[Lxc-users] Forwarding packets from host to container
Daniel Lezcano
daniel.lezcano at free.fr
Wed Jan 12 21:45:07 UTC 2011
On 01/12/2011 10:28 PM, Nirmal Guhan wrote:
> On Wed, Jan 12, 2011 at 12:42 PM, Daniel Lezcano<daniel.lezcano at free.fr> wrote:
>> On 01/12/2011 02:25 AM, Nirmal Guhan wrote:
>>> Hi,
>>>
>>> How do I forward packets (ethernet frames included) from host to
>>> container. I plan to run a packet capture program (tcpdump for
>>> instance) within container that will capture the packets coming to
>>> host eth1 interface. I tried both using bridge and iptables but they
>>> do not seem to help.
>>>
>>> iptables -A FORWARD -i eth1 -o br1 -j ACCEPT and/or
>>> iptables -A FORWARD -i eth1 -o vethZtPPol -j ACCEPT
>>>
>>> Instead of the above, I also tried adding host eth1 to br1 but still
>>> tcpdump from container cannot see the packets sent to eth1 from
>>> external world.
>>>
>>> I use fedora 12 for both host and container.
>>>
>>> xc.network.type = veth
>>> lxc.network.link = br1
>>> lxc.network.name = eth1
>>> lxc.network.flags = up
>>> lxc.network.mtu = 1500
>> What about just moving the physical eth1 within the container directly
>> instead of trying to forward the trafic ?
>>
> Curious to know how to achieve that!!
lxc.network.type = phys
lxc.network.link = eth1
lxc.network.name = eth1
lxc.network.flags = up
Of course, the host won't be able to use this interface while it is in
the container ;)
> Meanwhile, I might still need
> the eth1 in host for other reasons. I just need the packet capturing
> utility to work inside the container and capture the packets sent over
> eth1 to *wherever*.
Mmh, hard to achieve. The network is isolated and you are trying to get
rid of it.
Maybe the bonding is a good alternative to the bridge, not sure ...
http://en.wikipedia.org/wiki/Channel_bonding
But lxc should be modified to take care of it at the configuration level.
-- Daniel
More information about the lxc-users
mailing list