[lxc-users] Internal networking of containers
Shidan
shidan at gmail.com
Fri Sep 19 03:03:24 UTC 2014
I think the case of having a 1 to 1 assignment of external IPs to
containers is an important use case to document somewhere.
On Thu, Sep 18, 2014 at 12:09 PM, Shidan <shidan at gmail.com> wrote:
> Hello I have multiple external IP addresses and set up iptables so that
> each container is assigned one external IP on the lxcbr0 NATed bridge in
> a 1 to 1 fashion similar to this example:
>
> root at SERVER:/var/log# iptables -t nat -L
> Chain PREROUTING (policy ACCEPT)
> target prot opt source destination
> DNAT all -- anywhere 188.227.224.138 to:10.0.3.2
> DNAT all -- anywhere 188.227.224.139 to:10.0.3.3
>
>
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain POSTROUTING (policy ACCEPT)
> target prot opt source destination
> SNAT all -- 10.0.3.2 !10.0.3.0/24 to:
> 188.227.224.138
> SNAT all -- 10.0.3.3 !10.0.3.0/24 to:
> 188.227.224.139
>
>
> Now when I try to access a container from another container, I am just
> hitting the host, so for ssh for example, even if I try the IPs
> 188.227.224.139 or 10.0.3.3 from the 10.0.3.2 container I will actually
> connect to the physical hosts SSH daemon. Everything works fine from one
> connecting from/to external machines.
>
> What am I doing wrong.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20140918/48c17054/attachment.html>
More information about the lxc-users
mailing list