LXC port forward

T

tiagoadp

Member
Oct 9, 2022
12
0
6
Hey ppl, im trying to use an internal service that will run on port 443 in this alpine lxc container, the problem is that this app runs on a unprivileged local user, this is great more security, but the problem is that i can´t set to port 443 on the container, so i need to use for example 8080... So im trying to do an forwarding on the firewall so this container can serve the 8080 as 443, but yet unsuccessful.

Note i didn´t want to expose the port to outside using the host, i just need that accessing the container ip x.x.x.x:443 internally it goes to x.x.x.x:8080, also im using pve firewall.
 
Hi, can you please post the network configuration of the Proxmox VE `cat /etc/network/interface` and the LXC config `pct config <CTID>`?


In general you can do that as the following in the network configuration of Proxmox VE:

Code: 
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport <PORT> -j DNAT --to <VM or CT Ip address>:<PORT>
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport <PORT> -j DNAT --to <VM or CT Ip address>:<PORT>

I asked for the network config and CT config to know which port set to the LXC.
 
Sure my interfaces file:
Code: 
iface enp7s0 inet manual
iface enp8s0 inet manual

auto bond0
iface bond0 inet manual
        bond-slaves enp7s0 enp8s0
        bond-miimon 100
        bond-mode 802.3ad
        bond-xmit-hash-policy layer2+3

auto vmbr0
iface vmbr0 inet manual
        bridge-ports bond0
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids [redacted]

auto vmbr0.[redacted]
iface vmbr0.[redacted] inet dhcp
        vlan-raw-device vmbr0

pct config:
Code: 
pct config 100
arch: amd64
cmode: shell
cores: 2
features: nesting=1
hostname: auth
memory: 1024
net0: name=eth0,bridge=vmbr0,firewall=1,hwaddr=[redacted],ip=dhcp,ip6=dhcp,tag=[redacted],type=veth
onboot: 1
ostype: alpine
rootfs: local-lvm:vm-100-disk-0,size=2G
startup: order=100
swap: 0
unprivileged: 1
 
Also just to comment i need to make this ct port 443 to 8443, also the host uses an forward already from port 443 to 8006
 
In this case try to use `post-up iptables` as i posted above. You have to change the <port> and <VM or CT Ip address>:<PORT>
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back