I don't understand the modes of lxc network.
I'd like to have 4 guests: apache1, apache2, database and frontdoor
frontdoor is a squid which decides which apache should be used
It works perfectly on vservers, when all of guests has a dummy interface (isolated from web) and frontdoor has two interfaces real eth0 and dummy
Now I migrate to lxc, and instead of dummy I use bridge (on host) and mode=veth (on guests)
I'm not happy seeing four vethLIJG3f in ifconfig, but let's see its ok.
the problem is, that I CAN'T get to squid. I'm trying to iptables -t NAT -A PREROUTING -p tcp --dport 80 -j DNAT --to-dest 172.16.0.2 but it simply doesn't work.
I wonder if I should change veth to something else?
Well this interesting, I'm playing with a vserver and I do not really understand how it works with eth and dummy.
Whatever, in your case, I think you need to enable ip forwarding.
Check /etc/sysctl.conf to make it permanent
Naming interface that come into the bridge is a good idea if you want to know who is who. In the lxc config file:
network in lxc allow more sophisticated networking. For example, you could simulate a real "proxy" with 2 virtual interface, one on a bridge (say br0) connected to internet (public IPs, dmz, whatever) another (say br1) connected to the "internal services"
Note: for a second virtual ethernet interface, just repeat the lxc.network... stanza
Got the same problem. I was trying to forward ports to lxc container with
But it doesn't work. The solution was really simple:
For more details look at this