Hi, Where did you specify your base range of "10.0.0.0/23"?
On 10 November 2015 at 03:03, Pshem Kowalczyk <[email protected]> wrote: > Hi, > > I've just re-created my environment from MAAS and I noticed that my lxc > containers can't talk out to the world (but the world could talk back to > them, for example outbound ICMP would not work, but inbound from a > different machine on the same L2 broadcast domain - would). That obviously > broke the provisioning (since the containers couldn't curl anything) > > After a little bit of looking around I found this iptables rule (in nat) > on a host freshly deployed from juju. > > Chain POSTROUTING (policy ACCEPT 102 packets, 10926 bytes) > pkts bytes target prot opt in out source > destination > 42 2807 MASQUERADE all -- * * 10.0.1.0/24 ! > 10.0.1.0/24 > > Since I used a 10.0.0.0/23 as my base range and the LXC containers were > getting 10.0.1.x/23 addresses this rule ended up NATing all the requests to > the IP on the host - not good. > > What creates this rule and what's it for in the first instance? > > > kind regards > Pshem > > > -- > Juju mailing list > [email protected] > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/juju > > -- Andrew McDermott <[email protected]> Juju Core Sapphire team <http://juju.ubuntu.com>
-- Juju mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju
