Vijay Viswanathan a écrit : > I cannot use the host network for container/veth IPs, so it looks like > I need a NAT. Indeed. Enable IP forwarding on the host (sysctl net.ipv4.ip_forward=1). Set default route in the container (seems to be set already). Set port forwarding (DNAT) on the host to the container. iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 2300 \ -j DNAT --to 192.168.10.2:2300 Optionally, set masquerading (SNAT) on the host for the containers. iptables -t nat -A POSTROUTING -o eth1 -s 192.168.10.0/24 \ -j MASQUERADE -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
