[lxc-users] IPTABLES isolation
Fajar A. Nugraha
list at fajar.net
Mon Sep 5 09:03:30 UTC 2016
On Mon, Sep 5, 2016 at 5:23 AM, <webman at manfbraun.de> wrote:
> Hello !
>
> Probably someone knows about iptables. If I use a LXC based VM,
> I am sharing the host iptables with the VM. But I do not understand
> the scenario in full. Waht myke my basic running is, that I
> initialized the required modules on the host side (at its start),
> so the LXC VM is finding already loaded modules.
>
>
It should work.
I currently have an openvpn container, running unprivileged under lxd,
using lxdbr0's ip address (i.e. 10.0.3.x).
- the HOST forwards openvpn traffic (using iptables) to the container
- the container has its own IP range for openvpn clients (172.16.122.x)
- the container nat/masquarade traffic from openvpn clients, using its own
iptables
- "iptables-save" on the host and that returns different entries, as if
both are separate machines.
--
Fajar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20160905/3951af9b/attachment.html>
More information about the lxc-users
mailing list