<div dir="ltr">Thank you Jesse, but these iptables rules are just applied on the deployment node not the host nodes. do i have to omit these rules even on the deployment node ?<div><br></div><div>Thank you</div></div><div class="gmail_extra"><br><div class="gmail_quote">On 17 November 2016 at 14:25, Jesse Pretorius <span dir="ltr"><<a href="mailto:Jesse.Pretorius@rackspace.co.uk" target="_blank">Jesse.Pretorius@rackspace.co.uk</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="white" lang="EN-US" link="blue" vlink="purple">
<div class="m_3764184743741027198WordSection1">
<p class="MsoNormal"><b><span style="font-family:Calibri;color:black">From: </span>
</b><span style="font-family:Calibri;color:black">Achi Hamza <<a href="mailto:h16mara@gmail.com" target="_blank">h16mara@gmail.com</a>><br>
<br>
</span><u></u><u></u></p><span class="">
<div>
<div>
<div>
<p class="MsoNormal" style="margin-left:.5in"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in">I have set these roles with my iptables earlier (this is just for the nodes to get out through the deployment node), can this have an impact ? :<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in"><u></u> <u></u></p>
</div>
<div>
<div>
<p class="MsoNormal" style="margin-left:.5in">iptables -A FORWARD -o enp4s0 -i enp5s0 -s
<a href="http://172.16.1.1/24" target="_blank">172.16.1.1/24</a> -m conntrack --ctstate NEW -j ACCEPT<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in">iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in">iptables -t nat -F POSTROUTING<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in">iptables -t nat -A POSTROUTING -o enp4s0 -j MASQUERADE<u></u><u></u></p>
</div>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
</div>
</div>
</span><div>
<p class="MsoNormal">That is very likely a problem.<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">LXC will automatically NAT through the host’s address for internet access, so what you should be doing is ensuring that your hosts have a default route to the internet. This could be done by adding a route to whichever router you want to
use. If your router then needs to NAT for external access, then add the NAT there – not on each host.<u></u><u></u></p>
</div>
</div><span class="">
<hr>
Rackspace Limited is a company registered in England & Wales (company registered number 03897010) whose registered office is at 5 Millington Road, Hyde Park Hayes, Middlesex UB3 4AZ. Rackspace Limited privacy policy can be viewed at <a href="http://www.rackspace.co.uk/legal/privacy-policy" target="_blank">www.rackspace.co.uk/legal/<wbr>privacy-policy</a>
- This e-mail message may contain confidential or privileged information intended for the recipient. Any dissemination, distribution or copying of the enclosed material is prohibited. If you receive this transmission in error, please notify us immediately
by e-mail at <a href="mailto:abuse@rackspace.com" target="_blank">abuse@rackspace.com</a> and delete the original message. Your cooperation is appreciated.
</span></div>
</blockquote></div><br></div>