On 04/04/2011 07:35 PM, Ulli Horlacher wrote: > My first Ubuntu 10.04 container is up and running on a Ubuntu 10.04 host, > but the container can only connect to the host (and vice versa), but not > to the world outside. > > I saw a lot of configurations for NAT, but I want native routing for my > containers. > > > > My setup is: > > host zoo 129.69.1.39 > container LXC 129.69.1.219 > router 129.69.1.254 > > In LXC.conf is: > > lxc.utsname = LXC > lxc.network.type = veth > lxc.network.link = br0 > lxc.network.flags = up > lxc.network.name = eth0 > lxc.network.mtu = 1500 > lxc.network.ipv4 = 129.69.1.219/24 > > > root@LXC:~# route -n > Kernel IP routing table > Destination Gateway Genmask Flags Metric Ref Use Iface > 129.69.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 > 0.0.0.0 129.69.1.254 0.0.0.0 UG 0 0 0 eth0 > > root@LXC:~# ping -c 1 129.69.1.39 > PING 129.69.1.39 (129.69.1.39) 56(84) bytes of data. > 64 bytes from 129.69.1.39: icmp_seq=1 ttl=64 time=11.5 ms > > --- 129.69.1.39 ping statistics --- > 1 packets transmitted, 1 received, 0% packet loss, time 0ms > rtt min/avg/max/mdev = 11.547/11.547/11.547/0.000 ms > > root@LXC:~# ping -c 1 129.69.1.254 > PING 129.69.1.254 (129.69.1.254) 56(84) bytes of data. > > From 129.69.1.219 icmp_seq=1 Destination Host Unreachable > > --- 129.69.1.254 ping statistics --- > 1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms > > > > root@zoo:~# route -n > Kernel IP routing table > Destination Gateway Genmask Flags Metric Ref Use Iface > 129.69.1.0 0.0.0.0 255.255.255.0 U 0 0 0 br0 > 0.0.0.0 129.69.1.254 0.0.0.0 UG 100 0 0 br0 > > root@zoo:~# ping -c 1 129.69.1.219 > PING 129.69.1.219 (129.69.1.219) 56(84) bytes of data. > 64 bytes from 129.69.1.219: icmp_seq=1 ttl=64 time=0.058 ms > > --- 129.69.1.219 ping statistics --- > 1 packets transmitted, 1 received, 0% packet loss, time 0ms > rtt min/avg/max/mdev = 0.058/0.058/0.058/0.000 ms > > root@zoo:~# ping -c 1 129.69.1.254 > PING 129.69.1.254 (129.69.1.254) 56(84) bytes of data. > 64 bytes from 129.69.1.254: icmp_seq=1 ttl=255 time=0.509 ms > > --- 129.69.1.254 ping statistics --- > 1 packets transmitted, 1 received, 0% packet loss, time 0ms > rtt min/avg/max/mdev = 0.509/0.509/0.509/0.000 ms > > root@zoo:~# iptables -n -L > Chain INPUT (policy ACCEPT) > target prot opt source destination > > Chain FORWARD (policy ACCEPT) > target prot opt source destination > > Chain OUTPUT (policy ACCEPT) > target prot opt source destination > > root@zoo:~# sysctl -a | grep forward > net.ipv4.conf.all.forwarding = 1 > net.ipv4.conf.all.mc_forwarding = 0 > net.ipv4.conf.default.forwarding = 1 > net.ipv4.conf.default.mc_forwarding = 0 > net.ipv4.conf.lo.forwarding = 1 > net.ipv4.conf.lo.mc_forwarding = 0 > net.ipv4.conf.eth0.forwarding = 1 > net.ipv4.conf.eth0.mc_forwarding = 0 > net.ipv4.conf.br0.forwarding = 1 > net.ipv4.conf.br0.mc_forwarding = 0 > net.ipv4.conf.virbr0.forwarding = 1 > net.ipv4.conf.virbr0.mc_forwarding = 0 > net.ipv4.conf.vethMx2A0v.forwarding = 1 > net.ipv4.conf.vethMx2A0v.mc_forwarding = 0 > net.ipv4.ip_forward = 1 > > Any debugging hints?
Can you give the bridge setup ? (brctl show) ------------------------------------------------------------------------------ Xperia(TM) PLAY It's a major breakthrough. An authentic gaming smartphone on the nation's most reliable network. And it wants your games. http://p.sf.net/sfu/verizon-sfdev _______________________________________________ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
