Natting between host and LXC containers
December 22, 2022 Roberto Puzzanghera 0 comments
Index
- Part 1: Introduction
- Part 2: Basic configuration files
- Part 3: Creating an unprivileged container on Slackware
- Part 4: Scripts overview
- Part 5: Natting example
- Browse the scripts' folder
Here is a quick example of a natting tool, that you can use to NAT between your host and your containers network. It calls nftables rather than the obsolete iptables.
It is very comprehensible and there's no need of further comment. Just add lines like this at the end for each service that you want to NAT to a particular IP:
nat $PORT $IP "Natting service on port $PORT towards IP $IP..."
Here is a view of the scriptlet:
#!/bin/bash
NFT="/usr/sbin/nft"
VNET="10.0.0.0/24"
HTTPS_IP=10.0.0.1
HTTPS_PORT=443
SMTP_IP=10.0.0.2
SMTP_PORT=25
NS_IP=10.0.0.3
NS_PORT=53
##########################################################################
# Flush nat table
$NFT delete table ip nat
# Create tables and chains
$NFT add table ip nat
$NFT 'add chain ip nat PREROUTING { type nat hook prerouting priority 0; }'
# Usage: nat $PORT $DESTINATION_IP $MESSAGE
nat() {
if [ -z "$3" ]; then
echo "Missing Message"
exit 1
else echo $3
fi
if [ -z "$1" ]; then
echo "Missing PORT"
exit 1
fi
if [ -z "$2" ]; then
echo "Missing destination IP"
exit 1
fi
$NFT add rule ip nat PREROUTING ip saddr != $VNET tcp dport $1 counter dnat to $2
$NFT add rule ip nat PREROUTING ip saddr != $VNET udp dport $1 counter dnat to $2
}
#####################################################################################
# HTTPS
nat $HTTPS_PORT $HTTPS_IP "Natting https port $HTTPS_PORT to $HTTPS_IP..."
# SMTP
nat $SMTP_PORT $SMTP_IP "Natting smtp port $SMTP_PORT to $SMTP_IP..."
# NS
nat $NS_PORT $NS_IP "Natting named port $NS_PORT to $NS_IP..."
Remember to start the ip forwarding on your system. On Slackware you have to activate the x flag of /etc/rc.d/rc.ip_forward.
Add a comment
qmail notes
Pay me a coffee:
LXC scripts
Other contents
Recent comments
qq_temporary_problem_(#4.3.0)
June 2, 2023 06:32
qq_temporary_problem_(#4.3.0)
June 1, 2023 21:18
qq_temporary_problem_(#4.3.0)
May 31, 2023 18:22
qq_temporary_problem_(#4.3.0)
May 31, 2023 14:42
qq_temporary_problem_(#4.3.0)
May 31, 2023 14:33
Thank you! for all the documentation, patches and support
May 26, 2023 08:42
free(): double free detected in tcache 2: /var/www/qmail/cgi-bin/qmailadmin
May 17, 2023 15:25
free(): double free detected in tcache 2: /var/www/qmail/cgi-bin/qmailadmin
May 17, 2023 07:46
Tags
apache clamav dkim dovecot ezmlm fail2ban hacks lamp letsencrypt linux linux-vserver lxc mariadb mediawiki mozilla mysql openboard owncloud patches php proftpd qmail qmail to postfix qmail-spp qmailadmin rbl roundcube rsync sieve simscan slackware solr spamassassin spf ssh ssl surbl tcprules tex ucspi-tcp vpopmail vqadmin