Hello colleagues,
I am running a fresh install of Ubuntu 22.04, installed lxd via snap install lxd (lxc version 5.3), did the setup process as I’ve done it many times before (lxdbr0 defaults, only using IPv4).
When starting a default container image, for instance via lxc launch ubuntu:16.04 test, that container starts up and is acquiring an IPv4 address. But from inside the container it is impossible to reach the internet. I cannot even ping or use nslookup.
Did anything change in the default networking setup?
To me, nothing looks suspicious or different from previous lxd deployments:
$ lxc network list
+-----------+----------+---------+--------------+------+-------------+---------+---------+
| NAME | TYPE | MANAGED | IPV4 | IPV6 | DESCRIPTION | USED BY | STATE |
+-----------+----------+---------+--------------+------+-------------+---------+---------+
| docker0 | bridge | NO | | | | 0 | |
+-----------+----------+---------+--------------+------+-------------+---------+---------+
| lxdbr0 | bridge | YES | 10.9.81.1/24 | none | | 2 | CREATED |
+-----------+----------+---------+--------------+------+-------------+---------+---------+
| wlp0s20f3 | physical | NO | | | | 0 | |
+-----------+----------+---------+--------------+------+-------------+---------+---------+
It is strange that previously I never had issues running Docker and LXD on the same machine on Ubuntu 18.04, 20.04. Maybe it was the order I installed both frameworks?
ufw is deactivated on my system.
Unfortunately I was not able to restore network connectivity for LXC with the suggested iptables command. In my case I figured it should be:
It could be that ESTABLISHED connections are not allowed. I’d first try a wide sudo iptables -I DOCKER-USER -j ACCEPT and it if works, I’d work my way from there.
Great, this has worked for me. LXC containers now can talk to the internet. Docker containers work fine, too. Is there a need to be more granular with this iptables command?
That’s right, but in this case was not the cause for networking issues. Any Ubuntu 20.04 or 22.04 containers would be cut off the net just as much as14.04 and 16.04.