Hi Ulli, I have managed to set up routed networking with lxc, it isn't very different from xen or qemu. I've created a webpage explaining how I did it: http://j.9souldier.org/trunk/lxc/ Comments are welcome. John
ps. I think your setup is wrong in that you need to route through the host and not your router, the host will take care of routing through the routes that are relevant (i.e. communication between guests don't need to go through the router). -- Current excuse: network down, IP packets delivered via UPS On Mon, 4 Apr 2011 19:35:09 +0200 Ulli Horlacher <[email protected]> wrote: > > My first Ubuntu 10.04 container is up and running on a Ubuntu 10.04 > host, but the container can only connect to the host (and vice > versa), but not to the world outside. > > I saw a lot of configurations for NAT, but I want native routing for > my containers. > > > > My setup is: > > host zoo 129.69.1.39 > container LXC 129.69.1.219 > router 129.69.1.254 > > In LXC.conf is: > > lxc.utsname = LXC > lxc.network.type = veth > lxc.network.link = br0 > lxc.network.flags = up > lxc.network.name = eth0 > lxc.network.mtu = 1500 > lxc.network.ipv4 = 129.69.1.219/24 > > > root@LXC:~# route -n > Kernel IP routing table > Destination Gateway Genmask Flags Metric Ref > Use Iface 129.69.1.0 0.0.0.0 255.255.255.0 U > 0 0 0 eth0 0.0.0.0 129.69.1.254 > 0.0.0.0 UG 0 0 0 eth0 > > root@LXC:~# ping -c 1 129.69.1.39 > PING 129.69.1.39 (129.69.1.39) 56(84) bytes of data. > 64 bytes from 129.69.1.39: icmp_seq=1 ttl=64 time=11.5 ms > > --- 129.69.1.39 ping statistics --- > 1 packets transmitted, 1 received, 0% packet loss, time 0ms > rtt min/avg/max/mdev = 11.547/11.547/11.547/0.000 ms > > root@LXC:~# ping -c 1 129.69.1.254 > PING 129.69.1.254 (129.69.1.254) 56(84) bytes of data. > >From 129.69.1.219 icmp_seq=1 Destination Host Unreachable > > --- 129.69.1.254 ping statistics --- > 1 packets transmitted, 0 received, +1 errors, 100% packet loss, time > 0ms > > > > root@zoo:~# route -n > Kernel IP routing table > Destination Gateway Genmask Flags Metric Ref > Use Iface 129.69.1.0 0.0.0.0 255.255.255.0 U > 0 0 0 br0 0.0.0.0 129.69.1.254 0.0.0.0 > UG 100 0 0 br0 > > root@zoo:~# ping -c 1 129.69.1.219 > PING 129.69.1.219 (129.69.1.219) 56(84) bytes of data. > 64 bytes from 129.69.1.219: icmp_seq=1 ttl=64 time=0.058 ms > > --- 129.69.1.219 ping statistics --- > 1 packets transmitted, 1 received, 0% packet loss, time 0ms > rtt min/avg/max/mdev = 0.058/0.058/0.058/0.000 ms > > root@zoo:~# ping -c 1 129.69.1.254 > PING 129.69.1.254 (129.69.1.254) 56(84) bytes of data. > 64 bytes from 129.69.1.254: icmp_seq=1 ttl=255 time=0.509 ms > > --- 129.69.1.254 ping statistics --- > 1 packets transmitted, 1 received, 0% packet loss, time 0ms > rtt min/avg/max/mdev = 0.509/0.509/0.509/0.000 ms > > root@zoo:~# iptables -n -L > Chain INPUT (policy ACCEPT) > target prot opt source destination > > Chain FORWARD (policy ACCEPT) > target prot opt source destination > > Chain OUTPUT (policy ACCEPT) > target prot opt source destination > > root@zoo:~# sysctl -a | grep forward > net.ipv4.conf.all.forwarding = 1 > net.ipv4.conf.all.mc_forwarding = 0 > net.ipv4.conf.default.forwarding = 1 > net.ipv4.conf.default.mc_forwarding = 0 > net.ipv4.conf.lo.forwarding = 1 > net.ipv4.conf.lo.mc_forwarding = 0 > net.ipv4.conf.eth0.forwarding = 1 > net.ipv4.conf.eth0.mc_forwarding = 0 > net.ipv4.conf.br0.forwarding = 1 > net.ipv4.conf.br0.mc_forwarding = 0 > net.ipv4.conf.virbr0.forwarding = 1 > net.ipv4.conf.virbr0.mc_forwarding = 0 > net.ipv4.conf.vethMx2A0v.forwarding = 1 > net.ipv4.conf.vethMx2A0v.mc_forwarding = 0 > net.ipv4.ip_forward = 1 > > Any debugging hints? > ------------------------------------------------------------------------------ Xperia(TM) PLAY It's a major breakthrough. An authentic gaming smartphone on the nation's most reliable network. And it wants your games. http://p.sf.net/sfu/verizon-sfdev _______________________________________________ Lxc-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/lxc-users
