Bart Simons

lxc

A 2 post collection


LXC/LXD Port Forwarding Containers Using UPnP

 •  Filed under lxc, lxd, containers, port forwarding, upnp, igd

So this is going to be a quick writing about the easiest way to manage networking for your containers as far as I know by setting up your container host system as a so-called Universal Plug and Play Internet Gateway Device.

Please note that all commands used in this post are aimed to be used on a Debian-based host and guest OS.

Here's an image of an example setup:

LXD

Before installing all needed software packages, it's good to have all the networking details on paper:

  • Our public interface is named ens33 and has the IP address 23.42.150.20
  • Our private (LXD Bridge Host) interface is named lxdbr0 and has the IP address 10.22.240.1
  • Our private subnet is a /24 subnet

On the container host, you'll need to install the linux-igd software package which takes care of incoming UPnP client requests. All containers need the miniupnpc package to provide the containers with UPnP client functionality.

Setting up linux-igd on the host

First of all, update your package cache with apt update. When done, use apt install linux-igd to install the IGD host software package.

Next up is the configuration process, which is fairly simple. There's a configuration file located at /etc/default/linux-igd which needs to be edited. Just add the following lines to the end of this file

EXTIFACE=ens33  
INTIFACE=lxdbr0  

And save the file. Don't forget to double-check your external and internal network interface names! Also, use sudo service linux-igd restart to make all changes effective.

Setting up miniupnpc on a container

Again, first of all update your package cache on the container with apt update and install the miniupnpc software package with apt install miniupnpc afterwards.


Forwarding a port

To forward a port, use the following command inside a container:

upnpc -a containerip containerport hostport protocol  

Here's an example:

upnpc -a 10.22.240.41 2368 80 tcp  


Make linux-igd work after a reboot

It could be that after a reboot systemctl status linux-igd.service returns a failed status, telling you that the LXD bridge interface does not (yet) exist. This can easily be fixed, but requires some trickery so I would call this a workaround.

First of all, disable linux-igd.service at startup:

systemctl disable linux-igd.service  

And edit the LXD bridge startup script:

nano /usr/lib/lxd/lxd-bridge.start  

Now right above the line that says exit 0 you place the following snippet:

systemctl start linux-igd.service  

Reboot your system. As soon as the bridge interface goes up, the linux-igd service will be started. No error and a working IGD :)

Thanks to Alex Hole for noticing this. 👍🏽

LXD cheat sheet for beginners

 •  Filed under lxd, cheat sheet, lxc, commands

This page contains a list of handy LXD commands for beginners to get started with LXD. Every command in this guide has been tested on an Ubuntu 16.04 machine.

Configuring a new LXD installation for the first time

sudo lxd init

This command does the following things for you:

  • Setting up the storage backend (zfs or dir)
  • Enabling the RESTful API over the network (or not)
  • Setting up a network bridge for LXD (or not)
  • Setting up NAT for the network bridge (or not)

Checking LXD version

sudo lxd --version

Listing all image servers

sudo lxc remote list

This will output a list of all currently installed image servers

Getting a list of available images from an image server

sudo lxc image list images:

This command fetches a list of all available images from the images image server. You could replace the image server with a different image server. For example, this is what you do to get a list of images from the Ubuntu Daily image server

sudo lxc image list ubuntu-daily:

Getting a filtered image list from an image server

sudo lxc image list images: arm64

This will fetch a list of ARM64 images from an image server.

sudo lxc image list images: arm64 ubuntu

This will fetch a list of ARM64 Ubuntu images from an image server.

Creating a new container

sudo lxc init images:ubuntu/yakkety/amd64 ubuntu-test-1

This command will create a new container called ubuntu-test-1 based on a Ubuntu Yakkety Yak AMD64 image. The image will be fetched from the images image server.

Starting a container

sudo lxc start ubuntu-list-1

This will start the container named ubuntu-list-1

Stopping a container

sudo lxc stop ubuntu-list-1

This will stop the container named ubuntu-list-1

Removing a container

sudo lxc delete ubuntu-list-1

You can force this command with --force if needed.

Listing all containers

sudo lxc list --format table

You can also use json instead of table.

Listing all cached images

sudo lxc image list

Removing a cached image

sudo lxc image delete 4117cf6a0442

This will delete an image with fingerprint ID 4117cf6a0442. You can obtain the fingerprint ID of an image with the sudo lxc image list command.

Executing a command on a container

sudo lxc exec ubuntu-test-1 ping 8.8.8.8

This will execute the ping executable on the ubuntu-test-1 container.

Getting shell access on a container

You can also use the previous command to execute a shell, for example bash.