I use LXD v2.10.1 and I have lxdbr0 network - 10.0.4.0/24
I forward port 10450 on public IP address to a container 10.0.4.104:5000 using iptables:
-A PREROUTING -p tcp -m tcp --dport 10450 -j DNAT --to-destination 10.0.4.104:5000
From my laptop I successfully connect to 10450 port on public IP address - the forwarding works.
However, when I try to connect from another container (in network 10.0.4.0/24) using public IP address and port 10450 - connection fails.
I realized that default lxdbr0 iptables config blocks such connection:
-A POSTROUTING -s 10.0.4.0/24 ! -d 10.0.4.0/24 -m comment --comment “generated for LXD network lxdbr0” -j MASQUERADE
When I add a new rule:
-A POSTROUTING -s 10.0.4.0/24 -j MASQUERADE
I can successfully connect to port 10450 on public IP address from the container inside the network.
Could you explain me why ! -d 10.0.4.0/24 has been added in auto generated rule for lxdbr0 network?
Maybe I do something wrong?