good point. The container is able to ping other machines in the network # traceroute 10.4.38.222 traceroute to 10.4.38.222 (10.4.38.222), 30 hops max, 38 byte packets 1 192.168.10.1 (192.168.10.1) 0.047 ms 0.023 ms 0.019 ms 2 10.4.38.222 (10.4.38.222) 0.439 ms 0.393 ms 0.320 ms # also : The container is able to ping the host # traceroute 10.4.38.182 traceroute to 10.4.38.182 (10.4.38.182), 30 hops max, 38 byte packets 1 10.4.38.182 (10.4.38.182) 0.052 ms 0.023 ms 0.018 ms and vice versa ( from host to container ) : # traceroute 192.168.10.2 traceroute to 192.168.10.2 (192.168.10.2), 30 hops max, 38 byte packets 1 192.168.10.2 (192.168.10.2) 0.050 ms 0.032 ms 0.026 ms >From host -- # iptables-save # Generated by iptables-save v1.4.21 on Thu Jan 1 02:34:10 1970 *nat :PREROUTING ACCEPT [1:142] :INPUT ACCEPT [1:142] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] -A PREROUTING -d 10.4.38.182/32 -i eth1 -p tcp -m tcp --dport 2300 -j DNAT --to-destination 192.168.10.2:2300 -A POSTROUTING -s 192.168.10.0/24 -o eth1 -j MASQUERADE COMMIT # Completed on Thu Jan 1 02:34:10 1970 # Generated by iptables-save v1.4.21 on Thu Jan 1 02:34:10 1970 *mangle :PREROUTING ACCEPT [19518:3047480] :INPUT ACCEPT [18424:2795220] :FORWARD ACCEPT [476:70846] :OUTPUT ACCEPT [3080:241144] :POSTROUTING ACCEPT [3556:311990] COMMIT # Completed on Thu Jan 1 02:34:10 1970 # Generated by iptables-save v1.4.21 on Thu Jan 1 02:34:10 1970 *filter :INPUT ACCEPT [60:3920] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [36:2555] COMMIT # Completed on Thu Jan 1 02:34:10 1970 >From container ----------- # iptables-save # Generated by iptables-save v1.4.21 on Thu Jan 1 02:35:19 1970 *nat :PREROUTING ACCEPT [16:918] :INPUT ACCEPT [16:918] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] COMMIT # Completed on Thu Jan 1 02:35:19 1970 # Generated by iptables-save v1.4.21 on Thu Jan 1 02:35:19 1970 *mangle :PREROUTING ACCEPT [72:4292] :INPUT ACCEPT [72:4292] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [16:1012] :POSTROUTING ACCEPT [16:1012] COMMIT # Completed on Thu Jan 1 02:35:19 1970 # Generated by iptables-save v1.4.21 on Thu Jan 1 02:35:19 1970 *filter :INPUT ACCEPT [72:4292] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [16:1012] COMMIT # Completed on Thu Jan 1 02:35:19 1970 Thanks a lot On Fri, Jun 27, 2014 at 12:18 PM, Pascal Hambourg <pascal@xxxxxxxxxxxxxxx> wrote: > Vijay Viswanathan a écrit : >> I did that but still not working. the telnet [telnet 10.4.38.182 2300] >> command is stuck for a long time >> >> # iptables -t nat --list > > Please use iptables-save instead. The output is much easier to read. > >> # route > > Can you provide the output of the same commands run in the container ? > Can the container connect to or ping some external host ? -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
