Ubuntu

LXC MASQUERADE not working in ubuntu 16 - bridge module not loaded in host

Asked by alexbarchiesi

We had a problem recently when migrating from ubuntu14 to ubuntu16 our LXC infrastructure:
the overall networking from outside (MASQUERADE and DNAT) was not working all of a sudden...

Apparently the difference is in the host machine:
-ubuntu 14 has the bridge module charged in the kernel with by default (check with sysctl -a)
net.bridge.bridge-nf-call-arptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1

in this case we used to forward the traffic "from" and "to" the bridges where we had LXC attached and to masq the ips when needed.

-ubuntu 16 has not (even if you create bridges and set iptables to forward the bridges traffic) unless you add the following rule:
(check with sysctl -a|grep bridges)
-I FORWARD -m physdev --physdev-is-bridged -j ACCEPT
(check again with sysctl -a|grep bridges)

this way we had the same behaviour as with the Ubuntu 14 (well...more or less, you may need to trim a bit the forwarding table)

not sure if this is a bug

ciao
Alex

Question information

Language:
English Edit question
Status:
Expired
For:
Ubuntu Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Launchpad Janitor (janitor) said : 		#1

This question was expired because it remained in the 'Open' state without activity for the last 15 days.