On Sat, Aug 3, 2013 at 6:46 PM, Tony Su <ton...@su-networking.com> wrote: > To be visible to outside the LAN does not require a second physical NIC, > there are a number of ways to do that binding to a single NIC. > > The OP needs to post a more detailed description of his topology.
I have a plain old Linux box behind a plain old cable modem and consumer router. Here's what I did: 0) installed ubuntu 13.04 1) Created a container, set it to autostart, and manually started it: sudo lxc-create -t ubuntu -n minecraft sudo ln -s /var/lib/lxc/minecraft/config /etc/lxc/auto/minecraft.conf sudo lxc-start -n minecraft 2) Inside the container, installed a commandline minecraft server per http://www.minecraftwiki.net/wiki/Tutorials/Setting_up_a_server i.e. $ wget https://s3.amazonaws.com/Minecraft.Download/versions/1.6.2/minecraft_server.1.6.2.jar 3) Inside the container, added a trivial upstart script per http://www.minecraftwiki.net/wiki/Tutorials/Ubuntu_startup_script and started it by hand with sudo initctl start minecraft-server 4) inside the container, 'netstat -lt' showed the darn thing listened on ipv6, not ipv4, which wasn't very helpful, so I forced the outer system to ipv4 only by adding ipv6.disable=1 to the kernel commandline in /etc/default/grub per http://www.upubuntu.com/2011/05/how-to-disable-ipv6-under-ubuntu.html (I know, ipv6 is vital, but I'm impatient, and I doubt my ISP supports it) Rebooted outer system, then started inner system again, and inside it, verified that 'netstat -ltn' showed server listening on ipv4 tcp port 0.0.0.0:25565. 5) NOW paid attention to Serge's reply. Googling on it a bit found http://www.servercobra.com/ubuntu-lxc-port-forwarding.html which suggested doing something vaguely like OUTERIP=192.168.AAA.BBB INNERIP=10.0.CCC.DDD sudo iptables -t nat -I PREROUTING -p tcp -d ${OUTERIP} --dport 25565 -j DNAT --to ${INNERIP}:25565 sudo iptables -A FORWARD -p tcp -d ${INNERIP} --dport 25565 -j ACCEPT outside the container, where OUTERIP is the real machine's main LAN IP address, and INNERIP is the container's IP address as seen from inside the container (though maybe I got that wrong). And here is where I get stuck. Although inside the container I can do telnet localhost 25565 or telnet 10.0.3.247 25565 and connect to the minecraft server, doing telnet localhost 25565 or telnet 192.168.AAA.BBB 25565 outside the container (where 192.168.AAA.BBB is my LAN ip addr) doesn't let me connect from the outer machine. So here I am again, absolute beginner (having successfully ignored learning about iptables for longer than some people have been alive). Can I buy a clue? Thanks! - Dan ------------------------------------------------------------------------------ Get 100% visibility into Java/.NET code with AppDynamics Lite! It's a free troubleshooting tool designed for production. Get down to code-level detail for bottlenecks, with <2% overhead. Download for free and get started troubleshooting in minutes. http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk _______________________________________________ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
