I am trying to forward my port to my container following the instructions here: How to configure network forwards - Canonical LXD documentation
In summary: after creating the forwards of the ports 2022 and 2023 to my 2 containers, I still cannot login from outside to my containers. My aim is to be able to login to my containers from my home computer using ssh like this:
ssh -p 2022 eelco@194.146.13.222 ssh: connect to host 194.146.13.222 port 2022: No route to host
I keep getting this error: No route to host.
I will give here what I have done, hopefully somebody can give advice.
Firstly, my containers are:
(base) $ sudo lxc ls
[sudo] password for eelco:
+------------+---------+----------------------+-----------------------------------------------+-----------+-----------+
| NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS |
+------------+---------+----------------------+-----------------------------------------------+-----------+-----------+
| contabodsk | RUNNING | 10.120.29.220 (eth0) | fd42:c404:630f:9628:216:3eff:fe9e:9968 (eth0) | CONTAINER | 0 |
+------------+---------+----------------------+-----------------------------------------------+-----------+-----------+
| contaboweb | RUNNING | 10.120.29.89 (eth0) | fd42:c404:630f:9628:216:3eff:fe17:d8e6 (eth0) | CONTAINER | 0 |
+------------+---------+----------------------+-----------------------------------------------+-----------+-----------+
My internal ip address is
(base) $ ip ad
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:50:56:4c:ff:ec brd ff:ff:ff:ff:ff:ff
altname enp0s18
altname ens18
inet 194.146.13.222/24 brd 194.146.13.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::250:56ff:fe4c:ffec/64 scope link
valid_lft forever preferred_lft forever
3: lxdbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:16:3e:ee:f5:30 brd ff:ff:ff:ff:ff:ff
inet 10.120.29.1/24 scope global lxdbr0
valid_lft forever preferred_lft forever
inet6 fd42:c404:630f:9628::1/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::216:3eff:feee:f530/64 scope link
valid_lft forever preferred_lft forever
5: veth64d018a3@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master lxdbr0 state UP group default qlen 1000
link/ether 3e:49:cd:a6:fb:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
7: veth3a4a154a@if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master lxdbr0 state UP group default qlen 1000
link/ether 72:8e:c6:9d:dc:7c brd ff:ff:ff:ff:ff:ff link-netnsid 1
I want to create and port forward to both containers at port 22 using ports 2022 and 2023 , and also one forward to one container at 3389 using ports 2080.
I’ve done the following
sudo lxc network forward create lxdbr0 10.120.29.1
sudo lxc network forward port add lxdbr0 10.120.29.1 tcp 2022 10.120.29.89 22
sudo lxc network forward port add lxdbr0 10.120.29.1 tcp 2023 10.120.29.220 22
sudo lxc network forward port add lxdbr0 10.120.29.1 tcp 2080 10.120.29.220 3389
which yields:
(base) $ sudo lxc network forward show lxdbr0 10.120.29.1
description: ""
config: {}
ports:
- description: ""
protocol: tcp
listen_port: "2022"
target_port: "22"
target_address: 10.120.29.89
- description: ""
protocol: tcp
listen_port: "2023"
target_port: "22"
target_address: 10.120.29.220
- description: ""
protocol: tcp
listen_port: "2080"
target_port: "3389"
target_address: 10.120.29.220
listen_address: 10.120.29.1
location: none
I have assured that I can log in using ssh from my host to the container (my host is a VPS):
ssh 10.120.29.89
Welcome to Ubuntu 23.10 (GNU/Linux 5.15.0-88-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
Last login: Mon Nov 6 15:48:25 2023 from 10.120.29.1
On my container a firewall is running:
eelco@contaboweb:~$ sudo ufw status verbose
[sudo] password for eelco:
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), deny (routed)
New profiles: skip
To Action From
-- ------ ----
22/tcp LIMIT IN Anywhere
22/tcp (OpenSSH) ALLOW IN Anywhere
8000/tcp ALLOW IN Anywhere
2022/tcp ALLOW IN Anywhere
22/tcp (v6) LIMIT IN Anywhere (v6)
22/tcp (OpenSSH (v6)) ALLOW IN Anywhere (v6)
8000/tcp (v6) ALLOW IN Anywhere (v6)
2022/tcp (v6) ALLOW IN Anywhere (v6)
At my host the firewall is inactive.
I was expecting that I would be able to login at my container from my home computer using ssh.
Loggin in at port 22 works just fine:
ssh -p 22 eelco@194.146.13.222
however, loging in at port 2022 gives me:
$ ssh -p 2022 eelco@194.146.13.222
ssh: connect to host 194.146.13.222 port 2022: No route to host
I have read through all comments on this forum, but I cannot find the solution. Hopefully anybody can give advice how to give this!
Regards
Eelco