Accessing a container from a Public IP

Rasmus-Emil_Hansen · November 12, 2025, 11:23am

Hello everyone,

I’m currently running a MicroCloud/LXD cluster and trying to make my Caddy load balancer container (caddy-lb) accessible from a public IP

ubuntu@flap ~> lxc list
+-----------+--------+--------------------+-------------------+-----------+-----------+---------+
| NAME      | STATE  | IPV4               | IPV6              | TYPE      | SNAPSHOTS | LOCATION|
+-----------+--------+--------------------+-------------------+-----------+-----------+---------+
| caddy-lb  | RUNNING| 10.80.x.x (eth0)   | xxxx:xxxx:xxxx::  | CONTAINER | 0         | flap    |
| caddy-ws-1| RUNNING| 10.80.x.x (eth0)   | xxxx:xxxx:xxxx::  | CONTAINER | 0         | roll    |
| caddy-ws-2| RUNNING| 10.80.x.x (eth0)   | xxxx:xxxx:xxxx::  | CONTAINER | 0         | flap    |
| grafana   | RUNNING| 10.80.x.x (eth0)   | xxxx:xxxx:xxxx::  | CONTAINER | 0         | roll    |
| mariadb   | RUNNING| 10.80.x.x (eth0)   | xxxx:xxxx:xxxx::  | CONTAINER | 0         | wing    |
| php-fpm   | RUNNING| 10.80.x.x (eth0)   | xxxx:xxxx:xxxx::  | CONTAINER | 0         | flap    |
| prometheus| RUNNING| 10.80.x.x (eth0)   | xxxx:xxxx:xxxx::  | CONTAINER | 0         | tail    |
| redis     | RUNNING| 10.80.x.x (eth0)   | xxxx:xxxx:xxxx::  | CONTAINER | 0         | roll    |
+-----------+--------+--------------------+-------------------+-----------+-----------+---------+

I attempted to create a network forward on my public uplink to expose port 80/443:

ubuntu@flap ~> sudo lxc network forward create UPLINK <public-ip>
ubuntu@flap ~> sudo lxc network forward port add UPLINK <public-ip> tcp 80 10.80.x.x
ubuntu@flap ~> sudo lxc network forward port add UPLINK <public-ip> tcp 443 10.80.x.x

All cmds above give me the same results

Error: Network driver “physical” does not support forwards

Here’s the configuration of the uplink network:

ubuntu@flap ~> lxc network show UPLINK
name: UPLINK
type: physical
managed: true
status: Created
config:
  dns.nameservers: 1.1.1.1,8.8.8.8
  ipv4.gateway: <gateway-ip>/29
  ipv4.ovn.ranges: <range-start>-<range-end>
used_by:
- /1.0/networks/default
locations:
- flap
- roll
- tail
- wing
project: default

My question:

It seems lxc network forward cannot be used on physical networks. What is the best-practice way to expose a container on a public IP in an OVN-based LXD cluster?

Best regards

simos · November 12, 2025, 11:39am

Hi!

This support forum has switched to supporting Incus, which is a continuation of LXD.

See Migrating from LXD - Incus documentation on how to migrate to Incus.

system · December 12, 2025, 11:40am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.