Hi, I've just re-created my environment from MAAS and I noticed that my lxc containers can't talk out to the world (but the world could talk back to them, for example outbound ICMP would not work, but inbound from a different machine on the same L2 broadcast domain - would). That obviously broke the provisioning (since the containers couldn't curl anything)
After a little bit of looking around I found this iptables rule (in nat) on a host freshly deployed from juju. Chain POSTROUTING (policy ACCEPT 102 packets, 10926 bytes) pkts bytes target prot opt in out source destination 42 2807 MASQUERADE all -- * * 10.0.1.0/24 ! 10.0.1.0/24 Since I used a 10.0.0.0/23 as my base range and the LXC containers were getting 10.0.1.x/23 addresses this rule ended up NATing all the requests to the IP on the host - not good. What creates this rule and what's it for in the first instance? kind regards Pshem
-- Juju mailing list Juju@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju
