Quoting Dan Kegel (d...@kegel.com):
> On Sat, Aug 3, 2013 at 6:46 PM, Tony Su <ton...@su-networking.com> wrote:
> > To be visible to outside the LAN does not require a second physical NIC,
> > there are a number of ways to do that binding to a single NIC.
> >
> > The OP needs to post a more detailed description of his topology.
>
> I have a plain old Linux box behind a plain old cable modem and consumer
> router.
>
> Here's what I did:
>
> 0) installed ubuntu 13.04
>
> 1) Created a container, set it to autostart, and manually started it:
> sudo lxc-create -t ubuntu -n minecraft
> sudo ln -s /var/lib/lxc/minecraft/config /etc/lxc/auto/minecraft.conf
> sudo lxc-start -n minecraft
>
> 2) Inside the container, installed a commandline minecraft server per
> http://www.minecraftwiki.net/wiki/Tutorials/Setting_up_a_server
> i.e.
> $ wget
> https://s3.amazonaws.com/Minecraft.Download/versions/1.6.2/minecraft_server.1.6.2.jar
>
> 3) Inside the container, added a trivial upstart script per
> http://www.minecraftwiki.net/wiki/Tutorials/Ubuntu_startup_script
> and started it by hand with
> sudo initctl start minecraft-server
>
> 4) inside the container, 'netstat -lt' showed the darn thing listened
> on ipv6, not ipv4, which wasn't very helpful,
> so I forced the outer system to ipv4 only by adding ipv6.disable=1 to
> the kernel
> commandline in /etc/default/grub per
> http://www.upubuntu.com/2011/05/how-to-disable-ipv6-under-ubuntu.html
> (I know, ipv6 is vital, but I'm impatient, and I doubt my ISP supports it)
> Rebooted outer system, then started inner system again, and inside it,
> verified that 'netstat -ltn' showed server listening on ipv4 tcp port
> 0.0.0.0:25565.
>
> 5) NOW paid attention to Serge's reply. Googling on it a bit found
> http://www.servercobra.com/ubuntu-lxc-port-forwarding.html
> which suggested doing something vaguely like
>
> OUTERIP=192.168.AAA.BBB
> INNERIP=10.0.CCC.DDD
> sudo iptables -t nat -I PREROUTING -p tcp -d ${OUTERIP} --dport 25565
> -j DNAT --to ${INNERIP}:25565
> sudo iptables -A FORWARD -p tcp -d ${INNERIP} --dport 25565 -j ACCEPT
For a container, with ip 10.0.3.100, running a mail server on port 25,
the only rule I add is:
iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 25 -j DNAT
--to-destination 10.0.3.100:25
(plus of course several other rules for other containers)
-serge
------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users
