[lxc-users] LXC NAT failing to forward
Michael H. Warfield
mhw at WittsEnd.com
Sat May 3 21:26:37 UTC 2014
On Sat, 2014-05-03 at 11:52 -0400, CDR wrote:
> Dear friends
> I got stuck in the simplest part.
> First I tried libvirt and using the default network, whic works fine
> in virtual machines
> I created a Libvir-LSC container, and I can ping the host, DHCP
> works,etc., but no forwarding to the network.
> A pure LXC container with this network, failed.
>
> lxc.network.type = veth
> lxc.network.flags = up
> lxc.network.link = virbr0
> lxc.network.ipv4 = 0.0.0.0/24
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Huh? What?!?! That can't be right.
0/8 is reserved. So 0.0.0.0/24 is part of a reserved network. You
can't use it. What was the network on the bridge and why weren't you
using that?
> Then I removed that network, undefined it, and created an empty
> bridge, br0, and set up a simple iptables script. Note, I am not using
> any firewall for my box, only for natting.
>
> #!/bin/sh
> iptables -F
> iptables -t nat -F
>
> iptables --table nat -o eth1 --append POSTROUTING -s 192.168.122.0/24
> -j MASQUERADE
> iptables -A FORWARD -i br0 -o eth1 -m state --state
> ESTABLISHED,RELATED -j ACCEPT
> iptables-save
>
> the container can ping the default gateway at 192.168.122.1, but
> again, no forwarding done.
>
> My kernel hast these configuration
>
>
> sysctl -A | grep bridge
>
> net.bridge.bridge-nf-call-arptables = 0
> net.bridge.bridge-nf-call-ip6tables = 0
> net.bridge.bridge-nf-call-iptables = 0
> net.bridge.bridge-nf-filter-pppoe-tagged = 0
> net.bridge.bridge-nf-filter-vlan-tagged = 0
> net.bridge.bridge-nf-pass-vlan-input-dev = 0
>
> sysctl -A | grep forward
> net.ipv4.conf.all.forwarding = 1
> net.ipv4.conf.all.mc_forwarding = 0
> net.ipv4.conf.br0.forwarding = 1
> net.ipv4.conf.br0.mc_forwarding = 0
> net.ipv4.conf.default.forwarding = 1
> net.ipv4.conf.default.mc_forwarding = 0
> net.ipv4.conf.eth0.forwarding = 1
> net.ipv4.conf.eth0.mc_forwarding = 0
> net.ipv4.conf.eth1.forwarding = 1
> net.ipv4.conf.eth1.mc_forwarding = 0
> net.ipv4.conf.lo.forwarding = 1
> net.ipv4.conf.lo.mc_forwarding = 0
> net.ipv4.conf.virbr0.forwarding = 1
> net.ipv4.conf.virbr0.mc_forwarding = 0
> net.ipv4.conf.virbr0-nic.forwarding = 1
> net.ipv4.conf.virbr0-nic.mc_forwarding = 0
> net.ipv4.ip_forward = 1
> net.ipv4.ip_forward_use_pmtu = 0
>
>
> Can anybody point to what is happening?
>
> Note: if in the pure LXC configuration, it works fine if I use
> lxc.network.type=macvlan
> lxc.network.macvlan.mode=bridge
> lxc.network.link=eth1
> lxc.network.flags=up
>
>
> Yours
> Philip
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
--
Michael H. Warfield (AI4NB) | (770) 978-7061 | mhw at WittsEnd.com
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20140503/d1338e17/attachment.sig>
More information about the lxc-users
mailing list