Created
June 30, 2023 13:12
-
-
Save lnxfsf/536f76b4152a0771fdd97051df785f87 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| When you create LXC, check it's IP with: `lxc list` | |
| ```plaintext | |
| +----------+---------+---------------------+-----------------------------------------------+-----------+-----------+ | |
| | NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS | | |
| +----------+---------+---------------------+-----------------------------------------------+-----------+-----------+ | |
| | myfed | RUNNING | 10.27.184.33 (eth0) | fd42:4663:9358:c21d:216:3eff:feb5:e08d (eth0) | CONTAINER | 0 | | |
| +----------+---------+---------------------+-----------------------------------------------+-----------+-----------+ | |
| | myubuntu | STOPPED | | | CONTAINER | 0 | | |
| +----------+---------+---------------------+-----------------------------------------------+-----------+-----------+ | |
| ``` | |
| IP for my LXC container, running fedora is `10.27.184.33` , i can ping on that from host machine (that is running LXC). | |
| IP of my host machine is: `192.168.1.8` | |
| I want, to be able to forward ports, so with port 1450 I can access apache server on `'myfed'` LXC instance | |
| `firewall-cmd --add-forward-port=port=port-number:proto=tcp|udp:toport=port-number:toaddr=IP` | |
| This is how I'm going to forward traffic to my `'myfed'` LXC container. | |
| ```plaintext | |
| sudo firewall-cmd --zone=public --add-forward-port=port=1450:proto=tcp:toport=80:toaddr=10.27.184.33 | |
| ``` | |
| so now to access LXC apache server, from other PC in same LAN type in browser: `192.168.1.8:1450` | |
| in this command: `1450` is port at which we connect from other PCs `80` is port to forward to and: `toaddr=` , is optional, and if you include it, then it will forward to that IP address (in this case IP of LXC container), but if you omit it, then it will default to it's own machine (host IP) | |
| Check firewalld, that it have forwarding which you want: `sudo firewall-cmd --list-all` | |
| ```plaintext | |
| my output is: | |
| public (active) | |
| target: default | |
| icmp-block-inversion: no | |
| interfaces: wlp2s0 | |
| sources: | |
| services: dhcpv6-client ssh | |
| ports: 22/tcp | |
| protocols: | |
| forward: yes | |
| masquerade: no | |
| forward-ports: | |
| port=1450:proto=tcp:toport=80:toaddr=10.27.184.33 | |
| source-ports: | |
| icmp-blocks: | |
| rich rules: | |
| ``` | |
| as you can see on "`forward-ports`" | |
| --- | |
| Quick ***LXC reference***: | |
| ```plaintext | |
| //install | |
| sudo apt install lxd lxc | |
| // initialize | |
| lxd sudo lxd init | |
| (enable network bridge ! and storage pool to be 'dir') | |
| //see available images to download (distributions...) | |
| lxc remote list | |
| //download the image and start it | |
| lxc launch images:ubuntu/22.04 ubuntu-container | |
| //to start or stop that container | |
| lxc start <instance_name> | |
| lxc stop <instance_name> | |
| // see if that image is activated (and its IP, MAC, etc..) | |
| lxc list | |
| // To enter interactive mode (to work with the instance): | |
| lxc exec <instance_name> -- bash | |
| ``` | |
| --- | |
| LXC uses same kernel as linux host it runs on, while all other elements within the system are isolated. | |
| And LXC doesn't reserve RAM like VM, so it best manages it's resources from host hardware. | |
| --- | |
| You can also do it with Docker. | |
| ```plaintext | |
| docker run -p $HOSTPORT:$DOCKER_PORT IMAGE | |
| ``` | |
| --- | |
| reload firewalld config | |
| `firewall-cmd --reload` |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment