Re: eth - NAT - Bridge - veth

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I did that but still not working. the telnet [telnet 10.4.38.182 2300]
command is stuck for a long time

# iptables -t nat --list
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
DNAT       tcp  --  anywhere             anywhere             tcp
dpt:2300 to:192.168.10.2:2300

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  all  --  192.168.10.0/24      anywhere

also with -d 10.4.38.182
# iptables -t nat --list
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
DNAT       tcp  --  anywhere             10.4.38.182          tcp
dpt:2300 to:192.168.10.2:2300

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  all  --  192.168.10.0/24      anywhere

# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         10.4.39.254     0.0.0.0         UG    0      0        0 eth1
10.4.38.0       *               255.255.254.0   U     0      0        0 eth1
192.168.10.0    *               255.255.255.0   U     0      0        0 br0

// Ping from host to veth is fine
# ping 192.168.10.2
PING 192.168.10.2 (192.168.10.2): 56 data bytes
64 bytes from 192.168.10.2: seq=0 ttl=64 time=0.559 ms

# brctl show
bridge name     bridge id               STP enabled     interfaces
br0             8000.fe5585cf0c11       no              veth2

On Fri, Jun 27, 2014 at 10:51 AM, Pascal Hambourg
<pascal@xxxxxxxxxxxxxxx> wrote:
> Vijay Viswanathan a écrit :
>> I cannot use the host network for container/veth IPs, so it looks like
>> I need a NAT.
>
> Indeed.
>
> Enable IP forwarding on the host (sysctl net.ipv4.ip_forward=1).
> Set default route in the container (seems to be set already).
> Set port forwarding (DNAT) on the host to the container.
>
> iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 2300 \
>   -j DNAT --to 192.168.10.2:2300
>
> Optionally, set masquerading (SNAT) on the host for the containers.
>
> iptables -t nat -A POSTROUTING -o eth1 -s 192.168.10.0/24 \
>   -j MASQUERADE
>
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux