I think the case of having a 1 to 1 assignment of external IPs to containers is an important use case to document somewhere.
On Thu, Sep 18, 2014 at 12:09 PM, Shidan <[email protected]> wrote: > Hello I have multiple external IP addresses and set up iptables so that > each container is assigned one external IP on the lxcbr0 NATed bridge in > a 1 to 1 fashion similar to this example: > > root@SERVER:/var/log# iptables -t nat -L > Chain PREROUTING (policy ACCEPT) > target prot opt source destination > DNAT all -- anywhere 188.227.224.138 to:10.0.3.2 > DNAT all -- anywhere 188.227.224.139 to:10.0.3.3 > > > Chain INPUT (policy ACCEPT) > target prot opt source destination > > Chain OUTPUT (policy ACCEPT) > target prot opt source destination > > Chain POSTROUTING (policy ACCEPT) > target prot opt source destination > SNAT all -- 10.0.3.2 !10.0.3.0/24 to: > 188.227.224.138 > SNAT all -- 10.0.3.3 !10.0.3.0/24 to: > 188.227.224.139 > > > Now when I try to access a container from another container, I am just > hitting the host, so for ssh for example, even if I try the IPs > 188.227.224.139 or 10.0.3.3 from the 10.0.3.2 container I will actually > connect to the physical hosts SSH daemon. Everything works fine from one > connecting from/to external machines. > > What am I doing wrong. >
_______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
