Incus port forward issue, I think

Greeting~ :sweat_smile:

When I config port forwarding on the Incus-UI.
I can’t see port number on ss -tnlp.

How can I see port number which is configured of forwarding.

Thanks for your help.

Maybe It is overay.
So I can not see port number on host. Isn’t it?

Welcome!

See Forward and map port to container - #2 by stgraber for the differences between incus network forward and incus config device add ... proxy (proxy device).

I am not sure how incus network forward is implemented. If it is with nftables, then it would not appear under ss.

However, if you use a proxy device, then it will appear when you run ss. Because with proxy devices, Incus will launch an auxiliary process that will bind to the requests ports. Hence, it will be visible under ss or lsof.

In the following I launch a container, I setup a Web server in the container, and I expose that Web server on an IP address of the host. Initially, I try with port 80 on the host (already used, therefore failure), and then I try with port 8080 on the host (success).

$ incus launch images:ubuntu/24.04/cloud mycontainer
Launching mycontainer
$ incus exec mycontainer -- apt install -y nginx
...
$ incus config device add mycontainer myport80 proxy listen=tcp:0.0.0.0:80 connect=tcp:127.0.0.1:80
Error: Failed to start device "myport80": Error occurred when starting proxy device: Error: Failed to listen on 0.0.0.0:80: listen tcp 0.0.0.0:80: bind: address already in use
$ incus config device add mycontainer myport8080 proxy listen=tcp:0.0.0.0:8080 connect=tcp:127.0.0.1:80
Device myport8080 added to mycontainer
$ sudo lsof -i :8080
COMMAND   PID     USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
incusd  53378  1000000    3u  IPv6 410518      0t0  TCP *:http-alt (LISTEN)
incusd  53378  1000000    7u  IPv6 410518      0t0  TCP *:http-alt (LISTEN)
$ 

Finally, we test it.

$ curl 192.168.1.40:8080
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>
$

Thank you for your warm welcome and for answering my question.

Yep, you are correct.
As follow your instruction, I can see port number on ss command.

❯ incus config device add ubuntu-container myport80 proxy listen=tcp:0.0.0.0:80 connect=tcp:127.0.0.1:80
Device myport80 added to ubuntu-container
❯ sudo ss -tnlp | grep :80
LISTEN 0      4096                         *:80               *:*    users:(("incusd",pid=8169,fd=7),("incusd",pid=8169,fd=3))
❯
❯ curl 127.0.0.1
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

Thanks again.
Good days all in all.