I have a little bare-metal ubuntu 14.04 server at home running a web service. The http(s) daemon runs on port 8006 and 8007, and iptables is used to redirect incoming requests. Have been using this setup forever, works great:
iptables -A INPUT -p tcp --dport 80 -j ACCEPT iptables -A INPUT -p tcp --dport 443 -j ACCEPT iptables -A INPUT -p tcp --dport 8006 -j ACCEPT iptables -A INPUT -p tcp --dport 8007 -j ACCEPT iptables -A PREROUTING -t nat -p tcp --dport 80 -j REDIRECT --to-port 8006 iptables -A PREROUTING -t nat -p tcp --dport 443 -j REDIRECT --to-port 8007 Now on the same server I would like to run LXC, however I am running into a strange problem. Within the LXC guests on this server, all outgoing http(s) requests seem to hit the prerouting rule, and are redirected to localhost:8006/8007 on the server. So the guests are not running any httpd or anything, this is just to download a file from the web. So for example, on the guest if I do: curl http://www.google.com/foo I actually get the content of http://localhost:8006/foo on my host server. Naturally this makes the guest unworkable because the package manager can't get to the repositories because it is getting 404 for anything it needs. My question: - Is this expected? Why do outgoing http(s) requests from the lxc guest hit the prerouting rules in the host machine? - How can I can modify the iptables PREROUTING line so that it still redirects incoming http requests to port 8006/8007 on the server, but does not affect the lxc guests? Thank you very much, Jeroen _______________________________________________ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users