-
Notifications
You must be signed in to change notification settings - Fork 32
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add network forwards #572
Add network forwards #572
Conversation
Demo starting at https://lxd-ui-572.demos.haus |
45186bd
to
20aadec
Compare
20aadec
to
d28a1e1
Compare
Thanks for the review @piperdeck I addressed all mentioned points, please have a look at the updated result. One point is still unresolved: The description for ports, I can't see how to fit them into the design. Maybe you have an idea, or maybe we don't need them in the UI? |
Questions1. Network forward with listen address that overlaps with another network's subnet?I created a network forward, setting the listen address to an IP that coincides with the subnet range of another network. I was expecting an error from the backend but was able to create the network forward successfully. According to the docs this is not allowed for a bridge network. Maybe my understanding is off? 2. When creating ports for network forwards, duplicated listen ports are not allowed?I'm not a networking expert, thought maybe you could listen on one 3. Invalid port numbers.This is related to the query from @piperdeck. When entering invalid port numbers we get a massive error output from the server. Maybe it would be a better user experience if we have some client side validation? Also noted that you can forward from different external ports to the same internal address ports. |
Thanks for the comments @mas-who
That is okay, the forwards are firewall rules for the host, so any incoming traffic to a "listen address" is taken over by this rule, independent to which subnet or interface it belongs.
Yes, you can only have one target for a given listen ip-port combination. What is pretty neat is, that for the same ip you can have different targets based on the port. So port 80 and 443 might go to one instance, while port 21 goes to another instance.
True, when entering something like 500000 as a port, LXD responds with the raw error from the iptables config it tries to create. Though I would avoid validating high ports, as that becomes rather tricky with the supported formats for port ranges like |
07236bb
to
db7bb47
Compare
db7bb47
to
cf897a5
Compare
cf897a5
to
386f8a5
Compare
750fb05
to
b53b6a9
Compare
1Can we please replace these with actual arrow symbols? Would look a little tidier E.g. :8000 ➝ 10.40.196.50:3000 (tcp) 2It seems like this error notification has messed up the div sizes, leading to some weird scrolling behaviour. Also, the error is pretty unreadable. If we can't validate the input before the user presses the submit button, would it be possible to replace the error text with something more informative, along with highlighting the problematic field? Screencast.from.2024-01-05.12-52-47.webm |
We can reposition the error notification, so it is rendered in the correct container and doesn't mess up the page layout. We can also validate the port numbers, so they are positive integers below 65535. It is a bit tricky to still allow ranges, and comma separated values, and a combination of the two. But that should be possible with regexp. |
885577e
to
a6160be
Compare
QA looks good! Just a few minor comments with the code review. |
9a2580f
to
942d31d
Compare
LGTM. Thanks for making the changes |
Signed-off-by: David Edler <david.edler@canonical.com>
942d31d
to
3bcb1cd
Compare
Awesome, looks good. |
Done
Fixes WD-7876
QA