Fresh install of Ubuntu 22.04, LXD via snap, containers cannot reach the internet

Hello colleagues,
I am running a fresh install of Ubuntu 22.04, installed lxd via snap install lxd (lxc version 5.3), did the setup process as I’ve done it many times before (lxdbr0 defaults, only using IPv4).
When starting a default container image, for instance via lxc launch ubuntu:16.04 test, that container starts up and is acquiring an IPv4 address. But from inside the container it is impossible to reach the internet. I cannot even ping or use nslookup.
Did anything change in the default networking setup?
To me, nothing looks suspicious or different from previous lxd deployments:

$ lxc network list
+-----------+----------+---------+--------------+------+-------------+---------+---------+
|   NAME    |   TYPE   | MANAGED |     IPV4     | IPV6 | DESCRIPTION | USED BY |  STATE  |
+-----------+----------+---------+--------------+------+-------------+---------+---------+
| docker0   | bridge   | NO      |              |      |             | 0       |         |
+-----------+----------+---------+--------------+------+-------------+---------+---------+
| lxdbr0    | bridge   | YES     | 10.9.81.1/24 | none |             | 2       | CREATED |
+-----------+----------+---------+--------------+------+-------------+---------+---------+
| wlp0s20f3 | physical | NO      |              |      |             | 0       |         |
+-----------+----------+---------+--------------+------+-------------+---------+---------+

I see docker0 and think of Lxd and Docker Firewall Redux - How to deal with FORWARD policy set to drop - #3 by tomp

Hi Dragan, this sounds like a possible firewall problem with Docker, please check the following for suggested fixes:

1 Like

Thank you both @tomp and @sdeziel!

It is strange that previously I never had issues running Docker and LXD on the same machine on Ubuntu 18.04, 20.04. Maybe it was the order I installed both frameworks?

ufw is deactivated on my system.

Unfortunately I was not able to restore network connectivity for LXC with the suggested iptables command. In my case I figured it should be:

sudo iptables -I DOCKER-USER -i lxdbr0 -o wlp0s20f3 -j ACCEPT

lxdbr0 is my LXD bride, wlp0s20f3 is my hardware WiFi interface.

LXC containers are still cut off from the internet.

Am I getting this right? (I’m sorry I don’t have much experience with iptables.)

It could be that ESTABLISHED connections are not allowed. I’d first try a wide sudo iptables -I DOCKER-USER -j ACCEPT and it if works, I’d work my way from there.

Oh you are trying to launch an old container on a new host, see

Great, this has worked for me. LXC containers now can talk to the internet. Docker containers work fine, too. Is there a need to be more granular with this iptables command?

1 Like

That’s right, but in this case was not the cause for networking issues. Any Ubuntu 20.04 or 22.04 containers would be cut off the net just as much as14.04 and 16.04.

@Dragan, you can potentially be a bit more specific and replace the single ALLOW rule but those 2:

# flush the DOCKER-USER (remove old rules)
iptables -F DOCKER-USER

# add rules specifically for lxdbr0
iptables -A DOCKER-USER -o lxdbr0 -j ACCEPT
iptables -A DOCKER-USER -i lxdbr0 -j ACCEPT
2 Likes

I have had exactly the same problem and this solved it for me to (after a long search on the internet).

Thanks