[Lxc-users] Routing issues
Papp Tamas
tompos at martos.bme.hu
Mon Jun 3 23:05:59 UTC 2013
On 06/04/2013 12:52 AM, Rory Campbell-Lange wrote:
>
> Hi Tamas
>
> Thanks very much for your email. First of all thanks very much for the
> note about the lxc.network.ipv4 paramenter -- I disabled that and
> routing seems to be fine.
>
> My question was unclear -- sorry! My host is on the internet. I can ssh
> from the guest to the host over the bridge, but I can't route out of the
> subnet. Do I need iptables masquerading on the host in this scenario?
>
> host 'ip addr' output with the guest running:
>
> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP qlen 1000
> link/ether 00:e0:81:4c:bc:f6 brd ff:ff:ff:ff:ff:ff
> 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
> link/ether 00:e0:81:4c:bc:f7 brd ff:ff:ff:ff:ff:ff
> inet 192.168.9.9/27 brd 192.168.9.31 scope global eth1
> inet6 fe80::2e0:81ff:fe4c:bcf7/64 scope link
> valid_lft forever preferred_lft forever
> 4: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
> link/ether 00:e0:81:4c:bc:f6 brd ff:ff:ff:ff:ff:ff
> inet aa.bb.cc.103/26 brd aa.bb.cc.127 scope global br0
> inet6 fe80::2e0:81ff:fe4c:bcf6/64 scope link
> valid_lft forever preferred_lft forever
> 36: vethklhgjT: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP qlen 1000
> link/ether fe:ae:36:71:d7:2b brd ff:ff:ff:ff:ff:ff
> inet6 fe80::fcae:36ff:fe71:d72b/64 scope link
> valid_lft forever preferred_lft forever
What is the IP address of the container?
If it's a private address and you want NAT, then the container should be linked to another iface.
Either to a dummy iface or eth1.
So your leave eth0 untouched and create br1 with eth1 and choose an IP for the container from
192.168.9.9/27.
Then setup the machine as gateway (ip_forward, NAT/MASQ).
AFAIK, you can also choose a different network type, but I've never used.
Cheers,
tamas
More information about the lxc-users
mailing list