Re: [Lxc-users] Forwarding packets from host to container
On Tue, Jan 11, 2011 at 5:35 PM, Nirmal Guhan vavat...@gmail.com wrote: On Tue, Jan 11, 2011 at 5:34 PM, Nirmal Guhan vavat...@gmail.com wrote: On Tue, Jan 11, 2011 at 5:25 PM, Nirmal Guhan vavat...@gmail.com wrote: Hi, How do I forward packets (ethernet frames included) from host to container. I plan to run a packet capture program (tcpdump for instance) within container that will capture the packets coming to host eth1 interface. I tried both using bridge and iptables but they do not seem to help. iptables -A FORWARD -i eth1 -o br1 -j ACCEPT and/or iptables -A FORWARD -i eth1 -o vethZtPPol -j ACCEPT Instead of the above, I also tried adding host eth1 to br1 but still tcpdump from container cannot see the packets sent to eth1 from external world. I use fedora 12 for both host and container. xc.network.type = veth lxc.network.link = br1 lxc.network.name = eth1 lxc.network.flags = up lxc.network.mtu = 1500 -Nirmal An update : If I connect host eth1 to a bridge br2 and add lxc.network.type = veth lxc.network.link = br2 lxc.network.name = eth2 lxc.network.flags = up lxc.network.mtu = 1500 I can then see packets coming into eth2 (basically echo reply from external machine) but not the ones going out. Kindly help. -Nirmal A typo : packets coming into eth1 of the host... Still trying...Any help on this will be much appreciated!! -Nirmal -- Protect Your Site and Customers from Malware Attacks Learn about various malware tactics and how to avoid them. Understand malware threats, the impact they can have on your business, and how you can protect your company and customers by using code signing. http://p.sf.net/sfu/oracle-sfdevnl ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Forwarding packets from host to container
On Wed, Jan 12, 2011 at 12:42 PM, Daniel Lezcano daniel.lezc...@free.fr wrote: On 01/12/2011 02:25 AM, Nirmal Guhan wrote: Hi, How do I forward packets (ethernet frames included) from host to container. I plan to run a packet capture program (tcpdump for instance) within container that will capture the packets coming to host eth1 interface. I tried both using bridge and iptables but they do not seem to help. iptables -A FORWARD -i eth1 -o br1 -j ACCEPT and/or iptables -A FORWARD -i eth1 -o vethZtPPol -j ACCEPT Instead of the above, I also tried adding host eth1 to br1 but still tcpdump from container cannot see the packets sent to eth1 from external world. I use fedora 12 for both host and container. xc.network.type = veth lxc.network.link = br1 lxc.network.name = eth1 lxc.network.flags = up lxc.network.mtu = 1500 What about just moving the physical eth1 within the container directly instead of trying to forward the trafic ? Curious to know how to achieve that!! Meanwhile, I might still need the eth1 in host for other reasons. I just need the packet capturing utility to work inside the container and capture the packets sent over eth1 to *wherever*. ~Nirmal -- Protect Your Site and Customers from Malware Attacks Learn about various malware tactics and how to avoid them. Understand malware threats, the impact they can have on your business, and how you can protect your company and customers by using code signing. http://p.sf.net/sfu/oracle-sfdevnl ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Forwarding packets from host to container
On 01/12/2011 10:28 PM, Nirmal Guhan wrote: On Wed, Jan 12, 2011 at 12:42 PM, Daniel Lezcanodaniel.lezc...@free.fr wrote: On 01/12/2011 02:25 AM, Nirmal Guhan wrote: Hi, How do I forward packets (ethernet frames included) from host to container. I plan to run a packet capture program (tcpdump for instance) within container that will capture the packets coming to host eth1 interface. I tried both using bridge and iptables but they do not seem to help. iptables -A FORWARD -i eth1 -o br1 -j ACCEPT and/or iptables -A FORWARD -i eth1 -o vethZtPPol -j ACCEPT Instead of the above, I also tried adding host eth1 to br1 but still tcpdump from container cannot see the packets sent to eth1 from external world. I use fedora 12 for both host and container. xc.network.type = veth lxc.network.link = br1 lxc.network.name = eth1 lxc.network.flags = up lxc.network.mtu = 1500 What about just moving the physical eth1 within the container directly instead of trying to forward the trafic ? Curious to know how to achieve that!! lxc.network.type = phys lxc.network.link = eth1 lxc.network.name = eth1 lxc.network.flags = up Of course, the host won't be able to use this interface while it is in the container ;) Meanwhile, I might still need the eth1 in host for other reasons. I just need the packet capturing utility to work inside the container and capture the packets sent over eth1 to *wherever*. Mmh, hard to achieve. The network is isolated and you are trying to get rid of it. Maybe the bonding is a good alternative to the bridge, not sure ... http://en.wikipedia.org/wiki/Channel_bonding But lxc should be modified to take care of it at the configuration level. -- Daniel -- Protect Your Site and Customers from Malware Attacks Learn about various malware tactics and how to avoid them. Understand malware threats, the impact they can have on your business, and how you can protect your company and customers by using code signing. http://p.sf.net/sfu/oracle-sfdevnl ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Forwarding packets from host to container
On Wed, Jan 12, 2011 at 2:07 PM, Nirmal Guhan vavat...@gmail.com wrote: On Wed, Jan 12, 2011 at 1:45 PM, Daniel Lezcano daniel.lezc...@free.fr wrote: On 01/12/2011 10:28 PM, Nirmal Guhan wrote: On Wed, Jan 12, 2011 at 12:42 PM, Daniel Lezcanodaniel.lezc...@free.fr wrote: On 01/12/2011 02:25 AM, Nirmal Guhan wrote: Hi, How do I forward packets (ethernet frames included) from host to container. I plan to run a packet capture program (tcpdump for instance) within container that will capture the packets coming to host eth1 interface. I tried both using bridge and iptables but they do not seem to help. iptables -A FORWARD -i eth1 -o br1 -j ACCEPT and/or iptables -A FORWARD -i eth1 -o vethZtPPol -j ACCEPT Instead of the above, I also tried adding host eth1 to br1 but still tcpdump from container cannot see the packets sent to eth1 from external world. I use fedora 12 for both host and container. xc.network.type = veth lxc.network.link = br1 lxc.network.name = eth1 lxc.network.flags = up lxc.network.mtu = 1500 What about just moving the physical eth1 within the container directly instead of trying to forward the trafic ? Curious to know how to achieve that!! lxc.network.type = phys lxc.network.link = eth1 lxc.network.name = eth1 lxc.network.flags = up Of course, the host won't be able to use this interface while it is in the container ;) Meanwhile, I might still need the eth1 in host for other reasons. I just need the packet capturing utility to work inside the container and capture the packets sent over eth1 to *wherever*. Mmh, hard to achieve. The network is isolated and you are trying to get rid of it. Maybe the bonding is a good alternative to the bridge, not sure ... http://en.wikipedia.org/wiki/Channel_bonding But lxc should be modified to take care of it at the configuration level. -- Daniel Thanks. I was thinking adding host eth1 and container eth1 to the same bridge (as done now), container veth should be able to see the ethernet frames. It actually sees some packets (like echo reply) but not all. Am I missing anything? ~nirmal I worked it around by capturing the packet in eth1 and fwding it to the veth of container using libpcap. ~Nirmal -- Protect Your Site and Customers from Malware Attacks Learn about various malware tactics and how to avoid them. Understand malware threats, the impact they can have on your business, and how you can protect your company and customers by using code signing. http://p.sf.net/sfu/oracle-sfdevnl ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
[Lxc-users] Forwarding packets from host to container
Hi, How do I forward packets (ethernet frames included) from host to container. I plan to run a packet capture program (tcpdump for instance) within container that will capture the packets coming to host eth1 interface. I tried both using bridge and iptables but they do not seem to help. iptables -A FORWARD -i eth1 -o br1 -j ACCEPT and/or iptables -A FORWARD -i eth1 -o vethZtPPol -j ACCEPT Instead of the above, I also tried adding host eth1 to br1 but still tcpdump from container cannot see the packets sent to eth1 from external world. I use fedora 12 for both host and container. xc.network.type = veth lxc.network.link = br1 lxc.network.name = eth1 lxc.network.flags = up lxc.network.mtu = 1500 -Nirmal -- Protect Your Site and Customers from Malware Attacks Learn about various malware tactics and how to avoid them. Understand malware threats, the impact they can have on your business, and how you can protect your company and customers by using code signing. http://p.sf.net/sfu/oracle-sfdevnl ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Forwarding packets from host to container
On Tue, Jan 11, 2011 at 5:25 PM, Nirmal Guhan vavat...@gmail.com wrote: Hi, How do I forward packets (ethernet frames included) from host to container. I plan to run a packet capture program (tcpdump for instance) within container that will capture the packets coming to host eth1 interface. I tried both using bridge and iptables but they do not seem to help. iptables -A FORWARD -i eth1 -o br1 -j ACCEPT and/or iptables -A FORWARD -i eth1 -o vethZtPPol -j ACCEPT Instead of the above, I also tried adding host eth1 to br1 but still tcpdump from container cannot see the packets sent to eth1 from external world. I use fedora 12 for both host and container. xc.network.type = veth lxc.network.link = br1 lxc.network.name = eth1 lxc.network.flags = up lxc.network.mtu = 1500 -Nirmal An update : If I connect host eth1 to a bridge br2 and add lxc.network.type = veth lxc.network.link = br2 lxc.network.name = eth2 lxc.network.flags = up lxc.network.mtu = 1500 I can then see packets coming into eth2 (basically echo reply from external machine) but not the ones going out. Kindly help. -Nirmal -- Protect Your Site and Customers from Malware Attacks Learn about various malware tactics and how to avoid them. Understand malware threats, the impact they can have on your business, and how you can protect your company and customers by using code signing. http://p.sf.net/sfu/oracle-sfdevnl ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Forwarding packets from host to container
On Tue, Jan 11, 2011 at 5:34 PM, Nirmal Guhan vavat...@gmail.com wrote: On Tue, Jan 11, 2011 at 5:25 PM, Nirmal Guhan vavat...@gmail.com wrote: Hi, How do I forward packets (ethernet frames included) from host to container. I plan to run a packet capture program (tcpdump for instance) within container that will capture the packets coming to host eth1 interface. I tried both using bridge and iptables but they do not seem to help. iptables -A FORWARD -i eth1 -o br1 -j ACCEPT and/or iptables -A FORWARD -i eth1 -o vethZtPPol -j ACCEPT Instead of the above, I also tried adding host eth1 to br1 but still tcpdump from container cannot see the packets sent to eth1 from external world. I use fedora 12 for both host and container. xc.network.type = veth lxc.network.link = br1 lxc.network.name = eth1 lxc.network.flags = up lxc.network.mtu = 1500 -Nirmal An update : If I connect host eth1 to a bridge br2 and add lxc.network.type = veth lxc.network.link = br2 lxc.network.name = eth2 lxc.network.flags = up lxc.network.mtu = 1500 I can then see packets coming into eth2 (basically echo reply from external machine) but not the ones going out. Kindly help. -Nirmal A typo : packets coming into eth1 of the host... -- Protect Your Site and Customers from Malware Attacks Learn about various malware tactics and how to avoid them. Understand malware threats, the impact they can have on your business, and how you can protect your company and customers by using code signing. http://p.sf.net/sfu/oracle-sfdevnl ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users