[lxc-users] LXD can ping from container out, but not in from outside network

Kevin LaTona lists at studiosola.com
Sun May 17 04:22:10 UTC 2015 


Earler today I did have the lxbr0 running on the 192.168.x.x and I was unable to get iptables to play nice.

So I went back to the default LXD install of 10.0.3.0 network thinking there must be a simple iptables line that would solve all this in a easier way.


Last time I looked at the legacy LXC about a year ago and tested them out.

I recall jumping and dancing thru all kind of crazy hoops to make it work as back then I wanted to have all static ip's.


Some where along the path I recall Serge saying something about just allowing the DHCP to assign static ip's.

This time around I got that side of all it going okay.


It's working out how to get the LXC containers to play nice under LXD with public access that is spinning me right now.

I keep thinking it all comes down to iptables.

But so far all the example code I've seen has not translated over to get it working for me.


I just figured out that right now that all these containers can do is ping DNS servers.

Which is why I am thinking it all comes down to taming iptables.

To make this work simpler with these LXD containers now.


Not sure why there is not more info about how to make a container accessible from both the local and outside network.

Maybe I've looked at this to long now .


-Kevin





On May 16, 2015, at 9:00 PM, Mark Constable <markc at renta.net> wrote:

> On Sat, 16 May 2015 08:03:26 PM Kevin LaTona wrote:
>> With a LXD based LXC container what iptables magic does one need to
>> be able to access these 10.0.3.x containers from outside that local
>> network?
>> 
>> So far I got it so I log into a 10.0.3.x based container and ping the
>> outside world.
> 
> The last couple of emails I sent were all about addressing this problem.
> 
> The default 10.0.3.x based container networking uses NAT, the same as
> your 192.168.x.x network is to the outside world via your router. The
> easiest solution I am aware of is to change the default lxcbr0 to use
> the same 192.168.x.x network segment as your host and then any other
> host on your 192.168.x.x network can see any of the containers. Then
> you can also make a container visible to the outside world using normal
> port forwarding on your main router.

More information about the lxc-users mailing list