Bart Simons

Bart Simons


Thoughts, stories and ideas.

Bart Simons
Author

Share


Tags


.net .net core Apache C# CentOS LAMP NET Framework Pretty URLs Windows Server WireGuard WireGuard.io access log add analysis android api at the same time authentication authorization automate automation azure azurerm backup bash basics batch bootstrap build capture cheat sheet chromium chroot class cli click to close code snippet command line commands compile compiling compression containers control controller controlling convert cpu usage create credentials csv csvparser curl data dd deployment desktop detect devices disable diskpart dism distributed diy docker dom changes dotnet core drivers ease of access encryption example export file transfer files fix folders generalize getting started ghost ghost.org gui guide gunicorn gzip html html tables icewarp igd imagex import inotify install installation interactive ios iphone itunes java javascript jquery json kiosk kotlin linux live load data loading screen lock screen loopback audio lxc lxd lxml macos manage manually message messages minio mirrored mod_rewrite monitor monitoring mutationobserver mysql nexmo nginx no oobe node node.js nodejs not installing notification notifications object storage on desktop one command openssl owncloud parallels parallels tools parse perfect philips hue play port forwarding portainer.io powershell processing ps-spotify python quick raspberry pi record rip ripping rsync rtmp save save data sbapplication scraping script scripting scriptingbridge scripts security send server service sharedpreferences sms songs sonos spotify spotify api spotlight ssh stack streaming streamlink studio sudo swarm swift sync sysprep system audio systemd tables terminal tracking tutorial twilio ubiquiti ubuntu ubuntu 18.04 ui code unifi unlock unsplash source upnp uptime usb tethering wallpapers wasapi website websites webview windows windows 10 without itunes without oobe workaround xaml

LXC/LXD Port Forwarding Containers Using UPnP

So this is going to be a quick writing about the easiest way to manage networking for your containers as far as I know by setting up your container host system as a so-called Universal Plug and Play Internet Gateway Device.

Please note that all commands used in this post are aimed to be used on a Debian-based host and guest OS.

Here's an image of an example setup:

LXD

Before installing all needed software packages, it's good to have all the networking details on paper:

On the container host, you'll need to install the linux-igd software package which takes care of incoming UPnP client requests. All containers need the miniupnpc package to provide the containers with UPnP client functionality.

Setting up linux-igd on the host

First of all, update your package cache with apt update. When done, use apt install linux-igd to install the IGD host software package.

Next up is the configuration process, which is fairly simple. There's a configuration file located at /etc/default/linux-igd which needs to be edited. Just add the following lines to the end of this file

EXTIFACE=ens33
INTIFACE=lxdbr0

And save the file. Don't forget to double-check your external and internal network interface names! Also, use sudo service linux-igd restart to make all changes effective.

Setting up miniupnpc on a container

Again, first of all update your package cache on the container with apt update and install the miniupnpc software package with apt install miniupnpc afterwards.


Forwarding a port

To forward a port, use the following command inside a container:

upnpc -a containerip containerport hostport protocol

Here's an example:

upnpc -a 10.22.240.41 2368 80 tcp

Make linux-igd work after a reboot

It could be that after a reboot systemctl status linux-igd.service returns a failed status, telling you that the LXD bridge interface does not (yet) exist. This can easily be fixed, but requires some trickery so I would call this a workaround.

First of all, disable linux-igd.service at startup:

systemctl disable linux-igd.service

And edit the LXD bridge startup script:

nano /usr/lib/lxd/lxd-bridge.start

Now right above the line that says exit 0 you place the following snippet:

systemctl start linux-igd.service

Reboot your system. As soon as the bridge interface goes up, the linux-igd service will be started. No error and a working IGD :)

Thanks to Alex Hole for noticing this. 👍🏽

Bart Simons
Author

Bart Simons

View Comments