It's all one single broadcast network 10/8.
The hosts could be even 10.0.0.{1,2,3,4}.In other words the container cannot be access through PREROUTING if the source and target _physical_ machines are the same. tamas On 01/26/2014 11:41 PM, Alvaro Miranda Aguilera wrote: > for what I see, if you are using iptables prerouting, then you need to > use the IP that is on the same network for both machines. > > if you want to go from one network to other separate, you need to set > routes, otherwise, the packages will go out to 0.0.0.0 > > From what I undestand in you network: > > host 10.0.0.0 > lxc1 10.1.0.0 > lxc2 10.2.0.0 > > with /8 are separate networks, so you need to define a router ip, and > that ip should be visible > > so, say from lxc1, you want to reach IPs in 10.2.0.0, then lxc1 should > have a leg on each network, and have a route rule. > Alvaro > > > On Mon, Jan 27, 2014 at 10:09 AM, Tamas Papp <[email protected] > <mailto:[email protected]>> wrote: > > hi All, > > The problem may not be LXC only but I don't what the keyword is to > search for. > > > Topology: > > ---- inet ---- 1.2.3.4 firewall (DNAT) 10.0.0.1/8 > <http://10.0.0.1/8> ---- 10.1.0.0/8 <http://10.1.0.0/8> lxc1 + > 10.2.0.0/8 <http://10.2.0.0/8> lxc2 > > > On firewall: > > $ iptables -t nat -A PREROUTING -d 1.2.3.4 --dport smtp -j DNAT --to > 10.1.0.2:25 <http://10.1.0.2:25> > > > 10.1.0.1 and 10.1.0.2 are containers on lxc01. > 10.2.0.2 is a container on lxc02. > > > Test command: > $ telnet 10.1.0.2 25 > > > It's failing from the 10.1.0.0/8 <http://10.1.0.0/8> containers > and lxc01. > It's OK on containers on lxc02 (eg. 10.2.0.2). > > > According to tcpdump packets reaching the iface 10.0.0.1 and > they're gone. > Changing proxy_arp and rp_filter on 10.0.0.1 iface doesn't help. > > > Any idea? > > 10x > tamas > > _______________________________________________ > lxc-users mailing list > [email protected] > <mailto:[email protected]> > http://lists.linuxcontainers.org/listinfo/lxc-users > > > > > _______________________________________________ > lxc-users mailing list > [email protected] > http://lists.linuxcontainers.org/listinfo/lxc-users
_______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
