[lxc-users] LXC NAT failing to forward

CDR venefax at gmail.com
Sat May 3 23:55:09 UTC 2014 

The example is from the documentation
Any way, a libvirt LXC container also fails to work, so the issue is not there.
Philip

On Sat, May 3, 2014 at 5:26 PM, Michael H. Warfield <mhw at wittsend.com> wrote:
> On Sat, 2014-05-03 at 11:52 -0400, CDR wrote:
>> Dear friends
>> I got stuck in the simplest part.
>> First I tried libvirt and using the default network, whic works fine
>> in virtual machines
>> I created a Libvir-LSC container, and I can ping the host, DHCP
>> works,etc., but no forwarding to the network.
>> A pure LXC container with this network, failed.
>>
>> lxc.network.type = veth
>> lxc.network.flags = up
>> lxc.network.link = virbr0
>> lxc.network.ipv4 = 0.0.0.0/24
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> Huh?  What?!?!  That can't be right.
>
> 0/8 is reserved.  So 0.0.0.0/24 is part of a reserved network.  You
> can't use it.  What was the network on the bridge and why weren't you
> using that?
>
>> Then I removed that network, undefined it, and created an empty
>> bridge, br0, and set up a simple iptables script. Note, I am not using
>> any firewall for my box, only for natting.
>>
>> #!/bin/sh
>> iptables -F
>> iptables -t nat -F
>>
>> iptables --table nat -o eth1 --append POSTROUTING  -s 192.168.122.0/24
>> -j MASQUERADE
>> iptables -A FORWARD -i br0 -o eth1 -m state --state
>> ESTABLISHED,RELATED -j ACCEPT
>> iptables-save
>>
>> the container can ping the default gateway at 192.168.122.1, but
>> again, no forwarding done.
>>
>> My kernel hast these configuration
>>
>>
>> sysctl -A | grep bridge
>>
>> net.bridge.bridge-nf-call-arptables = 0
>> net.bridge.bridge-nf-call-ip6tables = 0
>> net.bridge.bridge-nf-call-iptables = 0
>> net.bridge.bridge-nf-filter-pppoe-tagged = 0
>> net.bridge.bridge-nf-filter-vlan-tagged = 0
>> net.bridge.bridge-nf-pass-vlan-input-dev = 0
>>
>> sysctl -A | grep forward
>> net.ipv4.conf.all.forwarding = 1
>> net.ipv4.conf.all.mc_forwarding = 0
>> net.ipv4.conf.br0.forwarding = 1
>> net.ipv4.conf.br0.mc_forwarding = 0
>> net.ipv4.conf.default.forwarding = 1
>> net.ipv4.conf.default.mc_forwarding = 0
>> net.ipv4.conf.eth0.forwarding = 1
>> net.ipv4.conf.eth0.mc_forwarding = 0
>> net.ipv4.conf.eth1.forwarding = 1
>> net.ipv4.conf.eth1.mc_forwarding = 0
>> net.ipv4.conf.lo.forwarding = 1
>> net.ipv4.conf.lo.mc_forwarding = 0
>> net.ipv4.conf.virbr0.forwarding = 1
>> net.ipv4.conf.virbr0.mc_forwarding = 0
>> net.ipv4.conf.virbr0-nic.forwarding = 1
>> net.ipv4.conf.virbr0-nic.mc_forwarding = 0
>> net.ipv4.ip_forward = 1
>> net.ipv4.ip_forward_use_pmtu = 0
>>
>>
>> Can anybody point to what is happening?
>>
>> Note: if in the pure LXC configuration, it works fine if  I use
>> lxc.network.type=macvlan
>> lxc.network.macvlan.mode=bridge
>> lxc.network.link=eth1
>> lxc.network.flags=up
>>
>>
>> Yours
>> Philip
>> _______________________________________________
>> lxc-users mailing list
>> lxc-users at lists.linuxcontainers.org
>> http://lists.linuxcontainers.org/listinfo/lxc-users
>
> --
> Michael H. Warfield (AI4NB) | (770) 978-7061 |  mhw at WittsEnd.com
>    /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
>    NIC whois: MHW9          | An optimist believes we live in the best of all
>  PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
>
>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users

More information about the lxc-users mailing list