On Tue, 2013-06-04 at 11:21 +0100, Rory Campbell-Lange wrote: > On 03/06/13, Serge Hallyn (serge.hal...@ubuntu.com) wrote: > > Quoting Rory Campbell-Lange (r...@campbell-lange.net): > > > On 04/06/13, Papp Tamas (tom...@martos.bme.hu) wrote: > > > > > > > > What is the IP address of the container? > > > > > > The host is on aa.bb.cc.103 (a public net address) > > > and the container is on aa.bb.cc.87. > > > > > > I can get from 87 to 103, but I can't ping the gateway from the > > > container. > > > > Hm, here's an idea. Lxc sets /proc/sys/net/ipv4/conf/$link/forwarding. > > Perhaps that isn't enough. You might echo 1 > > > /proc/sys/net/ipv4/conf/eth0/forwarding and > > /proc/sys/net/ipv4/ip_forward. > > > > But, > > > > 1. what does 'route -n' in the container (and on the host) show? > > > > 2. when you ping the ip address of your router, what does traceroute > > (wireshark, whatever) on the host show?
> Hi Serge > Thanks very much for your email. > Going through the steps above showed me I had a firewall problem. Dropping the > firewall allowed the container to hit the internet. Apologies for this > beginner > problem. > I'd be grateful to know if anyone has some firewall (iptables) advice for > allowing traffic to the container? I expect to run another firewall on the > container itself. That's probably your FORWARD chain there. Set that policy to ACCEPT and flush all the rules from the FORWARD chain like this: iptables -P FORWARD ACCEPT iptables -F FORWARD FORWARD chain is going to affect packets forwarded over the host's bridge to the containers. The INPUT and OUTPUT chains will affect the packets coming in and going out from the local host's OS interfaces. Depending on your distro, track down your persistent rule storage and make those changes permanent. Fedora prior to firewalld (here we go again), RedHat, and RH derivatives (CentOS et al) are generally in /etc/sysconfig/iptables unless you've also installed one of the sundry firewall toolkits. Ubuntu, I'm not so sure about. > Regards > Rory > > -- > Rory Campbell-Lange > r...@campbell-lange.net > > ------------------------------------------------------------------------------ > How ServiceNow helps IT people transform IT departments: > 1. A cloud service to automate IT design, transition and operations > 2. Dashboards that offer high-level views of enterprise services > 3. A single system of record for all IT processes > http://p.sf.net/sfu/servicenow-d2d-j > _______________________________________________ > Lxc-users mailing list > Lxc-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/lxc-users > -- Michael H. Warfield (AI4NB) | (770) 985-6132 | m...@wittsend.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ How ServiceNow helps IT people transform IT departments: 1. A cloud service to automate IT design, transition and operations 2. Dashboards that offer high-level views of enterprise services 3. A single system of record for all IT processes http://p.sf.net/sfu/servicenow-d2d-j
_______________________________________________ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
