DEV Community

sa3i0l
sa3i0l

Posted on

LXC, and more servers... port forwarding.. stuff

When you create LXC, check it's IP with: lxc list

+----------+---------+---------------------+-----------------------------------------------+-----------+-----------+
|   NAME   |  STATE  |        IPV4         |                     IPV6                      |   TYPE    | SNAPSHOTS |
+----------+---------+---------------------+-----------------------------------------------+-----------+-----------+
| myfed    | RUNNING | 10.27.184.33 (eth0) | fd42:4663:9358:c21d:216:3eff:feb5:e08d (eth0) | CONTAINER | 0         |
+----------+---------+---------------------+-----------------------------------------------+-----------+-----------+
| myubuntu | STOPPED |                     |                                               | CONTAINER | 0         |
+----------+---------+---------------------+-----------------------------------------------+-----------+-----------+
Enter fullscreen mode Exit fullscreen mode

IP for my LXC container, running fedora is 10.27.184.33 , i can ping on that from host machine (that is running LXC).

IP of my host machine is: 192.168.1.8

I want, to be able to forward ports, so with port 1450 I can access apache server on 'myfed' LXC instance

firewall-cmd --add-forward-port=port=port-number:proto=tcp|udp:toport=port-number:toaddr=IP

This is how I'm going to forward traffic to my 'myfed' LXC container.

sudo firewall-cmd --zone=public --add-forward-port=port=1450:proto=tcp:toport=80:toaddr=10.27.184.33
Enter fullscreen mode Exit fullscreen mode

so now to access LXC apache server, from other PC in same LAN type in browser: 192.168.1.8:1450

in this command: 1450 is port at which we connect from other PCs 80 is port to forward to and: toaddr= , is optional, and if you include it, then it will forward to that IP address (in this case IP of LXC container), but if you omit it, then it will default to it's own machine (host IP)

Check firewalld, that it have forwarding which you want: sudo firewall-cmd --list-all

my output is:
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: wlp2s0
  sources: 
  services: dhcpv6-client ssh
  ports: 22/tcp
  protocols: 
  forward: yes
  masquerade: no
  forward-ports: 
    port=1450:proto=tcp:toport=80:toaddr=10.27.184.33
  source-ports: 
  icmp-blocks: 
  rich rules:
Enter fullscreen mode Exit fullscreen mode

as you can see on "forward-ports"


Quick LXC reference:

//install 
sudo apt install lxd lxc

// initialize 
lxd sudo lxd init

(enable network bridge ! and storage pool to be 'dir')


//see available images to download (distributions...) 
lxc remote list

//download the image and start it 
lxc launch images:ubuntu/22.04 ubuntu-container

//to start or stop that container 
lxc start <instance_name> 
lxc stop <instance_name>

// see if that image is activated (and its IP, MAC, etc..) 
lxc list

// To enter interactive mode (to work with the instance): 
lxc exec <instance_name> -- bash
Enter fullscreen mode Exit fullscreen mode

LXC uses same kernel as linux host it runs on, while all other elements within the system are isolated.

And LXC doesn't reserve RAM like VM, so it best manages it's resources from host hardware.


You can also do it with Docker.

docker run -p $HOSTPORT:$DOCKER_PORT IMAGE
Enter fullscreen mode Exit fullscreen mode

reload firewalld config

firewall-cmd --reload

Top comments (0)