I have a use-case like this:
Host
|___ cn1___ cn2 (nested in cn1)
I created CN1 using ubuntu bionic
CN1 was setup with:
“security.nesting true”
snap LXD installed
when I did LXD INIT I told it NOT to create an lxdbr0 bridge and instead to use ETH0
which then gave any “nested” container inside CN1 an IP address on the same 10.x.x.x subnet as CN1 itself
I created CN2 (ubuntu bionic)
CN2 was setup with:
- apache2 installed in it
- ufw allow 80
Host IP = 192.168.122.114
CN1 IP = 10.164.216.143
(nested) CN2 IP = 10.164.216.236
What I’d like to have happen is I’d like any traffic to Port 80 of the Host to be forwarded to the nested CN2’s Port 80
Port 80 on the CN2 nested container is OPEN as an NMAP on the Host shows:
$ nmap -p 80 10.164.216.236
Starting Nmap 7.60 ( https://nmap.org ) at 2018-12-17 15:55 UTC
Nmap scan report for 10.164.216.236
Host is up (0.00021s latency).PORT STATE SERVICE
80/tcp open httpNmap done: 1 IP address (1 host up) scanned in 0.04 seconds
Back on the Host I figured LXD’s device proxy would not help for forwarding a Host port to a “nested” CN2 container.
So figured device proxy wouldn’t help as I can’t use it to for this so I used the following on the host:
On the Host:
sudo ufw allow 80
sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 10.164.216.236:80
Then running a browser on another machine and pointing it to the Host IP
I get an Unable to Connect message? So maybe my iptables syntax is wrong?
So I thought I’d ask if anyone has any idea how this might be accomplished?
thanks for any tips
brian