[Lxc-users] lxc-net.conf on ubuntu
Fajar A. Nugraha
list at fajar.net
Sun Sep 2 10:44:17 UTC 2012
On Sun, Sep 2, 2012 at 4:56 PM, groupie <stopmakingsense at gmx.de> wrote:
> Hi list!
>
> I just came over the fact that the iptables config set in the lxc-net
> upstart job does also rewrite connections between hosts on the bridge. I
> added a rule before the masquerade to prevent this and make sure, that
> hosts on the same net bound to the bridge can talk without rewriting.
>
> iptables -A POSTROUTING -s ${LXC_NETWORK} -d ${LXC_NETWORK} -t nat -j ACCEPT
>
> Is that something that should be added in general? Dunno, maybe some
> people want rewriting here?
When you create new wireless network on ubuntu host (e.g. for sharing
the wired connection), network-manager would setup a nat like this:
Sep 2 17:37:18 DELL NetworkManager[2118]: <info> Executing:
/sbin/iptables --table nat --insert POSTROUTING --source
10.42.0.0/255.255.255.0 ! --destination 10.42.0.0/255.255.255.0 --jump
MASQUERADE
IMHO it should also be applicable for lxc: only setup MASQ nat if the
packet is going to external network. Following the same principal. the
rule on lxc-net.conf should probably be something like
iptables -A POSTROUTING -s ${LXC_NETWORK} ! -d ${LXC_NETWORK} -t nat
-j MASQUERADE
--
Fajar
More information about the lxc-users
mailing list