[Lxc-users] Setting up server in lxc container for dummies
Rob Landley
rob at landley.net
Thu Aug 15 04:04:00 UTC 2013
On 08/13/2013 10:33:05 AM, Dan Kegel wrote:
> On Tue, Aug 13, 2013 at 7:11 AM, Serge Hallyn
> <serge.hallyn at ubuntu.com> wrote:
> > For a container, with ip 10.0.3.100, running a mail server on port
> 25,
> > the only rule I add is:
> >
> > iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 25 -j DNAT
> --to-destination 10.0.3.100:25
>
> That works, thanks. But it only works as observed from other boxes
> on the LAN. What would I have to do to also be able to connect to
> the lxc guest service from the lxc host?
Here:
http://dvpn.sourceforge.net/old/firewall-rules.txt
That's the firewall ruleset I did a decade ago for setting up a cheesy
VPN that forwarded all connections for an address range to a daemon
running on loopback that would look up the original destination
(getsockopt(SO_ORIGINAL_DEST)), figure out which server handled that
subset of the address range (comments in /etc/hosts acted as a VPN
config file), ssh there, and run netcat to complete the connection.
I had to use source NAT _and_ destination NAT, for both local
connections and remote connections, in order to make that work. I still
find it a handy cheat sheet for beating iptables into submission...
Rob
More information about the lxc-users
mailing list