Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
LXC - network connection PUB IP
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
najkon
n00b
n00b


Joined: 14 Aug 2016
Posts: 13

PostPosted: Wed Aug 24, 2016 12:22 am    Post subject: LXC - network connection PUB IP Reply with quote

Hi,
I am fighting with setting the network for my LXC container.
Container installed correctly and running, but I do not have it exit on the world.
I tried to make it using wiki instructions ( https://wiki.gentoo.org/wiki/LXC ) unfortunately without result.
connection inside (an internal address) it is like HOST <-> GUEST but from GUEST to Internet did not work
(Of course, I use rule iptables: iptables -t nat -A POSTROUTING -o eth1 -s 10.0.50.0/24 -j MASQUERADE on HOST)

And I would like to have on each (have two) container 1 internal IP (from pool 10.0.50.0/24) address and one public IP address (from /29 pool)
Can anyone describe step by step how to do?

What I have now:
eth1 = is WAN interface
on eth1 I picked up all IP addresses from my PUB IP pool /29
br0 = is bridge for first lxc container has name ' lamp ' and I gave him the address of the IP 10.0.50.1/24
br5 = is bridge for second lxc container has name ' team ' I gave him the address of the IP 10.0.60.1/24

I'll try to write in the morning what I've already done, because now it's late (02:18 am) and I do not think correctly :)

EDIT: My configuration
- iptables -L -n -v -t nat
Code:
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    5   260 MASQUERADE  all  --  *      eth1    0.0.0.0/0            0.0.0.0/0     


- Interfaces
Code:

br0: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST>  mtu 1500
        inet 10.0.50.1  netmask 255.255.255.0  broadcast 10.0.50.255
        inet6 fe80::fc11:6ff:fe21:478a  prefixlen 64  scopeid 0x20<link>
        ether fe:5e:06:cc:7a:88  txqueuelen 1000  (Ethernet)

lamp: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::fc5e:6ff:fecc:7a88  prefixlen 64  scopeid 0x20<link>
        ether fe:5e:06:cc:7a:88  txqueuelen 1000  (Ethernet)


- bridge
Code:

bridge name   bridge id      STP enabled   interfaces
br0      8000.fe5e06cc7a88   no      lamp


- LXC config for lamp container
Code:

lxc.network.type = veth
lxc.network.flags = up
lxc.network.veth.pair = lamp
lxc.network.name = eth0
lxc.network.link = br0
lxc.network.ipv4 = 10.0.50.10/24
lxc.network.ipv4.gateway = 10.0.50.1


- Pinging on HOST to GUEST
Code:

ping 10.0.50.10
PING 10.0.50.10 (10.0.50.10) 56(84) bytes of data.
64 bytes from 10.0.50.10: icmp_seq=1 ttl=64 time=0.066 ms
64 bytes from 10.0.50.10: icmp_seq=2 ttl=64 time=0.017 ms


- Pinging on GUEST to HOST
Code:

ping 10.0.50.1
PING 10.0.50.1 (10.0.50.1) 56(84) bytes of data.
64 bytes from 10.0.50.1: icmp_seq=1 ttl=64 time=0.060 ms
64 bytes from 10.0.50.1: icmp_seq=2 ttl=64 time=0.017 ms


- ip route from GUEST
Code:

default via 10.0.50.1 dev eth0
10.0.50.0/24 dev eth0  proto kernel  scope link  src 10.0.50.10


- resolv.conf from GUEST
Code:

cat /etc/resolv.conf
nameserver 8.8.8.8
nameserver 8.8.8.4


- Pinging WORLD (aka. google dns)
Code:

ping 8.8.8.8 
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.

and nothing more shows..


Where is a problem?! :(
Back to top
View user's profile Send private message
szatox
Veteran
Veteran


Joined: 27 Aug 2013
Posts: 1717

PostPosted: Sun Aug 28, 2016 10:57 am    Post subject: Reply with quote

How 'bout your iptables filter? Do you accept traffic forwarding?
Did you enable IP forwarding in your kernel?
Code:
# sysctl -a | grep forwa
net.ipv4.conf.all.forwarding = 1
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum