[Lxc-users] Setting up server in lxc container for dummies

Dan Kegel dank at kegel.com
Tue Aug 13 05:07:55 UTC 2013 

On Sat, Aug 3, 2013 at 6:46 PM, Tony Su <tonysu at su-networking.com> wrote:
> To be visible to outside the LAN does not require a second physical NIC,
> there are a number of ways to do that binding to a single NIC.
>
> The OP needs to post a more detailed description of his topology.

I have a plain old Linux box behind a plain old cable modem and consumer router.

Here's what I did:

0) installed ubuntu 13.04

1) Created a container, set it to autostart, and manually started it:
 sudo lxc-create -t ubuntu -n minecraft
 sudo ln -s /var/lib/lxc/minecraft/config /etc/lxc/auto/minecraft.conf
 sudo lxc-start -n minecraft

2) Inside the container, installed a commandline minecraft server per
http://www.minecraftwiki.net/wiki/Tutorials/Setting_up_a_server
i.e.
$ wget https://s3.amazonaws.com/Minecraft.Download/versions/1.6.2/minecraft_server.1.6.2.jar

3) Inside the container, added a trivial upstart script per
http://www.minecraftwiki.net/wiki/Tutorials/Ubuntu_startup_script
and started it by hand with
sudo initctl start minecraft-server

4) inside the container, 'netstat -lt' showed the darn thing listened
on ipv6, not ipv4, which wasn't very helpful,
so I forced the outer system to ipv4 only by adding ipv6.disable=1  to
the kernel
commandline in /etc/default/grub per
http://www.upubuntu.com/2011/05/how-to-disable-ipv6-under-ubuntu.html
(I know, ipv6 is vital, but I'm impatient, and I doubt my ISP supports it)
Rebooted outer system, then started inner system again, and inside it,
verified that 'netstat -ltn' showed server listening on ipv4 tcp port
0.0.0.0:25565.

5) NOW paid attention to Serge's reply.  Googling on it a bit found
http://www.servercobra.com/ubuntu-lxc-port-forwarding.html
which suggested doing something vaguely like

OUTERIP=192.168.AAA.BBB
INNERIP=10.0.CCC.DDD
sudo iptables -t nat -I PREROUTING -p tcp -d ${OUTERIP} --dport 25565
-j DNAT --to ${INNERIP}:25565
sudo iptables -A FORWARD -p tcp -d ${INNERIP} --dport 25565 -j ACCEPT

outside the container, where OUTERIP is the real machine's main LAN IP address,
and INNERIP is the container's IP address as seen from inside the container
(though maybe I got that wrong).

And here is where I get stuck.  Although inside the container I can do
  telnet localhost 25565
or
  telnet 10.0.3.247 25565
and connect to the minecraft server, doing
  telnet localhost 25565
or
  telnet 192.168.AAA.BBB 25565
outside the container (where 192.168.AAA.BBB is my LAN ip addr)
doesn't let me connect
from the outer machine.

So here I am again, absolute beginner (having successfully ignored
learning about
iptables for longer than some people have been alive).  Can I buy a clue?

Thanks!
- Dan

More information about the lxc-users mailing list