Previously I could connect my database manager to the db server by creating a tunnel. However now I have the database server inside a container, I was wondering to adapt to do this when running the server in the container?
$ ssh -L 3306:localhost:3306 user@example.com
I also tried the following with an apache container, and did not work either.
$ ssh -NL 80:localhost:80 user@example.com
$ ssh -NL 10:0.0.10:80:localhost:80 user@example.com
Thanks
Please show ip a and ip r inside host and container.
And please show sudo ss -tlpn inside container.
I’ve changed the post to lxd topic and added networking tag to aid discovery by others in the future.
I did a standard SSH into the server without tunnel and run those commands, not sure if i was suppose to do it another way.
These results are from one my home lxd servers inside a VM, created a container and installed apache. The ip address of container is 10.0.0.227 . Just wondering if there is easy way to create a tunnel. Use cases: Using database manager to access remote MySQL server, locking a mail server web based admin tool.
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:1c:42:89:c1:fb brd ff:ff:ff:ff:ff:ff
inet 192.168.1.100/24 brd 192.168.1.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 2a0c:5a84:3201:7100:21c:42ff:fe89:c1fb/64 scope global dynamic mngtmpaddr noprefixroute
valid_lft 4293741100sec preferred_lft 4293741100sec
inet6 fe80::21c:42ff:fe89:c1fb/64 scope link
valid_lft forever preferred_lft forever
3: lxdbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:16:3e:51:8b:9d brd ff:ff:ff:ff:ff:ff
inet 10.209.144.1/24 scope global lxdbr0
valid_lft forever preferred_lft forever
inet6 fd42:603c:9fbb:199::1/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::216:3eff:fe51:8b9d/64 scope link
valid_lft forever preferred_lft forever
4: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:16:3e:e6:1f:b8 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.1/24 scope global vnet0
valid_lft forever preferred_lft forever
inet6 fd00::1/48 scope global
valid_lft forever preferred_lft forever
inet6 fe80::216:3eff:fee6:1fb8/64 scope link
valid_lft forever preferred_lft forever
5: vnet1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:16:3e:a4:96:2e brd ff:ff:ff:ff:ff:ff
inet 10.0.2.1/24 scope global vnet1
valid_lft forever preferred_lft forever
inet6 fd42:604c:9fbb:199::1/48 scope global
valid_lft forever preferred_lft forever
inet6 fe80::216:3eff:fea4:962e/64 scope link
valid_lft forever preferred_lft forever
6: nuberbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 00:16:3e:51:35:30 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.1/24 scope global nuberbr0
valid_lft forever preferred_lft forever
inet6 fd10::1/64 scope global
valid_lft forever preferred_lft forever
7: nuber-bridged: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 00:16:3e:f4:ed:a5 brd ff:ff:ff:ff:ff:ff
inet 10.254.254.1/24 scope global nuber-bridged
valid_lft forever preferred_lft forever
9: veth73248541@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vnet0 state UP group default qlen 1000
link/ether 46:2b:48:8f:c3:9e brd ff:ff:ff:ff:ff:ff link-netnsid 0
12: vetha38e52f2@if11: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vnet1 state UP group default qlen 1000
link/ether f2:5c:2a:54:c2:3f brd ff:ff:ff:ff:ff:ff link-netnsid 2
14: vethe8521da8@if13: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vnet0 state UP group default qlen 1000
link/ether 7a:ca:ff:96:d3:1b brd ff:ff:ff:ff:ff:ff link-netnsid 3
16: veth904afa6b@if15: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vnet0 state UP group default qlen 1000
link/ether f6:36:0d:65:34:14 brd ff:ff:ff:ff:ff:ff link-netnsid 4
22: veth1a4ccf13@if21: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master lxdbr0 state UP group default qlen 1000
link/ether 1e:97:d0:f3:9a:f1 brd ff:ff:ff:ff:ff:ff link-netnsid 5
24: vethf4e778e8@if23: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vnet0 state UP group default qlen 1000
link/ether a2:86:ed:37:6b:d8 brd ff:ff:ff:ff:ff:ff link-netnsid 7
ss -tlpn
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 32 10.254.254.1:53 0.0.0.0:*
LISTEN 0 32 10.0.2.1:53 0.0.0.0:*
LISTEN 0 32 10.0.0.1:53 0.0.0.0:*
LISTEN 0 32 10.209.144.1:53 0.0.0.0:*
LISTEN 0 4096 127.0.0.53%lo:53 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 4096 *:9090 *:*
LISTEN 0 4096 *:8081 *:*
LISTEN 0 32 [fd42:604c:9fbb:199::1]:53 [::]:*
LISTEN 0 32 [fd00::1]:53 [::]:*
LISTEN 0 32 [fd42:603c:9fbb:199::1]:53 [::]:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 4096 *:8443 *:*
I’m not really clear now if you’re SSHing into the container or the LXD host?
Can you ping the container’s IP from the host?
If so, can you provide the output of lxc exec <instance> -- ss -tlpn please
Sorry my bad, I am trying to create the tunnel by SSHing to the LXD host.
Can you telnet from the host the service IP and port you want in the container?
For example, if i do curl on the port 80 of the 10.0.0.x Ip address from the host, its fine.
I am guessing its not an easy thing to do then. I was wondering if there was a 1 liner or something to create a tunnel via SSH on the host, to access different ports on the private network IP addresses (e.g 10.0.0.x)
Yes you can just use what you were doing before but replace localhost with the IP or resolvable host name of the instance running the service.
You’ve not provided the info I asked for so I can’t check the service you want is listening on the correct IP, but assuming it is then it should work.
Sorry I do applogize, i did confirm that it working with curl.
lxc exec mail -- ss -tlpn
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 100 0.0.0.0:25 0.0.0.0:* users:(("master",pid=611,fd=13))
LISTEN 0 511 0.0.0.0:443 0.0.0.0:* users:(("nginx",pid=175,fd=13),("nginx",pid=174,fd=13))
LISTEN 0 100 0.0.0.0:993 0.0.0.0:* users:(("dovecot",pid=134,fd=38))
LISTEN 0 100 0.0.0.0:995 0.0.0.0:* users:(("dovecot",pid=134,fd=21))
LISTEN 0 80 127.0.0.1:3306 0.0.0.0:* users:(("mysqld",pid=207,fd=42))
LISTEN 0 100 0.0.0.0:587 0.0.0.0:* users:(("master",pid=611,fd=17))
LISTEN 0 4096 127.0.0.1:783 0.0.0.0:* users:(("spamd child",pid=622,fd=6),("spamd child",pid=621,fd=6),("spamd",pid=290,fd=6))
LISTEN 0 511 0.0.0.0:80 0.0.0.0:* users:(("nginx",pid=175,fd=10),("nginx",pid=174,fd=10))
LISTEN 0 100 0.0.0.0:465 0.0.0.0:* users:(("master",pid=611,fd=20))
LISTEN 0 4096 127.0.0.53%lo:53 0.0.0.0:* users:(("systemd-resolve",pid=114,fd=13))
LISTEN 0 511 [::]:443 [::]:* users:(("nginx",pid=175,fd=12),("nginx",pid=174,fd=12))
LISTEN 0 100 [::]:993 [::]:* users:(("dovecot",pid=134,fd=39))
LISTEN 0 100 [::]:995 [::]:* users:(("dovecot",pid=134,fd=22))
LISTEN 0 4096 [::1]:783 [::]:* users:(("spamd child",pid=622,fd=5),("spamd child",pid=621,fd=5),("spamd",pid=290,fd=5))
LISTEN 0 511 [::]:80 [::]:* users:(("nginx",pid=175,fd=11),("nginx",pid=174,fd=11))