0

I'm running Debian 7.0 on a server and I have some containers by OpenVZ.

I would like to, according to the request to the server, send this request to a specific container. Example:

domain.com:500 -> Container1 will handle it

domain.com:501 -> Container2 will handle it

I would like, if possible, avoid IPTables cause I simply have troubles with it and never really understand the rules of it (I would love to avoid HAProxy too). I have no problems using UFW.

I'm looking for a really simple solution.

Kynno
  • 1
  • 1
  • UFW its using iptables. It's just provides an easier configuration for iptables, that's all. You could just use ufw if you like and do port forwarding. – Bogdan Stoica Feb 20 '17 at 11:58

1 Answers1

0

If you use ufw then go to /etc/ufw/ and edit before.rules file. The file begins with:

# NAT table rules
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-F

Right after that please add (it's just an example):

# container 1 rules
-A PREROUTING -i eth0 -p tcp --dport 500 -j DNAT --to-destination container1-ip-address:port
# container 2 rules
-A PREROUTING -i eth0 -p tcp --dport 501 -j DNAT --to-destination container2-ip-address:port

You should replace eth0 with your server's interface (I assume you are using bridging).

Save the file. Restart the ufw firewall:

ufw disable
ufw enable

I suppose your containers already have internet access so I assume that you have enabled port forwarding support in your kernel (you should have this lines in /etc/sysctl.conf):

net.ipv4.conf.all.forwarding = 1
net.ipv4.ip_forward = 1
Bogdan Stoica
  • 4,349
  • 2
  • 23
  • 38