LXC, Docker, IPTables, and port forwarding

Lately I have been working on more devops. I ran into a situation where I have created an LXC container but already had Docker installed and running on my host. I ran into trouble when I wanted to forward a port from the host to the container. The way you would do this is to create a new NAT rule using iptables to forward a port from the host to the container.

Disclaimer: If you don’t have physical access to your box be very careful. You can totally lock yourself out of your machine if you do the wrong thing.

Every article on the internet would show something like the command below.

This command would append a new rule to the NAT table to forward incoming traffic from 8080 on the host to port 80 in the container. Well what I didn’t realize is that Docker already had a rule in the first position. The rule that docker adds basically catches all traffic. IPTables runs through the rule list from top to bottom. So what I had to do was run the following.

This inserts my IPTables rule in the first position. After I did this everything started working.

Use this command to show your current NAT rules.

Be sure to run iptables-save once you are done modifying your rules.

Leave a Reply

Your email address will not be published. Required fields are marked *