Forward and map port to container


I’m trying to forward a port to a container, with some mapping. In this case from tcp 7777 (outside world) to the container default port of the icecast2 server for some tests… But it does not work. And i’m not sure, whats wrong. Googling around this forum an others gives me solutions with different firewalls and LXC commands. Think thats not necessary…

Btw, the container ip stays the same every time?

invcus network forward create incusbr0
incus network forward port add incusbr0 tcp 7777 8000

thanks at adv… Rüdiger

network forward create is meant for additional IP addresses that then point to instances, like floating IPs in the cloud.

In your case, as you seem to want to forward a port on the host to an instance, what you want instead is a proxy device.

incus config device add YOUR-INSTANCE port-8000 proxy listen=tcp: connect=tcp:

This will make any connection to your host’s IP addresses on port tcp/8000 to be forwarded to the instance.

1 Like

Great it works. Thanks…

In my case i had to change the listen Port to 7777, bec. port 8000 is already in use on my system.

incus config device add ubuntu2204 port-8000 proxy listen=tcp: connect=tcp:

That means, if i have in addition a caddy proxy running for ssl letsencrypt, i could direct “forward” to the instance ip and port? If the ip of the instance does not change, of course…?!

Yeah, that should be fine.

The instance IP isn’t very likely to change as it gets a reasonably long DHCP lease from dnsmasq and dnsmasq also tries to keep the IPs as static as possible through some kind of MAC hashing.

Sounds great. I assume the the proxy also can forward none web applications, like ssh, sftp…? To reach for example the instance p22 ssh via port 2222 from the outside…

Yep, it can forward just about anything, also udp, unix sockets, …


Port Forward for hybrid socket 443 tcp+udp for QUIC connections Incus Container

Hi, quick question; I’m attempting to add a port forward using the incus ‘proxy device’ method for http and https web hosting within a container. QUIC connections rely on tcp+udp port 443. Unfortunately im unable to find correct syntax or information relating to confirm or deny if this works.

How do i forward the same port for both UDP and TCP?

I tried entering as separate commands (one rule for tcp and one for udp [443]) but errors with port already in use.

p.s: seems appropriate to ask here and consolidate useful info than create new thread.

stgraber@dakara:~$ incus launch images:alpine/edge a1
Creating a1
Starting a1
stgraber@dakara:~$ incus config device add a1 port-8000-tcp proxy listen=tcp: connect=tcp:
Device port-8000-tcp added to a1
stgraber@dakara:~$ incus config device add a1 port-8000-udp proxy listen=udp: connect=udp:
Device port-8000-udp added to a1
1 Like

:+1: :palm_up_hand: :+1: