Using a bridge, an LXC container can't ping router, but the host OS can

I've got a virtual machine running under virtualbox, and in that virtual machine I've got an LXC container I'm trying to bridge to virtualbox's NAT interface: ------------- ----------- ----------- ---------- ---------- | LXC | ---> | Host OS | ---> | Virtual | ---> | Laptop | ---> | Router | | Container | | Linxu | | Box | | | | | ------------- ----------- ----------- ---------- ---------- eth0 10.1.0.35 br0 eth0 NAT GW: 192.168.1.33 GW: gw 10.1.0.2 br0 10.1.0.5 10.1.0.2/16 192.168.1.1 gw 10.1.0.2 Ping 10.1.0.2 ping 10.1.0.2 FAIL OK I cannot ping from the LXC container to the virtualbox gateway, but I can from the Host OS. Note: running tcpdump on the host OS, I can sing pings being sent from the container to the router, and the reply from the router to the container, but tcpdump on the container shows no traffic. **LXC eth0** eth0 Link encap:Ethernet HWaddr 00:16:3e:ed:82:b8 inet addr:10.1.0.35 Bcast:10.1.255.255 Mask:255.255.0.0 inet6 addr: fe80::216:3eff:feed:82b8/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:585 errors:0 dropped:0 overruns:0 frame:0 TX packets:588 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:58003 (58.0 KB) TX bytes:56447 (56.4 KB) **Host OS:** root@ubuntuserver:/# ifconfig br0 Link encap:Ethernet HWaddr 08:00:27:ca:5f:7a inet addr:10.1.0.5 Bcast:10.1.255.255 Mask:255.255.0.0 inet6 addr: fe80::a00:27ff:feca:5f7a/64 Scope:Link UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1 RX packets:2012 errors:0 dropped:0 overruns:0 frame:0 TX packets:882 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:158794 (158.7 KB) TX bytes:139083 (139.0 KB) eth0 Link encap:Ethernet HWaddr 08:00:27:ca:5f:7a UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1 RX packets:2968 errors:0 dropped:0 overruns:0 frame:0 TX packets:2404 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:281188 (281.1 KB) TX bytes:312109 (312.1 KB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:180 errors:0 dropped:0 overruns:0 frame:0 TX packets:180 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:14376 (14.3 KB) TX bytes:14376 (14.3 KB) vethStvXMU Link encap:Ethernet HWaddr fe:9a:36:3a:84:1c inet6 addr: fe80::fc9a:36ff:fe3a:841c/64 Scope:Link UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1 RX packets:557 errors:0 dropped:0 overruns:0 frame:0 TX packets:554 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:53465 (53.4 KB) TX bytes:55003 (55.0 KB) root@ubuntuserver:/# brctl show bridge name bridge id STP enabled interfaces br0 8000.080027ca5f7a no eth0 vethStvXMU