I’m trying to forward a port to a container, with some mapping. In this case from tcp 7777 (outside world) to the container default port of the icecast2 server for some tests… But it does not work. And i’m not sure, whats wrong. Googling around this forum an others gives me solutions with different firewalls and LXC commands. Think thats not necessary…
Btw, the container ip stays the same every time?
invcus network forward create incusbr0 10.217.37.1
incus network forward port add incusbr0 10.217.37.1 tcp 7777 10.217.37.202 8000
thanks at adv… Rüdiger
network forward create is meant for additional IP addresses that then point to instances, like floating IPs in the cloud.
In your case, as you seem to want to forward a port on the host to an instance, what you want instead is a proxy device.
incus config device add YOUR-INSTANCE port-8000 proxy listen=tcp:0.0.0.0:8000 connect=tcp:127.0.0.1:8000
This will make any connection to your host’s IP addresses on port tcp/8000 to be forwarded to the instance.
Great it works. Thanks…
In my case i had to change the listen Port to 7777, bec. port 8000 is already in use on my system.
incus config device add ubuntu2204 port-8000 proxy listen=tcp:0.0.0.0:7777 connect=tcp:127.0.0.1:8000
That means, if i have in addition a caddy proxy running for ssl letsencrypt, i could direct “forward” to the instance ip and port? If the ip of the instance does not change, of course…?!
Yeah, that should be fine.
The instance IP isn’t very likely to change as it gets a reasonably long DHCP lease from dnsmasq and dnsmasq also tries to keep the IPs as static as possible through some kind of MAC hashing.
Sounds great. I assume the the proxy also can forward none web applications, like ssh, sftp…? To reach for example the instance p22 ssh via port 2222 from the outside…
Yep, it can forward just about anything, also udp, unix sockets, …