Redirect traffic to a specific LXC using iptables PREROUTING

Hi,

I got these setup:

Server #1 192.168.50.99

/etc/hosts file
mytest1.com 127.0.0.1
mytest2.com 127.0.0.1

Nginx reverse proxy
proxy pass to 192.168.50.75:8080 <-- Server #2

Server #2 192.168.50.75

Nginx accepting 8080 port
With this IP tables

sudo iptables --table nat --append PREROUTING --destination 192.168.50.75 --protocol tcp --dport 8080 --jump DNAT --to-destination 10.189.124.145:80

sudo iptables --table nat --append PREROUTING --destination 192.168.50.75 --protocol tcp --dport 8080 --jump DNAT --to-destination 10.189.124.111:80

LXC List

wp1 - IP 10.189.124.145 - nginx port 80
wp2 - IP 10.189.124.111 - nginx port 80

If you try to connect to mytest1 dot com:

curl mytest [dot] com - This will get the Nginx content of LXC WP 1

curl mytest2 [dot ]com - (PROBLEM ) This will get the Nginx content of LXC WP 1 - It should get the LXC WP 2 Content and not WP 1

I know the IPTables will accept the first rule and ignore the rule #lxd

Any ideas on how to get this to work?

Thanks in advance!

Prerouting is the wrong approach for this. Handle it in the proxy config.

If you insist on handling it through prerouting, you will need to distinguish the two sites based on port/IP, or manually set a flag on the outbound packet and detect it on the inbound, or start looking inside the packets for the Host: header, which can get very messy due to fragmentation/SSL/etc.

@tetech You are right! I was able to configure it using proxy config device and not using IP Tables. I created a blog post about that here https://johnmark.me/lb-to-lxc-using-reverse-proxy-and-lxd-config-device-local-machines/

Thank you again!

1 Like