lxd container: port forwarding like docker

Is there a way to do port-forwarding in lxd-containers like docker does?

I heard some rumours that there is no easy way.

According to the homepage of lxd this is their goal:

Intuitive (simple, clear API and crisp command line experience)

For me port forwarding is an important part.

I am not in a hurry. If it is planed for a future release, this would be a valid answer.

Four years later, the prediction given in this answer was fortunately too pesimisitc. Port forwarding has been implementented in LXD in the meantime as is documented here.

To forward port 80 on the host to 8080 in the container, simply do

lxc config device add jitsi port1 proxy listen=tcp:<hostip>:80 connect=tcp:<ontainerip>:8080

One of the developers wrote in this issue about the topic:

This has been closed, but to give a clear answer: lxd (at least as currently intended) will not do host networking. So in general you would port-forward to a web-server in a lxd container the same way you would do with lxc - you can pass in a nic from the host into the container and have your local router provide it its own address; or use route-based networking to container veths; or use iptables forwarding to forward host traffic into the container (which is what I usually do).

See https://help.ubuntu.com/lts/serverguide/lxc.html#lxc-network for more information.

So, I'm afraid, as things stand currently, there is no port forwarding, neither now nor in the future. (This prediction turned out to be not true)

@womble if this one line is all which is needed, then I will upvote an accept your answer. Please fill in your comment as answer. Thank you.

Not sure if this helps you, but it’s possible to just assign a network interface to your container. So, there isn’t so much need to do port forwarding any more…

@gf_yesterday you said “it’s possible to assign a network interface to your container”. I can handle this solution (assigning a new network interface) … but I am lazy. I prefer port forwarding.

There’s no easy way only if iptables -t nat -I PREROUTING -d <IP> -p tcp --dport <port> -j DNAT --to <IP>:<port> is hard. Incidentally, if you’re going to work from rumours, you probably want to ask the source of the rumours, not other people.