Issue Description: LAN Access: Port Forwarding Plan #1363
Issues to address:
- Forward port from host to container
- Only forward
if
container: exists, is started - Check
if
container exists, if not, remove port-forwarding rule - Make communication between containers possible
Edge-cases:
- Make sure that, if access to the forwarded port is not from the subnet dedicated to our containers, the containers can get the source IP of the connection in the usual way (port-forwarding via iptables DNAT rule satisfies this trivially, a non-transparent user-space proxy doesn't)
- Make access to the forwarded port possible from other containers
- Make access to the forwarded port possible from the container itself (i.e. self-communication over the forwarded port)
- Don't break IPv6 SLAAC while implementing the previous bullet point
Feature-requests (for edge-cases):
- Forward port from unspecified IP address to the container, so that it is available on any IP address of a multi-homed host
- Forward port from 127.0.0.1 to the container (i.e. so that it is accessible from the host only)
- Forward port from a specified IP or interface to the container, so that it is available only via a specific IP address of a multi-homed host