[lxc-users] networking issue
Alvaro Miranda Aguilera
kikitux at gmail.com
Sun Jan 26 22:41:10 UTC 2014
for what I see, if you are using iptables prerouting, then you need to use
the IP that is on the same network for both machines.
if you want to go from one network to other separate, you need to set
routes, otherwise, the packages will go out to 0.0.0.0
>From what I undestand in you network:
host 10.0.0.0
lxc1 10.1.0.0
lxc2 10.2.0.0
with /8 are separate networks, so you need to define a router ip, and that
ip should be visible
so, say from lxc1, you want to reach IPs in 10.2.0.0, then lxc1 should have
a leg on each network, and have a route rule.
Alvaro
On Mon, Jan 27, 2014 at 10:09 AM, Tamas Papp <tompos at martos.bme.hu> wrote:
> hi All,
>
> The problem may not be LXC only but I don't what the keyword is to
> search for.
>
>
> Topology:
>
> ---- inet ---- 1.2.3.4 firewall (DNAT) 10.0.0.1/8 ---- 10.1.0.0/8 lxc1 +
> 10.2.0.0/8 lxc2
>
>
> On firewall:
>
> $ iptables -t nat -A PREROUTING -d 1.2.3.4 --dport smtp -j DNAT --to
> 10.1.0.2:25
>
>
> 10.1.0.1 and 10.1.0.2 are containers on lxc01.
> 10.2.0.2 is a container on lxc02.
>
>
> Test command:
> $ telnet 10.1.0.2 25
>
>
> It's failing from the 10.1.0.0/8 containers and lxc01.
> It's OK on containers on lxc02 (eg. 10.2.0.2).
>
>
> According to tcpdump packets reaching the iface 10.0.0.1 and they're gone.
> Changing proxy_arp and rp_filter on 10.0.0.1 iface doesn't help.
>
>
> Any idea?
>
> 10x
> tamas
>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20140127/9d6658f9/attachment.html>
More information about the lxc-users
mailing list