** Description changed:
As pointed out in the lxc mailing list, the iptables rule used by lxc-
net causes traffic between containers to be NAT'ed. Fix this by adding
'! -d ${LXC_NETWORK}' to the iptables -A rule.
+
+ ========================================================
+ SRU Justification:
+ 1. Impact: traffic between containers on the same host is NATed
+ 2. Development fix: update iptables rule to not NAT traffic between containers
+ 3. Stable fix: same as development fix
+ 4. Test case: create and run two containers on the same host. Do a 'tcpdump
-ni eth0' from container 1 while container 2 is pinging container 1. With the
fix, the source address should be from the container's address, not from
10.0.3.1 (the bridge address).
+ 5. Regression potential: none.
+ ========================================================
** Changed in: lxc (Ubuntu Precise)
Status: New => Fix Committed
** Changed in: lxc (Ubuntu Precise)
Importance: Undecided => High
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1045947
Title:
lxc-net should not masquarade intra-container traffic
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1045947/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
