Skip to content

Instantly share code, notes, and snippets.

@Kentoseth

Kentoseth/Instructions.md

Last active July 30, 2016 15:35
Show Gist options
  • Save Kentoseth/07a8756b5e7ef798c6273a508134fd22 to your computer and use it in GitHub Desktop.
Save Kentoseth/07a8756b5e7ef798c6273a508134fd22 to your computer and use it in GitHub Desktop.
Download ZIP
LXD modular port-forwarding plugin
Raw
Instructions.md

Link to issue

Issue Description: LAN Access: Port Forwarding Plan #1363

Issues to address:

  • Forward port from host to container
  • Only forward if container: exists, is started
  • Check if container exists, if not, remove port-forwarding rule
  • Make communication between containers possible

Edge-cases:

  • Make sure that, if access to the forwarded port is not from the subnet dedicated to our containers, the containers can get the source IP of the connection in the usual way (port-forwarding via iptables DNAT rule satisfies this trivially, a non-transparent user-space proxy doesn't)
  • Make access to the forwarded port possible from other containers
  • Make access to the forwarded port possible from the container itself (i.e. self-communication over the forwarded port)
  • Don't break IPv6 SLAAC while implementing the previous bullet point

Feature-requests (for edge-cases):

  • Forward port from unspecified IP address to the container, so that it is available on any IP address of a multi-homed host
  • Forward port from 127.0.0.1 to the container (i.e. so that it is accessible from the host only)
  • Forward port from a specified IP or interface to the container, so that it is available only via a specific IP address of a multi-homed host
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment