I have a container setup with LXD running several wordpress webpages (apache2) All is working fine.
I added portforwarding by:
lxc config device add CONTAINER lxd_proxy_port80 proxy listen=tcp:0.0.0.0:80 connect=tcp:INTERNALIP:80
…and same for port 443. Thats all working correctly.
Unfortunately I cannot see originating IP’s in my apache2 logs (var/log/apache2/access.log) but only see the local IP. By using iptables I wanted to change this. I did:
iptables -A FORWARD -p tcp -d LOCALIP --dport 443 -j ACCEPT
iptables -A FORWARD -p tcp -d LOCALIP --dport 80 -j ACCEPT
and deleting my proxy device with
lxc config device remove CONTAINER lxd_proxy_port80
lxc config device remove CONTAINER lxd_proxy_port443
I can actually access files on my server correctly and I also see now my external IP in the apache2 access logs.
However, wordpress does not reach update-servers anymore (external) and seems to have problems reaching the outside world and one of my wordpress pages cannot access the index.php file anymore (it hangs loading). I suppose the latter effect is due to some external content not being loaded correctly.
Could you help me understand what is going on?
This conversation answers the questions: https://discuss.linuxcontainers.org/t/iptables-apache-in-lxd-container/6143 A good video on this: https://www.youtube.com/watch?v=1p-fbS_OYTg
My solution did end up working by adding a -d MYIP/32 in the iptables rule to only make it apply for incoming traffic.