NAT for static private addresses

Question

Could someone please help me out with the following scenario: I have a machine that hosts 3 lxc containers, and acts like a router for them. The LXC containers have private ip addresses set on the interfaces that are connected to the host. I want to provide Internet access to the containers and I want to configure the host system so it translates only the addresses that are configured static on the lxc containers interfaces.

Should I try to configure the host so it translates each of the 3 private addresses to the public address of the host's interface that is connected to the Internet?

Answer 1

If you have only one public address and you want to map down to multiple internal ip's you'll need to do PAT (port address translation), various router OE's call it different things internally though.

Basically, you'll need your router/firewall (in this case your host) to be able to listen on its public IP on a certain port for each of the internet private addresses and then map down to them.

This could be something like:

1.1.1.1:5200 - maps down to 192.168.1.20:whateverportneededtoservice 1.1.1.1:5201 - maps down to 192.168.1.21:whateverportneededtoservice

The simpler idea would be static NAT if you had a one to one ratio of public IPs to internal private IPs.

However, if you aren't sure how to set this up, you'll need to get with someone that understands your network topology, WAN assignments, NAT/PAT, and work with you to get it going.