Directly connecting to container bridge network from the "outside"

LXD
1

Looking for some advice here. I have an LXD 3.6 server running at Digital Ocean (Debian 9.5) with a bridge network of 192.168.191.0/24. I am running three alpine containers - each specific packages (nginx, etc). My goal is to get a direct connection to this bridge network so I can run some management tools on the containers (phpMyAdmin, etc).

I have looked at setting up OpenVPN and IPSec server code on the Debian-9 server, but that seems awfully complicated for what I need.

Next, I tried “sshuttle” which essentially is a poor-man’s VPN over ssh. I was able to get the connection established, but the bridge network does not appear in the list of valid subnets. A verbose dump of the connection provides this (the real IP is obfuscated with “XXX.YYY.ZZZ.AAA”)

firewall manager: Got subnets: [(2, 32, False, ‘XXX.YYY.ZZZ.AAA’, 0, 0), (2, 0, False, ‘0.0.0.0’, 0, 0), (2, 32, True, ‘127.0.0.1’, 0, 0), (30, 128, True, ‘::1’, 0, 0)]

A list of the LXD networks:

root@bmyers-dev1:~# lxc network list
+--------+----------+---------+-------------+---------+
|  NAME  |   TYPE   | MANAGED | DESCRIPTION | USED BY |
+--------+----------+---------+-------------+---------+
| eth0   | physical | NO      |             | 0       |
+--------+----------+---------+-------------+---------+
| lxdbr0 | bridge   | YES     |             | 4       |
+--------+----------+---------+-------------+---------+

A list of containers running

root@bmyers-dev1:~# lxc list
+-------------------+---------+------------------------+-----------------------------------------------+------------+-----------+
|       NAME        |  STATE  |          IPV4          |                     IPV6                      |    TYPE    | SNAPSHOTS |
+-------------------+---------+------------------------+-----------------------------------------------+------------+-----------+
| db01              | RUNNING | 192.168.191.11 (eth0)  | fd42:... (eth0) | PERSISTENT |           |
+-------------------+---------+------------------------+-----------------------------------------------+------------+-----------+
| nginx-proxy       | RUNNING | 192.168.191.10 (eth0)  | fd42:... (eth0) | PERSISTENT |           |
+-------------------+---------+------------------------+-----------------------------------------------+------------+-----------+
| www-server-01     | RUNNING | 192.168.191.101 (eth0) | fd42:... (eth0) | PERSISTENT |           |
+-------------------+---------+------------------------+-----------------------------------------------+------------+-----------+

Wondering if anyone has solved this problem before using sshuttle. If not, can you recommend a different tool that is easy to use (aside from ssh with multiple port forwarding statements)?

2

If you install phpMyAdmin locally, it would need access to the port of the mySQL database in the db01 container on the VPS.

You can use SSH to make the port 3306 of the db01 container to appear as port 3306 locally on your desktop computer. Then, you set up locally phpMyAdmin and configure to find the database at localhost:3306. For this to work, you would need to also add your SSH public key on db01.

There are a few ways to to this. Have a look at

3

Hi Ron,

I use sshuttle to connect to lxd containers on a bridge frequently and stumbled upon this post researching something else related to using sshuttle and linux containers. I love sshuttle and lxd. If you’ve already moved on from this question, then maybe this will help somebody else…or not :grinning:. It would be helpful to know what you are typing at the command line to invoke sshuttle and the parameters you are passing. It’s hard for me to tell exactly what was passed at the command line based on the log.

Here is how I connect. I want to include two subnets on my remote network: the lxd container network on a bridge (10.2.2.0/24) and a hardware management network (192.168.254.0/24):

sshuttle -r username@remote-public-ip 10.2.2.0/24 192.168.254.0/24 --ssh-cmd 'ssh -p port-number -i /home/user/.ssh/private-key'