Bridged Lxc not taking incoming connections from outside host on same LAN

Need some help with my lxd bridge.
I want it be able to communicate with my entire network. But seems that some type of forwarding wont work and i cant figure it it out. Ive googled and read other threads here. But no answer.

System:
Ubuntu 22.04.1 LTS.
LXD/lxc snap
Stock UFW so nftables i assume.
Standard lxd bridge with subnet 9.9.9.1/24
LAN 192.168.1.1 net.
Router: pfsense software

Settings ive done.
Ive done ip forwarding in /etc/ufw/sysctl.conf in the container and host. rebooted server with no change.

Added UFW firewall rules.
sudo ufw allow in on lxdbr0
sudo ufw route allow in on lxdbr0
sudo ufw route allow out on lxdbr0

Ufw on the bridged container is disabled. Also tried with ufw disabled on host. No change.

Pingstests.
Ping to router: 100% works
Ping from router: 100% packet loss
Ping from host: Yes 100% works
Ping from wifi thats connected as accesspoint: 100% loss (duh but i wanted to try everything)
Ping from other lxc on macvlan (192.168.1.1): 100% loss
Ping from the (9.9.9.1 subnet) lxc to macvlan lxc: 100% works

So the bridge/lxc is blocking incoming connections. Whats missing?

i use LXC’s networking in order to expose individual machines… but if you’re doing lots of machines you really could get out of using bridges and switch to a networking type that takes DHCP from your hosts router… that could solve all issues but it can be tricky to setup at first.

https://www.reddit.com/r/LXD/comments/5q6gt6/how_to_expose_ports_in_lxc_containers/

https://linuxcontainers.org/lxd/docs/latest/howto/network_forwards/

Thx for the input. The problem is that want the host to be a le to connect. Wont work with macvlan on the same nic. Ip forward will be a real mess with all the ports. So i really want the ips.

Im so close so i hope someone has a solution. Plan b is a second nic on macvlan.

I would suggest setting up an external bridge (see https://netplan.readthedocs.io/en/stable/examples/#configuring-network-bridges) and then tell LXD instances to use the bridge using:

lxc config device add <instance> eth0 nic nictype=bridged parent=<bridge name>
1 Like