What you need is so called NAT hairpinning (aka NAT loopback, NAT reflection):
NAT loopback, [...] is a feature in many consumer routers which permits the access of a service via the public IP address from inside the local network.
Why is it not working? The IPTables DNAT rule you provided in your question specifies an incoming interface this rule should apply to: -i eth0
. Your traffic isn’t coming from eth0
however, but some virtual network interface or whatever. Just removing this restriction to eth0
may be sufficient to make it work.
Alternatively, a separate rule could be added to lxcbr0
:
iptables -t nat -A PREROUTING -i lxcbr0 -p tcp --dport 443 \
--destination 80.x.x.x -j DNAT --to 10.0.3.100:443