iptables setup for two different lxc containers inside the same host
Hello out there. A month ago I started to deal with this problem and until now I couldn't cope with it. The quick story is that I'm trying to setup two different lxc containers inside the same host machine running debian linux. One of the containers is running a VPN server, while the second one is running a WEB server. Both of them are connected to the internet through a bridge (br0) interface on the host. In order to route the traffic between these two containers I used iptables.
Let's now see this procedure more closely and step by step.
SETUP THE FIRST CONTAINER (VPN)
@HOST [ /etc/network/interfaces ]
@HOST [ /var/lib/lxc/VPN/config ]
@GUEST VPN [ /etc/network/interfaces ]
After some more configuration inside the container for the vpn server (not interesting for this post) i add the following iptables rules in the HOST machine:
Until that step everything is working as expected. VPN container can ping the outside world, can apt-get update correctly and VPN clients find their way to the outside world as expected.
The next step was to add another container for the WEB server.
@HOST [ /var/lib/lxc/WEB/config ]
@GUEST [ /etc/network/interfaces ]
For http traffic to be routed in the WEB container I add the following iptables rule
and thus now the final rules are :
This is where problems start.
1. containers can ping the outside world
2. containers can not apt-get update
3. vpn clients doesn't access internet properly. Some web sites doesn't load at all while others work perfectly.
It seems that there is a conflict in the http protocol traffic. If I delete the later iptables rule (for the WEB container) , container regain the ability for the apt-get update and vpn clients can access all the web sites. In that way the drawback is that I cannot access the web server from the outside world.
Finally some network info:
ifconfig @ HOST
route -n @ HOST
brctl show @ HOST
Any idea/hint on how to fix this routing problem will be very thankful because I cannot think anything else to try and my mind is going to burn out.
Thank you.
P.S Something that I just realized is that the error from the apt-get update command show that it tries to communicate with ipv6 protocol and not ipv4. Is that weird ?
Hello,
The host on which i work is a remote machine behind a proxy.
I have installed the jdk like that and it works well: (I access the remote machine via ssh)
http_proxy=http://proxy:3128 && https_proxy=http://proxy:3128
sudo apt-get install openjdk-7-jre-headless
:~# java... (1 Reply)
Hello,
Please, I try to do ping 10.0.3.8 (ip of LXC container) from VMB but it didn't work ! Have you an idea please ?
Here is an explanation of what I want do: (red arrow)
http://imgur.com/2IzJvXO
imgur: the simple image sharer
Thanks a lot.
Best Regards. (0 Replies)
Hi,
We have Oracle Connection parameters set up in file name "TESTDB" at location /abc/etc.When I try to run my shell script it does not connect to Oracle database. Please let me know how "TESTDB" file can be called inside script.
####################### Setting the directories... (2 Replies)
Hello,
Greetings!!
I have a server with 3 TB of disk space and 12 GB RAM and a i7 processor.
What I did thus far is to install Oracle Enterprise Linux (OEL 5.7)as the host system and install Oracle Virtual box and created 3 VM's. Installed OEL 5.7 on one of the VM, working on installing... (1 Reply)
Hi All,
I am trying setup a remote printer on a solaris 10 server. The printer is online and working fine is solaris 8. I have added the pritner to /etc/hosts file and /etc/printers.conf ... I need to know followings:
1. How do I find the default pritner port on the old solaris machine... (0 Replies)
Hey all,
I have a script that I use for some automated installs. Unfortunately for the script to work the server that it's running from needs to have host-key authentication setup to the target server. If it isn't setup beforehand and the script is executed the install partially completes and... (1 Reply)
I do a ssh to remote host(A1) from local host(L1). I then ssh to another remote(A2) from A1.
When I do a who -m from A2, I see the "connected from" as "A1".
=> who -m
userid pts/2 2010-03-27 08:47 (A1)
I want to identify who is the local host who initiated the connection to... (3 Replies)
HI all,
I have setup IPTables firewall/Router and my home network, with address space 192.168.10.XXX
Form my private network hosts, i can ping the gateway ( 192.168.10.101 ) , but the reverse is not happening.
Can someone help me as of what i need to do, so that i can ping my private... (1 Reply)
I know that IBM's official stance is that NIM does not work on etherchannel environment, but has anyone able to get around it?
I'm working on a p5-590 LPAR system, and the NIM master and clients are all on the same frame.
Any help is appreciated. (1 Reply)
I am running Redhat 7.2. I am using a router with dhcp setup for my computer. When logging in, I get the error "dhcppc1 not found". My router assigned that host name to my pc for dhcp. It says to modify the /etc/hosts file to keep from having any problems. Everything seems to be working ok... (2 Replies)