10.0.1.0/24
Pshem Kowalczyk
pshem.k at gmail.com
Tue Nov 10 03:03:46 UTC 2015
Hi,
I've just re-created my environment from MAAS and I noticed that my lxc
containers can't talk out to the world (but the world could talk back to
them, for example outbound ICMP would not work, but inbound from a
different machine on the same L2 broadcast domain - would). That obviously
broke the provisioning (since the containers couldn't curl anything)
After a little bit of looking around I found this iptables rule (in nat) on
a host freshly deployed from juju.
Chain POSTROUTING (policy ACCEPT 102 packets, 10926 bytes)
pkts bytes target prot opt in out source
destination
42 2807 MASQUERADE all -- * * 10.0.1.0/24 !
10.0.1.0/24
Since I used a 10.0.0.0/23 as my base range and the LXC containers were
getting 10.0.1.x/23 addresses this rule ended up NATing all the requests to
the IP on the host - not good.
What creates this rule and what's it for in the first instance?
kind regards
Pshem
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/juju/attachments/20151110/8b81c372/attachment.html>
More information about the Juju
mailing list