On Tue, Aug 5, 2014 at 7:30 PM, Jeroen Ooms <[email protected]> wrote: > On Tue, Aug 5, 2014 at 12:48 PM, Gavin Grieve <[email protected]> wrote: >> Could you use something like "-i eth0" to only apply the REDIRECT to traffic >> coming in on eth0 (or whatever your "external" interface is)? > > What interface does traffic from lxc guests come from? Is there also a
depends on your setup. It could be lxcbr0 or virbr0. Or even anything if you're running a custom setup. > way to limit the rule to traffic coming NOT from that interface? Err ... "man iptables"? It might be messy if you go down this route though. The default setup (if you use ubuntu, or lxc from source) should be veth-bridge-nat, with lxcbr0 as the bridge. Bridge traffic might also be subject to iptables rules by default (and the bridged interfaces are named vethXXX), so you also need to make sure /proc/sys/net/bridge/bridge-nf-call-iptables is 0. Better stick with Gavin's suggestion if possible. Or do some scripting to get server's IP address before calling iptables. -- Fajar _______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
