On 04/06/13, Michael H. Warfield (m...@wittsend.com) wrote:
> > I'd be grateful to know if anyone has some firewall (iptables) advice for
> > allowing traffic to the container? I expect to run another firewall on the
> > container itself.
>
> That's probably your FORWARD chain there. Set that policy to ACCEPT and
> flush all the rules from the FORWARD chain like this:
>
> iptables -P FORWARD ACCEPT
> iptables -F FORWARD
>
> FORWARD chain is going to affect packets forwarded over the host's
> bridge to the containers. The INPUT and OUTPUT chains will affect the
> packets coming in and going out from the local host's OS interfaces.
>
> Depending on your distro, track down your persistent rule storage and
> make those changes permanent. Fedora prior to firewalld (here we go
> again), RedHat, and RH derivatives (CentOS et al) are generally
> in /etc/sysconfig/iptables unless you've also installed one of the
> sundry firewall toolkits. Ubuntu, I'm not so sure about.
I'm using Debian, and I'm using a simple ufw firewall on the host server
at present.
The iptables -L output is here:
http://pastebin.com/QzQKRDX0
I don't have any trouble with the firewall restarting.
Thanks very much
Rory
--
Rory Campbell-Lange
r...@campbell-lange.net
------------------------------------------------------------------------------
How ServiceNow helps IT people transform IT departments:
1. A cloud service to automate IT design, transition and operations
2. Dashboards that offer high-level views of enterprise services
3. A single system of record for all IT processes
http://p.sf.net/sfu/servicenow-d2d-j
_______________________________________________
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users
