I’m using lxc-net to manage several containers. My LAN runs on 192.168.1.x and the lxc-net range for the containers is 10.0.3.x. I am wondering what the recommended setup on the host to allow other boxes on my LAN to ssh directly into the containers.
In other words, say I am on a laptop. Rather than sshing from it to the lxc host and then from the host sshing into the lxc, I’d like to be able to ssh directly to the container from the laptop.
I am using ufw on the host and on the container. I’m thinking an edit to /etc/ufw/before.rules on the host is needed to forward an incoming connection to port 22 to the 10.0.3.x range.
For example:
# this is at the bottom of /etc/ufw/before.rules on the host
*nat
:PREROUTING ACCEPT [0:0]
-A PREROUTING -i eth0 -p tcp --dport 2222 -j DNAT --to-destination 10.0.3.100:22
-A PREROUTING -i eth0 -p tcp --dport 2223 -j DNAT --to-destination 10.0.3.101:22
-A PREROUTING -i eth0 -p tcp --dport 2224 -j DNAT --to-destination 10.0.3.102:22
COMMIT
So to hit the lxc @ 10.0.3.100 I would ssh -p 2222 ip.of.host … is there a more elegant way to do this? Thanks for the suggestions.