iptables doesn't add NAT rule

Question

I'm triying to forward a port from host to lxc guest: sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 10.0.3.31:3000

on lxc guest is running a nodejs server serving a website I cannot see the added rule here:

-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N fail2ban-ssh
-A INPUT -p tcp -m multiport --dports 22 -j fail2ban-ssh
-A INPUT -i lxcbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i lxcbr0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i lxcbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A INPUT -i lxcbr0 -p udp -m udp --dport 67 -j ACCEPT
-A FORWARD -o lxcbr0 -j ACCEPT
-A FORWARD -i lxcbr0 -j ACCEPT
-A fail2ban-ssh -j RETURN

but I don't receive any errors by calling iptables -t nat... and obviously the redirection doesn't work

I really have no idea on how to do it. can some one help me? thanks

Answer 1

To add port forwarding on the host machine to LXC container:

sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to XX.XX.XX.XX:80

To view list iptables rules use:

sudo iptables -t nat -L

Should give you an output like this:

If you still don't see your Node.js app, try curl to see if it actually responding properly.

curl http://10.0.3.31:3000 

Also don't forget to persist your port forwarding rules, you can further read in my blog post: https://drifts.io/how-to-setup-http-https-ssh-port-forwarding-to-lxc-container/