[Lxc-users] native (non-NAT) routing?
Ulli Horlacher
framstag at rus.uni-stuttgart.de
Mon Apr 4 17:35:09 UTC 2011
My first Ubuntu 10.04 container is up and running on a Ubuntu 10.04 host,
but the container can only connect to the host (and vice versa), but not
to the world outside.
I saw a lot of configurations for NAT, but I want native routing for my
containers.
My setup is:
host zoo 129.69.1.39
container LXC 129.69.1.219
router 129.69.1.254
In LXC.conf is:
lxc.utsname = LXC
lxc.network.type = veth
lxc.network.link = br0
lxc.network.flags = up
lxc.network.name = eth0
lxc.network.mtu = 1500
lxc.network.ipv4 = 129.69.1.219/24
root at LXC:~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
129.69.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 129.69.1.254 0.0.0.0 UG 0 0 0 eth0
root at LXC:~# ping -c 1 129.69.1.39
PING 129.69.1.39 (129.69.1.39) 56(84) bytes of data.
64 bytes from 129.69.1.39: icmp_seq=1 ttl=64 time=11.5 ms
--- 129.69.1.39 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 11.547/11.547/11.547/0.000 ms
root at LXC:~# ping -c 1 129.69.1.254
PING 129.69.1.254 (129.69.1.254) 56(84) bytes of data.
>From 129.69.1.219 icmp_seq=1 Destination Host Unreachable
--- 129.69.1.254 ping statistics ---
1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms
root at zoo:~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
129.69.1.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
0.0.0.0 129.69.1.254 0.0.0.0 UG 100 0 0 br0
root at zoo:~# ping -c 1 129.69.1.219
PING 129.69.1.219 (129.69.1.219) 56(84) bytes of data.
64 bytes from 129.69.1.219: icmp_seq=1 ttl=64 time=0.058 ms
--- 129.69.1.219 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.058/0.058/0.058/0.000 ms
root at zoo:~# ping -c 1 129.69.1.254
PING 129.69.1.254 (129.69.1.254) 56(84) bytes of data.
64 bytes from 129.69.1.254: icmp_seq=1 ttl=255 time=0.509 ms
--- 129.69.1.254 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.509/0.509/0.509/0.000 ms
root at zoo:~# iptables -n -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
root at zoo:~# sysctl -a | grep forward
net.ipv4.conf.all.forwarding = 1
net.ipv4.conf.all.mc_forwarding = 0
net.ipv4.conf.default.forwarding = 1
net.ipv4.conf.default.mc_forwarding = 0
net.ipv4.conf.lo.forwarding = 1
net.ipv4.conf.lo.mc_forwarding = 0
net.ipv4.conf.eth0.forwarding = 1
net.ipv4.conf.eth0.mc_forwarding = 0
net.ipv4.conf.br0.forwarding = 1
net.ipv4.conf.br0.mc_forwarding = 0
net.ipv4.conf.virbr0.forwarding = 1
net.ipv4.conf.virbr0.mc_forwarding = 0
net.ipv4.conf.vethMx2A0v.forwarding = 1
net.ipv4.conf.vethMx2A0v.mc_forwarding = 0
net.ipv4.ip_forward = 1
Any debugging hints?
--
Ullrich Horlacher Server- und Arbeitsplatzsysteme
Rechenzentrum E-Mail: horlacher at rus.uni-stuttgart.de
Universitaet Stuttgart Tel: ++49-711-685-65868
Allmandring 30 Fax: ++49-711-682357
70550 Stuttgart (Germany) WWW: http://www.rus.uni-stuttgart.de/
More information about the lxc-users
mailing list