Thank you for your reply.
It is a python script that uses pylxd
.
Code that creates the network:
client.networks.create(network_name, description="Nested Network for Linux Labs", type="bridge", config={
"ipv4.address": "auto",
"ipv4.nat": "true",
"ipv6.address": "none",
"ipv4.firewall": "false" # I am here for debugging please remove
})
Code that creates the forward and the port forward:
Of note, I wasn’t able to use pylxd for that and still wish to. However that is another issue outside the scope of my question (maybe) as it pertains a custom post/put call with pylxd.
os.system(f"lxc network forward create {network_name} {listen_address}") #TODO use pylxd api instead of CLI tool
Imagine the next snippet being in a loop that iterates through a participant csv-file, that creates and starts a container-instance. It will create a unique ssh port and web port for each instance.
os.system(f"lxc network forward port add {network_name} {listen_address} tcp {source_port} {inet[0]['address']} {target_port}")
Output from lxc config show <instance> --expanded
:
architecture: x86_64
config:
image.architecture: amd64
image.description: ubuntu 21.04 amd64 (release) (20220118)
image.label: release
image.os: ubuntu
image.release: hirsute
image.serial: "20220118"
image.type: squashfs
image.version: "21.04"
user.user-data: |
#cloud-config
users:
- groups: sudo
name: test
shell: /bin/bash
ssh-authorized-keys:
- ssh-rsa <<snip>>
sudo:
- ALL=(ALL) NOPASSWD:ALL
volatile.base_image: 1b4e4d326603c8150bcd00857539bc4a5b0f90703f1ec316c6be76749c9651e6
volatile.eth0.hwaddr: 00:16:3e:e6:7d:b8
volatile.idmap.base: "0"
volatile.idmap.current: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
volatile.idmap.next: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
volatile.last_state.idmap: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
volatile.last_state.power: STOPPED
volatile.uuid: 36b6d000-b3bb-4786-b75b-add06a41d029
devices:
eth0:
name: eth0
network: nestbr0
type: nic
root:
path: /
pool: default
type: disk
ephemeral: false
profiles:
- default
- nestpr0
stateful: false
description: ""
Output of the nestpr0 profile:
config: {}
description: ""
devices:
eth0:
name: eth0
network: nestbr0
type: nic
root:
path: /
pool: default
type: disk
name: nestpr0
Port forward config provided by lxc network forward show {network_name} {listen_address}
description: ""
config: {}
ports:
- description: ""
protocol: tcp
listen_port: "52200"
target_port: "22"
target_address: 10.72.93.115
- description: ""
protocol: tcp
listen_port: "58000"
target_port: "80"
target_address: 10.72.93.115
listen_address: 172.20.77.89
location: none
Only difference here would be the listening address. That would be 127.0.0.1 while I was testing with localhost.
The following behavior is visible with localhost:
- When using
ssh -p 52200 test@127.0.0.1
it will timeout. 52200 is the configured port.
- When using any other ports (like 49999) it will refuse the connection.
LXC was initiated with lxd init --auto
on Ubuntu 21.10 as I was thinking that lxd was falsely identifying the firewalls of Ubuntu 20.04 as nftables during my initial troubleshooting searches (through lxc info | grep firewall:
). I can confirm that 20.04 exhibits the same behavior.
I hope this is enough information.
EDITS: some rewording and clarfication