This depends on what you plan to achive and what your possibilities are
big time.
I've a mixture of iptables + haproxy/nginx.
Gladly LXD remembers MAC and IP Addresses so manual entries in iptables
is not the problem.
iptables-persistent for reloading iptable rules
For http/https/imaps i use haproxy/nginx as reverseproxy to serve
multiple containers on one public IPv4. (SNI to the rescue)
For IPv6 i've just a profile that adds a new network interface -
attached to a network that has a routed ipv6-prefix.
Regards
MonkZ
On 05.04.2017 11:41, Tomasz Chmielewski wrote:
> Is there any "preferred" way of redirecting ports to containers with
> private IPs, from host's public IP(s)?
>
>
> host 12.13.14.15:53/udp (public IP) -> container 10.1.2.3:53/udp
> (private IP)
>
>
> I can imagine at least a few approaches:
>
> 1) in kernel:
>
> - use iptables to map a port from host's public IP to container's
> private IP
>
> - use LVS/ipvs/ldirectord to map a port from host's public IP to
> container's private IP
>
>
> 2) userspace:
>
> - use a userspace proxy, like haproxy (won't work for all protocols,
> some information is lost for the container, i.e. origin IP)
>
>
> They all however need some manual (or scripted) configuration, will stay
> even if the container is stopped/removed (unless some more
> configuration/scripting is done etc.).
>
>
> Does LXD have any built-in mechanism to "redirect ports"? Or, what would
> be the preferred way to do it?
>
>
> Tomasz Chmielewski
> https://lxadm.com
> ___
> lxc-users mailing list
> lxc-users@lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
signature.asc
Description: OpenPGP digital signature
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users
