Which chains are used for container to container?
On Fri, Sep 19, 2014 at 5:29 PM, Shidan wrote:
> First I spoke to soon (by saying the problem is fixed with dnat for the
> output chain), now I can now ping the containers from the host and visa
> versa but not container to container using the co
First I spoke to soon (by saying the problem is fixed with dnat for the
output chain), now I can now ping the containers from the host and visa
versa but not container to container using the containers external IP.
Regarding your method, if you have IP aliases for the external addresses
for the co
Instead of using iptables, you can give a container an network interface
(for a total of two).
On my system I have an ethernet bridge, br0, with the host's main
interface on in. Then, in a container's config -
# primary, public interface 192.168.1.x from my router
lxc.network.type = veth
lxc.
Just figured it out a fix, I think. For containers to address each other by
both external and internal IPs, I set the DNAT rule on the OUTPUT and
PREROUTING chain, instead of just on the PREROUTING as above.
On Thu, Sep 18, 2014 at 11:03 PM, Shidan wrote:
> I think the case of having a 1 to 1 as
I think the case of having a 1 to 1 assignment of external IPs to
containers is an important use case to document somewhere.
On Thu, Sep 18, 2014 at 12:09 PM, Shidan wrote:
> Hello I have multiple external IP addresses and set up iptables so that
> each container is assigned one external IP on t
Hello I have multiple external IP addresses and set up iptables so that
each container is assigned one external IP on the lxcbr0 NATed bridge in a
1 to 1 fashion similar to this example:
root@SERVER:/var/log# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source
