Natting between host and LXC containers

December 22, 2022 Roberto Puzzanghera 0 comments

Index


Here is a quick example of a natting tool, that you can use to NAT between your host and your containers network. It calls nftables rather than the obsolete iptables.

It is very comprehensible and there's no need of further comment. Just add lines like this at the end for each service that you want to NAT to a particular IP:

nat $PORT $IP "Natting service on port $PORT towards IP $IP..."

Here is a view of the scriptlet:

#!/bin/bash 

NFT="/usr/sbin/nft" 

HTTPS_IP=10.0.0.1 
HTTPS_PORT=443 

SMTP_IP=10.0.0.2 
SMTP_PORT=25 

NS_IP=10.0.0.3 
NS_PORT=53 

########################################################################## 

# Flush nat table 
$NFT delete table ip nat 

# Create tables and chains 
$NFT add table ip nat 
$NFT 'add chain ip nat PREROUTING  { type nat hook prerouting  priority 0; }' 

# Usage: nat $PORT $DESTINATION_IP $MESSAGE 
nat() { 
 if [ -z "$3" ]; then 
   echo "Missing Message" 
   exit 1 
 else echo $3 
 fi 

 if [ -z "$1" ]; then 
   echo "Missing PORT" 
   exit 1 
 fi 

 if [ -z "$2" ]; then 
   echo "Missing destination IP" 
   exit 1 
 fi 

 $NFT add rule ip nat PREROUTING ip saddr != $VNET tcp dport $1 counter dnat to $2 
 $NFT add rule ip nat PREROUTING ip saddr != $VNET udp dport $1 counter dnat to $2 
} 

##################################################################################### 

# HTTPS 
nat $HTTPS_PORT $HTTPS_IP "Natting https port $HTTPS_PORT to $HTTPS_IP..." 

# SMTP 
nat $SMTP_PORT  $SMTP_IP  "Natting smtp port $SMTP_IP..." 

# NS 
nat $NS_PORT    $NS_IP    "Natting named on ns vs port $NS_PORT..."

Remember to start the ip forwarding on your system. On Slackware you have to activate the x flag of /etc/rc.d/rc.ip_forward.

Add a comment