User:StefanLangenmaier/Poor man's Cluster/Host

Host
As a host Gentoo with the following features will be used:


 * lxc/docker
 * btrfs
 * kexec
 * dd-client (dyndns)
 * ntp-client
 * iptables
 * libvirtd
 * sshd
 * dmcrypt

SSHD
Only certificate based login

iptables
libvirtd creates the nat network for the containers. To forward an external port to lxc container behind a nat network.

iptables -I FORWARD -m state -i virbr0 --state NEW,RELATED,ESTABLISHED -j ACCEPT
 * 1) once for the nat'ed network

iptables -t nat -I PREROUTING -p tcp -i eth0 --dport 443 -j DNAT --to-destination 192.168.122.101:443 iptables -t nat -I PREROUTING -p tcp -i eth0 --dport 3306 -j DNAT --to-destination 192.168.122.102:3306
 * 1) once for each port that should be forwarded


 * http://wiki.libvirt.org/page/Networking#Forwarding_Incoming_Connections
 * Iptables
 * http://serverfault.com/questions/170079/forwarding-ports-to-guests-in-libvirt-kvm/170641#170641