On 01/26/2014 10:09 PM, Tamas Papp wrote: > hi All, > > The problem may not be LXC only but I don't what the keyword is to > search for. > > > Topology: > > ---- inet ---- 1.2.3.4 firewall (DNAT) 10.0.0.1/8 ---- 10.1.0.0/8 lxc1 + > 10.2.0.0/8 lxc2 > > > On firewall: > > $ iptables -t nat -A PREROUTING -d 1.2.3.4 --dport smtp -j DNAT --to > 10.1.0.2:25 > > > 10.1.0.1 and 10.1.0.2 are containers on lxc01. > 10.2.0.2 is a container on lxc02. > > > Test command: > $ telnet 10.1.0.2 25 > > > It's failing from the 10.1.0.0/8 containers and lxc01. > It's OK on containers on lxc02 (eg. 10.2.0.2). > > > According to tcpdump packets reaching the iface 10.0.0.1 and they're gone. > Changing proxy_arp and rp_filter on 10.0.0.1 iface doesn't help. > > > Any idea? >
More info I missed above: lxc version is the latest from Ubuntu ppa, but if I remember correctly, it was true for older releases as well. Thanks, tamas _______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
