LXC Containers - Exposing Ports & Port Forwarding

preview_player
Показать описание
I sort of promised to make a networking port-forward video about LXC in my previous LXC & LXD video so, here it is!

Networking can be somewhat of a challenge in LXC. The (current) default use case for LXC & LXD is for use as internal containers in a virtual network. As such, you cannot easily port forward your containers as you can with Docker. Instead, you must change the nictype to make your containers publicly accessible. A side effect of this is since the container is no longer in a virtual network with the host, the host must use the router to connect to it.

Port forwarding can technically be achieved by using iptables, however, I think most people agree that iptables are cumbersome and are generally avoided by most users. Macvlan is a heavy-handed approach the technically exposes *all* ports to the router, which means you *must* have some kind of a firewall on your router or gateway if you want to keep your containers secured.

If you want to use your LXC container as a web server or game server (like I do), macvlan is arguably the best way to facilitate it.
~~
Support the channel! Becoming a Patron or Ko-fi supporter gives you access to the Egee video archive & good vibes for supporting my videos!

Use My Affiliate Links & Support The Channel! 🎁

Linux & Open Source Gear

Recording Gear

  1. Egee's Hobbies
  2. lxc
  3. lxd
  4. docker on ubuntu
  5. linux container
  6. lxc ubuntu
Рекомендации по теме
LXC Containers - 0:04:11

LXC Containers - Exposing Ports & Port Forwarding

LXC/LXD - 13. 0:05:28

LXC/LXD - 13. Exposition de ports

Linux Containers (LXC) 0:26:19

Linux Containers (LXC) Networking Deep Dive - Video 004 - LXC veth Adapters w/iptables Rules

Intro to LXC, 0:06:52

Intro to LXC, LXD, & Linux Containers

Linux LXD Containers 0:03:33

Linux LXD Containers #3 Resources and Profiles

LXC/LXD Deep Dive 0:00:47

LXC/LXD Deep Dive – New Course

About our LXC 0:10:22

About our LXC / LXD Deep Dive course

Docker How to 0:10:20

Docker How to configure ports for Containers ?

How to use 0:18:48

How to use Linux Containers with Lxd and Lxc

LXC | LXD 0:41:24

LXC | LXD Install | Create & manage Linux LXC Containers | LXDUI Installation | Bridging LXC | ...

Network Bridge vs 0:15:21

Network Bridge vs Macvlan on LXD

More LXD Networks 0:17:34

More LXD Networks

Netdev 0.1 - 0:30:57

Netdev 0.1 - Networking in Containers and Container Clusters

Ubuntu openstack find 0:10:47

Ubuntu openstack find the LXC container, cheat sheet

Установка LXC [Linux 0:00:46

Установка LXC [Linux Conteiners] в Ubuntu 16.04 LTS

DEF CON 23 0:44:41

DEF CON 23 - Aaron Grattafiori - Linux Containers: Future or Fantasy? - 101 Track

Configure Networking for 0:32:27

Configure Networking for LXD Virtual Machines on Ubuntu Linux | Open Source | DevOps | Software

container mixing !!! 0:08:01

container mixing !!! | windows 10 bash-lxc windows and linux container at the same time

Steam for Linux 0:03:54

Steam for Linux running in a LXC container on Ubuntu

Linux LXD Containers 0:02:52

Linux LXD Containers #1 Getting Started

Replace Virtual Machines 0:41:58

Replace Virtual Machines with LXC/LXD Containers

LXC/LXD vs Docker 0:14:24

LXC/LXD vs Docker Which is better?

Networks Docker vs 0:15:00

Networks Docker vs LXD

Linux containers are 0:40:13

Linux containers are really good... | Installing Wordpress using LXD on Debian 10 Buster

Комментарии
Автор

Kudos on the video! Clear, concise, good audio quality - I hope to see more videos from you on LXC / networking, etc.

BrianJurkowski
Автор

Hope everyone enjoyed the video! Please like, comment, and subscribe if you learned something (or even if you didn't :D)! Couple things I glossed over in the video:

• You CAN technically port forward your LXC containers using iptables however I found this method burdensome and prefer the macvlan approach
• Using macvlan exposes your entire container to your router. If you do not have proper security setup on your router or gateway, an attacker can easily access your container. Make sure your router or gateway has a good firewall before setting your containers up with macvlan
• Always make sure you stop your containers before making any kind of network changes.

hobbyegee
Автор

Thanks for putting this up. When I started setting up my containers, I thought this was gonna be the hard part. Turns out it was easier than getting steamcmd running in lxc.

jamminvagia
Автор

Awesome video. Thanks for pointing out the macvlan. This makes it trivial to configure the DISPLAY to use my host machine.

stevekirsch
Автор

I've been looking to repurpose an old netbook to learn LXD but would always be stuck at the networking part.

I'm sending you all my love...

VitePapa
Автор

5 hours it took me to find someone on the internet who can answer my question. I'm running Turnkey-lxc, ALL I want is to be able to ssh into running containers from other machines in my network and NOT only the host Turnkey-lxc system. I've been SSH'ing into turnkey-lxc just to get access to my running containers, this should fix that problem right ? I am not using lxd on Ubuntu so it doesn't come with the convenient 'lxd init' where you can configure everything interactively ... Its just 'lxc-create' , 'lxc-start -n container' , 'lxc-attach -n container-name' . It actually behaves a lot like docker.


Although there was something you said that did catch my ear, about exposing Docker containers. I am not positive how you go about exposing a docker container, I learned how to share the hosts network adapter and xserver. If I want my docker container on the network, I will just 'docker run -ti --net=host ubuntu /bin/bash' just as an example, but it does give you the same exact hostname as the server. Which can get to be a problem with conflicting ports. It may be manageable for one container, but with multiple containers as far as open ports it would be madness . SO , HOW does one expose a Docker container to the network so that it gets its own ip ?

DDBAA
Автор

how do i expose port and port forwarding a regular VM on proxmox? using ubuntu LAMP

lopo
Автор

Thank you for this, subscribed! Your videos are really well done, and your voice is absolutely perfectly suited for tutorial videos - Thought your original LXC video was an official demonstration from Ubuntu until you had to recheck one of your commands! Haha

alexclarke
Автор

Thanks! One thing I didn't see in the video was how to apply a profile to an existing container. To do so: "lxc profile apply [container-name] [profile-name]"

NickMcCathyTX
Автор

This come with issue, host and container can't ping each other so you can't ssh or access container http from host (while other device in network can)

HaiNguyen-cfji
Автор

Thanks for the video.. Just wanna say that after trying this solution macvlan, it didnt work and after deep search i realized that macvlan does not work with wireless.... I read that it only works with ethernet connection... Any one could guide?
Thanks anyways

kb
Автор

Please which file you open after configuration default 3:27

ismailgarig
Автор

Great instructions thanks. I have a question.
Once my containers have been assigned the dhcp address from my router, I cannot ping it from my lan nor can I see any services on the IP from my lxd host. Do i have to do something to route the traffic?

insidiousbottom
Автор

Fortunately the latest versions of most distros can run nspawn containers, which allows you to forward ports without having to deal with docker. I guess LXD is just going to get left behind.

OpenThisGate
Автор

Which distribution is running on your "gameserver "?

soufianta
Автор

Full LXD management of profiles, containers, images, remotes, certificates, networks, storage and devices.

vripscript
Автор

HELLO GUYS! I INTEND TO CREAT A VOIP LXC ANYONE CAN HALP PLEASE, THANK YOU

amilcarlelis
join shbcf.ru