[Lxc-users] Destination Host Unreachable from LXC guest
Walter
walter.stanish+lxc-users at gmail.com
Tue Jul 9 02:36:22 UTC 2013
Assuming you have IP forwarding enabled on the LXC host's kernel
(sysctl -w net.ipv4.ip_forward=1) as reported...
Check you have allowed forwarding of packets to/from that interface
with 'iptables-save' (dump current rules).
If not, try adding some rules like:
# at filter table, allow input (receiving packets) from vboxnet0 interface
iptables -t filter -A INPUT -i vboxnet0 -j ACCEPT
# at filter table, allow output (sending packets) to vboxnet0 interface
iptables -t filter -A OUTPUT -o vboxnet0 -j ACCEPT
iptables -t filter -A FORWARD -i vboxnet0 -j ACCEPT
If you want to then add NAT access for the LXC guest to the internet,
something quick might look like:
iptables -t nat -A POSTROUTING -o boxnet0 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Also double-check in the LXC guest that you have no firewall rules
active or that they default to ACCEPT (again, use 'iptables-save').
Finally, if you want the guest to route beyond the host, check that
the LXC guest has a default route configured.
For additional debugging, I'd recommend using tcpdump and ping within
the host and the guest.
- Walter
More information about the lxc-users
mailing list