[lxc-users] Bind public IP that is available on host's ens3:1 to a specific LXD container?

Ingo Baab ib at baab.de
Sat May 20 07:46:53 UTC 2017 

Hello Thomas,

I use a nginx-reverse-proxy for accessing the container(s) webspace(s).

If I need to access something (a specific port) of a container from the
outside world, I use iptables to reach it, in your case i.e. to access your
containers ssh-server (on outside-port 22022) you can use:

interface=ens3
ipt_src_port=22022
ipt_src_port=1.2.3.107
ipt_dst_ip_addr=$your_container_ip
ipt_dst_port=22

sudo iptables -i {$interface} -t nat -A PREROUTING -p tcp -m tcp --dport 
{$ipt_src_port} -j DNAT --to {$ipt_dst_ip_addr}:{$ipt_dst_port}

Hope that helps anybody too..

PS: I use LXD/LXC to highly separate wordpress-installations from each 
other.
If anybody on the list is also doing nginx-webhosting within containers, 
I am
highly interested on others experiences and contacts, - I am highly 
satisfied
how far LXD/LXC has developed so far. If you are working in the same 'field'
you can contact me for exchange.

Greetings from Germany,
Ingo Baab https://baab.de

Am 20.05.2017 um 04:01 schrieb Thomas Ward:
> Hello.
>
> I've got a VDS from RamNode - which is essentially a KVM VPS with
> dedicated CPUs, and larger RAM capacity.  This VDS has three IPs.  I'm
> going to obfuscate them here, but essentially the host box is configured
> like this:
>
>
> # The primary network interface
> auto ens3
> iface ens3 inet static
>      address 1.2.3.107
>      netmask 255.255.255.0
>      gateway 1.2.3.1
>      dns-nameserver 8.8.8.8 8.8.4.4
>
> auto ens3:1
> iface ens3:2 inet static
>      address 1.2.4.17
>      netmask 255.255.255.0
>      gateway 1.2.4.1
>      dns-nameserver 8.8.8.8 8.8.4.4
>
> auto ens3:2
> iface ens3:2 inet static
>      address 1.2.4.34
>      netmask 255.255.255.0
>      gateway 1.2.4.1
>      dns-nameserver 8.8.8.8 8.8.4.4
>
>
> Now, I've got a container I'd like to route the 1.2.4.17 to a specific
> container once I've created it, but ens3 is the only actual physical NIC
> on the system, and I don't have the ability to add any more physical NICs.
>
> How would I go about routing 1.2.4.17 to the 'new' container I'm going
> to create?
>
> Note that by default, new containers are attached to an 'lxdbr0' which
> NATs container traffic, this new container would have to reside outside
> that obviously, but I'm not fluent in LXC/LXD networking so a guide
> and/or how-tos for this would be wonderful to have.
>
>
> ------
>
> Thomas
>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users

More information about the lxc-users mailing list