Quoting Rory Campbell-Lange (r...@campbell-lange.net): > On 04/06/13, Rory Campbell-Lange (r...@campbell-lange.net) wrote: > > On 03/06/13, Serge Hallyn (serge.hal...@ubuntu.com) wrote: > > > Quoting Rory Campbell-Lange (r...@campbell-lange.net): > > > > On 04/06/13, Papp Tamas (tom...@martos.bme.hu) wrote: > > > > > The host is on aa.bb.cc.103 (a public net address) > > > > and the container is on aa.bb.cc.87. > > > > > > > > I can get from 87 to 103, but I can't ping the gateway from the > > > > container. > > > > 1. what does 'route -n' in the container (and on the host) show? > > > > > > 2. when you ping the ip address of your router, what does traceroute > > > (wireshark, whatever) on the host show? > > > Going through the steps above showed me I had a firewall problem. Dropping > > the > > firewall allowed the container to hit the internet. Apologies for this > > beginner > > problem. > > > > I'd be grateful to know if anyone has some firewall (iptables) advice for > > allowing traffic to the container? I expect to run another firewall on the > > container itself. > > It looks like I don't have to drop the firewall on the host if I do the > following: > > for f in /proc/sys/net/bridge/bridge-nf-*; do echo 0 > $f; done > > Reference: > http://www.linuxfoundation.org/collaborate/workgroups/networking/bridge#No_traffic_gets_trough_.28except_ARP_and_STP.29 > > Is this recommended?
Probably not. What is your current firewall trying to do? What does iptables -L; iptables -t nat -L; show? ------------------------------------------------------------------------------ How ServiceNow helps IT people transform IT departments: 1. A cloud service to automate IT design, transition and operations 2. Dashboards that offer high-level views of enterprise services 3. A single system of record for all IT processes http://p.sf.net/sfu/servicenow-d2d-j _______________________________________________ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
