I'm new at using LXC containers, and try to follow this guide to setup an openvpn server into an lxc container.
So @ HOST machine i have only these two iptables rules
Code: Select all
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -t nat -A PREROUTING -p udp -m udp --dport 1194 -j DNAT --to-destination 192.168.1.2:1194
Code: Select all
*filter
:INPUT ACCEPT [222:25943]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [200:31470]
COMMIT
# Completed on Wed Apr 19 19:47:31 2017
# Generated by iptables-save v1.4.21 on Wed Apr 19 19:47:31 2017
*nat
:PREROUTING ACCEPT [30:1828]
:INPUT ACCEPT [30:1828]
:OUTPUT ACCEPT [4:255]
:POSTROUTING ACCEPT [0:0]
-A PREROUTING -p udp -m udp --dport 1194 -j DNAT --to-destination 192.168.1.2:1194
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
Code: Select all
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o veth0 -j MASQUERADE
Code: Select all
*filter
:INPUT ACCEPT [69:7230]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [49:5159]
COMMIT
# Completed on Wed Apr 19 19:48:36 2017
# Generated by iptables-save v1.4.21 on Wed Apr 19 19:48:36 2017
*nat
:PREROUTING ACCEPT [1:60]
:INPUT ACCEPT [1:60]
:OUTPUT ACCEPT [11:560]
:POSTROUTING ACCEPT [11:560]
-A POSTROUTING -s 10.8.0.0/24 -o veth0 -j MASQUERADE
COMMIT
1) Created a bridge device (br0) @ host [/etc/network/interfaces]
Code: Select all
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet dhcp
# Bridge interface
auto br0
iface br0 inet static
address 192.168.1.1
netmask 255.255.255.0
broadcast 192.168.1.255
bridge_ports none
bridge_fd 2.0
bridge_maxwait 1
Code: Select all
# Template used to create this container: /usr/share/lxc/templates/lxc-debian
# Parameters passed to the template: -r jessie
# For additional config options, please look at lxc.container.conf(5)
#lxc.network.type = empty
lxc.rootfs = /var/lib/lxc/VPN/rootfs
# Common configuration
lxc.include = /usr/share/lxc/config/debian.common.conf
# Container specific configuration
lxc.mount = /var/lib/lxc/VPN/fstab
lxc.utsname = VPN
lxc.arch = amd64
lxc.autodev = 1
lxc.kmsg = 0
lxc.start.auto = 1
# Network config
lxc.network.type = veth
lxc.network.veth.pair = vethVPN
lxc.network.name = veth0
lxc.network.flags = up
lxc.network.hwaddr = 00:16:3e:42:1d:a7
lxc.network.link = br0
## for openvpn
lxc.mount.entry = /dev/net dev/net none bind,create=dir
lxc.cgroup.devices.allow = c 10:200 rwm
Code: Select all
auto lo
iface lo inet loopback
#auto eth0
#iface eth0 inet dhcp
auto veth0
iface veth0 inet static
address 192.168.1.2
netmask 255.255.255.0
gateway 192.168.1.1
dns-nameservers 192.168.1.1
The think is that when I'm connecting to the vpn server, vpn client cannot ping http://www.google.com and cannot visit any site because as I understand something is getting wrong with the DNS requests.
Any idea on how to approach such an issue ? Maybe my configs suck because I'm new at lxc containers and iptables ideas.
Thank you.