Add proxy rule command never end

christian_audebert · September 5, 2020, 9:11am

host ubuntu 18.04 virtual box, ip 192.168.1.33
lxd 4.4
container ‘store’ with ubuntu18.04 all init option default

fixed static container ip by

lxc list | grep store
| store | RUNNING | 10.231.78.232 (eth0) | fd42:7f33:2cf4:520d:216:3eff:fe60:ac95 (eth0) | CONTAINER | 0         |
lxc stop store
lxc config device override store eth0 ipv4.address=10.231.78.232
lxc start store

i was added some rule to lxd config proxy, no problem, but in need to manage passive ftp port (49152-65534 )
added this rule,

lxc config device add store storeftppassive proxy nat=true listen=tcp:192.168.1.33:49152-65534 connect=tcp:10.231.78.232:49152-65534

console never back to prompt, and cpu charge is heavy, a lxd process do something, but, never end…
my command can cause this.??

devices from lxc config show store

devices:
    eth0:
        ipv4.address: 10.231.78.232
        name: eth0
        network: lxdbr0
        type: nic
    proxyv4ftp20:
        connect: tcp:10.231.78.232:20
        listen: tcp:192.168.1.33:20
        nat: "true"
        type: proxy
    proxyv4ftp21:
        connect: tcp:10.231.78.232:21
        listen: tcp:192.168.1.33:21
        nat: "true"
        type: proxy
    proxyv4http80:
        connect: tcp:10.231.78.232:80
        listen: tcp:192.168.1.33:80
        nat: "true"
        type: proxy
    proxyv4https443:
        connect: tcp:10.231.78.232:443
        listen: tcp:192.168.1.33:443
        nat: "true"
        type: proxy
    proxyv4monit:
        connect: tcp:10.231.78.232:2812
        listen: tcp:192.168.1.33:2812
        nat: "true"
        type: proxy
    proxyv4mysql:
        connect: tcp:10.231.78.232:3306
        listen: tcp:192.168.1.33:3306
        nat: "true"
        type: proxy

christian_audebert · September 5, 2020, 9:39am

stopped container, restarted virtual box,

and this command work whithout ‘nat=true’

lxc config device add store storeftppassive proxy listen=tcp:192.168.1.33:49152-65534 connect=tcp:10.231.78.232:49152-65534

need to understand…

tomp · September 5, 2020, 4:29pm

It might be the large range of ports taking too long to add all the dnat rules. Please can you try lowering the ftp passive port range in your ftp server and reduce the range in the proxy device. If that doesn’t work please log a bug at https://github.com/lxc/lxd/issues

christian_audebert · September 7, 2020, 6:09am

the command was to set ftp passive ports proxy for passive ftp acces ports from wan.
using

lxc config device add store storeftppassive proxy listen=tcp:192.168.1.33:49152-65534 connect=tcp:10.231.78.232:49152-65534

without ‘nat=true’ do the job, without wait. (1-2 s)

i was retryed 3 time with ‘nat=true’ before trying without ‘nat=true’, including restarting virtualbox server, and every time, this command hang with the nat=true inside…
i’m waited 30 minutes for test, but nothing arise…

so, following your advice, reducing range, i tryed this:

lxc config device add store storeftppassive2 proxy listen=tcp:192.168.1.33:49000-49100 connect=tcp:10.231.78.232:49000-49100

and command passed normaly.

deleting old proxy ‘storeftppassive’ i retryed with nat=true and range 49152-50000

lxc config device add store storeftppassive proxy nat=true listen=tcp:192.168.1.33:49152-50000 connect=tcp:10.231.78.232:49152-50000

and this command pass, waiting 2 minutes.

and now, hanging arise removing the rule

lxc config device remove store storeftppassive

thinking it’s the range and the way setting/unsetting rules is set.

a --showprogress option when setting proxy to show progress can be set.?