Get Real Client IP When Using LXD to Forward Port

By default, the LXD port forwarding is non-nat mode. It will lost client ip information. In order to transmit client information, we need to add parameter nat=true. It requires the container has a static IP address.

/snap/bin/lxc config device add "{ {container_name}}" http proxy listen=tcp: connect=tcp: nat=true
/snap/bin/lxc config device add "{ {container_name}}" https proxy listen=tcp: connect=tcp: nat=true

If the parameter proxy_protocol is true, the traffice package may be modified by the proxy and cannot extablish a ssh connection.


Written on April 16, 2021