Forward and map port to container

RudiOnTheAir · October 11, 2023, 12:41pm

Hi

I’m trying to forward a port to a container, with some mapping. In this case from tcp 7777 (outside world) to the container default port of the icecast2 server for some tests… But it does not work. And i’m not sure, whats wrong. Googling around this forum an others gives me solutions with different firewalls and LXC commands. Think thats not necessary…

Btw, the container ip stays the same every time?

invcus network forward create incusbr0 10.217.37.1
incus network forward port add incusbr0 10.217.37.1 tcp 7777 10.217.37.202 8000

thanks at adv… Rüdiger

stgraber · October 11, 2023, 1:46pm

network forward create is meant for additional IP addresses that then point to instances, like floating IPs in the cloud.

In your case, as you seem to want to forward a port on the host to an instance, what you want instead is a proxy device.

incus config device add YOUR-INSTANCE port-8000 proxy listen=tcp:0.0.0.0:8000 connect=tcp:127.0.0.1:8000

This will make any connection to your host’s IP addresses on port tcp/8000 to be forwarded to the instance.

RudiOnTheAir · October 11, 2023, 2:15pm

Great it works. Thanks…

In my case i had to change the listen Port to 7777, bec. port 8000 is already in use on my system.

incus config device add ubuntu2204 port-8000 proxy listen=tcp:0.0.0.0:7777 connect=tcp:127.0.0.1:8000

That means, if i have in addition a caddy proxy running for ssl letsencrypt, i could direct “forward” to the instance ip and port? If the ip of the instance does not change, of course…?!

stgraber · October 11, 2023, 2:43pm

Yeah, that should be fine.

The instance IP isn’t very likely to change as it gets a reasonably long DHCP lease from dnsmasq and dnsmasq also tries to keep the IPs as static as possible through some kind of MAC hashing.

RudiOnTheAir · October 11, 2023, 3:03pm

Sounds great. I assume the the proxy also can forward none web applications, like ssh, sftp…? To reach for example the instance p22 ssh via port 2222 from the outside…

stgraber · October 11, 2023, 3:04pm

Yep, it can forward just about anything, also udp, unix sockets, …

BasketCase808 · January 12, 2024, 1:27am

Port Forward for hybrid socket 443 tcp+udp for QUIC connections Incus Container

Hi, quick question; I’m attempting to add a port forward using the incus ‘proxy device’ method for http and https web hosting within a container. QUIC connections rely on tcp+udp port 443. Unfortunately im unable to find correct syntax or information relating to confirm or deny if this works.

How do i forward the same port for both UDP and TCP?

I tried entering as separate commands (one rule for tcp and one for udp [443]) but errors with port already in use.

p.s: seems appropriate to ask here and consolidate useful info than create new thread.

stgraber · January 12, 2024, 3:45am

stgraber@dakara:~$ incus launch images:alpine/edge a1
Creating a1
Starting a1
stgraber@dakara:~$ incus config device add a1 port-8000-tcp proxy listen=tcp:0.0.0.0:8000 connect=tcp:127.0.0.1:8000
Device port-8000-tcp added to a1
stgraber@dakara:~$ incus config device add a1 port-8000-udp proxy listen=udp:0.0.0.0:8000 connect=udp:127.0.0.1:8000
Device port-8000-udp added to a1
stgraber@dakara:~$

BasketCase808 · January 16, 2024, 1:41pm