I think I'm doing something wrong

[justjosh]

Hey guys,

My objective is to forward selected ports on a single public IP attached to eno1 on the host to LXCs. Inside the LXC I can ping all the way up to the host public IP but not to the host gateway or anything beyond.

E.g. expectation:

IP:10001-10100 > LXC 1
IP:10101-10200 > LXC 2
... etc

Reality:

- ping 192.168.99.1 > Response
- ping Host IP > Response
- ping Host Gateway > No Response
- ping 1.1.1.1 > No Response

Host network is setup as:

eno1:
- CIDR: Public IP/24
- Gateway: ISP Gateway

vmbr0:
- OVS Bridge
- CIDR: 192.168.99.1/24
- Gateway: Host Gateway
- Bridge Ports: eno1

LXC network:

eth0:
- CIDR: 192.168.99.2/24
- Gateway: 192.168.99.1

 

[B.Otto]

Hello,

well, ping (icmp) and ports (tcp/udp) are different things, so you can't test things with that.

Do you have set up NAT (masquerade) rules on the host? Without those your local machines won't reach anything beyond your host (e.g. 1.1.1.1).

Port forwarding is only needed if your local machines need to be accessible from outside - for the usual 'connect to internet' things you only need NAT rules.

Is there any reason why you use Openvswitch? I don't have much experience with OVS, but the common virtual networking things can also be done with linux bridges these days.

Kind regards,
Benedikt