I cannot use the host network for container/veth IPs, so it looks like I need a NAT. some comments inline On Fri, Jun 27, 2014 at 3:44 AM, Pascal Hambourg <pascal@xxxxxxxxxxxxxxx> wrote: > Hello, > > Vijay Viswanathan a écrit : >> I have a setup where >> lxc ( container/light weight sandbox ) brings up veth and setsup IP as >> 192.168.10.2. and runs telnet server ( on port 2300 ) >> >> I created a bridge with IP 192.168.10.2 attaching the veth. > > Why ? [VV]I specify that in the container conf. It will come up with a veth and it will attach it to the given bridge. There is very little I can do here. [VV]I cannot have the container come up with the host network IP ( It has to be some private network IP) > Note : the address on br0 is different in the output of ifconfig. > Is 192.168.10.2 the address of the container or the host ? container ( with vethxx ) > >> After the route setup, the host ( with eth1: 10.4.38.222 ) > > Note : the address on eth1 is different in the output of ifconfig. [VV] am sorry c > >> is able to ping the veth ( 192.168.10.2 ) and vice versa. > > Vice versa ? What do you mean exactly ? What commands do you run ? > [VV]just ping from container to host ping 10.4.38.222 >> Now how do I connect to the telnet server on 192.168.10.2: 2300 from >> 10.4.3x.xxx network ? > > Assuming the routing is properly set up on the network (i.e. hosts on > the network or the default router have a route to 192.168.10.0/24 with > gateway 10.4.38.182) and forwarding is enable on the host > (net.ipv4.ip_forward=1), just run : > > $ telnet <container_address> 2300 > [VV] This is not an option in my design. Outside world knows only the host IP and it should route the 2300 traffic to the server in 192.168.10.2: 2300 >> I guess I need some kind of NAT rules > > Only as a last resort if you cannot setup proper routing on the network. > >> also tried adding : >> >> # brctl addif br0 eth1 > > If you add eth1 to the bridge, then you must : > - move the IP address from eth1 to br0, > - use an IP address in the external network subnet for the container. [VV] That is not an option but I tried it anyways and it worked earlier. Now I need to move forward with the container on a non host network :( Thanks. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
