On Wednesday, July 31, 2013 23:24:42 Dan Kegel wrote: > Hi, > I've been happily using ubuntu's stock lxc (originally > in 12.04, now in 13.04), and finally have an occasion > to run a server inside a container. I'd like it to > be visible from the outside. > > There are plenty of web pages about this, but they seem to > assume that you've created the lxc config file by hand. > I have never done that; I just use whatever lxc-create creates.
Ok... sounds like you might be in a situation I am in/was in.. I use LXC to test a few things... and mainly as a "development system(s)" for web servers ie: I assign a LXC container to each client... may not be the best from a lot of perspectives, but for me it allows for a certain sanity and order of things... I like you just let LXC create things. Kubuntu derived custom distro based on 12.04 LTR & lxc 0.7.5 I needed a way for clients to look at "their server" and check progress of development.... Simple solution in *SOME* of the standard routers LinkSys, Netgear etc. is just set up a static route for the 10.x.x.x subnet that your LXC containers are on to point to the bridge host example: If your LXC-HOST is: 192.168.0.10 and your LXC subnet is 10.0.3.x and your LXC lxcbr0 = 10.0.3.1 then setup a static route in your router to send all of 10.0.3/24 to 10.0.3.1 and then let the LXC host forward on... You can forward ports for things like Apache, MySQL etc... or what ever to 10.0.3.IP and again the lxcbr figures out and forwards it on.... That worked great till I upgraded my router to a newer model and then this new router ONLY ALLOWS for the forwarded IP to be WITHIN THE /24 of the LAN... URRRRRGRGGGHHH! In some stroke of brilliance or "bug resolution" they closed this "loophole/feature (bug)." So What to do? ? ? I changed the static route to forward to the LXC-HOST IP ie: 192.168.0.10 and then the LXC-HOST figures out to route 10.0.3.x to what ever LXC container... That works great for INTERNAL connections... BUT when clients wanted to review development... how to get the port forwarded for say Apache to their container? ? Forwarding port 80 to the LAN IP of the LXC HOST will NOT work it... Enter rinetd It basically can forward IP/PORT to NEWIP/PORT ie: 192.168.0.11 80 10.0.3.200 80 So I " sudo apt-get install rinetd " on a machine that has nothing special running on it... It probably could even go on the LXC-HOST.. but I chose NOT to do this so as not to risk FUBAR'ng the LXC host and its routing etc.... So the rinted machine is 192.168.0.11 and then setup the router to forward port 80 to 192.168.0.11 and then rinetd forwards this to the LXC container of my choice. This solves the problem... Client can remotely view their server progress, I can connect to the containers internally, I can connect remotely. Cisco IOS based routers could set up routing much easier as IOS is much more powerful and doesn't restrict the destination IP like newer routers. Something like: ip nat inside source static tcp 10.0.3.2 80 WAN IP 80 extendable ip nat inside source static tcp 10.0.3.2 443 WAN IP 443 extendable ip nat inside source static tcp 10.0.3.2 3306 WAN IP 3306 extendable etc... And routing like the older router ip route 10.10.3.0 255.255.255.0 10.10.3.1 Or what ever your LXC setup is ip route LXC-SUBNET NETMASK LXCBR0 IP Again, I chose this route v. changing any LXC container setups from what was generated... Mainly as too new at the time I devised this plan to LXC.. I come from a world of VMWare Server, ESXi and Player VM's and getting the VM's on the LAN works differently in "VMWARE BRIDGE" v. LXC BRIDGE. WAY DIFFERENT. In that in VMWare Bridge the VM/Container gets an IP from the LAN and from its DHCP etc. just like it was a real physical machine on the LAN.. Now I am sure there probably is some way to edit the LXC container configs to do this... but in reading this thread and somethings it doesn't seem like this is supported or wise... That is MY OPINION and INTERPRETATION, subject to being totally wrong. I have a setup that works for the resources I have till I find a nice used Cisco device that meets my needs.... ------------------------------------------------------------------------------ Get 100% visibility into Java/.NET code with AppDynamics Lite! It's a free troubleshooting tool designed for production. Get down to code-level detail for bottlenecks, with <2% overhead. Download for free and get started troubleshooting in minutes. http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk _______________________________________________ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
