[lxc-users] Internal networking of containers

Shidan shidan at gmail.com
Fri Sep 19 04:19:45 UTC 2014


Just figured it out a fix, I think. For containers to address each other by
both external and internal IPs, I set the DNAT rule on the OUTPUT and
PREROUTING chain, instead of just on the PREROUTING as above.

On Thu, Sep 18, 2014 at 11:03 PM, Shidan <shidan at gmail.com> wrote:

> I think the case of having a 1 to 1 assignment of external IPs to
> containers is an important use case to document somewhere.
>
> On Thu, Sep 18, 2014 at 12:09 PM, Shidan <shidan at gmail.com> wrote:
>
>> Hello I have multiple external IP addresses and set up iptables so that
>> each container is assigned one external IP on the lxcbr0 NATed bridge in
>> a 1 to 1 fashion similar to this example:
>>
>> root at SERVER:/var/log# iptables -t nat -L
>> Chain PREROUTING (policy ACCEPT)
>> target     prot opt source               destination
>> DNAT       all  --  anywhere             188.227.224.138     to:10.0.3.2
>> DNAT       all  --  anywhere             188.227.224.139     to:10.0.3.3
>>
>>
>> Chain INPUT (policy ACCEPT)
>> target     prot opt source               destination
>>
>> Chain OUTPUT (policy ACCEPT)
>> target     prot opt source               destination
>>
>> Chain POSTROUTING (policy ACCEPT)
>> target     prot opt source               destination
>> SNAT       all  --  10.0.3.2            !10.0.3.0/24          to:
>> 188.227.224.138
>> SNAT       all  --  10.0.3.3            !10.0.3.0/24          to:
>> 188.227.224.139
>>
>>
>> Now when I try to access a container from another container, I am just
>> hitting the host, so for ssh for example, even if I try the IPs
>> 188.227.224.139 or 10.0.3.3 from the 10.0.3.2 container I will actually
>> connect to the physical hosts SSH daemon. Everything works fine from one
>> connecting from/to external machines.
>>
>> What am I doing wrong.
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20140919/e9871931/attachment.html>


More information about the lxc-users mailing list