Is `containers.<name>.forwardPorts` for different host/container ports working?

leoperegrino · February 23, 2025, 10:24pm

basically the title, I was trying to configure a simple container that would forward a host port X to a container Y but was unable to actually use different ports, setup only worked with X = Y.
I found similar or probably equal issues on github but I’m unsure if it’s a issue with my setup or with NixOS.

Container forwardPorts get filtered
nixos forwardports not working for me
can’t forward port to vm

I tried creating a vm with nixos-rebuild build-vm to test it with the following:

  outputs = { self, nixpkgs }: {

    nixosConfigurations.test = nixpkgs.lib.nixosSystem {
      system = "x86_64-linux";
      modules = [

        ({lib, config, ...}: {
          containers."other" = {
            ephemeral = true;
            autoStart = true;
            privateNetwork = true;
            # hostBridge = "br-other";
            hostAddress = "10.13.38.3";
            localAddress = "10.13.38.2";
            forwardPorts = [{
              hostPort = 80;
              containerPort = 8096;
              protocol = "tcp";
            }];
            config = {
              boot.isContainer = true;
              networking.useHostResolvConf = lib.mkForce false;
              networking.hostName = "other";
              networking.nameservers = ["1.1.1.1"];
              # networking.defaultGateway = "10.13.38.1";
              networking.firewall.enable = true;
              networking.firewall.allowedTCPPorts = [ 80 ];
              system.stateVersion = config.system.stateVersion;
              services.jellyfin.enable = true;
              # services.jellyfin.openFirewall = true;
            };
          };
        })

        # networking configuration
        ({...}: {
          networking = {
            useDHCP = false;
            firewall.enable = true;
            networkmanager.enable = true;
            nat.enable = true;
            nat.externalInterface = "eth0";
            nat.internalInterfaces = ["ve-+" "vb-+" "br-+"];
          };
        })

        # virtualisation configuration
        ({pkgs, lib, config, ...}: {

         imports = [
           "${nixpkgs}/nixos/modules/virtualisation/qemu-vm.nix"
         ];

         virtualisation.graphics = false;

         virtualisation.forwardPorts = [
           { from = "host"; host.port = 2222; guest.port = 22;   }  # ssh
         ];
        })

        # user configuration
        ({pkgs, lib, config, ...}: {

           users.users."a".isNormalUser = true;
           users.users."a".initialPassword = "a";
           users.users."a".shell = pkgs.bash;
           users.users."a".extraGroups = ["wheel"];
           users.users."a".openssh.authorizedKeys.keys = [
             "ssh-rsa xXxxxxXXxx..."
           ];
           networking.firewall.allowedTCPPorts = [ 22 ];
           services.openssh.enable = true;

           security.sudo.wheelNeedsPassword = false;

         system.stateVersion = "24.11";
        })

      ];
    };
  };

Using ssh a@127.0.0.1 -p 2222 -i ~/.ssh/key to get inside the VM, I tried curl 10.13.38.3:80 no success while sudo nixos-container run other -- curl localhost:8096 is running fine. I tried with bridges also. By now, I have tried so many different combinations that I’m thinking that it’s simply not possible.

any ideas?