Both Docker & LXD by default create containers inside of a private/internal NAT network. This increases security because communication between containers is not on the user LAN. These private NAT networks readily allow outbound communication, but like NAT on a router, they generally block all inbound communication by default.
This video discusses how LXD can perform port forwarding in a similar way to Docker.
Docker containers accomplish this with port forwards whereby containers on a Docker private network can “map” desired ports to the Docker host. The downfall of this is that a port number opened on the Docker host maps to exactly one container.
I have frequently shown how to “bridge” LXD containers to dedicated LAN addresses. This allows all ports on a LXD container to be available at the LAN address without any conflict issues. Although this is powerful, there are times when having the LXD container on a private address range can increase security and offer other functionality.
A good example is if your LXD host is a VPS server, you might only be granted a single IP address for the LXD host and therefore you might not be able to have addresses for each separate LXD container on the LAN.
In the tutorial we created a LXD container on the lxdbr0 NAT network:
lxc launch ubuntu:20.04 test1 -c boot.autostart=true
We connected to the console of the container, updated it and installed the Apache web server.
lxc exec test1 bash
apt update && apt upgrade -y
apt install apache2
exit
We created a profile to proxy port 8080 on the LXD host down to port 80.
lxc profile create proxy-8080
lxc profile device add proxy-8080 hostport8080 proxy connect="tcp:127.0.0.1:80" listen="tcp:0.0.0.0:8080"
lxc profile show proxy-8080
We added the new profile to our test1 container:
lxc profile add test1 proxy-8080
Show that it is added to the container test1.
lxc config show test1 -e
You can then go into a web browser at http://LXD-Host-address:8080 and it will access the Apache on the test1 container.
To remove the proxy profile from the container and delete the profile.
lxc profile remove test1 proxy-8080
lxc profile delete proxy-8080