LXC port forward

T

tiagoadp

Member
Oct 9, 2022
12
0
6
Hey ppl, im trying to use an internal service that will run on port 443 in this alpine lxc container, the problem is that this app runs on a unprivileged local user, this is great more security, but the problem is that i can´t set to port 443 on the container, so i need to use for example 8080... So im trying to do an forwarding on the firewall so this container can serve the 8080 as 443, but yet unsuccessful.

Note i didn´t want to expose the port to outside using the host, i just need that accessing the container ip x.x.x.x:443 internally it goes to x.x.x.x:8080, also im using pve firewall.
 
Hi, can you please post the network configuration of the Proxmox VE `cat /etc/network/interface` and the LXC config `pct config <CTID>`?


In general you can do that as the following in the network configuration of Proxmox VE:

Code: 
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport <PORT> -j DNAT --to <VM or CT Ip address>:<PORT>
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport <PORT> -j DNAT --to <VM or CT Ip address>:<PORT>

I asked for the network config and CT config to know which port set to the LXC.
 
Sure my interfaces file:
Code: 
iface enp7s0 inet manual
iface enp8s0 inet manual

auto bond0
iface bond0 inet manual
        bond-slaves enp7s0 enp8s0
        bond-miimon 100
        bond-mode 802.3ad
        bond-xmit-hash-policy layer2+3

auto vmbr0
iface vmbr0 inet manual
        bridge-ports bond0
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids [redacted]

auto vmbr0.[redacted]
iface vmbr0.[redacted] inet dhcp
        vlan-raw-device vmbr0

pct config:
Code: 
pct config 100
arch: amd64
cmode: shell
cores: 2
features: nesting=1
hostname: auth
memory: 1024
net0: name=eth0,bridge=vmbr0,firewall=1,hwaddr=[redacted],ip=dhcp,ip6=dhcp,tag=[redacted],type=veth
onboot: 1
ostype: alpine
rootfs: local-lvm:vm-100-disk-0,size=2G
startup: order=100
swap: 0
unprivileged: 1
 
Also just to comment i need to make this ct port 443 to 8443, also the host uses an forward already from port 443 to 8006
 
In this case try to use `post-up iptables` as i posted above. You have to change the <port> and <VM or CT Ip address>:<PORT>
 
You must log in or register to reply here.
Top Bottom