What is the default gateway on the container? It should be 10.0.1.1.-Tom
It is. Route returns: Destination Gateway Genmask Flags Metric Ref Use Iface default 10.0.1.1 0.0.0.0 UG 0 0 0 eth0 10.0.1.0 * 255.255.255.0 U 0 0 0 eth0 Thanks! On 14-01-23 04:36 PM, Tom Eastep wrote:
On 1/23/2014 12:27 PM, dclinton wrote:Hi, I've having some trouble creating a Shorewall configuration that will provide an LXC container connectivity through its host machine. To be more precise, the host machine currently has full connectivity to the LAN - both in and out - via ssh, ping, wget etc. The container, on the other hand, can only ping/ssh to/from its host (and gateway). I'd like ssh etc., access into the container from anywhere on the LAN. Without Shorewall running, the container has full access to Internet resources (wget, curl) but, of course, no way in except through the host. I would really appreciate it if anyone can help! Thanks so much, David Here's my config: Host /etc/network/interfaces file: = = = # The loopback network interface auto lo iface lo inet loopback # The primary network interface auto eth0 iface eth0 inet dhcp = = = = = Host ifconfig: = = = ifconfig eth0 Link encap:Ethernet HWaddr 00:25:90:0b:30:fc inet addr:10.0.0.94 Bcast:10.255.255.255 Mask:255.255.0.0 inet6 addr: fe80::225:90ff:fe0b:30fc/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:20838 errors:0 dropped:0 overruns:0 frame:0 TX packets:4241 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:4577569 (4.5 MB) TX bytes:607971 (607.9 KB) Interrupt:16 Memory:fb5e0000-fb600000 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:16 errors:0 dropped:0 overruns:0 frame:0 TX packets:16 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:1184 (1.1 KB) TX bytes:1184 (1.1 KB) lxcbr0 Link encap:Ethernet HWaddr fe:09:9c:6f:21:0e inet addr:10.0.1.1 Bcast:10.0.1.255 Mask:255.255.255.0 inet6 addr: fe80::1007:c9ff:fe50:f457/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:724 errors:0 dropped:0 overruns:0 frame:0 TX packets:924 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:91635 (91.6 KB) TX bytes:101370 (101.3 KB) veth5UC3H1 Link encap:Ethernet HWaddr fe:09:9c:6f:21:0e inet6 addr: fe80::fc09:9cff:fe6f:210e/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:724 errors:0 dropped:0 overruns:0 frame:0 TX packets:924 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:101771 (101.7 KB) TX bytes:101370 (101.3 KB) = = = = = = Shorewall zones: = = = #ZONE TYPE OPTIONS IN OUT # OPTIONS OPTIONS fw firewall net ipv4 lxc ipv4 = = = = = = Shorewall Interfaces: = = = #ZONE INTERFACE OPTIONS net eth0 dhcp,tcpflags,nosmurfs,routefilter,logmartians lxc lxcbr0 tcpflags,nosmurfs,routefilter,logmartians,routeback = = = = = = Shorewall policy: = = = #SOURCE DEST POLICY LOG LEVEL LIMIT:BURST #net all DROP info net all REJECT info $FW all ACCEPT lxc net ACCEPT # THE FOLLOWING POLICY MUST BE LAST all all REJECT info = = = = = = The shorewall.conf file is, to the best of my memory, in pristine, default condition.You need an entry in /etc/shorewall/masq. And you must have IP_FORWARDING=Yes in shorewall.conf.Here's the container's /etc/network/interfaces: = = = # The loopback network interface auto lo iface lo inet loopback auto eth0 iface eth0 inet dhcp = = = = = = ...and the container's ifconfig: = = = eth0 Link encap:Ethernet HWaddr 00:16:3e:9b:71:84 inet addr:10.0.1.60 Bcast:10.0.1.255 Mask:255.255.255.0 inet6 addr: fe80::216:3eff:fe9b:7184/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1136 errors:0 dropped:0 overruns:0 frame:0 TX packets:845 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:119118 (119.1 KB) TX bytes:116181 (116.1 KB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:1389 errors:0 dropped:0 overruns:0 frame:0 TX packets:1389 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:433197 (433.1 KB) TX bytes:433197 (433.1 KB)What is the default gateway on the container? It should be 10.0.1.1. -Tom ------------------------------------------------------------------------------ CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments & Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
------------------------------------------------------------------------------ CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments & Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
