[Lxc-users] native (non-NAT) routing?

Daniel Lezcano daniel.lezcano at free.fr
Tue Apr 5 12:53:24 UTC 2011 

On 04/04/2011 07:35 PM, Ulli Horlacher wrote:
> My first Ubuntu 10.04 container is up and running on a Ubuntu 10.04 host,
> but the container can only connect to the host (and vice versa), but not
> to the world outside.
>
> I saw a lot of configurations for NAT, but I want native routing for my
> containers.
>
>
>
> My setup is:
>
> host      zoo 129.69.1.39
> container LXC 129.69.1.219
> router        129.69.1.254
>
> In LXC.conf is:
>
> lxc.utsname = LXC
> lxc.network.type = veth
> lxc.network.link = br0
> lxc.network.flags = up
> lxc.network.name = eth0
> lxc.network.mtu = 1500
> lxc.network.ipv4 = 129.69.1.219/24
>
>
> root at LXC:~# route -n
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
> 129.69.1.0      0.0.0.0         255.255.255.0   U     0      0        0 eth0
> 0.0.0.0         129.69.1.254    0.0.0.0         UG    0      0        0 eth0
>
> root at LXC:~# ping -c 1 129.69.1.39
> PING 129.69.1.39 (129.69.1.39) 56(84) bytes of data.
> 64 bytes from 129.69.1.39: icmp_seq=1 ttl=64 time=11.5 ms
>
> --- 129.69.1.39 ping statistics ---
> 1 packets transmitted, 1 received, 0% packet loss, time 0ms
> rtt min/avg/max/mdev = 11.547/11.547/11.547/0.000 ms
>
> root at LXC:~# ping -c 1 129.69.1.254
> PING 129.69.1.254 (129.69.1.254) 56(84) bytes of data.
> > From 129.69.1.219 icmp_seq=1 Destination Host Unreachable
>
> --- 129.69.1.254 ping statistics ---
> 1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms
>
>
>
> root at zoo:~# route -n
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
> 129.69.1.0      0.0.0.0         255.255.255.0   U     0      0        0 br0
> 0.0.0.0         129.69.1.254    0.0.0.0         UG    100    0        0 br0
>
> root at zoo:~# ping -c 1 129.69.1.219
> PING 129.69.1.219 (129.69.1.219) 56(84) bytes of data.
> 64 bytes from 129.69.1.219: icmp_seq=1 ttl=64 time=0.058 ms
>
> --- 129.69.1.219 ping statistics ---
> 1 packets transmitted, 1 received, 0% packet loss, time 0ms
> rtt min/avg/max/mdev = 0.058/0.058/0.058/0.000 ms
>
> root at zoo:~# ping -c 1 129.69.1.254
> PING 129.69.1.254 (129.69.1.254) 56(84) bytes of data.
> 64 bytes from 129.69.1.254: icmp_seq=1 ttl=255 time=0.509 ms
>
> --- 129.69.1.254 ping statistics ---
> 1 packets transmitted, 1 received, 0% packet loss, time 0ms
> rtt min/avg/max/mdev = 0.509/0.509/0.509/0.000 ms
>
> root at zoo:~# iptables -n -L
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination
>
> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination
>
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
>
> root at zoo:~# sysctl -a | grep forward
> net.ipv4.conf.all.forwarding = 1
> net.ipv4.conf.all.mc_forwarding = 0
> net.ipv4.conf.default.forwarding = 1
> net.ipv4.conf.default.mc_forwarding = 0
> net.ipv4.conf.lo.forwarding = 1
> net.ipv4.conf.lo.mc_forwarding = 0
> net.ipv4.conf.eth0.forwarding = 1
> net.ipv4.conf.eth0.mc_forwarding = 0
> net.ipv4.conf.br0.forwarding = 1
> net.ipv4.conf.br0.mc_forwarding = 0
> net.ipv4.conf.virbr0.forwarding = 1
> net.ipv4.conf.virbr0.mc_forwarding = 0
> net.ipv4.conf.vethMx2A0v.forwarding = 1
> net.ipv4.conf.vethMx2A0v.mc_forwarding = 0
> net.ipv4.ip_forward = 1
>
> Any debugging hints?

Can you give the bridge setup ? (brctl show)

More information about the lxc-users mailing list