[Lxc-users] Network Connectivity problem

Tue Mar 5 08:30:00 UTC 2013

This the iptables setup from LXC in OL6.4 channel

[root at ol6hostlxc ~]# cat /etc/sysconfig/iptables
# Generated by iptables-save v1.4.7 on Tue Mar  5 21:27:37 2013
*nat
:PREROUTING ACCEPT [33:5486]
:INPUT ACCEPT [33:5486]
:OUTPUT ACCEPT [2:144]
:POSTROUTING ACCEPT [2:144]
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535 
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535 
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE 
COMMIT
# Completed on Tue Mar  5 21:27:37 2013
# Generated by iptables-save v1.4.7 on Tue Mar  5 21:27:37 2013
*mangle
:PREROUTING ACCEPT [59:9336]
:INPUT ACCEPT [59:9336]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [2:144]
:POSTROUTING ACCEPT [2:144]
-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill 
COMMIT
# Completed on Tue Mar  5 21:27:37 2013
# Generated by iptables-save v1.4.7 on Tue Mar  5 21:27:37 2013
*filter
:INPUT ACCEPT [59:9336]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [2:144]
-A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT 
-A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT 
-A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT 
-A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT 
-A FORWARD -d 192.168.122.0/24 -o virbr0 -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT 
-A FORWARD -i virbr0 -o virbr0 -j ACCEPT 
-A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable 
-A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable 
COMMIT
# Completed on Tue Mar  5 21:27:37 2013

On 5/03/2013, at 12:18 PM, Dwight Engen <dwight.engen at oracle.com> wrote:

> On Mon, 04 Mar 2013 15:35:06 -0600
> "cbulist at gmail.com" <cbulist at gmail.com> wrote:
> 
>> Hi All,
>> 
>> 
>> We have a host server running Oracle Linux
>> (2.6.39-200.24.1.el6uek.x86_64) and We created a Oracle Linux 6.2
>> container following Oracle's Docs
>> (http://docs.oracle.com/cd/E37670_01/E37355/html/ol_config_os_containers.html).
>> The installation process was OK and We did not have any problem. We
>> are able to connect to it using lxc-console. The problem is that we
>> don't have any connectivity to the public or private network from our
>> container (We have just connectivity to our host IP address). Our
>> host has full connectivity to both networks.
>> 
>> These are the relevant network file configuration:
>> 
>> Host info:
>> 
>>     - ifcfg-eth0
>> 
>> DEVICE="eth0"
>> HWADDR=00:0C:29:1B:46:20
>> ONBOOT=yes
>> BRIDGE="virbr0"
>> NM_CONTROLLED="no"
>> 
>>     -ifcfg-virbr0
>> 
>> DEVICE="virbr0"
>> TYPE=Bridge
>> BRIDGE_FORWARDDELAY=0
>> NM_CONTROLLED="no"
>> ONBOOT="yes"
>> BOOTPROTO=static
>> IPADDR=192.168.1.222
>> NETMASK=255.255.255.0
>> GATEWAY=192.168.1.1
>> HWADDR=00:0C:29:1B:46:20
>> 
>> 
>> Container info:
>> 
>>     - ifcfg-eth0
>> 
>> DEVICE=eth0
>> BOOTPROTO="static"
>> ONBOOT=yes
>> HOSTNAME=ol6ctr1
>> NM_CONTROLLED=no
>> TYPE=Ethernet
>> IPADDR=192.168.1.223
>> HARDWARE=3E:E3:2D:8B:47:17
>> NETMASK=255.255.255.0
>> 
>>     -/etc/sysconfig/network
>> 
>> NETWORKING=yes
>> NETWORKING_IPV6=no
>> GATEWAY=192.168.1.1
>> HOSTNAME=ol6ctr1
>> 
>> 
>> [root at ol6ctr1 ~]# route -n
>> Kernel IP routing table
>> Destination     Gateway         Genmask         Flags Metric Ref
>> Use Iface
>> 0.0.0.0         192.168.1.1      0.0.0.0         UG    0
>> 0        0 eth0 192.168.1.0      0.0.0.0         255.255.255.0
>> U     0      0        0 eth0 169.254.0.0     0.0.0.0
>> 255.255.0.0     U     1007   0        0 eth0
>> 
>>   -selinux: disabled
>>   -iptables stopped
> 
> I believe your problem is because iptables needs to not be stopped for
> the NAT forwarding rules to work and forward your traffic.
> 
>> I really appreciate any help about this problem.
>> 
>> Thanks in advance!
> 
> ------------------------------------------------------------------------------
> Everyone hates slow websites. So do we.
> Make your web apps faster with AppDynamics
> Download AppDynamics Lite for free today:
> http://p.sf.net/sfu/appdyn_d2d_feb
> _______________________________________________
> Lxc-users mailing list
> Lxc-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/lxc-users