[Lxc-users] Setting up server in lxc container for dummies

Serge Hallyn serge.hallyn at ubuntu.com
Tue Aug 13 14:11:35 UTC 2013 

Quoting Dan Kegel (dank at kegel.com):
> On Sat, Aug 3, 2013 at 6:46 PM, Tony Su <tonysu at su-networking.com> wrote:
> > To be visible to outside the LAN does not require a second physical NIC,
> > there are a number of ways to do that binding to a single NIC.
> >
> > The OP needs to post a more detailed description of his topology.
> 
> I have a plain old Linux box behind a plain old cable modem and consumer router.
> 
> Here's what I did:
> 
> 0) installed ubuntu 13.04
> 
> 1) Created a container, set it to autostart, and manually started it:
>  sudo lxc-create -t ubuntu -n minecraft
>  sudo ln -s /var/lib/lxc/minecraft/config /etc/lxc/auto/minecraft.conf
>  sudo lxc-start -n minecraft
> 
> 2) Inside the container, installed a commandline minecraft server per
> http://www.minecraftwiki.net/wiki/Tutorials/Setting_up_a_server
> i.e.
> $ wget https://s3.amazonaws.com/Minecraft.Download/versions/1.6.2/minecraft_server.1.6.2.jar
> 
> 3) Inside the container, added a trivial upstart script per
> http://www.minecraftwiki.net/wiki/Tutorials/Ubuntu_startup_script
> and started it by hand with
> sudo initctl start minecraft-server
> 
> 4) inside the container, 'netstat -lt' showed the darn thing listened
> on ipv6, not ipv4, which wasn't very helpful,
> so I forced the outer system to ipv4 only by adding ipv6.disable=1  to
> the kernel
> commandline in /etc/default/grub per
> http://www.upubuntu.com/2011/05/how-to-disable-ipv6-under-ubuntu.html
> (I know, ipv6 is vital, but I'm impatient, and I doubt my ISP supports it)
> Rebooted outer system, then started inner system again, and inside it,
> verified that 'netstat -ltn' showed server listening on ipv4 tcp port
> 0.0.0.0:25565.
> 
> 5) NOW paid attention to Serge's reply.  Googling on it a bit found
> http://www.servercobra.com/ubuntu-lxc-port-forwarding.html
> which suggested doing something vaguely like
> 
> OUTERIP=192.168.AAA.BBB
> INNERIP=10.0.CCC.DDD
> sudo iptables -t nat -I PREROUTING -p tcp -d ${OUTERIP} --dport 25565
> -j DNAT --to ${INNERIP}:25565
> sudo iptables -A FORWARD -p tcp -d ${INNERIP} --dport 25565 -j ACCEPT

For a container, with ip 10.0.3.100, running a mail server on port 25,
the only rule I add is:

    iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 25 -j DNAT --to-destination 10.0.3.100:25

(plus of course several other rules for other containers)

-serge

More information about the lxc-users mailing list