我有一个VPC内运行的EC2实例。 我需要在该实例中启动的LXC容器中运行服务,并使该服务可用于外部世界。
因此,我创build了一个桥( br0 ),并使用以下/etc/network/interfaces文件来获取与桥相关联的EC2( 10.0.3.1 )提供的IP地址:
auto lo iface lo inet loopback auto eth0 iface eth0 inet dhcp auto eth1 iface eth1 inet manual auto br0 iface br0 inet dhcp netmask 255.255.0.0 bridge_ports eth1 bridge_stp off bridge_maxwait 0 post-up brctl setfd br0 0
这是我从ifconfig得到的:
br0 Link encap:Ethernet HWaddr 16:2b:ae:07:29:82 inet addr:10.0.3.1 Bcast:10.0.255.255 Mask:255.255.0.0 inet6 addr: fe80::142b:aeff:fe07:2982/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:11 errors:0 dropped:0 overruns:0 frame:0 TX packets:9 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:1026 (1.0 KB) TX bytes:1238 (1.2 KB) eth0 Link encap:Ethernet HWaddr 16:2b:ae:0a:db:b6 inet addr:10.0.67.62 Bcast:10.0.255.255 Mask:255.255.0.0 inet6 addr: fe80::142b:aeff:fe0a:dbb6/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:229 errors:0 dropped:0 overruns:0 frame:0 TX packets:217 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:25889 (25.8 KB) TX bytes:23330 (23.3 KB) Interrupt:27 eth1 Link encap:Ethernet HWaddr 16:2b:ae:07:29:82 inet6 addr: fe80::142b:aeff:fe07:2982/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:14 errors:0 dropped:0 overruns:0 frame:0 TX packets:17 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1222 (1.2 KB) TX bytes:1798 (1.7 KB) Interrupt:28 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
这里的问题是我无法到达具有IP地址10.0.3.2的LXC容器:
user@ip-10-0-67-62:~$ ping 10.0.3.2 PING 10.0.3.2 (10.0.3.2) 56(84) bytes of data. From 10.0.67.62 icmp_seq=1 Destination Host Unreachable ...
任何暗示或build议如何debugging这将不胜感激。
更新:从ip route输出:
$ ip route default via 10.0.0.1 dev eth0 metric 100 10.0.0.0/16 dev eth0 proto kernel scope link src 10.0.67.62 10.0.0.0/16 dev br0 proto kernel scope link src 10.0.3.1
更新:从iptables -nvL输出iptables -nvL :
$ iptables -nvL Chain INPUT (policy DROP 13 packets, 416 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 2195 129K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 8 88029 130M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 26680 packets, 1669K bytes) pkts bytes target prot opt in out source destination
该网桥将lxc容器与服务器主机相连,但没有networking输出。
所以你可以通过iptables或隧道将stream量表eth0转发到br0。
您显示的ips是主机,客户系统有其他的IP,您必须configuration,容器是其他主机,其他networking接口连接到虚拟专用networking。
互联网<——> eth0(主机)br0 <—虚拟专用networking> — <eth0(容器)