[lxc-users] networking issue

Tamas Papp tompos at martos.bme.hu
Sun Jan 26 23:04:37 UTC 2014 

It's all one single broadcast network 10/8.
The hosts could be even 10.0.0.{1,2,3,4}.

In other words the container cannot be access through PREROUTING if the
source and target _physical_ machines are the same.

tamas


On 01/26/2014 11:41 PM, Alvaro Miranda Aguilera wrote:
> for what I see, if you are using iptables prerouting, then you need to
> use the IP that is on the same network for both machines.
>
> if you want to go from one network to other separate, you need to set
> routes, otherwise, the packages will go out to 0.0.0.0
>
> From what I undestand in you network:
>
> host 10.0.0.0
> lxc1 10.1.0.0
> lxc2 10.2.0.0
>
> with /8 are separate networks, so you need to define a router ip, and
> that ip should be visible
>
> so, say from lxc1, you want to reach IPs in 10.2.0.0, then lxc1 should
> have a leg on each network, and have a route rule.
> Alvaro
>
>
> On Mon, Jan 27, 2014 at 10:09 AM, Tamas Papp <tompos at martos.bme.hu
> <mailto:tompos at martos.bme.hu>> wrote:
>
>     hi All,
>
>     The problem may not be LXC only but I don't what the keyword is to
>     search for.
>
>
>     Topology:
>
>     ---- inet ---- 1.2.3.4 firewall (DNAT) 10.0.0.1/8
>     <http://10.0.0.1/8> ---- 10.1.0.0/8 <http://10.1.0.0/8> lxc1 +
>     10.2.0.0/8 <http://10.2.0.0/8> lxc2
>
>
>     On firewall:
>
>     $ iptables -t nat -A PREROUTING -d 1.2.3.4 --dport smtp -j DNAT --to
>     10.1.0.2:25 <http://10.1.0.2:25>
>
>
>     10.1.0.1 and 10.1.0.2 are containers on lxc01.
>     10.2.0.2 is a container on lxc02.
>
>
>     Test command:
>     $ telnet 10.1.0.2 25
>
>
>     It's failing from the 10.1.0.0/8 <http://10.1.0.0/8> containers
>     and lxc01.
>     It's OK on containers on lxc02 (eg. 10.2.0.2).
>
>
>     According to tcpdump packets reaching the iface 10.0.0.1 and
>     they're gone.
>     Changing proxy_arp and rp_filter on 10.0.0.1 iface doesn't help.
>
>
>     Any idea?
>
>     10x
>     tamas
>
>     _______________________________________________
>     lxc-users mailing list
>     lxc-users at lists.linuxcontainers.org
>     <mailto:lxc-users at lists.linuxcontainers.org>
>     http://lists.linuxcontainers.org/listinfo/lxc-users
>
>
>
>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20140127/557af1ac/attachment.html>

More information about the lxc-users mailing list