[Bug 1045947] Re: lxc-net should not masquarade intra-container traffic
Serge Hallyn
1045947 at bugs.launchpad.net
Fri Sep 21 18:12:23 UTC 2012
** Description changed:
As pointed out in the lxc mailing list, the iptables rule used by lxc-
net causes traffic between containers to be NAT'ed. Fix this by adding
'! -d ${LXC_NETWORK}' to the iptables -A rule.
+
+ ========================================================
+ SRU Justification:
+ 1. Impact: traffic between containers on the same host is NATed
+ 2. Development fix: update iptables rule to not NAT traffic between containers
+ 3. Stable fix: same as development fix
+ 4. Test case: create and run two containers on the same host. Do a 'tcpdump -ni eth0' from container 1 while container 2 is pinging container 1. With the fix, the source address should be from the container's address, not from 10.0.3.1 (the bridge address).
+ 5. Regression potential: none.
+ ========================================================
** Changed in: lxc (Ubuntu Precise)
Status: New => Fix Committed
** Changed in: lxc (Ubuntu Precise)
Importance: Undecided => High
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1045947
Title:
lxc-net should not masquarade intra-container traffic
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1045947/+subscriptions
More information about the Ubuntu-server-bugs
mailing list