On the host, does 'tcpdump -i any port 2300' reveal anything? You might even try the same on the container. At least you'd be able to see the packets at they flow through the system. On Friday, June 27, 2014 04:08:57 PM Vijay Viswanathan wrote: > good point. > The container is able to ping other machines in the network > # traceroute 10.4.38.222 > traceroute to 10.4.38.222 (10.4.38.222), 30 hops max, 38 byte packets > 1 192.168.10.1 (192.168.10.1) 0.047 ms 0.023 ms 0.019 ms > 2 10.4.38.222 (10.4.38.222) 0.439 ms 0.393 ms 0.320 ms > # > > also : > The container is able to ping the host > > # traceroute 10.4.38.182 > traceroute to 10.4.38.182 (10.4.38.182), 30 hops max, 38 byte packets > 1 10.4.38.182 (10.4.38.182) 0.052 ms 0.023 ms 0.018 ms > > and vice versa ( from host to container ) : > # traceroute 192.168.10.2 > traceroute to 192.168.10.2 (192.168.10.2), 30 hops max, 38 byte packets > 1 192.168.10.2 (192.168.10.2) 0.050 ms 0.032 ms 0.026 ms > > >From host -- > > # iptables-save > # Generated by iptables-save v1.4.21 on Thu Jan 1 02:34:10 1970 > *nat > > :PREROUTING ACCEPT [1:142] > :INPUT ACCEPT [1:142] > :OUTPUT ACCEPT [0:0] > :POSTROUTING ACCEPT [0:0] > > -A PREROUTING -d 10.4.38.182/32 -i eth1 -p tcp -m tcp --dport 2300 -j > DNAT --to-destination 192.168.10.2:2300 > -A POSTROUTING -s 192.168.10.0/24 -o eth1 -j MASQUERADE > COMMIT > # Completed on Thu Jan 1 02:34:10 1970 > # Generated by iptables-save v1.4.21 on Thu Jan 1 02:34:10 1970 > *mangle > > :PREROUTING ACCEPT [19518:3047480] > :INPUT ACCEPT [18424:2795220] > :FORWARD ACCEPT [476:70846] > :OUTPUT ACCEPT [3080:241144] > :POSTROUTING ACCEPT [3556:311990] > > COMMIT > # Completed on Thu Jan 1 02:34:10 1970 > # Generated by iptables-save v1.4.21 on Thu Jan 1 02:34:10 1970 > *filter > > :INPUT ACCEPT [60:3920] > :FORWARD ACCEPT [0:0] > :OUTPUT ACCEPT [36:2555] > > COMMIT > # Completed on Thu Jan 1 02:34:10 1970 > > >From container ----------- > > # iptables-save > # Generated by iptables-save v1.4.21 on Thu Jan 1 02:35:19 1970 > *nat > > :PREROUTING ACCEPT [16:918] > :INPUT ACCEPT [16:918] > :OUTPUT ACCEPT [0:0] > :POSTROUTING ACCEPT [0:0] > > COMMIT > # Completed on Thu Jan 1 02:35:19 1970 > # Generated by iptables-save v1.4.21 on Thu Jan 1 02:35:19 1970 > *mangle > > :PREROUTING ACCEPT [72:4292] > :INPUT ACCEPT [72:4292] > :FORWARD ACCEPT [0:0] > :OUTPUT ACCEPT [16:1012] > :POSTROUTING ACCEPT [16:1012] > > COMMIT > # Completed on Thu Jan 1 02:35:19 1970 > # Generated by iptables-save v1.4.21 on Thu Jan 1 02:35:19 1970 > *filter > > :INPUT ACCEPT [72:4292] > :FORWARD ACCEPT [0:0] > :OUTPUT ACCEPT [16:1012] > > COMMIT > # Completed on Thu Jan 1 02:35:19 1970 > > > > Thanks a lot > > On Fri, Jun 27, 2014 at 12:18 PM, Pascal Hambourg > > <pascal@xxxxxxxxxxxxxxx> wrote: > > Vijay Viswanathan a écrit : > >> I did that but still not working. the telnet [telnet 10.4.38.182 2300] > >> command is stuck for a long time > >> > >> # iptables -t nat --list > > > > Please use iptables-save instead. The output is much easier to read. > > > >> # route > > > > Can you provide the output of the same commands run in the container ? > > Can the container connect to or ping some external host ? > > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
