Challenge, Medium,  on  LinuxContainersNetworking Submissions: 64/112

There is an improvised "container" implemented with a network namespace. You can see it in the ip netns list output. It seems to have access to all host's interfaces but for some reason cannot call any addresses outside of the host. Can you fix it?

Container sNAT in action.

Make the bellow check pass:

Hint 1 💡

When a packet destined for the Internet leaves the container, it has the source IP address set to the container's IP. This address is local to the host, and the Internet destination simply wouldn't know how to reply to it because there are billions of 172.18.0.2 devices out there.

Hint 2 💡

You need to replace the source IP address of the packet with the host's IP address before it leaves the host. This technique is known as Source Network Address Translation (sNAT).

Hint 3 💡

Still feeling lost? The keywords are iptables and MASQUERADE.

Hint 4 💡

Added a masquerade rule but the container still cannot ping the Internet? Make sure the host is configured to forward packets between interfaces. By default, it's usually not.

Level up your Server Side game — Join 9,000 engineers who receive insightful learning materials straight to their inbox