[lxc-users] preferred way to redirect ports to containers with private IPs?

Tomasz Chmielewski mangoo at wpkg.org
Wed Apr 5 09:41:54 UTC 2017


Is there any "preferred" way of redirecting ports to containers with 
private IPs, from host's public IP(s)?


host 12.13.14.15:53/udp (public IP) -> container 10.1.2.3:53/udp 
(private IP)


I can imagine at least a few approaches:

1) in kernel:

- use iptables to map a port from host's public IP to container's 
private IP

- use LVS/ipvs/ldirectord to map a port from host's public IP to 
container's private IP


2) userspace:

- use a userspace proxy, like haproxy (won't work for all protocols, 
some information is lost for the container, i.e. origin IP)


They all however need some manual (or scripted) configuration, will stay 
even if the container is stopped/removed (unless some more 
configuration/scripting is done etc.).


Does LXD have any built-in mechanism to "redirect ports"? Or, what would 
be the preferred way to do it?


Tomasz Chmielewski
https://lxadm.com


More information about the lxc-users mailing list