Clean Install, ipv6 none on LXD init - yet new container cant update on ipv4

Setting up, ran Lxd init, selected Ipv6 none

lxc launch ubuntu:20.04 ubuntu-master

lxc exec ubuntu-master bash

for some reason the guest container is trying to to an IPV6 connecting to the ubuntu servers, and not updating, Ive also I put the following in /etc/sysctl.conf:

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1

Can someone please tell me what I’m missing, I’m stuck ???

Err:1 http://archive.ubuntu.com/ubuntu focal InRelease                                                                
  Cannot initiate the connection to archive.ubuntu.com:80 (2001:67c:1360:8001::24). - connect (101: Network is unreachable) Cannot initiate the connection to archive.ubuntu.com:80 (2001:67c:1360:8001::23). - connect (101: Network is unreachable) Could not connect to archive.ubuntu.com:80 (91.189.88.152), connection timed out Could not connect to archive.ubuntu.com:80 (91.189.88.142), connection timed out
Err:2 http://archive.ubuntu.com/ubuntu focal-updates InRelease                                                        
  Cannot initiate the connection to archive.ubuntu.com:80 (2001:67c:1360:8001::24). - connect (101: Network is unreachable) Cannot initiate the connection to archive.ubuntu.com:80 (2001:67c:1360:8001::23). - connect (101: Network is unreachable)
Err:3 http://archive.ubuntu.com/ubuntu focal-backports InRelease
  Cannot initiate the connection to archive.ubuntu.com:80 (2001:67c:1360:8001::24). - connect (101: Network is unreachable) Cannot initiate the connection to archive.ubuntu.com:80 (2001:67c:1360:8001::23). - connect (101: Network is unreachable)
Err:4 http://security.ubuntu.com/ubuntu focal-security InRelease
  Cannot initiate the connection to security.ubuntu.com:80 (2001:67c:1562::15). - connect (101: Network is unreachable) Cannot initiate the connection to security.ubuntu.com:80 (2001:67c:1360:8001::24). - connect (101: Network is unreachable) Cannot initiate the connection to security.ubuntu.com:80 (2001:67c:1360:8001::23). - connect (101: Network is unreachable) Cannot initiate the connection to security.ubuntu.com:80 (2001:67c:1562::18). - connect (101: Network is unreachable) Could not connect to security.ubuntu.com:80 (91.189.91.39), connection timed out Could not connect to security.ubuntu.com:80 (91.189.91.38), connection timed out Could not connect to security.ubuntu.com:80 (91.189.88.152), connection timed out Could not connect to security.ubuntu.com:80 (91.189.88.142), connection timed out
Reading package lists... Done                             
Building dependency tree       
Reading state information... Done
All packages are up to date.
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/focal/InRelease  Cannot initiate the connection to archive.ubuntu.com:80 (2001:67c:1360:8001::24). - connect (101: Network is unreachable) Cannot initiate the connection to archive.ubuntu.com:80 (2001:67c:1360:8001::23). - connect (101: Network is unreachable) Could not connect to archive.ubuntu.com:80 (91.189.88.152), connection timed out Could not connect to archive.ubuntu.com:80 (91.189.88.142), connection timed out
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/focal-updates/InRelease  Cannot initiate the connection to archive.ubuntu.com:80 (2001:67c:1360:8001::24). - connect (101: Network is unreachable) Cannot initiate the connection to archive.ubuntu.com:80 (2001:67c:1360:8001::23). - connect (101: Network is unreachable)
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/focal-backports/InRelease  Cannot initiate the connection to archive.ubuntu.com:80 (2001:67c:1360:8001::24). - connect (101: Network is unreachable) Cannot initiate the connection to archive.ubuntu.com:80 (2001:67c:1360:8001::23). - connect (101: Network is unreachable)
W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/focal-security/InRelease  Cannot initiate the connection to security.ubuntu.com:80 (2001:67c:1562::15). - connect (101: Network is unreachable) Cannot initiate the connection to security.ubuntu.com:80 (2001:67c:1360:8001::24). - connect (101: Network is unreachable) Cannot initiate the connection to security.ubuntu.com:80 (2001:67c:1360:8001::23). - connect (101: Network is unreachable) Cannot initiate the connection to security.ubuntu.com:80 (2001:67c:1562::18). - connect (101: Network is unreachable) Could not connect to security.ubuntu.com:80 (91.189.91.39), connection timed out Could not connect to security.ubuntu.com:80 (91.189.91.38), connection timed out Could not connect to security.ubuntu.com:80 (91.189.88.152), connection timed out Could not connect to security.ubuntu.com:80 (91.189.88.142), connection timed out
W: Some index files failed to download. They have been ignored, or old ones used instead.
root@ubuntu-master:~# 

Please show output of:

ip a and ip r on the host and inside the instance.
lxc config show <instance> --expanded

Thank you Thomas for your prompt reply :slight_smile:

HOST

> ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp7s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN group default qlen 1000
    link/ether 54:05:db:f8:58:7a brd ff:ff:ff:ff:ff:ff
3: wlp0s20f3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 3c:9c:0f:6f:90:55 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.145/24 brd 192.168.0.255 scope global dynamic noprefixroute wlp0s20f3
       valid_lft 74332sec preferred_lft 74332sec
    inet6 fe80::f354:ed05:4ef0:f76e/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
4: enx803f5dc06a16: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN group default qlen 1000
    link/ether 80:3f:5d:c0:6a:16 brd ff:ff:ff:ff:ff:ff
5: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:80:29:ec:fc brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:80ff:fe29:ecfc/64 scope link 
       valid_lft forever preferred_lft forever
6: lxdbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 00:16:3e:4b:ac:5f brd ff:ff:ff:ff:ff:ff
    inet 10.193.61.1/24 scope global lxdbr0
       valid_lft forever preferred_lft forever
    inet6 fe80::216:3eff:fe4b:ac5f/64 scope link 
       valid_lft forever preferred_lft forever
8: veth52025096@if7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master lxdbr0 state UP group default qlen 1000
    link/ether 3a:43:f7:47:80:f5 brd ff:ff:ff:ff:ff:ff link-netnsid 0
10: vethddb208c@if9: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default 
    link/ether 16:ae:a6:bb:62:c5 brd ff:ff:ff:ff:ff:ff link-netnsid 1
    inet6 fe80::14ae:a6ff:febb:62c5/64 scope link 
       valid_lft forever preferred_lft forever

> ip r
default via 192.168.0.1 dev wlp0s20f3 proto dhcp metric 600 
10.193.61.0/24 dev lxdbr0 proto kernel scope link src 10.193.61.1 
169.254.0.0/16 dev wlp0s20f3 scope link metric 1000 
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 
192.168.0.0/24 dev wlp0s20f3 proto kernel scope link src 192.168.0.145 metric 600 

GUEST

root@ubuntu-master:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
7: eth0@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 00:16:3e:63:fd:3e brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 10.193.61.34/24 brd 10.193.61.255 scope global dynamic eth0
       valid_lft 3166sec preferred_lft 3166sec
    inet6 fe80::216:3eff:fe63:fd3e/64 scope link 
       valid_lft forever preferred_lft forever
root@ubuntu-master:~# ip r
default via 10.193.61.1 dev eth0 proto dhcp src 10.193.61.34 metric 100 
10.193.61.0/24 dev eth0 proto kernel scope link src 10.193.61.34 
10.193.61.1 dev eth0 proto dhcp scope link src 10.193.61.34 metric 100 

What do you get if you run:

lxc exec ubuntu-master -- ping 8.8.8.8

I noticed that your host has a docker0 interface, suggesting that you have docker installed, which is well known to apply firewall rules that prevent LXD lxdbr0 traffic from accessing external resources.

This normally manifests itself in the container not get IP addresses via DHCP, but in this case it may be manifesting itself as preventing traffic being forwarded through the bridge.

Please take a look at Lxd and Docker Firewall Redux - How to deal with FORWARD policy set to drop and let me know if that fixes it.

I cant explain it. I’ve done nothing other that restart me Laptop , and this morning it is working…
Even though I’m very grateful to be up and running I cant explain why it went like it did…

As you can see docker is still running?? didn’t even get to your article…

Thanks for the help :slight_smile:

ifconfig
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.17.0.1  netmask 255.255.0.0  broadcast 172.17.255.255
        inet6 fe80::42:24ff:fe1d:efa  prefixlen 64  scopeid 0x20<link>
        ether 02:42:24:1d:0e:fa  txqueuelen 0  (Ethernet)
        RX packets 18  bytes 1575 (1.5 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 159  bytes 30256 (30.2 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

enp7s0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        ether 54:05:db:f8:58:7a  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 1539  bytes 171287 (171.2 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1539  bytes 171287 (171.2 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lxdbr0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.193.61.1  netmask 255.255.255.0  broadcast 0.0.0.0
        inet6 fe80::216:3eff:fe4b:ac5f  prefixlen 64  scopeid 0x20<link>
        ether 00:16:3e:4b:ac:5f  txqueuelen 1000  (Ethernet)
        RX packets 3129  bytes 197685 (197.6 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 4345  bytes 18617029 (18.6 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

vethc07bc58: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::8b9:e4ff:fef7:8fd6  prefixlen 64  scopeid 0x20<link>
        ether 0a:b9:e4:f7:8f:d6  txqueuelen 0  (Ethernet)
        RX packets 18  bytes 1827 (1.8 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 196  bytes 34437 (34.4 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

vetheecf454f: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        ether 6e:3c:21:42:71:dd  txqueuelen 1000  (Ethernet)
        RX packets 3129  bytes 241491 (241.4 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 4345  bytes 18617029 (18.6 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlp0s20f3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.166.2.161  netmask 255.255.255.0  broadcast 192.166.2.255
        inet6 fe80::b7a2:19d5:10c7:14eb  prefixlen 64  scopeid 0x20<link>
        ether 3c:9c:0f:6f:90:55  txqueuelen 1000  (Ethernet)
        RX packets 359949  bytes 143336295 (143.3 MB)
        RX errors 0  dropped 843  overruns 0  frame 0
        TX packets 146523  bytes 27884723 (27.8 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lxc exec ubuntu-master bash
root@ubuntu-master:~# 
root@ubuntu-master:~# 
root@ubuntu-master:~# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=56 time=449 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=56 time=24.0 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=56 time=24.0 ms
^C
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms
rtt min/avg/max/mdev = 23.950/165.668/449.094/200.412 ms
root@ubuntu-master:~# apt update
Hit:1 http://archive.ubuntu.com/ubuntu focal InRelease                      
Get:2 http://security.ubuntu.com/ubuntu focal-security InRelease [109 kB]   
Get:3 http://archive.ubuntu.com/ubuntu focal-updates InRelease [114 kB]
Get:4 http://archive.ubuntu.com/ubuntu focal-backports InRelease [101 kB]
Get:5 http://archive.ubuntu.com/ubuntu focal/universe amd64 Packages [8628 kB]
Get:6 http://security.ubuntu.com/ubuntu focal-security/main amd64 Packages [619 kB]
Get:7 http://security.ubuntu.com/ubuntu focal-security/main amd64 c-n-f Metadata [7436 B]
Get:8 http://security.ubuntu.com/ubuntu focal-security/universe amd64 Packages [551 kB]
Get:9 http://security.ubuntu.com/ubuntu focal-security/universe Translation-en [82.1 kB]       
Get:10 http://security.ubuntu.com/ubuntu focal-security/universe amd64 c-n-f Metadata [10.7 kB]   
Get:11 http://security.ubuntu.com/ubuntu focal-security/multiverse amd64 Packages [14.8 kB]         
Get:12 http://security.ubuntu.com/ubuntu focal-security/multiverse Translation-en [3160 B]    
Get:13 http://security.ubuntu.com/ubuntu focal-security/multiverse amd64 c-n-f Metadata [340 B]   
Get:14 http://archive.ubuntu.com/ubuntu focal/universe Translation-en [5124 kB]  
Get:15 http://archive.ubuntu.com/ubuntu focal/universe amd64 c-n-f Metadata [265 kB]                    
Get:16 http://archive.ubuntu.com/ubuntu focal/multiverse amd64 Packages [144 kB]                        
Get:17 http://archive.ubuntu.com/ubuntu focal/multiverse Translation-en [104 kB]                        
Get:18 http://archive.ubuntu.com/ubuntu focal/multiverse amd64 c-n-f Metadata [9136 B]                  
Get:19 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages [944 kB]                      
Get:20 http://archive.ubuntu.com/ubuntu focal-updates/main Translation-en [216 kB]                      
Get:21 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 c-n-f Metadata [13.2 kB]               
Get:22 http://archive.ubuntu.com/ubuntu focal-updates/restricted amd64 Packages [206 kB]                
Get:23 http://archive.ubuntu.com/ubuntu focal-updates/restricted Translation-en [30.6 kB]               
Get:24 http://archive.ubuntu.com/ubuntu focal-updates/universe amd64 Packages [759 kB]                  
Get:25 http://archive.ubuntu.com/ubuntu focal-updates/universe Translation-en [162 kB]                  
Get:26 http://archive.ubuntu.com/ubuntu focal-updates/universe amd64 c-n-f Metadata [17.0 kB]           
Get:27 http://archive.ubuntu.com/ubuntu focal-updates/multiverse amd64 Packages [21.6 kB]               
Get:28 http://archive.ubuntu.com/ubuntu focal-updates/multiverse Translation-en [5508 B]                
Get:29 http://archive.ubuntu.com/ubuntu focal-updates/multiverse amd64 c-n-f Metadata [600 B]           
Get:30 http://archive.ubuntu.com/ubuntu focal-backports/main amd64 c-n-f Metadata [112 B]               
Get:31 http://archive.ubuntu.com/ubuntu focal-backports/restricted amd64 c-n-f Metadata [116 B]         
Get:32 http://archive.ubuntu.com/ubuntu focal-backports/universe amd64 Packages [4032 B]                
Get:33 http://archive.ubuntu.com/ubuntu focal-backports/universe Translation-en [1448 B]                
Get:34 http://archive.ubuntu.com/ubuntu focal-backports/universe amd64 c-n-f Metadata [224 B]           
Get:35 http://archive.ubuntu.com/ubuntu focal-backports/multiverse amd64 c-n-f Metadata [116 B]         
Fetched 18.3 MB in 8s (2420 kB/s)                                                                       
Reading package lists... Done
Building dependency tree       
Reading state information... Done
1 package can be upgraded. Run 'apt list --upgradable' to see it.
root@ubuntu-master:~# 

Sounds like a race condition between LXD and Docker starting up and adding firewall rules in different orders, you may find it reoccurs when LXD is updated and is reloaded or on next reboot.