[lxc-users] Internet to a container with local/private IP ( NAT ? )
Vijay Viswanathan
vijay.vishy at gmail.com
Thu Jun 26 22:53:47 UTC 2014
never mind I found the tips from :
http://www.pdxsys.com/articles/lxc/lxc2/ and got it working.
Thx.
On Thu, Jun 26, 2014 at 10:35 AM, Vijay Viswanathan
<vijay.vishy at gmail.com> wrote:
> I cannot pickup IP from 10.4.38.0/23 network for the containers.
> I thought I picked up IP from 192.168.10.0/24. Isnt 192.168.10.2 from there ?
> I know that some IP Masquerade/NAT setting is missing but dont know how to.
>
> All I need is:
> IN:
> route/foward packets of 192.168.10.0/24 network that are received on eth1 to br0
> [ also,
> here I will need to forward port 22 traffic to lxc2/veth2
> foward port 80 traffic to lxc3/veth3
> ]
>
> OUT:
> route/forward packets from br0 that are not 192.168.10.0/24 through
> eth1 and put a br0 IP label on it
>
> typical NAT with a help of some bridge and ip_forward ?
>
>
>
> tried :
>
> # brctl show
> bridge name bridge id STP enabled interfaces
> br0 8000.fe264e1e9658 no veth2
> veth3
> # brctl addif br0 eth1
> # brctl show
> bridge name bridge id STP enabled interfaces
> br0 8000.0000deadbeee no eth1
> veth2
> veth3
>
>
> Thx.
>
>
> On Thu, Jun 26, 2014 at 10:11 AM, Tamas Papp <tompos at martos.bme.hu> wrote:
>>
>> On 06/26/2014 07:00 PM, Vijay Viswanathan wrote:
>>>
>>> Hi
>>> My interface looks like :
>>> br0[192.168.10.1] <-> veth2 [192.168.10.2]
>>> br0 <-> veth3 [192.168.10.3]
>>> &
>>> an interface eth1 [ 10.4.38.222 ]
>>> all three [br0, veth2, veth3 ] are in the same network [ 192.168.10. ]
>>> so they are able to ping one another ( I set up the route for it )
>>>
>>> Now how do I ping-in/ping-out/connect to the container from my next
>>> machine [10.4.38.221] that is in the 10.4.3x network ?
>>>
>>> ip_forward has 1 in it.
>>>
>>> IP forwarding should help here but it doesnt seem to be.
>>> my iptables has nothing in it . I tried to iptables ( iptables -t nat
>>> -A POSTROUTING -s 192.168.10.0/24 -o eth1 -j MASQUERADE ) with no
>>> effect
>>>
>>>
>>> ---------
>>>
>>> # ifconfig from host:
>>> br0 Link encap:Ethernet HWaddr FE:26:4E:1E:96:58
>>> inet addr:192.168.10.1 Bcast:192.168.10.255
>>> Mask:255.255.255.0
>>> inet6 addr: fe80::6c17:ebff:fe0b:4960/64 Scope:Link
>>> UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
>>> RX packets:935 errors:0 dropped:0 overruns:0 frame:0
>>> TX packets:463 errors:0 dropped:0 overruns:0 carrier:0
>>> collisions:0 txqueuelen:0
>>> RX bytes:66496 (64.9 KiB) TX bytes:39538 (38.6 KiB)
>>>
>>> eth0 Link encap:Ethernet HWaddr 00:00:DE:AD:BE:EF
>>> UP BROADCAST MULTICAST MTU:1500 Metric:1
>>> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>>> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>>> collisions:0 txqueuelen:1000
>>> RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
>>>
>>> eth1 Link encap:Ethernet HWaddr 00:00:DE:AD:BE:EE
>>> inet addr:10.4.38.182 Bcast:10.4.39.255 Mask:255.255.254.0
>>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
>>> RX packets:134332 errors:0 dropped:0 overruns:0 frame:0
>>> TX packets:1961 errors:0 dropped:0 overruns:0 carrier:0
>>> collisions:0 txqueuelen:1000
>>> RX bytes:19183426 (18.2 MiB) TX bytes:169630 (165.6 KiB)
>>>
>>> eth1:0 Link encap:Ethernet HWaddr 00:00:DE:AD:BE:EE
>>> inet addr:192.168.17.10 Bcast:192.168.17.255
>>> Mask:255.255.255.0
>>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
>>>
>>> lo Link encap:Local Loopback
>>> inet addr:127.0.0.1 Mask:255.0.0.0
>>> inet6 addr: ::1/128 Scope:Host
>>> UP LOOPBACK RUNNING MTU:16436 Metric:1
>>> RX packets:12 errors:0 dropped:0 overruns:0 frame:0
>>> TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
>>> collisions:0 txqueuelen:0
>>> RX bytes:756 (756.0 B) TX bytes:756 (756.0 B)
>>>
>>> veth2 Link encap:Ethernet HWaddr FE:E5:84:6E:5F:58
>>> inet6 addr: fe80::fce5:84ff:fe6e:5f58/64 Scope:Link
>>> UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
>>> RX packets:475 errors:0 dropped:0 overruns:0 frame:0
>>> TX packets:896 errors:0 dropped:0 overruns:0 carrier:0
>>> collisions:0 txqueuelen:1000
>>> RX bytes:40254 (39.3 KiB) TX bytes:59336 (57.9 KiB)
>>>
>>> veth3 Link encap:Ethernet HWaddr FE:26:4E:1E:96:58
>>> inet6 addr: fe80::fc26:4eff:fe1e:9658/64 Scope:Link
>>> UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
>>> RX packets:441 errors:0 dropped:0 overruns:0 frame:0
>>> TX packets:893 errors:0 dropped:0 overruns:0 carrier:0
>>> collisions:0 txqueuelen:1000
>>> RX bytes:37874 (36.9 KiB) TX bytes:58770 (57.3 KiB)
>>>
>>> # route
>>> Kernel IP routing table
>>> Destination Gateway Genmask Flags Metric Ref Use
>>> Iface
>>> default 10.4.39.254 0.0.0.0 UG 0 0 0
>>> eth1
>>> 10.4.38.0 * 255.255.254.0 U 0 0 0
>>> eth1
>>> 192.168.10.0 * 255.255.255.0 U 0 0 0
>>> br0
>>> 192.168.17.0 * 255.255.255.0 U 0 0 0
>>> eth1
>>> # iptables --list
>>> Chain INPUT (policy ACCEPT)
>>> target prot opt source destination
>>>
>>> Chain FORWARD (policy ACCEPT)
>>> target prot opt source destination
>>>
>>> Chain OUTPUT (policy ACCEPT)
>>> target prot opt source destination
>>> #
>>
>>
>> If I were you, I would use bridged network setup and pick up IP for
>> containers from the main network (10.4.38.0/23) since it's also a private
>> network. If it's not possible for some reason, then you still can use IP
>> from 192.168.10.0/24.
>> It unnecessary to make it more complicated. Why would you do that?
>>
>> tamas
>> _______________________________________________
>> lxc-users mailing list
>> lxc-users at lists.linuxcontainers.org
>> http://lists.linuxcontainers.org/listinfo/lxc-users
More information about the lxc-users
mailing list