Автор Тема: LXD 3 проброс портов в контейнер (Прочитано 1622 раз)

pnv · « : 28 Июля 2019, 21:56:59 »

Доброго времени суток.

Есть на хосте lxd, и контейнер в котором настроен ftp.
С хоста я нормально подключаюсь к ftp, но с наружи не получается пробросить порт.

ftp в контейнере на адресе 10.10.0.20

iptables-save

(Нажмите, чтобы показать/скрыть)

Код: [Выделить]

# Generated by iptables-save v1.6.1 on Sun Jul 28 18:51:41 2019
*nat
:PREROUTING ACCEPT [17:4492]
:INPUT ACCEPT [1:32]
:OUTPUT ACCEPT [1:76]
:POSTROUTING ACCEPT [1:76]
-A PREROUTING -p tcp -m tcp --dport 21 -j DNAT --to-destination 10.10.0.20:21
-A PREROUTING -p tcp -m tcp --dport 20 -j DNAT --to-destination 10.10.0.20:20
-A POSTROUTING -s 10.10.0.0/24 ! -d 10.10.0.0/24 -m comment --comment "generated for LXD network lxdbr0" -j MASQUERADE
COMMIT
# Completed on Sun Jul 28 18:51:41 2019
# Generated by iptables-save v1.6.1 on Sun Jul 28 18:51:41 2019
*mangle
:PREROUTING ACCEPT [429:67810]
:INPUT ACCEPT [331:36166]
:FORWARD ACCEPT [17:5364]
:OUTPUT ACCEPT [293:52084]
:POSTROUTING ACCEPT [310:57448]
-A POSTROUTING -o lxdbr0 -p udp -m udp --dport 68 -m comment --comment "generated for LXD network lxdbr0" -j CHECKSUM --checksum-fill
COMMIT
# Completed on Sun Jul 28 18:51:41 2019
# Generated by iptables-save v1.6.1 on Sun Jul 28 18:51:41 2019
*filter
:INPUT ACCEPT [31:2468]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [24:5320]
-A INPUT -i lxdbr0 -p tcp -m tcp --dport 53 -m comment --comment "generated for LXD network lxdbr0" -j ACCEPT
-A INPUT -i lxdbr0 -p udp -m udp --dport 53 -m comment --comment "generated for LXD network lxdbr0" -j ACCEPT
-A INPUT -i lxdbr0 -p udp -m udp --dport 67 -m comment --comment "generated for LXD network lxdbr0" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 20,21
-A FORWARD -o lxdbr0 -m comment --comment "generated for LXD network lxdbr0" -j ACCEPT
-A FORWARD -i lxdbr0 -m comment --comment "generated for LXD network lxdbr0" -j ACCEPT
-A OUTPUT -o lxdbr0 -p tcp -m tcp --sport 53 -m comment --comment "generated for LXD network lxdbr0" -j ACCEPT
-A OUTPUT -o lxdbr0 -p udp -m udp --sport 53 -m comment --comment "generated for LXD network lxdbr0" -j ACCEPT
-A OUTPUT -o lxdbr0 -p udp -m udp --sport 67 -m comment --comment "generated for LXD network lxdbr0" -j ACCEPT
COMMIT
# Completed on Sun Jul 28 18:51:41 2019

Пользователь добавил сообщение 28 Июля 2019, 22:27:14:

Заглупил, извиняйте.
POSTROUTING забыл.

(Нажмите, чтобы показать/скрыть)

Код: [Выделить]

# Generated by iptables-save v1.6.1 on Mon Jul 29 05:48:10 2019
*filter
:INPUT ACCEPT [2588:255276]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1867:280907]
-A INPUT -i lxdbr0 -p tcp -m tcp --dport 53 -m comment --comment "generated for LXD network lxdbr0" -j ACCEPT
-A INPUT -i lxdbr0 -p udp -m udp --dport 53 -m comment --comment "generated for LXD network lxdbr0" -j ACCEPT
-A INPUT -i lxdbr0 -p udp -m udp --dport 67 -m comment --comment "generated for LXD network lxdbr0" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 20,21
-A INPUT -p tcp -m multiport --dports 10000:10050
-A FORWARD -o lxdbr0 -m comment --comment "generated for LXD network lxdbr0" -j ACCEPT
-A FORWARD -i lxdbr0 -m comment --comment "generated for LXD network lxdbr0" -j ACCEPT
-A OUTPUT -o lxdbr0 -p tcp -m tcp --sport 53 -m comment --comment "generated for LXD network lxdbr0" -j ACCEPT
-A OUTPUT -o lxdbr0 -p udp -m udp --sport 53 -m comment --comment "generated for LXD network lxdbr0" -j ACCEPT
-A OUTPUT -o lxdbr0 -p udp -m udp --sport 67 -m comment --comment "generated for LXD network lxdbr0" -j ACCEPT
COMMIT
# Completed on Mon Jul 29 05:48:10 2019
# Generated by iptables-save v1.6.1 on Mon Jul 29 05:48:10 2019
*mangle
:PREROUTING ACCEPT [33339:10906732]
:INPUT ACCEPT [7069:765365]
:FORWARD ACCEPT [2148:2317197]
:OUTPUT ACCEPT [5755:1111027]
:POSTROUTING ACCEPT [7903:3428224]
-A POSTROUTING -o lxdbr0 -p udp -m udp --dport 68 -m comment --comment "generated for LXD network lxdbr0" -j CHECKSUM --checksum-fill
COMMIT
# Completed on Mon Jul 29 05:48:10 2019
# Generated by iptables-save v1.6.1 on Mon Jul 29 05:48:10 2019
*nat
:PREROUTING ACCEPT [21866:7083136]
:INPUT ACCEPT [86:21144]
:OUTPUT ACCEPT [63:4772]
:POSTROUTING ACCEPT [63:4772]
-A PREROUTING -d 192.168.0.109/32 -p tcp -m tcp --dport 21 -j DNAT --to-destination 10.10.0.20:21
-A PREROUTING -d 192.168.0.109/32 -p tcp -m tcp --dport 20 -j DNAT --to-destination 10.10.0.20:20
-A PREROUTING -d 192.168.0.109/32 -p tcp -m tcp --dport 10000 -j DNAT --to-destination 10.10.0.20:10000
-A POSTROUTING -s 10.10.0.0/24 ! -d 10.10.0.0/24 -m comment --comment "generated for LXD network lxdbr0" -j MASQUERADE
-A POSTROUTING -d 10.10.0.20/32 -p tcp -m tcp --dport 21 -j SNAT --to-source 192.168.0.109:21
-A POSTROUTING -d 10.10.0.20/32 -p tcp -m tcp --dport 20 -j SNAT --to-source 192.168.0.109:20
-A POSTROUTING -d 10.10.0.20/32 -p tcp -m tcp --dport 10000 -j SNAT --to-source 192.168.0.109:10000
COMMIT
# Completed on Mon Jul 29 05:48:10 2019

Форум русскоязычного сообщества Ubuntu

Автор Тема: LXD 3 проброс портов в контейнер (Прочитано 1622 раз)

pnv

LXD 3 проброс портов в контейнер