LXC Nat config, no internet access after upgrade to 6

[JohnD]

Hello everybody,

my next issue.

I cannot connect to the internet anymore from my containers.

Network config on host:

auto vmbr2
iface vmbr2 inet static
        address  192.168.100.1
        netmask  255.255.255.0
        bridge_ports none
        bridge_stp off
        bridge_fd 0

        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up   iptables -t nat -A POSTROUTING -s '192.168.100.0/24' -o vmbr0 -j MASQUERADE
    post-up   iptables -t raw -I PREROUTING  -i fwbr+ -j CT --zone 1

        post-down iptables -t nat -D POSTROUTING -s '192.168.100.0/24' -o vmbr0 -j MASQUERADE
    post-down iptables -t raw -D PREROUTING  -i fwbr+ -j CT --zone 1

Forwarding Ports to the containers works and i can ping the bridge 192.168.100.1 from within the container.
The container (IP: 192.168.100.11/24, gateway 192.168.100.1) can just not connect to the internet.
What did i forget?

Thank you.-

 

[Richard]

Hello everybody,

my next issue.

I cannot connect to the internet anymore from my containers.

Network config on host:

auto vmbr2
iface vmbr2 inet static
        address  192.168.100.1
        netmask  255.255.255.0
        bridge_ports none
        bridge_stp off
        bridge_fd 0

        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up   iptables -t nat -A POSTROUTING -s '192.168.100.0/24' -o vmbr0 -j MASQUERADE
    post-up   iptables -t raw -I PREROUTING  -i fwbr+ -j CT --zone 1

        post-down iptables -t nat -D POSTROUTING -s '192.168.100.0/24' -o vmbr0 -j MASQUERADE
    post-down iptables -t raw -D PREROUTING  -i fwbr+ -j CT --zone 1

Forwarding Ports to the containers works and i can ping the bridge 192.168.100.1 from within the container.
The container (IP: 192.168.100.11/24, gateway 192.168.100.1) can just not connect to the internet.
What did i forget?

Thank you.-

Firewall activated? If yes: does it work with firewall disabled?