Forwarding a port from an LXC host to an LXC guest via Shorewall

This guide relies on the configuration discussed in Setting up Shorewall for LXC container network bridging and routing.

Each forwarded port requires a rule to be set up in /etc/shorewall/rules. As an example, to forward port 8000 from the host to the container at, add the following rule:

DNAT    net     lxc:  tcp     8000

Note that if the service residing on the container is a web service, it is advisable to use a reverse proxy on the host to forward connections to the containerised web server instead, making sure to set the X-Forwarded-For header accordingly, and ensuring that the containerised service is not otherwise accessible from the outside. This would allow for multiple different containers, each with their own web service, to be accessible via the LXC host.