[Lxc-users] Routing issues
Serge Hallyn
serge.hallyn at ubuntu.com
Wed Jun 5 21:27:41 UTC 2013
Quoting Rory Campbell-Lange (rory at campbell-lange.net):
> On 04/06/13, Michael H. Warfield (mhw at WittsEnd.com) wrote:
> > > I'd be grateful to know if anyone has some firewall (iptables) advice for
> > > allowing traffic to the container? I expect to run another firewall on the
> > > container itself.
> >
> > That's probably your FORWARD chain there. Set that policy to ACCEPT and
> > flush all the rules from the FORWARD chain like this:
> >
> > iptables -P FORWARD ACCEPT
> > iptables -F FORWARD
> >
> > FORWARD chain is going to affect packets forwarded over the host's
> > bridge to the containers. The INPUT and OUTPUT chains will affect the
> > packets coming in and going out from the local host's OS interfaces.
> >
> > Depending on your distro, track down your persistent rule storage and
> > make those changes permanent. Fedora prior to firewalld (here we go
> > again), RedHat, and RH derivatives (CentOS et al) are generally
> > in /etc/sysconfig/iptables unless you've also installed one of the
> > sundry firewall toolkits. Ubuntu, I'm not so sure about.
>
> I'm using Debian, and I'm using a simple ufw firewall on the host server
> at present.
>
> The iptables -L output is here:
>
> http://pastebin.com/QzQKRDX0
>
> I don't have any trouble with the firewall restarting.
>
> Thanks very much
> Rory
I think 'ufw status' information will probably be more helpful.
More information about the lxc-users
mailing list