如何在SLES中使用LXC容器配置NAT?

时间:2014-01-30 15:16:26

标签: virtual-machine virtualization opensuse suse lxc

我们正在尝试在SLES 11.3中配置带有LXC容器的NAT和Bridge。我们收到错误无法启动conatiner

以下是屏幕转储。 br0是外部网络,br1是内部网络

 brctl show

bridge name     bridge id               STP enabled     interfaces
br0             8000.001ec9d3ad09       no              eth0
br1             8000.000000000000       no

我们有br0与eth0桥接。以下是br0配置

    ifconfig br0

   br0     Link encap:Ethernet  HWaddr 00:1E:C9:D3:AD:09
           inet addr:10.31.96.176  Bcast:10.31.99.255  Mask:255.255.252.0
           inet6 addr: 3ffe:80c0:22c:8021:21e:c9ff:fed3:ad09/64 Scope:Global
           inet6 addr: fe80::21e:c9ff:fed3:ad09/64 Scope:Link
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:4054175 errors:0 dropped:748956 overruns:0 frame:0
           TX packets:9689 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:352965801 (336.6 Mb)  TX bytes:1382473 (1.3 Mb)

br1是另一个用于内部容器网络的桥梁

br1       Link encap:Ethernet  HWaddr 00:00:00:00:00:00
          inet addr:192.168.0.1  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::70d4:cbff:fe18:6548/64 Scope:Link
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:7 errors:0 dropped:0 overruns:0 frame:0
          TX packets:13 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:520 (520.0 b)  TX bytes:1070 (1.0 Kb)

以下是LXC配置

  lxc.network.type = veth
  lxc.network.name = net0
  lxc.network.ipv4 = 192.168.0.100/24
  lxc.network.link = br1
  lxc.network.flags = up
  lxc.network.ipv4.gateway=192.168.0.1

我们确实按照http://www.pdxsys.com/articles/lxc/lxc2/在br0和br1之间执行NAT 

 iptables -A INPUT    -p udp -m state --state ESTABLISHED,RELATED -j ACCEPT
 iptables -A INPUT    -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT
 iptables -A FORWARD  -p udp -m state --state ESTABLISHED,RELATED -j ACCEPT
 iptables -A FORWARD  -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT

 iptables -A POSTROUTING -t nat -s 192.168.0.0/24 -j MASQUERADE

 iptables -t nat -A PREROUTING -p tcp -d 10.31.96.176 --dport 80 -j DNAT --to 192.168.0.100

 iptables -A FORWARD -p tcp -d 192.168.0.100 --dport 80 -j ACCEPT

其中192.168.0.100是lxc-container ip而10.31.96.176是host ip

当我们尝试启动访客时,我们会收到以下错误

 lxc-start -n TEST1 -l DEBUG -o /root/test.log
 lxc-start: failed to setup ipv4 gateway for 'eth0': No such process
 lxc-start: failed to setup netdev
 lxc-start: failed to setup the network for 'TEST1'
 lxc-start: failed to setup the container
 lxc-start: invalid sequence number 1. expected 2
 lxc-start: failed to spawn 'TEST1'

我们如何解决这个问题?

0 个答案:

没有答案
相关问题
最新问题