[lxc-users] Internet to a container with local/private IP

Tamas Papp tompos at martos.bme.hu
Thu Jun 26 17:11:00 UTC 2014


On 06/26/2014 07:00 PM, Vijay Viswanathan wrote:
> Hi
> My interface looks like :
>   br0[192.168.10.1] <-> veth2 [192.168.10.2]
>   br0 <-> veth3 [192.168.10.3]
> &
>   an interface eth1 [ 10.4.38.222 ]
> all three [br0, veth2, veth3 ] are in the same network [ 192.168.10. ]
> so they are able to ping one another ( I set up the route for it )
>
> Now how do I ping-in/ping-out/connect to the container from my next
> machine [10.4.38.221] that is in the 10.4.3x network ?
>
> ip_forward has 1 in it.
>
> IP forwarding should help here but it doesnt seem to be.
> my iptables has nothing in it . I tried to iptables (  iptables -t nat
> -A POSTROUTING -s 192.168.10.0/24 -o eth1 -j MASQUERADE ) with no
> effect
>
>
> ---------
>
> # ifconfig from host:
> br0       Link encap:Ethernet  HWaddr FE:26:4E:1E:96:58
>            inet addr:192.168.10.1  Bcast:192.168.10.255  Mask:255.255.255.0
>            inet6 addr: fe80::6c17:ebff:fe0b:4960/64 Scope:Link
>            UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
>            RX packets:935 errors:0 dropped:0 overruns:0 frame:0
>            TX packets:463 errors:0 dropped:0 overruns:0 carrier:0
>            collisions:0 txqueuelen:0
>            RX bytes:66496 (64.9 KiB)  TX bytes:39538 (38.6 KiB)
>
> eth0      Link encap:Ethernet  HWaddr 00:00:DE:AD:BE:EF
>            UP BROADCAST MULTICAST  MTU:1500  Metric:1
>            RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>            TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>            collisions:0 txqueuelen:1000
>            RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
>
> eth1      Link encap:Ethernet  HWaddr 00:00:DE:AD:BE:EE
>            inet addr:10.4.38.182  Bcast:10.4.39.255  Mask:255.255.254.0
>            UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>            RX packets:134332 errors:0 dropped:0 overruns:0 frame:0
>            TX packets:1961 errors:0 dropped:0 overruns:0 carrier:0
>            collisions:0 txqueuelen:1000
>            RX bytes:19183426 (18.2 MiB)  TX bytes:169630 (165.6 KiB)
>
> eth1:0    Link encap:Ethernet  HWaddr 00:00:DE:AD:BE:EE
>            inet addr:192.168.17.10  Bcast:192.168.17.255  Mask:255.255.255.0
>            UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>
> lo        Link encap:Local Loopback
>            inet addr:127.0.0.1  Mask:255.0.0.0
>            inet6 addr: ::1/128 Scope:Host
>            UP LOOPBACK RUNNING  MTU:16436  Metric:1
>            RX packets:12 errors:0 dropped:0 overruns:0 frame:0
>            TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
>            collisions:0 txqueuelen:0
>            RX bytes:756 (756.0 B)  TX bytes:756 (756.0 B)
>
> veth2     Link encap:Ethernet  HWaddr FE:E5:84:6E:5F:58
>            inet6 addr: fe80::fce5:84ff:fe6e:5f58/64 Scope:Link
>            UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
>            RX packets:475 errors:0 dropped:0 overruns:0 frame:0
>            TX packets:896 errors:0 dropped:0 overruns:0 carrier:0
>            collisions:0 txqueuelen:1000
>            RX bytes:40254 (39.3 KiB)  TX bytes:59336 (57.9 KiB)
>
> veth3     Link encap:Ethernet  HWaddr FE:26:4E:1E:96:58
>            inet6 addr: fe80::fc26:4eff:fe1e:9658/64 Scope:Link
>            UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
>            RX packets:441 errors:0 dropped:0 overruns:0 frame:0
>            TX packets:893 errors:0 dropped:0 overruns:0 carrier:0
>            collisions:0 txqueuelen:1000
>            RX bytes:37874 (36.9 KiB)  TX bytes:58770 (57.3 KiB)
>
> # route
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
> default         10.4.39.254     0.0.0.0         UG    0      0        0 eth1
> 10.4.38.0       *               255.255.254.0   U     0      0        0 eth1
> 192.168.10.0    *               255.255.255.0   U     0      0        0 br0
> 192.168.17.0    *               255.255.255.0   U     0      0        0 eth1
> # iptables --list
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination
>
> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination
>
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
> #

If I were you, I would use bridged network setup and pick up IP for 
containers from the main network (10.4.38.0/23) since it's also a 
private network. If it's not possible for some reason, then you still 
can use IP from 192.168.10.0/24.
It unnecessary to make it more complicated. Why would you do that?

tamas


More information about the lxc-users mailing list