Redirect traffic to a specific LXC using iptables PREROUTING


I got these setup:

Server #1

/etc/hosts file

Nginx reverse proxy
proxy pass to <-- Server #2

Server #2

Nginx accepting 8080 port
With this IP tables

sudo iptables --table nat --append PREROUTING --destination --protocol tcp --dport 8080 --jump DNAT --to-destination

sudo iptables --table nat --append PREROUTING --destination --protocol tcp --dport 8080 --jump DNAT --to-destination

LXC List

wp1 - IP - nginx port 80
wp2 - IP - nginx port 80

If you try to connect to mytest1 dot com:

curl mytest [dot] com - This will get the Nginx content of LXC WP 1

curl mytest2 [dot ]com - (PROBLEM ) This will get the Nginx content of LXC WP 1 - It should get the LXC WP 2 Content and not WP 1

I know the IPTables will accept the first rule and ignore the rule #lxd

Any ideas on how to get this to work?

Thanks in advance!

Prerouting is the wrong approach for this. Handle it in the proxy config.

If you insist on handling it through prerouting, you will need to distinguish the two sites based on port/IP, or manually set a flag on the outbound packet and detect it on the inbound, or start looking inside the packets for the Host: header, which can get very messy due to fragmentation/SSL/etc.

@tetech You are right! I was able to configure it using proxy config device and not using IP Tables. I created a blog post about that here

Thank you again!

1 Like

I did tried HA PROXY and Nginx reverse proxy but if you do speed test it always comes back slow like 1.5 seconds, my sites are very well optimize and they do load up at 456 to 600 MAX milliseconds and I dont know what to do as far as getting same speed inside container, I’ve two web1 & web2 container’s and 1 reverse proxy container, not sure what I am missing.