[SOLVED] Port Forward All To LXC

[lemel]

I have an LXC with Nginx Proxy Forward set-up to manager traffic coming from ports 80, 57, 443, 8096, etc to different IP's pointing to other LXC's.
This works well when I edit the PVE host etc/network/interfaces and include this per port.

post-up iptables -t nat -A PREROUTING -i eno1 -p tcp --dport PORT -j DNAT --to 192.168.5.x:PORT
post-down iptables -t nat -D PREROUTING -i eno1 -p tcp --dport PORT -j DNAT --to 192.168.5.x:PORT

Is there a version of the above that can port forward everything? I wouldn't want to keep adding these lines every time I need to add a port forward.

I currently don't have ufw or any firewall installed.

Notes:
PVE Host: 192.168.1.x
PVE LXCs: 192.168.5.x

auto lo
iface lo inet loopback

auto eno1
iface eno1 inet static
        address 192.168.1.20/24
        gateway 192.168.1.1

auto vmbr1
iface vmbr1 inet static
        address 192.168.5.1
        netmask 255.255.255.0
        bridge-ports none
        bridge-stp off
        bridge-fd 0

        post-up   echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up   iptables -t nat -A POSTROUTING -s '192.168.5.0/24' -o eno1 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '192.168.5.0/24' -o eno1 -j MASQUERADE
       
post-up iptables -t nat -A PREROUTING -i eno1 -p tcp --dport PORT -j DNAT --to 192.168.5.x:PORT
post-down iptables -t nat -D PREROUTING -i eno1 -p tcp --dport PORT -j DNAT --to 192.168.5.x:PORT
# + more port forwards like the above

 

[_gabriel]

range port is available,
be careful to exclude 22 or 8006 or some other to keep access to host

-m multiport --dports 1:21,23-8005,8008:65535

 

[lemel]

Here's what I winded up using, but it didn't work. Is the syntax off?

post-up iptables -t nat -A PREROUTING -i eno1 -p tcp -m multiport --dports 1:21,23-8005,8008-65535 -j DNAT --to 192.168.5.x
post-down iptables -t nat -D PREROUTING -i eno1 -p tcp -m multiport --dports 1:21,23-8005,8008-65535 -j DNAT --to 192.168.5.x

post-up iptables -t nat -A PREROUTING -i eno1 -p udp -m multiport --dports 1:21,23-8005,8008-65535 -j DNAT --to 192.168.5.x
post-down iptables -t nat -D PREROUTING -i eno1 -p udp -m multiport --dports 1:21,23-8005,8008-65535 -j DNAT --to 192.168.5.x

 

[_gabriel]

oups typo : instead - > 8008:65535

 

[lemel]

Yep, the : instead of - did work. Thanks!

 

[HPerera]

@lemel Hello. I would like to know how you created the LXC that you mention. I want to implement the same for a dedicated server with a single public IP. Please.

 

[trueblackshark]

@lemel Hello. I would like to know how you created the LXC that you mention. I want to implement the same for a dedicated server with a single public IP. Please.

I am playing around with a similar environment, but I wanted to use an SSH tunnel instead because I only want to forward HTTP / https traffic ( only two ports).

Answering your question, the container is just a container running any OS. What you really want to understand is the HTTP proxy. In my case, I am using the Nginx Proxy Manager ( free / open-source). You can search for it on YouTube, there are tutorials on how to set it up. Here is the direct link of their official guide