Any suggestion on the preferred way to forward ports from both a public IPv4 and a public IPv6, to a static IP 10.x.x.x, on the lxdbr0, of an LXD container running a conferencing app jitsi, the ports it says it needs are
|Media Traffic |UDP |10000 |JVB |Public|
|Media Traffic in Restricted Firewalls |TCP |4443 |JVB |Public|
|For XMPP components (eg: Jicofo)* |TCP |5347 |Prosody |Private|
|For external XMPP clients (eg: JVB, Jibri)** |TCP |5222 |Prosody |Private|
You cannot forward IPv6 packets to IPv4 addresses using nat=true
mode so you would need to use a proxy
in non-NAT mode. Or add an IPv6 address to the container and then setup multiple proxy
devices on the container using nat=true
mode, for the IPv4 and IPv6 addresses respectively.
Ah OK. Shouldāve been more specific, not trying to cross over IP protocol versions 4 and 6. What about, four network forwards, one for each of the 4 ports, listening on host public IPv6 address, to the Jitsi app LXD containerās unique local IPv6 address FDxx? Plus, four network forwards, one for each of the 4 ports, from host public IPv4 address, to Jitsi app LXD containerās static IPv4 address 10.x.x.x ?
Yes using network forwards will work to. This uses the same underlying firewall DNAT rules as LXDās proxy
device does with nat=true
set. When using either approaches it is necessary to setup a static internal IP in the instance so the firewall rules have somewhere static to forward to.
When using proxy
in nat=true
mode it will require that the instanceās NIC config have a static ipv{n}.address
set. Whereas using network level forwards will just expect you to provide IPs for an instance.
This difference is because the proxy
device allows the firewall forward rules to follow the instance (if its stopped/started/moved), whereas network forward rules remain linked to the network and host.