[Lxc-users] Routing issues
Serge Hallyn
serge.hallyn at ubuntu.com
Tue Jun 4 13:50:26 UTC 2013
Quoting Rory Campbell-Lange (rory at campbell-lange.net):
> On 04/06/13, Rory Campbell-Lange (rory at campbell-lange.net) wrote:
> > On 03/06/13, Serge Hallyn (serge.hallyn at ubuntu.com) wrote:
> > > Quoting Rory Campbell-Lange (rory at campbell-lange.net):
> > > > On 04/06/13, Papp Tamas (tompos at martos.bme.hu) wrote:
>
> > > > The host is on aa.bb.cc.103 (a public net address)
> > > > and the container is on aa.bb.cc.87.
> > > >
> > > > I can get from 87 to 103, but I can't ping the gateway from the
> > > > container.
>
> > > 1. what does 'route -n' in the container (and on the host) show?
> > >
> > > 2. when you ping the ip address of your router, what does traceroute
> > > (wireshark, whatever) on the host show?
>
> > Going through the steps above showed me I had a firewall problem. Dropping the
> > firewall allowed the container to hit the internet. Apologies for this beginner
> > problem.
> >
> > I'd be grateful to know if anyone has some firewall (iptables) advice for
> > allowing traffic to the container? I expect to run another firewall on the
> > container itself.
>
> It looks like I don't have to drop the firewall on the host if I do the
> following:
>
> for f in /proc/sys/net/bridge/bridge-nf-*; do echo 0 > $f; done
>
> Reference:
> http://www.linuxfoundation.org/collaborate/workgroups/networking/bridge#No_traffic_gets_trough_.28except_ARP_and_STP.29
>
> Is this recommended?
Probably not. What is your current firewall trying to do? What does
iptables -L; iptables -t nat -L; show?
More information about the lxc-users
mailing list