This depends on what you plan to achive and what your possibilities are big time.
I've a mixture of iptables + haproxy/nginx. Gladly LXD remembers MAC and IP Addresses so manual entries in iptables is not the problem. iptables-persistent for reloading iptable rules For http/https/imaps i use haproxy/nginx as reverseproxy to serve multiple containers on one public IPv4. (SNI to the rescue) For IPv6 i've just a profile that adds a new network interface - attached to a network that has a routed ipv6-prefix. Regards MonkZ On 05.04.2017 11:41, Tomasz Chmielewski wrote: > Is there any "preferred" way of redirecting ports to containers with > private IPs, from host's public IP(s)? > > > host 12.13.14.15:53/udp (public IP) -> container 10.1.2.3:53/udp > (private IP) > > > I can imagine at least a few approaches: > > 1) in kernel: > > - use iptables to map a port from host's public IP to container's > private IP > > - use LVS/ipvs/ldirectord to map a port from host's public IP to > container's private IP > > > 2) userspace: > > - use a userspace proxy, like haproxy (won't work for all protocols, > some information is lost for the container, i.e. origin IP) > > > They all however need some manual (or scripted) configuration, will stay > even if the container is stopped/removed (unless some more > configuration/scripting is done etc.). > > > Does LXD have any built-in mechanism to "redirect ports"? Or, what would > be the preferred way to do it? > > > Tomasz Chmielewski > https://lxadm.com > _______________________________________________ > lxc-users mailing list > [email protected] > http://lists.linuxcontainers.org/listinfo/lxc-users
signature.asc
Description: OpenPGP digital signature
_______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
