Hi all, hope I'm posting this in the correct forum.
I've realized that I'm obviously lacking some fundamental knowledge with how to set up networking in a virtual environment, using bridges etc. I've had issues with several projects now, with getting VM or LXC services to talk to each other in the right way when they also rely on traffic from the Internet.
The setup I have is a server in a datacenter, with a single public IP directly on the NIC and masquerading setup to allow Internet traffic for clients on various bridges with different IP ranges.
One issue I had was to set up webdav on a windows server to nextcloud. If I entered the public url for the webdav, it wouldn't connect. Turns out I need to set up hairpinning for that, but that apparently has security implications, so I'm not sure if I want to proceed. I could also theoretically set up a split DNS, but that would mean the webdav has to connect via the local IPs, which means it'll bypass the reverse proxy that serves SSL for nextcloud, which again means that nextcloud won't allow it since everything has to be the same scheme.
The issue I'm struggling with now is how to set up coturn for nextcloud. I've tried installing it directly on the host and in a separate LXC. I've forwarded it's listening ports to the LXC (using iptables), but I still can't get calls through. Obviously a simple port forward isn't enough. Maybe I need some NATing?
The port forward is setup like this:
Has anyone got a clue what's lacking in this last case? Has anyone set up coturn in this kind of setup?
I've realized that I'm obviously lacking some fundamental knowledge with how to set up networking in a virtual environment, using bridges etc. I've had issues with several projects now, with getting VM or LXC services to talk to each other in the right way when they also rely on traffic from the Internet.
The setup I have is a server in a datacenter, with a single public IP directly on the NIC and masquerading setup to allow Internet traffic for clients on various bridges with different IP ranges.
One issue I had was to set up webdav on a windows server to nextcloud. If I entered the public url for the webdav, it wouldn't connect. Turns out I need to set up hairpinning for that, but that apparently has security implications, so I'm not sure if I want to proceed. I could also theoretically set up a split DNS, but that would mean the webdav has to connect via the local IPs, which means it'll bypass the reverse proxy that serves SSL for nextcloud, which again means that nextcloud won't allow it since everything has to be the same scheme.
The issue I'm struggling with now is how to set up coturn for nextcloud. I've tried installing it directly on the host and in a separate LXC. I've forwarded it's listening ports to the LXC (using iptables), but I still can't get calls through. Obviously a simple port forward isn't enough. Maybe I need some NATing?
The port forward is setup like this:
iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 3479 -j DNAT --to-destination 10.0.0.8:3479 where 10.0.0.8 is the IP for the coturn server LXC and 3479 is its listening port.Has anyone got a clue what's lacking in this last case? Has anyone set up coturn in this kind of setup?
