The example is from the documentation Any way, a libvirt LXC container also fails to work, so the issue is not there. Philip
On Sat, May 3, 2014 at 5:26 PM, Michael H. Warfield <[email protected]> wrote: > On Sat, 2014-05-03 at 11:52 -0400, CDR wrote: >> Dear friends >> I got stuck in the simplest part. >> First I tried libvirt and using the default network, whic works fine >> in virtual machines >> I created a Libvir-LSC container, and I can ping the host, DHCP >> works,etc., but no forwarding to the network. >> A pure LXC container with this network, failed. >> >> lxc.network.type = veth >> lxc.network.flags = up >> lxc.network.link = virbr0 >> lxc.network.ipv4 = 0.0.0.0/24 > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > Huh? What?!?! That can't be right. > > 0/8 is reserved. So 0.0.0.0/24 is part of a reserved network. You > can't use it. What was the network on the bridge and why weren't you > using that? > >> Then I removed that network, undefined it, and created an empty >> bridge, br0, and set up a simple iptables script. Note, I am not using >> any firewall for my box, only for natting. >> >> #!/bin/sh >> iptables -F >> iptables -t nat -F >> >> iptables --table nat -o eth1 --append POSTROUTING -s 192.168.122.0/24 >> -j MASQUERADE >> iptables -A FORWARD -i br0 -o eth1 -m state --state >> ESTABLISHED,RELATED -j ACCEPT >> iptables-save >> >> the container can ping the default gateway at 192.168.122.1, but >> again, no forwarding done. >> >> My kernel hast these configuration >> >> >> sysctl -A | grep bridge >> >> net.bridge.bridge-nf-call-arptables = 0 >> net.bridge.bridge-nf-call-ip6tables = 0 >> net.bridge.bridge-nf-call-iptables = 0 >> net.bridge.bridge-nf-filter-pppoe-tagged = 0 >> net.bridge.bridge-nf-filter-vlan-tagged = 0 >> net.bridge.bridge-nf-pass-vlan-input-dev = 0 >> >> sysctl -A | grep forward >> net.ipv4.conf.all.forwarding = 1 >> net.ipv4.conf.all.mc_forwarding = 0 >> net.ipv4.conf.br0.forwarding = 1 >> net.ipv4.conf.br0.mc_forwarding = 0 >> net.ipv4.conf.default.forwarding = 1 >> net.ipv4.conf.default.mc_forwarding = 0 >> net.ipv4.conf.eth0.forwarding = 1 >> net.ipv4.conf.eth0.mc_forwarding = 0 >> net.ipv4.conf.eth1.forwarding = 1 >> net.ipv4.conf.eth1.mc_forwarding = 0 >> net.ipv4.conf.lo.forwarding = 1 >> net.ipv4.conf.lo.mc_forwarding = 0 >> net.ipv4.conf.virbr0.forwarding = 1 >> net.ipv4.conf.virbr0.mc_forwarding = 0 >> net.ipv4.conf.virbr0-nic.forwarding = 1 >> net.ipv4.conf.virbr0-nic.mc_forwarding = 0 >> net.ipv4.ip_forward = 1 >> net.ipv4.ip_forward_use_pmtu = 0 >> >> >> Can anybody point to what is happening? >> >> Note: if in the pure LXC configuration, it works fine if I use >> lxc.network.type=macvlan >> lxc.network.macvlan.mode=bridge >> lxc.network.link=eth1 >> lxc.network.flags=up >> >> >> Yours >> Philip >> _______________________________________________ >> lxc-users mailing list >> [email protected] >> http://lists.linuxcontainers.org/listinfo/lxc-users > > -- > Michael H. Warfield (AI4NB) | (770) 978-7061 | [email protected] > /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ > NIC whois: MHW9 | An optimist believes we live in the best of all > PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it! > > > _______________________________________________ > lxc-users mailing list > [email protected] > http://lists.linuxcontainers.org/listinfo/lxc-users _______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
