IPtables not working in LXC proxy container

asad · October 29, 2020, 10:28am

Hope you are doing ok ,

I have a container in which nginx is running and on this container port 80 and 443 are bound
and this container is routing traffic to different containers where the different websites resides , now i want to reject specific public IP access to the proxy container i made some rules in iptables but they are not working not dropping the access of specific IP.

FYI : vm instance is on GCP
OS =debian9

can you please guide me how iptables works in lxc containers

simos · October 29, 2020, 5:55pm

How does your proxy container become accessible to the Internet?
Do you use IPtables rules or do you use LXD proxy devices?

asad · October 31, 2020, 7:34am

Thanks for replying
i used LXD proxy device

asad · November 3, 2020, 6:28am

@simos awaiting for your reply . can you please help how to implement iptables in lxc container

simos · November 3, 2020, 6:34am

You use a LXD proxy device, which means that the iptables rules have to work before the LXD proxy device receives the network connection.
Do your rules use INPUT? Try with PREROUTING.

asad · November 3, 2020, 12:05pm

i am using INPUT ? what do you suggests ?

simos · November 3, 2020, 4:09pm

Okay, this one is important. AFAIK, GCP gives out a private IP address to your VM.

Try to verify that your iptables rules really work on your workstation. Therefore, you will be confident that you got the correct rules. Tell us the results of this test.
Shows us an example of such a rule.