I believe that your problem is the --to-ports rules. For simple masquerading you just need the third rule. I'm no expert, but i think your rules are a bit messy.
On 05-03-2013 08:30, alvaro miranda wrote: > This the iptables setup from LXC in OL6.4 channel > > [root@ol6hostlxc ~]# cat /etc/sysconfig/iptables > # Generated by iptables-save v1.4.7 on Tue Mar 5 21:27:37 2013 > *nat > :PREROUTING ACCEPT [33:5486] > :INPUT ACCEPT [33:5486] > :OUTPUT ACCEPT [2:144] > :POSTROUTING ACCEPT [2:144] > -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE > --to-ports 1024-65535 > -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE > --to-ports 1024-65535 > -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE > COMMIT > # Completed on Tue Mar 5 21:27:37 2013 > # Generated by iptables-save v1.4.7 on Tue Mar 5 21:27:37 2013 > *mangle > :PREROUTING ACCEPT [59:9336] > :INPUT ACCEPT [59:9336] > :FORWARD ACCEPT [0:0] > :OUTPUT ACCEPT [2:144] > :POSTROUTING ACCEPT [2:144] > -A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill > COMMIT > # Completed on Tue Mar 5 21:27:37 2013 > # Generated by iptables-save v1.4.7 on Tue Mar 5 21:27:37 2013 > *filter > :INPUT ACCEPT [59:9336] > :FORWARD ACCEPT [0:0] > :OUTPUT ACCEPT [2:144] > -A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT > -A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT > -A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT > -A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT > -A FORWARD -d 192.168.122.0/24 -o virbr0 -m state --state RELATED,ESTABLISHED > -j ACCEPT > -A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT > -A FORWARD -i virbr0 -o virbr0 -j ACCEPT > -A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable > -A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable > COMMIT > # Completed on Tue Mar 5 21:27:37 2013 > > > On 5/03/2013, at 12:18 PM, Dwight Engen <dwight.en...@oracle.com> wrote: > >> On Mon, 04 Mar 2013 15:35:06 -0600 >> "cbul...@gmail.com" <cbul...@gmail.com> wrote: >> >>> Hi All, >>> >>> >>> We have a host server running Oracle Linux >>> (2.6.39-200.24.1.el6uek.x86_64) and We created a Oracle Linux 6.2 >>> container following Oracle's Docs >>> (http://docs.oracle.com/cd/E37670_01/E37355/html/ol_config_os_containers.html). >>> The installation process was OK and We did not have any problem. We >>> are able to connect to it using lxc-console. The problem is that we >>> don't have any connectivity to the public or private network from our >>> container (We have just connectivity to our host IP address). Our >>> host has full connectivity to both networks. >>> >>> These are the relevant network file configuration: >>> >>> Host info: >>> >>> - ifcfg-eth0 >>> >>> DEVICE="eth0" >>> HWADDR=00:0C:29:1B:46:20 >>> ONBOOT=yes >>> BRIDGE="virbr0" >>> NM_CONTROLLED="no" >>> >>> -ifcfg-virbr0 >>> >>> DEVICE="virbr0" >>> TYPE=Bridge >>> BRIDGE_FORWARDDELAY=0 >>> NM_CONTROLLED="no" >>> ONBOOT="yes" >>> BOOTPROTO=static >>> IPADDR=192.168.1.222 >>> NETMASK=255.255.255.0 >>> GATEWAY=192.168.1.1 >>> HWADDR=00:0C:29:1B:46:20 >>> >>> >>> Container info: >>> >>> - ifcfg-eth0 >>> >>> DEVICE=eth0 >>> BOOTPROTO="static" >>> ONBOOT=yes >>> HOSTNAME=ol6ctr1 >>> NM_CONTROLLED=no >>> TYPE=Ethernet >>> IPADDR=192.168.1.223 >>> HARDWARE=3E:E3:2D:8B:47:17 >>> NETMASK=255.255.255.0 >>> >>> -/etc/sysconfig/network >>> >>> NETWORKING=yes >>> NETWORKING_IPV6=no >>> GATEWAY=192.168.1.1 >>> HOSTNAME=ol6ctr1 >>> >>> >>> [root@ol6ctr1 ~]# route -n >>> Kernel IP routing table >>> Destination Gateway Genmask Flags Metric Ref >>> Use Iface >>> 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 >>> 0 0 eth0 192.168.1.0 0.0.0.0 255.255.255.0 >>> U 0 0 0 eth0 169.254.0.0 0.0.0.0 >>> 255.255.0.0 U 1007 0 0 eth0 >>> >>> -selinux: disabled >>> -iptables stopped >> I believe your problem is because iptables needs to not be stopped for >> the NAT forwarding rules to work and forward your traffic. >> >>> I really appreciate any help about this problem. >>> >>> Thanks in advance! >> ------------------------------------------------------------------------------ >> Everyone hates slow websites. So do we. >> Make your web apps faster with AppDynamics >> Download AppDynamics Lite for free today: >> http://p.sf.net/sfu/appdyn_d2d_feb >> _______________________________________________ >> Lxc-users mailing list >> Lxc-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/lxc-users > > ------------------------------------------------------------------------------ > Everyone hates slow websites. So do we. > Make your web apps faster with AppDynamics > Download AppDynamics Lite for free today: > http://p.sf.net/sfu/appdyn_d2d_feb > _______________________________________________ > Lxc-users mailing list > Lxc-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/lxc-users ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_feb _______________________________________________ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
