Home / ubuntu / Questions / 749063
Accepted
Paradiesstaub
Asked: 2016-03-23 09:53:59 +0800 CST

reach lxd container from local network

  • 772

OS: Ubuntu 15.10
LXD: 2.0.0.rc5

I would like to know how to access a container from another computer on the same local network.

Address of my PC (the LXD host): 192.168.1.112 (enp3s0)
Xenial container: 10.0.3.181 (eth0), 10.0.4.1 (lxcbr0)
Other PC (Fedora 23): 192.168.2.118 (wlp3s0)

I can ping from the other PC to the LXD host and the otherwise.

networking

3 Answers

  1. Best Answer

    There's several different ways to accomplish what you want.

    1. Forward required ports from host to guest
    2. Route networks
    3. Bridge devices

    Options 1 and 2 require ip-forwarding to be enabled on the host:

    # run time:
sudo sysctl -w net.ipv4.ip_forward=1

# permanent:
echo 'net.ipv4.ip_forward = 1' | sudo tee /etc/sysctl.d/30-virt-network

    Easiest is 1 if you want to access specific service like http (port 80) on guest (you access guest port 80 with host ip-address+port), but you cannot run host services on that same port. 

    # on lxd host: (-i HOSTDEVICE to lan, usually enp3s0 or eth0)
sudo iptables -t nat -A PREROUTING -i enp3s0 -p tcp -m tcp --dport 80 -j DNAT --to 10.0.3.181:80
# making this permanent is left to the reader (because that depends on your choice of fw setup)

    Option 2 is more tricky and depends on how much you can modify your network.

    Check that (sudo iptables -L -n) says that chain FORWARD (policy ACCEPT) or sudo iptables -I FORWARD -s 192.168.2.118 -j ACCEPT allow it specifically. Now either on the network firewall route 10.0.3.0/24 to your 192.168.1.112 host or test with route on the 192.168.2.118. 

    sudo ip route add 10.0.3.181 via 192.168.1.112 dev wlp3s0

    Third option would bring your lxd guests to your lan as part of the lan. See Instruction converting eth0 (enp3s0 in your case) to bridge how to do it. In short:

    1. Create bridge device on host
    2. Add eth0 or enp3s0 to that bridge
    3. Set host address to bridge (not enp3s0)

    4. Bind lxd guest devices to that bridge

      stop network-manager
brctl addbr br0
brctl addif br0 enp3s0
ifconfig enp3s0 up
ifconfig br0 up
dhclient br0
lxc profile edit default
  - change lxcbr0 to br0
    • 7

  2. You need to tell the other computer how to reach the container because the other computer is on a different subnet than the container. That is, you need to set up a "route". Below is a sample route you can create on the other computer. It says, "to get to the container (.181) first go through the host (.112) using the device that is on the same network as the host (eth0). If the other computer uses a different device then change accordingly. Note that this route is not permanent; it will not survive a reboot. Google to find how to set up a permanent route.

    sudo ip route add 10.0.3.181 via 192.168.1.112 dev eth0
    • 0

  3. Another way is to install rinetd and inside /etc/rinetd.conf just specify the forwarding:

    192.168.1.112    80      10.0.3.181    80

    and restart rinetd.

    I think it is more convenient because you can always check which ports are you forwarding and add comments to the file if you want. You can also use it with docker in the same way if you bind to 127.0.0.1 (for example: docker ... -p 127.0.0.1:80:80 ... and UFW will work as expected.

    • 0