networking - How to forward packets from one network interface via another interface -


see picture below architecture.

i know there lot of similar questions. however, having read multiple posts , trying out still unable set required. posting new question.

scenario:

  • i have 3 containers (c1, c2 , c3)
  • i have different interfaces each running in 3 containers (eth0 , peervpnxx)
  • c1 has interfaces: eth0 , peervpn12
  • c2 has interfaces: eth0 , peervpn12 , peervpn23
  • c3 has interfaces: eth0 , peervpn23

whilst eth0 interfaces on same subnet peervpnxx interfaces on different subnets:

  • peervpn12 - 10.12.0.0/24
  • peervpn23 - 10.23.0.0/24

note peervpnxx interfaces tunnel interfaces running on top of eth0

now ip_addresses assigned each container follows:

  • c1 : 172.17.0.2 (eth0) , 10.12.0.2 (peervpn12)
  • c2 : 172.17.0.3 (eth0) , 10.12.0.1 (peervpn12) , 10.23.0.1 (peervpn23)
  • c3 : 172.17.0.4 (eth0) , 10.23.0.2 (peervpn23)

what trying enable c1 communicate c3 via middleman c2. in principle, trying to:

  • route packets intended 10.23.0.0/24 c1 c3 via c2.
  • route packets intended 10.12.0.0/24 c3 c1 via c2.

i created routing rule on c1 & c3 send packets subnets 10.23.0.0/24 & 10.12.0.0/24 via interfaces peervpn12 , peervpn23. however, think missing forwarding rule needs set on c2.

ps: assume 'eth0' interface locked down , used underlying interface route packets of 'peervpnxx' interface

any regards figuring highly appreciated.
thank in advance.

shabir

complete architecture explained above

managed find issue.

whilst adding route container in other subnet haven't correctly specified gateway. gateway still points host machine in docker run (see above figure). added correct routing rule specific 2 end-containers - c1 & c3. 

c1 - ip route add 10.23.0.0/24 via 10.12.0.1 dev peervpn12 c3 - ip route add 10.12.0.0/24 via 10.23.0.1 dev peervpn23

in meantime, had add correct forward rules in c2 container's iptables:

 iptables -a forward -s 10.12.0.2 -i peervpn12 -d 10.23.0.2 -o peervpn23 -j accept  iptables -a forward -s 10.23.0.2 -i peervpn23 -d 10.12.0.2 -o peervpn12 -j accept

with setup able achieve flow expected.

thank , don't know why it's down-voted.
maybe if know reason can correct myself in future :)


Comments

Post a Comment

Popular posts from this blog

angular - Ionic slides - dynamically add slides before and after -

hi i'm using ngfor create set of 3 slides while starting in middle i'm guaranteed able slide left or right on start. when slide right can simple listen reachedend , push slide array i'm looping. but have problem adding slide beginning. if same above , use e.g. array.unshift() or spread add item beginning, view think it's on position 0 , snaps view new slide. the code below work animates slide change index 1. slide = [0,1,2] //example loop slidechanged(event) { if(this.slides.isbeginning()){ this.slide = [this.slide[0]-1, ...this.slide]; this.slides.update(); this.slides.slideto(1) } } <ion-slides [initialslide]="1" (ionslidedidchange)="slidechanged($event)"> <ion-slide *ngfor="let item of slide"> <h1>slide {{item}}</h1> </ion-slide> </ion-slides> any appreciated! you can using ionslidenextend , ionslideprevend events slides . please
Read more

minify - Minimizing css files -

i want know how css files can minimized. currently, using external sites css minifier compress css files. however, after removing whitespaces, comments, etc, file sizes reduced 10-15%. how frameworks bootstrap manage make minimized versions kilobytes. as example, css is: body { background-color: #ff0; } the reduction goes 28 bytes 22 bytes other css files have lot more characters still smaller this. actually minifying code means it's remove thing code white space characters new line characters comments block delimiters it reduces amount of code has transferred on web , speed site load fastly.but unreadable format.
Read more

Add a dynamic header in angular 2 http provider -

i have http interceptor built via tutorial https://scotch.io/@kashyapmukkamala/using-http-interceptor-with-angular2 the problem need have dynamic header changes automatically once changes 'mode' in app. service able tell interceptor change header, or have interceptor pull header (which string)from service each request. able throwing away patch method, call http.patch('new header string') set header string. call in service controls 'mode' setting. wondering if there way interceptor pull recent value service each request or if can add method http provider via interceptor? i've tried call service in interceptor each request returns undefined. because creating new instance of service or copying value before service fired , loaded/changed data. i don't want pass header string every http provider call because defeats purpose of having interceptor, id able set once changes or have provider fetch service before makes request. tl;dr : need add autom
Read more