This the iptables setup from LXC in OL6.4 channel [root@ol6hostlxc ~]# cat /etc/sysconfig/iptables # Generated by iptables-save v1.4.7 on Tue Mar 5 21:27:37 2013 *nat :PREROUTING ACCEPT [33:5486] :INPUT ACCEPT [33:5486] :OUTPUT ACCEPT [2:144] :POSTROUTING ACCEPT [2:144] -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535 -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535 -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE COMMIT # Completed on Tue Mar 5 21:27:37 2013 # Generated by iptables-save v1.4.7 on Tue Mar 5 21:27:37 2013 *mangle :PREROUTING ACCEPT [59:9336] :INPUT ACCEPT [59:9336] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [2:144] :POSTROUTING ACCEPT [2:144] -A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill COMMIT # Completed on Tue Mar 5 21:27:37 2013 # Generated by iptables-save v1.4.7 on Tue Mar 5 21:27:37 2013 *filter :INPUT ACCEPT [59:9336] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [2:144] -A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT -A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT -A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT -A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT -A FORWARD -d 192.168.122.0/24 -o virbr0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT -A FORWARD -i virbr0 -o virbr0 -j ACCEPT -A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable -A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable COMMIT # Completed on Tue Mar 5 21:27:37 2013
On 5/03/2013, at 12:18 PM, Dwight Engen <dwight.en...@oracle.com> wrote: > On Mon, 04 Mar 2013 15:35:06 -0600 > "cbul...@gmail.com" <cbul...@gmail.com> wrote: > >> Hi All, >> >> >> We have a host server running Oracle Linux >> (2.6.39-200.24.1.el6uek.x86_64) and We created a Oracle Linux 6.2 >> container following Oracle's Docs >> (http://docs.oracle.com/cd/E37670_01/E37355/html/ol_config_os_containers.html). >> The installation process was OK and We did not have any problem. We >> are able to connect to it using lxc-console. The problem is that we >> don't have any connectivity to the public or private network from our >> container (We have just connectivity to our host IP address). Our >> host has full connectivity to both networks. >> >> These are the relevant network file configuration: >> >> Host info: >> >> - ifcfg-eth0 >> >> DEVICE="eth0" >> HWADDR=00:0C:29:1B:46:20 >> ONBOOT=yes >> BRIDGE="virbr0" >> NM_CONTROLLED="no" >> >> -ifcfg-virbr0 >> >> DEVICE="virbr0" >> TYPE=Bridge >> BRIDGE_FORWARDDELAY=0 >> NM_CONTROLLED="no" >> ONBOOT="yes" >> BOOTPROTO=static >> IPADDR=192.168.1.222 >> NETMASK=255.255.255.0 >> GATEWAY=192.168.1.1 >> HWADDR=00:0C:29:1B:46:20 >> >> >> Container info: >> >> - ifcfg-eth0 >> >> DEVICE=eth0 >> BOOTPROTO="static" >> ONBOOT=yes >> HOSTNAME=ol6ctr1 >> NM_CONTROLLED=no >> TYPE=Ethernet >> IPADDR=192.168.1.223 >> HARDWARE=3E:E3:2D:8B:47:17 >> NETMASK=255.255.255.0 >> >> -/etc/sysconfig/network >> >> NETWORKING=yes >> NETWORKING_IPV6=no >> GATEWAY=192.168.1.1 >> HOSTNAME=ol6ctr1 >> >> >> [root@ol6ctr1 ~]# route -n >> Kernel IP routing table >> Destination Gateway Genmask Flags Metric Ref >> Use Iface >> 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 >> 0 0 eth0 192.168.1.0 0.0.0.0 255.255.255.0 >> U 0 0 0 eth0 169.254.0.0 0.0.0.0 >> 255.255.0.0 U 1007 0 0 eth0 >> >> -selinux: disabled >> -iptables stopped > > I believe your problem is because iptables needs to not be stopped for > the NAT forwarding rules to work and forward your traffic. > >> I really appreciate any help about this problem. >> >> Thanks in advance! > > ------------------------------------------------------------------------------ > Everyone hates slow websites. So do we. > Make your web apps faster with AppDynamics > Download AppDynamics Lite for free today: > http://p.sf.net/sfu/appdyn_d2d_feb > _______________________________________________ > Lxc-users mailing list > Lxc-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/lxc-users ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_feb _______________________________________________ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users