[Lxc-users] Setting up server in lxc container for dummies

Rob Landley rob at landley.net
Thu Aug 15 04:04:00 UTC 2013


On 08/13/2013 10:33:05 AM, Dan Kegel wrote:
> On Tue, Aug 13, 2013 at 7:11 AM, Serge Hallyn  
> <serge.hallyn at ubuntu.com> wrote:
> > For a container, with ip 10.0.3.100, running a mail server on port  
> 25,
> > the only rule I add is:
> >
> >     iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 25 -j DNAT  
> --to-destination 10.0.3.100:25
> 
> That works, thanks.  But it only works as observed from other boxes
> on the LAN.  What would I have to do to also be able to connect to
> the lxc guest service from the lxc host?

Here:

   http://dvpn.sourceforge.net/old/firewall-rules.txt

That's the firewall ruleset I did a decade ago for setting up a cheesy  
VPN that forwarded all connections for an address range to a daemon  
running on loopback that would look up the original destination  
(getsockopt(SO_ORIGINAL_DEST)), figure out which server handled that  
subset of the address range (comments in /etc/hosts acted as a VPN  
config file), ssh there, and run netcat to complete the connection.

I had to use source NAT _and_ destination NAT, for both local  
connections and remote connections, in order to make that work. I still  
find it a handy cheat sheet for beating iptables into submission...

Rob



More information about the lxc-users mailing list