[lxc-users] preferred way to redirect ports to containers with private IPs?
MonkZ
i at monkz.de
Wed Apr 5 12:06:36 UTC 2017
This depends on what you plan to achive and what your possibilities are
big time.
I've a mixture of iptables + haproxy/nginx.
Gladly LXD remembers MAC and IP Addresses so manual entries in iptables
is not the problem.
iptables-persistent for reloading iptable rules
For http/https/imaps i use haproxy/nginx as reverseproxy to serve
multiple containers on one public IPv4. (SNI to the rescue)
For IPv6 i've just a profile that adds a new network interface -
attached to a network that has a routed ipv6-prefix.
Regards
MonkZ
On 05.04.2017 11:41, Tomasz Chmielewski wrote:
> Is there any "preferred" way of redirecting ports to containers with
> private IPs, from host's public IP(s)?
>
>
> host 12.13.14.15:53/udp (public IP) -> container 10.1.2.3:53/udp
> (private IP)
>
>
> I can imagine at least a few approaches:
>
> 1) in kernel:
>
> - use iptables to map a port from host's public IP to container's
> private IP
>
> - use LVS/ipvs/ldirectord to map a port from host's public IP to
> container's private IP
>
>
> 2) userspace:
>
> - use a userspace proxy, like haproxy (won't work for all protocols,
> some information is lost for the container, i.e. origin IP)
>
>
> They all however need some manual (or scripted) configuration, will stay
> even if the container is stopped/removed (unless some more
> configuration/scripting is done etc.).
>
>
> Does LXD have any built-in mechanism to "redirect ports"? Or, what would
> be the preferred way to do it?
>
>
> Tomasz Chmielewski
> https://lxadm.com
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20170405/f334686b/attachment.sig>
More information about the lxc-users
mailing list