This guide relies on the configuration discussed in Setting up Shorewall for LXC container network bridging and routing.
Each forwarded port requires a rule to be set up in /etc/shorewall/rules. As an example, to forward port 8000 from the host to the container at 10.0.3.100, add the following rule:
DNAT net lxc:10.0.3.100 tcp 8000Note that if the service residing on the container is a web service, it is advisable to use a reverse proxy on the host to forward connections to the containerised web server instead, making sure to set the X-Forwarded-For header accordingly, and ensuring that the containerised service is not otherwise accessible from the outside. This would allow for multiple different containers, each with their own web service, to be accessible via the LXC host.