1F1
[/shell]

Finally, modify the Virtual Box configuration to use host only networking with vbox0 as the network interface. In this instance, the VM is named bulbasaur. Replace that with your own VM name.

# VBoxManage modifyvm bulbasaur --nic1 hostonly --hostonlyadapter1 vbox0

After restarting the VBox VM, the VBox and LXCs now talk to each other.

5 thoughts on “Bridging VirtualBox and LXC

  1. Ira Fuchs

    Still relevant and solved the puzzle of why Vbox was accessible to all machines on the LAN except the lxc containers.

Leave a Reply

Your email address will not be published. Required fields are marked *