Container port forwarding

I have a NIxOS container configured as follows:

{
  # ...
  networking = {
    nat = {
      enable = true;
      internalInterfaces = ["ve-+"];
      externalInterface = "eth0"
      enableIPv6 = true;
    };
  };

  containers.windmill = {
    autoStart = true;
    privateNetwork = true;
    localAddress = "192.168.102.1";
    hostAddress = "192.168.102.2";
    localAddress6 = "fc00::102:1";
    hostAddress6 = "fc00::102:2";
    forwardPorts = [{
      hostPort = 8001;
      containerPort = 8001;
    }];
    config = {
      services.windmill = {  # on port 8001
        enable = true;
        # other service config...
      };
      networking.firewall.allowedTCPPorts = [ 8001 ];
 
      system.stateVersion = "24.11";
    };
  };

  networking.hosts = {
    "192.168.102.1" = [ "windmill" ];
    "fe00::102:1" = [ "windmill" ];
  };

  # ... other configs
}

When I run lynx windmill:8001 from the host, the windmill web ui loads properly. But if I try lynx localhost:8001 I get an error 404 instead, so it looks like the port isn’t forwarded from localhost to the container.

What’s wrong with that config, and how to get it properly forwarded?

I guess nspawn port forwarding simply excludes the loopback device for some reason, and so I don’t see it on localhost: nspawn ports binding excludes loopback · Issue #6106 · systemd/systemd · GitHub.

1 Like