1

I've got a dedicated server and I'm trying to create a NAT. My virtual hosts are LinuX Containers, I've got only 1 public IP address and I'm trying to be connected to the Internet inside my LXC.

On my host, the default interface where I've got an internet access is eno1 and I created a bridge on it :

auto lxc-nat-bridge
iface lxc-nat-bridge inet static
    bridge_ports none
    bridge_fd 0
    bridge_stp off
    address 192.168.1.1
    netmask 255.255.255.0
    post-up echo 1 > /proc/sys/net/ipv4/ip_forward

Here is the network configuration of my LXC :

# Network configuration
lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = lxc-nat-bridge
lxc.network.ipv4 = 192.168.1.2/24
lxc.network.ipv4.gateway = 192.168.1.1
lxc.network.veth.pair = vethWeb

Then I typed this iptables rule in order to create a masquerade :

iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eno1 -j MASQUERADE

When I start the container, I can ping it from the host, but when I join the container and perform an apt update (which is the command I use in order to check the internet access because ping is not installed) :

root@web_container:/# apt update
Err:1 http://deb.debian.org/debian stretch InRelease                 
  Temporary failure resolving 'deb.debian.org'
Err:2 http://security.debian.org stretch/updates InRelease           
  Temporary failure resolving 'security.debian.org'
Reading package lists... Done                                        
Building dependency tree       
Reading state information... Done
All packages are up to date.
W: Failed to fetch http://deb.debian.org/debian/dists/stretch/InRelease  Temporary failure resolving 'deb.debian.org'
W: Failed to fetch http://security.debian.org/dists/stretch/updates/InRelease  Temporary failure resolving 'security.debian.org'
W: Some index files failed to download. They have been ignored, or old ones used instead.
root@web_container:/#

It doesn't work :(

Here's a ifconfig performed in the container :

root@web_container:/# /sbin/ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
    inet 192.168.1.2  netmask 255.255.255.0  broadcast 192.168.1.255
    inet6 fe80::7c2c:37ff:fe50:ab0e  prefixlen 64  scopeid 0x20<link>
    ether 7e:2c:37:50:ab:0e  txqueuelen 1000  (Ethernet)
    RX packets 11  bytes 786 (786.0 B)
    RX errors 0  dropped 0  overruns 0  frame 0
    TX packets 60  bytes 4623 (4.5 KiB)
    TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Please help me guys, I've been stuck into this for days !

ShellCode
  • 111
  • 3
  • 1
    All this looks sane, and the error may be a DNS issue. Is your /etc/resolv.conf correct in the container? – user2233709 Oct 22 '17 at 20:21
  • Thank you so much, I don't know why but the the default DNS server was 10.0.3.1 ...... I just used OpenNIC DNS and it's now working ! :) – ShellCode Oct 22 '17 at 20:38
  • 1
    Good to know. Now, you should be able to run your web application in your container. ;-) – user2233709 Oct 22 '17 at 21:07

0 Answers0