LXC network bridge issue

I’m having issues getting the network bridge to work with a container. I’m fairly new to LXC so I’m not sure what tests I should be running. The container has a website. I tested with lynx in the container and the webpage does work but its not showing outside of the container. I created the bridge with this command:

lxc config device add <container name> <device name> proxy listen=tcp:<host ip>:<host port> connect=tcp:<container ip>:<container port>

which has worked with some of my other test containers. I’m using Ubuntu 19.04 server edition. I can ping the containers IP and the container can ping the hosts IP as well as outside domain names (IE www.google.com). Not sure what I should be checking at this point.

Hi!

If your container is called mycontainer and you want to expose port 80 of that container to the host’s public IP address, then you would use something like:

lxc config device add mycontainer myport80 proxy listen=tcp:0.0.0.0:80 connect=tcp:127.0.0.1:80

Note that this implies that

  1. You do not have another Webserver running on port 80 on the host
  2. You do not have another container already configured to use port 80 on the host
  3. If something in wrong with the proxy device, you can find the lots in /var/snap/lxd/common/lxd/logs/mycontainer.

And that you dont have a firewall running on the host (or upstream in the network) that is blocking access to port 80 on the host’s IP. :slight_smile:

@darknite1979 can you do curl http://<host ip> on the host, does it return the container’s page?

Also, can you do curl http://127.0.0.1 inside the container?

-I turned the firewall off on the host and guest (ufw status: inactive for both)
-I can ping the guest from the host and visa versa
-DNS resolves inside of the guest (pinged www.google.com to verify)
-The webserver in the guest is on 8080 (verified with curl)
-The host has a webserver on port 80 (verified with curl)
-Host does not have a webserver running on port 8080 (verified with curl)
-The host gets connection refused when curling the guests IP:8080

-info form lxc device
$ sudo lxc config device show file-download-server
port8080:
connect: tcp:10.44.51.135:8080
listen: tcp:192.168.1.210:8080
type: proxy

Everything looks fine from lxc perspective but none of my testing is successful. I also have another lxc server I use for testing and when using the same commands I can use the webpage. Not sure what I should be checking next…

Can you curl on the host to http://10.44.51.135:8080

Ah I think you did that and said it doesn’t work. In.that case please provide output of netstat -tlpn inside container thanks

Here ya go :
root@file-download-server:~# netstat -tpln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN 1950/python
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1883/sshd
tcp6 0 0 :::22 :::* LISTEN 1883/sshd

@darknite1979 ah so there is the issue.

Your web server inside the container is listening on 127.0.0.1:8080.

But your proxy config is configured to connect to 10.44.51.135:8080.

Although the proxy does use the container’s network namespace to connect to the destination address, even in this case, it won’t be able to connect o 10.44.51.135:8080 as your web server isn’t listening on that IP or 0.0.0.0:8080

So I would suggest you change your web server to listen on that or the wildcard address, or update the proxy to connect to 127.0.0.1:8080

OK that works, what is weird is that on my lxc test server I was using the IP address that was assigned to the container not local host and that worked on every other container I created… Whatevs, as long as it works. Thanks for the assist!

Good to hear that solved it.

Perhaps your earlier test containers had the webserver listening on 0.0.0.0?