[lxc-users] lxc and PREROUTING conflict
Fajar A. Nugraha
list at fajar.net
Tue Aug 5 12:43:00 UTC 2014
On Tue, Aug 5, 2014 at 7:30 PM, Jeroen Ooms <jeroenooms at gmail.com> wrote:
> On Tue, Aug 5, 2014 at 12:48 PM, Gavin Grieve <ggrieve at ihug.co.nz> wrote:
>> Could you use something like "-i eth0" to only apply the REDIRECT to traffic
>> coming in on eth0 (or whatever your "external" interface is)?
>
> What interface does traffic from lxc guests come from? Is there also a
depends on your setup. It could be lxcbr0 or virbr0. Or even anything
if you're running a custom setup.
> way to limit the rule to traffic coming NOT from that interface?
Err ... "man iptables"?
It might be messy if you go down this route though. The default setup
(if you use ubuntu, or lxc from source) should be veth-bridge-nat,
with lxcbr0 as the bridge. Bridge traffic might also be subject to
iptables rules by default (and the bridged interfaces are named
vethXXX), so you also need to make sure
/proc/sys/net/bridge/bridge-nf-call-iptables is 0.
Better stick with Gavin's suggestion if possible. Or do some scripting
to get server's IP address before calling iptables.
--
Fajar
More information about the lxc-users
mailing list