When you create LXC, check it's IP with: lxc list
+----------+---------+---------------------+-----------------------------------------------+-----------+-----------+
| NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS |
+----------+---------+---------------------+-----------------------------------------------+-----------+-----------+
| myfed | RUNNING | 10.27.184.33 (eth0) | fd42:4663:9358:c21d:216:3eff:feb5:e08d (eth0) | CONTAINER | 0 |
+----------+---------+---------------------+-----------------------------------------------+-----------+-----------+
| myubuntu | STOPPED | | | CONTAINER | 0 |
+----------+---------+---------------------+-----------------------------------------------+-----------+-----------+
IP for my LXC container, running fedora is 10.27.184.33 , i can ping on that from host machine (that is running LXC).
IP of my host machine is: 192.168.1.8
I want, to be able to forward ports, so with port 1450 I can access apache server on 'myfed' LXC instance
firewall-cmd --add-forward-port=port=port-number:proto=tcp|udp:toport=port-number:toaddr=IP
This is how I'm going to forward traffic to my 'myfed' LXC container.
sudo firewall-cmd --zone=public --add-forward-port=port=1450:proto=tcp:toport=80:toaddr=10.27.184.33
so now to access LXC apache server, from other PC in same LAN type in browser: 192.168.1.8:1450
in this command: 1450 is port at which we connect from other PCs 80 is port to forward to and: toaddr= , is optional, and if you include it, then it will forward to that IP address (in this case IP of LXC container), but if you omit it, then it will default to it's own machine (host IP)
Check firewalld, that it have forwarding which you want: sudo firewall-cmd --list-all
my output is:
public (active)
target: default
icmp-block-inversion: no
interfaces: wlp2s0
sources:
services: dhcpv6-client ssh
ports: 22/tcp
protocols:
forward: yes
masquerade: no
forward-ports:
port=1450:proto=tcp:toport=80:toaddr=10.27.184.33
source-ports:
icmp-blocks:
rich rules:
as you can see on "forward-ports"
Quick LXC reference:
//install
sudo apt install lxd lxc
// initialize
lxd sudo lxd init
(enable network bridge ! and storage pool to be 'dir')
//see available images to download (distributions...)
lxc remote list
//download the image and start it
lxc launch images:ubuntu/22.04 ubuntu-container
//to start or stop that container
lxc start <instance_name>
lxc stop <instance_name>
// see if that image is activated (and its IP, MAC, etc..)
lxc list
// To enter interactive mode (to work with the instance):
lxc exec <instance_name> -- bash
LXC uses same kernel as linux host it runs on, while all other elements within the system are isolated.
And LXC doesn't reserve RAM like VM, so it best manages it's resources from host hardware.
You can also do it with Docker.
docker run -p $HOSTPORT:$DOCKER_PORT IMAGE
reload firewalld config
firewall-cmd --reload
Top comments (0)