Having problem with fan network and ufw

Hi all,
I’m having problem with the fan network, here are my settings and looking any help to resolve the issue. When I execute the command “lxc launch images:alpine/edge atest -p fanprofile”, atest container doesn’t appear with the IP address. What could be the problem any assist will be appreciated.
Regards.

indiana@mars:~$ lxc network list
+----------+----------+---------+--------------+---------------------------+-------------+---------+
|   NAME   |   TYPE   | MANAGED |     IPV4     |           IPV6            | DESCRIPTION | USED BY |
+----------+----------+---------+--------------+---------------------------+-------------+---------+
| enp1s6f0 | physical | NO      |              |                           |             | 0       |
+----------+----------+---------+--------------+---------------------------+-------------+---------+
| enp1s6f1 | physical | NO      |              |                           |             | 0       |
+----------+----------+---------+--------------+---------------------------+-------------+---------+
| enp4s0   | physical | NO      |              |                           |             | 0       |
+----------+----------+---------+--------------+---------------------------+-------------+---------+
| fanbr0   | bridge   | YES     |              |                           |             | 1       |
+----------+----------+---------+--------------+---------------------------+-------------+---------+
| lxdbr0   | bridge   | YES     | 10.23.4.1/24 | fd42:4571:a731:d8a0::1/64 |             | 4       |
+----------+----------+---------+--------------+---------------------------+-------------+---------+

indiana@mars:~$ lxc network show fanbr0
config:
  bridge.mode: fan
  fan.underlay_subnet: 192.168.0.0/24
  ipv4.nat: "true"
description: ""
name: fanbr0
type: bridge
used_by:
- /1.0/profiles/fanprofile
managed: true
status: Created
locations:
- none

indiana@mars:~$ lxc profile show fanprofile
config:
  limits.cpu: "1"
  limits.cpu.allowance: 25%
  limits.memory: 1GiB
description: Default LXD profile
devices:
  eth0:
    name: eth0
    nictype: bridged
    parent: fanbr0
    type: nic
  root:
    path: /
    pool: zfspool
    size: 10GB
    type: disk
name: fanprofile
used_by: []

Can you show ps fauxww on your host as well as iptables -L -n -v?

The LXD configuration above looks fine to me so my guess is more around the DHCP server not working or something getting in the way of it.

I reduced the size of the ps command.

indiana     7447  0.0  0.0 165180  6548 ?        Ssl  Feb15   0:00  \_ /usr/libexec/gvfsd-metadata
indiana    44786  0.0  0.0 360060  5648 ?        Sl   Feb15   0:14  \_ /usr/lib/speech-dispatcher-modules/sd_dummy /etc/speech-dispatcher/modules/dummy.conf
indiana    44793  0.0  0.0 453112  8032 ?        Sl   Feb15   0:14  \_ /usr/lib/speech-dispatcher-modules/sd_espeak-ng /etc/speech-dispatcher/modules/espeak-ng.conf
indiana    44799  0.0  0.0 360092  5860 ?        Sl   Feb15   0:14  \_ /usr/lib/speech-dispatcher-modules/sd_generic /etc/speech-dispatcher/modules/mary-generic.conf
indiana    44802  0.0  0.0 162472  2280 ?        Ssl  Feb15   0:00  \_ /usr/bin/speech-dispatcher --spawn --communication-method unix_socket --socket-path /run/user/1000/speech-dispatcher/speechd.sock
indiana   119366  0.0  0.3 863604 58204 ?        Sl   Feb16   0:00  \_ /usr/bin/gnome-calendar --gapplication-service
indiana   119367  0.0  0.2 749600 44772 ?        SLl  Feb16   0:00  \_ /usr/bin/seahorse --gapplication-service
indiana     3155  0.0  0.0 242924  7472 ?        Sl   Feb15   0:00 /usr/bin/gnome-keyring-daemon --daemonize --login
root        6366  0.0  0.0 1305560 14444 ?       Ss   Feb15   0:00 [lxc monitor] /var/snap/lxd/common/lxd/containers proxy
1000000     6378  0.0  0.0 159152  5768 ?        Ss   Feb15   0:01  \_ /sbin/init
1000000     6823  0.0  0.0  78492  7400 ?        Ss   Feb15   0:00      \_ /lib/systemd/systemd-journald
1000000     6841  0.0  0.0  42116  2148 ?        Ss   Feb15   0:00      \_ /lib/systemd/systemd-udevd
1000100     6842  0.0  0.0  80096  3812 ?        Ss   Feb15   0:00      \_ /lib/systemd/systemd-networkd
1000101     6921  0.0  0.0  70676  3692 ?        Ss   Feb15   0:00      \_ /lib/systemd/systemd-resolved
1000102     6922  0.0  0.0 193412  2596 ?        Ssl  Feb15   0:00      \_ /usr/sbin/rsyslogd -n
1000000     6923  0.0  0.0  31304  1672 ?        Ss   Feb15   0:00      \_ /usr/sbin/cron -f
1000000     6924  0.0  0.0 170484 13320 ?        Ssl  Feb15   0:00      \_ /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
1000000     6927  0.0  0.0  62064  3596 ?        Ss   Feb15   0:00      \_ /lib/systemd/systemd-logind
1000103     6928  0.0  0.0  49940  2632 ?        Ss   Feb15   0:00      \_ /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
1000000     6932  0.0  0.0  15968  1364 ?        Ss+  Feb15   0:00      \_ /sbin/agetty -o -p -- \u --noclear --keep-baud console 115200,38400,9600 linux
1000000     7034  0.0  0.0  33204   804 ?        Ss   Feb15   0:00      \_ nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
1065534     7035  0.0  0.0  37752  2736 ?        S    Feb15   0:00          \_ nginx: worker process
1000000     6456  0.0  0.1 1237904 29924 ?       Ssl  Feb15   0:00 /snap/lxd/current/bin/lxd forkproxy -- 5963 4 tcp:0.0.0.0:80 6378 3 tcp:127.0.0.1:80   0644
root       97695  0.0  0.0   4652  1648 ?        Ss   Feb16   0:00 /bin/sh /snap/lxd/19443/commands/daemon.start
root       97816  0.0  1.2 2118484 204128 ?      Sl   Feb16   1:07  \_ lxd --logfile /var/snap/lxd/common/lxd/logs/lxd.log --group lxd
lxd        97922  0.0  0.0  43644  3348 ?        Ss   Feb16   0:00      \_ dnsmasq --keep-in-foreground --strict-order --bind-interfaces --except-interface=lo --pid-file= --no-ping --interface=fanbr0 --quiet-dhcp --quiet-dhcp6 --quiet-ra --listen-address=240.13.0.1 --dhcp-no-override --dhcp-authoritative --dhcp-leasefile=/var/snap/lxd/common/lxd/networks/fanbr0/dnsmasq.leases --dhcp-hostsfile=/var/snap/lxd/common/lxd/networks/fanbr0/dnsmasq.hosts --dhcp-range 240.13.0.2,240.13.0.254,1h -s lxd -S /lxd/ --conf-file=/var/snap/lxd/common/lxd/networks/fanbr0/dnsmasq.raw -u lxd -g lxd
lxd        98021  0.0  0.0  43644  3340 ?        Ss   Feb16   0:00      \_ dnsmasq --keep-in-foreground --strict-order --bind-interfaces --except-interface=lo --pid-file= --no-ping --interface=lxdbr0 --quiet-dhcp --quiet-dhcp6 --quiet-ra --listen-address=10.23.4.1 --dhcp-no-override --dhcp-authoritative --dhcp-leasefile=/var/snap/lxd/common/lxd/networks/lxdbr0/dnsmasq.leases --dhcp-hostsfile=/var/snap/lxd/common/lxd/networks/lxdbr0/dnsmasq.hosts --dhcp-range 10.23.4.2,10.23.4.254,1h --listen-address=fd42:4571:a731:d8a0::1 --enable-ra --dhcp-range ::,constructor:lxdbr0,ra-stateless,ra-names -s lxd -S /lxd/ --conf-file=/var/snap/lxd/common/lxd/networks/lxdbr0/dnsmasq.raw -u lxd -g lxd
systemd+  110504  0.0  0.0  18864  7940 ?        Ss   Feb16   0:01 /lib/systemd/systemd-networkd
dhcpd     110532  0.0  0.0 104036 10456 ?        Ssl  Feb16   0:00 dhcpd -user dhcpd -group dhcpd -f -4 -pf /run/dhcp-server/dhcpd.pid -cf /etc/dhcp/dhcpd.conf
root      153235  0.0  0.0 1231852 14480 ?       Ss   Feb16   0:00 [lxc monitor] /var/snap/lxd/common/lxd/containers atest
1000000   153246  0.0  0.0   1588   432 ?        Ss   Feb16   0:00  \_ /sbin/init
1000000   153471  0.0  0.0   1604    68 ?        Ss   Feb16   0:00      \_ /sbin/syslogd -t
1000000   153497  0.0  0.0   1588   468 ?        Ss   Feb16   0:00      \_ /usr/sbin/crond -c /etc/crontabs
1000000   153613  0.0  0.0   1588    48 ?        Ss   Feb16   0:00      \_ /sbin/udhcpc -b -R -p /var/run/udhcpc.eth0.pid -i eth0 -x hostname:atest
1000000   153630  0.0  0.0   1588   584 pts/0    Ss+  Feb16   0:00      \_ /sbin/getty 38400 console
root      155096  0.0  0.0  31472  9116 ?        Ss   00:00   0:00 /usr/sbin/cupsd -l
root      155097  0.0  0.0 180632 11968 ?        Ssl  00:00   0:00 /usr/sbin/cups-browsed
root      158656  0.0  0.0 1305840 14500 ?       Ss   00:37   0:00 [lxc monitor] /var/snap/lxd/common/lxd/containers btest
1000000   158667  0.0  0.0 100028  9956 ?        Ss   00:37   0:00  \_ /sbin/init
1000000   158713  0.0  0.0  32152 10660 ?        Ss   00:37   0:00      \_ /lib/systemd/systemd-journald
1000000   158734  0.0  0.0  20748  4492 ?        Ss   00:37   0:00      \_ /lib/systemd/systemd-udevd
1000100   158747  0.0  0.0  14644  5816 ?        Ss   00:37   0:00      \_ /lib/systemd/systemd-networkd
1000000   158758  0.0  0.0   9432  2676 ?        Ss   00:37   0:00      \_ /usr/sbin/cron -f
1000103   158759  0.0  0.0   8604  4156 ?        Ss   00:37   0:00      \_ /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
1000000   158762  0.0  0.1  33640 19304 ?        Ss   00:37   0:00      \_ /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
1000104   158763  0.0  0.0 152628  4748 ?        Ssl  00:37   0:00      \_ /usr/sbin/rsyslogd -n -iNONE
1000000   158764  0.0  0.0  13540  5872 ?        Ss   00:37   0:00      \_ /lib/systemd/systemd-logind
1000101   158767  0.0  0.0  24384 12288 ?        Ss   00:37   0:00      \_ /lib/systemd/systemd-resolved
1000000   158774  0.0  0.0   8192  2164 pts/1    Ss+  00:37   0:00      \_ /sbin/agetty -o -p -- \u --noclear --keep-baud console 115200,38400,9600 linux

root@mars:~# iptables -L -n -v
Chain INPUT (policy DROP 132 packets, 15894 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     tcp  --  lxdbr0 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:53 /* generated for LXD network lxdbr0 */
  191 13174 ACCEPT     udp  --  lxdbr0 *       0.0.0.0/0            0.0.0.0/0            udp dpt:53 /* generated for LXD network lxdbr0 */
  625  194K ACCEPT     udp  --  lxdbr0 *       0.0.0.0/0            0.0.0.0/0            udp dpt:67 /* generated for LXD network lxdbr0 */
 754K  636M ufw-before-logging-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 754K  636M ufw-before-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 1314  374K ufw-after-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  285 34705 ufw-after-logging-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  285 34705 ufw-reject-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  285 34705 ufw-track-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy ACCEPT 1919 packets, 99924 bytes)
 pkts bytes target     prot opt in     out     source               destination         
11897   22M ACCEPT     all  --  *      lxdbr0  0.0.0.0/0            0.0.0.0/0            /* generated for LXD network lxdbr0 */
 7748  489K ACCEPT     all  --  lxdbr0 *       0.0.0.0/0            0.0.0.0/0            /* generated for LXD network lxdbr0 */
    0     0 ACCEPT     all  --  *      fanbr0  0.0.0.0/0            0.0.0.0/0            /* generated for LXD network fanbr0 */
    0     0 ACCEPT     all  --  fanbr0 *       0.0.0.0/0            0.0.0.0/0            /* generated for LXD network fanbr0 */
1911K 1294M ufw-before-logging-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
1911K 1294M ufw-before-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
19498 1692K ufw-after-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
19498 1692K ufw-after-logging-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
19498 1692K ufw-reject-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
19498 1692K ufw-track-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 715 packets, 33911 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     tcp  --  *      lxdbr0  0.0.0.0/0            0.0.0.0/0            tcp spt:53 /* generated for LXD network lxdbr0 */
  191 31806 ACCEPT     udp  --  *      lxdbr0  0.0.0.0/0            0.0.0.0/0            udp spt:53 /* generated for LXD network lxdbr0 */
   57 18951 ACCEPT     udp  --  *      lxdbr0  0.0.0.0/0            0.0.0.0/0            udp spt:67 /* generated for LXD network lxdbr0 */
 677K  103M ufw-before-logging-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 677K  103M ufw-before-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
44974 3522K ufw-after-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
44974 3522K ufw-after-logging-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
44974 3522K ufw-reject-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
44974 3522K ufw-track-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ufw-after-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-after-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ufw-skip-to-policy-input  udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:137
    0     0 ufw-skip-to-policy-input  udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:138
    0     0 ufw-skip-to-policy-input  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:139
    0     0 ufw-skip-to-policy-input  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:445
 1025  339K ufw-skip-to-policy-input  udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:67
    0     0 ufw-skip-to-policy-input  udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:68
    4   732 ufw-skip-to-policy-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type BROADCAST

Chain ufw-after-logging-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-after-logging-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  145 17513 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw-after-logging-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-after-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-before-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         
1891K 1293M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 3
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 11
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 12
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 8
19498 1692K ufw-user-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ufw-before-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         
40072 4201K ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
 681K  629M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
  765 75364 ufw-logging-deny  all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
  765 75364 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 3
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 11
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 12
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 8
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp spt:67 dpt:68
32700 2960K ufw-not-local  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  923  153K ACCEPT     udp  --  *      *       0.0.0.0/0            224.0.0.251          udp dpt:5353
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            239.255.255.250      udp dpt:1900
31777 2808K ufw-user-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ufw-before-logging-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-before-logging-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-before-logging-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-before-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         
40172 4213K ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0           
 592K   95M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
44974 3522K ufw-user-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ufw-logging-allow (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW ALLOW] "

Chain ufw-logging-deny (2 references)
 pkts bytes target     prot opt in     out     source               destination         
  520 55897 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID limit: avg 3/min burst 10
  123  9877 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw-not-local (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  551  122K RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL
 2076  190K RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type MULTICAST
30073 2649K RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type BROADCAST
    0     0 ufw-logging-deny  all  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 10
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ufw-reject-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-reject-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-reject-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-skip-to-policy-forward (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ufw-skip-to-policy-input (7 references)
 pkts bytes target     prot opt in     out     source               destination         
 1029  340K DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ufw-skip-to-policy-output (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ufw-track-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 8329  913K ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate NEW
 7670  589K ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate NEW

Chain ufw-track-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-track-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         
12253  735K ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate NEW
31168 2711K ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate NEW

Chain ufw-user-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-user-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       10.23.4.0/24         0.0.0.0/0           
 3504  673K ACCEPT     all  --  *      *       192.168.1.0/24       0.0.0.0/0           
26959 1760K ACCEPT     all  --  *      *       192.168.0.0/24       0.0.0.0/0           

Chain ufw-user-limit (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 5 LOG flags 0 level 4 prefix "[UFW LIMIT BLOCK] "
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable

Chain ufw-user-limit-accept (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ufw-user-logging-forward (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-user-logging-input (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-user-logging-output (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-user-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Okay, so there’s something wrong there.
I don’t know if it’s a LXD bug or something else on your system though.

I would have expected the same set of INPUT rules for fanbr0 as for lxdbr0, but while you have the FORWARD ones, you’re missing the INPUT ones…

Can you try systemctl reload snap.lxd.daemon and see if that makes them appear?
If not, then it’s a LXD bug, hopefully one that @tomp can trivially fix (I think he looked at some of that code recently).

Thanks @graber for the investigation. I reload as you have mentioned but nothing changed for the container side. Here are my iptables output before the systemctl reload and after.

Before the reload

Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     tcp  --  lxdbr0 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:53 /* generated for LXD network lxdbr0 */
    9   460 ACCEPT     udp  --  lxdbr0 *       0.0.0.0/0            0.0.0.0/0            udp dpt:53 /* generated for LXD network lxdbr0 */
    8  2511 ACCEPT     udp  --  lxdbr0 *       0.0.0.0/0            0.0.0.0/0            udp dpt:67 /* generated for LXD network lxdbr0 */
 797K  666M ufw-before-logging-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 797K  666M ufw-before-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 1765  523K ufw-after-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  286 36205 ufw-after-logging-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  286 36205 ufw-reject-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  286 36205 ufw-track-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    4  4226 ACCEPT     all  --  *      lxdbr0  0.0.0.0/0            0.0.0.0/0            /* generated for LXD network lxdbr0 */
    6   856 ACCEPT     all  --  lxdbr0 *       0.0.0.0/0            0.0.0.0/0            /* generated for LXD network lxdbr0 */
    0     0 ACCEPT     all  --  *      fanbr0  0.0.0.0/0            0.0.0.0/0            /* generated for LXD network fanbr0 */
    0     0 ACCEPT     all  --  fanbr0 *       0.0.0.0/0            0.0.0.0/0            /* generated for LXD network fanbr0 */
1920K 1296M ufw-before-logging-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
1920K 1296M ufw-before-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
20574 1760K ufw-after-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
20574 1760K ufw-after-logging-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
20574 1760K ufw-reject-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
20574 1760K ufw-track-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 35 packets, 2937 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     tcp  --  *      lxdbr0  0.0.0.0/0            0.0.0.0/0            tcp spt:53 /* generated for LXD network lxdbr0 */
    9   575 ACCEPT     udp  --  *      lxdbr0  0.0.0.0/0            0.0.0.0/0            udp spt:53 /* generated for LXD network lxdbr0 */
    8  2659 ACCEPT     udp  --  *      lxdbr0  0.0.0.0/0            0.0.0.0/0            udp spt:67 /* generated for LXD network lxdbr0 */
 716K  109M ufw-before-logging-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 716K  109M ufw-before-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
46630 3634K ufw-after-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
46630 3634K ufw-after-logging-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
46630 3634K ufw-reject-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
46630 3634K ufw-track-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

After the reload

Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     tcp  --  lxdbr0 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:53 /* generated for LXD network lxdbr0 */
    0     0 ACCEPT     udp  --  lxdbr0 *       0.0.0.0/0            0.0.0.0/0            udp dpt:53 /* generated for LXD network lxdbr0 */
    0     0 ACCEPT     udp  --  lxdbr0 *       0.0.0.0/0            0.0.0.0/0            udp dpt:67 /* generated for LXD network lxdbr0 */
 801K  669M ufw-before-logging-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 801K  669M ufw-before-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 1807  537K ufw-after-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  286 36205 ufw-after-logging-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  286 36205 ufw-reject-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  286 36205 ufw-track-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      lxdbr0  0.0.0.0/0            0.0.0.0/0            /* generated for LXD network lxdbr0 */
    0     0 ACCEPT     all  --  lxdbr0 *       0.0.0.0/0            0.0.0.0/0            /* generated for LXD network lxdbr0 */
    0     0 ACCEPT     all  --  *      fanbr0  0.0.0.0/0            0.0.0.0/0            /* generated for LXD network fanbr0 */
    0     0 ACCEPT     all  --  fanbr0 *       0.0.0.0/0            0.0.0.0/0            /* generated for LXD network fanbr0 */
1921K 1297M ufw-before-logging-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
1921K 1297M ufw-before-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
20672 1786K ufw-after-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
20672 1786K ufw-after-logging-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
20672 1786K ufw-reject-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
20672 1786K ufw-track-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 4 packets, 160 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     tcp  --  *      lxdbr0  0.0.0.0/0            0.0.0.0/0            tcp spt:53 /* generated for LXD network lxdbr0 */
    0     0 ACCEPT     udp  --  *      lxdbr0  0.0.0.0/0            0.0.0.0/0            udp spt:53 /* generated for LXD network lxdbr0 */
    0     0 ACCEPT     udp  --  *      lxdbr0  0.0.0.0/0            0.0.0.0/0            udp spt:67 /* generated for LXD network lxdbr0 */
 720K  110M ufw-before-logging-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 720K  110M ufw-before-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
47057 3670K ufw-after-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
47057 3670K ufw-after-logging-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
47057 3670K ufw-reject-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
47057 3670K ufw-track-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Please can you show output of the following commands on the host:

ip a
ip r
sudo ss -ulpn
lxc info
sudo nft list ruleset

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp4s0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether bc:ae:c5:47:57:93 brd ff:ff:ff:ff:ff:ff
3: enp1s6f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 6c:b3:11:49:03:1a brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.1/24 brd 192.168.1.255 scope global enp1s6f0
       valid_lft forever preferred_lft forever
    inet6 fe80::6eb3:11ff:fe49:31a/64 scope link 
       valid_lft forever preferred_lft forever
4: enp1s6f1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 6c:b3:11:49:03:1b brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.13/24 brd 192.168.0.255 scope global enp1s6f1
       valid_lft forever preferred_lft forever
    inet6 fe80::6eb3:11ff:fe49:31b/64 scope link 
       valid_lft forever preferred_lft forever
8: lxdbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 00:16:3e:14:e6:07 brd ff:ff:ff:ff:ff:ff
    inet 10.23.4.1/24 scope global lxdbr0
       valid_lft forever preferred_lft forever
    inet6 fd42:4571:a731:d8a0::1/64 scope global 
       valid_lft forever preferred_lft forever
    inet6 fe80::216:3eff:fe14:e607/64 scope link 
       valid_lft forever preferred_lft forever
14: veth463f0887@if13: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master lxdbr0 state UP group default qlen 1000
    link/ether 72:65:d7:d7:18:45 brd ff:ff:ff:ff:ff:ff link-netnsid 2
22: vethb2cb2ffb@if21: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master lxdbr0 state UP group default qlen 1000
    link/ether 06:85:1b:a8:1c:ce brd ff:ff:ff:ff:ff:ff link-netnsid 5
50: fanbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP group default qlen 1000
    link/ether 00:16:3e:95:d8:4f brd ff:ff:ff:ff:ff:ff
    inet 240.13.0.1/8 scope global fanbr0
       valid_lft forever preferred_lft forever
    inet6 fe80::216:3eff:fe95:d84f/64 scope link 
       valid_lft forever preferred_lft forever
60: vethb1e55472@if59: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master lxdbr0 state UP group default qlen 1000
    link/ether b6:8d:aa:ba:60:3f brd ff:ff:ff:ff:ff:ff link-netnsid 1
67: fanbr0-mtu: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1450 qdisc noqueue master fanbr0 state UNKNOWN group default qlen 1000
    link/ether a2:ce:3a:f1:ea:ad brd ff:ff:ff:ff:ff:ff
    inet6 fe80::a0ce:3aff:fef1:eaad/64 scope link 
       valid_lft forever preferred_lft forever
68: fanbr0-fan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master fanbr0 state UNKNOWN group default qlen 1000
    link/ether 52:0d:08:28:8b:10 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::500d:8ff:fe28:8b10/64 scope link 
       valid_lft forever preferred_lft forever
70: veth3bfba476@if69: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master fanbr0 state UP group default qlen 1000
    link/ether be:7c:11:77:35:56 brd ff:ff:ff:ff:ff:ff link-netnsid 0

root@mars:~# ip r
default via 192.168.0.1 dev enp1s6f1 proto static 
10.23.4.0/24 dev lxdbr0 proto kernel scope link src 10.23.4.1 
192.168.0.0/24 dev enp1s6f1 proto kernel scope link src 192.168.0.13 
192.168.1.0/24 dev enp1s6f0 proto kernel scope link src 192.168.1.1 
240.0.0.0/8 dev fanbr0 proto kernel scope link src 240.13.0.1 

root@mars:~# ss -ulpn
State              Recv-Q             Send-Q                                             Local Address:Port                          Peer Address:Port             Process                                                                
UNCONN             0                  0                                                        0.0.0.0:5353                               0.0.0.0:*                 users:(("avahi-daemon",pid=1598,fd=12))                               
UNCONN             0                  0                                                        0.0.0.0:46499                              0.0.0.0:*                 users:(("avahi-daemon",pid=1598,fd=14))                               
UNCONN             0                  0                                                      10.23.4.1:53                                 0.0.0.0:*                 users:(("dnsmasq",pid=166503,fd=8))                                   
UNCONN             0                  0                                                     240.13.0.1:53                                 0.0.0.0:*                 users:(("dnsmasq",pid=166405,fd=6))                                   
UNCONN             0                  0                                                  127.0.0.53%lo:53                                 0.0.0.0:*                 users:(("systemd-resolve",pid=1542,fd=12))                            
UNCONN             0                  0                                                 0.0.0.0%lxdbr0:67                                 0.0.0.0:*                 users:(("dnsmasq",pid=166503,fd=4))                                   
UNCONN             0                  0                                                 0.0.0.0%fanbr0:67                                 0.0.0.0:*                 users:(("dnsmasq",pid=166405,fd=4))                                   
UNCONN             0                  0                                                        0.0.0.0:67                                 0.0.0.0:*                 users:(("dhcpd",pid=110532,fd=9))                                     
UNCONN             0                  0                                                        0.0.0.0:111                                0.0.0.0:*                 users:(("rpcbind",pid=1540,fd=5),("systemd",pid=1,fd=64))             
UNCONN             0                  0                                                        0.0.0.0:8472                               0.0.0.0:*                                                                                       
UNCONN             0                  0                                                        0.0.0.0:631                                0.0.0.0:*                 users:(("cups-browsed",pid=155097,fd=7))                              
UNCONN             0                  0                                                           [::]:37550                                 [::]:*                 users:(("avahi-daemon",pid=1598,fd=15))                               
UNCONN             0                  0                                                           [::]:5353                                  [::]:*                 users:(("avahi-daemon",pid=1598,fd=13))                               
UNCONN             0                  0                                       [fd42:4571:a731:d8a0::1]:53                                    [::]:*                 users:(("dnsmasq",pid=166503,fd=12))                                  
UNCONN             0                  0                              [fe80::216:3eff:fe14:e607]%lxdbr0:53                                    [::]:*                 users:(("dnsmasq",pid=166503,fd=10))                                  
UNCONN             0                  0                              [fe80::216:3eff:fe95:d84f]%fanbr0:53                                    [::]:*                 users:(("dnsmasq",pid=166405,fd=8))                                   
UNCONN             0                  0                                                           [::]:111                                   [::]:*                 users:(("rpcbind",pid=1540,fd=7),("systemd",pid=1,fd=76))             
UNCONN             0                  0                                                    [::]%lxdbr0:547                                   [::]:*                 users:(("dnsmasq",pid=166503,fd=6))                                   

config:
  backups.compression_algorithm: zstd
  core.https_address: '[::]:8443'
  core.trust_password: true
  images.auto_update_interval: "10"
  images.remote_cache_expiry: "20"
api_extensions:
- storage_zfs_remove_snapshots
- container_host_shutdown_timeout
- container_stop_priority
- container_syscall_filtering
- auth_pki
- container_last_used_at
- etag
- patch
- usb_devices
- https_allowed_credentials
- image_compression_algorithm
- directory_manipulation
- container_cpu_time
- storage_zfs_use_refquota
- storage_lvm_mount_options
- network
- profile_usedby
- container_push
- container_exec_recording
- certificate_update
- container_exec_signal_handling
- gpu_devices
- container_image_properties
- migration_progress
- id_map
- network_firewall_filtering
- network_routes
- storage
- file_delete
- file_append
- network_dhcp_expiry
- storage_lvm_vg_rename
- storage_lvm_thinpool_rename
- network_vlan
- image_create_aliases
- container_stateless_copy
- container_only_migration
- storage_zfs_clone_copy
- unix_device_rename
- storage_lvm_use_thinpool
- storage_rsync_bwlimit
- network_vxlan_interface
- storage_btrfs_mount_options
- entity_description
- image_force_refresh
- storage_lvm_lv_resizing
- id_map_base
- file_symlinks
- container_push_target
- network_vlan_physical
- storage_images_delete
- container_edit_metadata
- container_snapshot_stateful_migration
- storage_driver_ceph
- storage_ceph_user_name
- resource_limits
- storage_volatile_initial_source
- storage_ceph_force_osd_reuse
- storage_block_filesystem_btrfs
- resources
- kernel_limits
- storage_api_volume_rename
- macaroon_authentication
- network_sriov
- console
- restrict_devlxd
- migration_pre_copy
- infiniband
- maas_network
- devlxd_events
- proxy
- network_dhcp_gateway
- file_get_symlink
- network_leases
- unix_device_hotplug
- storage_api_local_volume_handling
- operation_description
- clustering
- event_lifecycle
- storage_api_remote_volume_handling
- nvidia_runtime
- container_mount_propagation
- container_backup
- devlxd_images
- container_local_cross_pool_handling
- proxy_unix
- proxy_udp
- clustering_join
- proxy_tcp_udp_multi_port_handling
- network_state
- proxy_unix_dac_properties
- container_protection_delete
- unix_priv_drop
- pprof_http
- proxy_haproxy_protocol
- network_hwaddr
- proxy_nat
- network_nat_order
- container_full
- candid_authentication
- backup_compression
- candid_config
- nvidia_runtime_config
- storage_api_volume_snapshots
- storage_unmapped
- projects
- candid_config_key
- network_vxlan_ttl
- container_incremental_copy
- usb_optional_vendorid
- snapshot_scheduling
- container_copy_project
- clustering_server_address
- clustering_image_replication
- container_protection_shift
- snapshot_expiry
- container_backup_override_pool
- snapshot_expiry_creation
- network_leases_location
- resources_cpu_socket
- resources_gpu
- resources_numa
- kernel_features
- id_map_current
- event_location
- storage_api_remote_volume_snapshots
- network_nat_address
- container_nic_routes
- rbac
- cluster_internal_copy
- seccomp_notify
- lxc_features
- container_nic_ipvlan
- network_vlan_sriov
- storage_cephfs
- container_nic_ipfilter
- resources_v2
- container_exec_user_group_cwd
- container_syscall_intercept
- container_disk_shift
- storage_shifted
- resources_infiniband
- daemon_storage
- instances
- image_types
- resources_disk_sata
- clustering_roles
- images_expiry
- resources_network_firmware
- backup_compression_algorithm
- ceph_data_pool_name
- container_syscall_intercept_mount
- compression_squashfs
- container_raw_mount
- container_nic_routed
- container_syscall_intercept_mount_fuse
- container_disk_ceph
- virtual-machines
- image_profiles
- clustering_architecture
- resources_disk_id
- storage_lvm_stripes
- vm_boot_priority
- unix_hotplug_devices
- api_filtering
- instance_nic_network
- clustering_sizing
- firewall_driver
- projects_limits
- container_syscall_intercept_hugetlbfs
- limits_hugepages
- container_nic_routed_gateway
- projects_restrictions
- custom_volume_snapshot_expiry
- volume_snapshot_scheduling
- trust_ca_certificates
- snapshot_disk_usage
- clustering_edit_roles
- container_nic_routed_host_address
- container_nic_ipvlan_gateway
- resources_usb_pci
- resources_cpu_threads_numa
- resources_cpu_core_die
- api_os
- container_nic_routed_host_table
- container_nic_ipvlan_host_table
- container_nic_ipvlan_mode
- resources_system
- images_push_relay
- network_dns_search
- container_nic_routed_limits
- instance_nic_bridged_vlan
- network_state_bond_bridge
- usedby_consistency
- custom_block_volumes
- clustering_failure_domains
- resources_gpu_mdev
- console_vga_type
- projects_limits_disk
- network_type_macvlan
- network_type_sriov
- container_syscall_intercept_bpf_devices
- network_type_ovn
- projects_networks
- projects_networks_restricted_uplinks
- custom_volume_backup
- backup_override_name
- storage_rsync_compression
- network_type_physical
- network_ovn_external_subnets
- network_ovn_nat
- network_ovn_external_routes_remove
- tpm_device_type
- storage_zfs_clone_copy_rebase
- gpu_mdev
- resources_pci_iommu
- resources_network_usb
- resources_disk_address
- network_physical_ovn_ingress_mode
- network_ovn_dhcp
- network_physical_routes_anycast
- projects_limits_instances
- network_state_vlan
- instance_nic_bridged_port_isolation
- instance_bulk_state_change
- network_gvrp
- instance_pool_move
- gpu_sriov
- pci_device_type
- storage_volume_state
- network_acl
- migration_stateful
- disk_state_quota
- storage_ceph_features
- projects_compression
- projects_images_remote_cache_expiry
- certificate_project
- network_ovn_acl
api_status: stable
api_version: "1.0"
auth: trusted
public: false
auth_methods:
- tls
environment:
  addresses:
  - 192.168.1.1:8443
  - 192.168.0.13:8443
  - 10.23.4.1:8443
  - '[fd42:4571:a731:d8a0::1]:8443'
  - 240.13.0.1:8443
  architectures:
  - x86_64
  - i686
  certificate: |
    -----BEGIN CERTIFICATE-----
    MIIB/jCCAYOgAwIBAgIQS68GocvGJapmu2YMexNWzDAKBggqhkjOPQQDAzAyMRww
    GgYDVQQKExNsaW51eGNvbnRhaW5lcnMub3JnMRIwEAYDVQQDDAlyb290QG1hcnMw
    HhcNMjAxMDI5MTExMjUxWhcNMzAxMDI3MTExMjUxWjAyMRwwGgYDVQQKExNsaW51
    eGNvbnRhaW5lcnMub3JnMRIwEAYDVQQDDAlyb290QG1hcnMwdjAQBgcqhkjOPQIB
    BgUrgQQAIgNiAAQw7/dYPzpL0k4YjaF4Zoovrme93M6hhjV7epcUs1/3EGuMeFvQ
    gD9tGdrNZOMVHTCn49OGHMufeso2uMebcv7QqCiTHuHOQJygaR/6QdYsIr+qQA6C
    7mcVmAVZllZLmsOjXjBcMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEF
    BQcDATAMBgNVHRMBAf8EAjAAMCcGA1UdEQQgMB6CBG1hcnOHBH8AAAGHEAAAAAAA
    AAAAAAAAAAAAAAEwCgYIKoZIzj0EAwMDaQAwZgIxAMfZudrvPCp1zAKTkBv1Ac/I
    i8HIOc2RMVwm2uy8nwUuWg0Tj+PPHhs0yFuihc8RuAIxAJqRabJ7F1pj3QZxXXvt
    2IfRgD6uhpoNIpiKxZT+5uWW41+2ZMt1QlopWNLagNPWpw==
    -----END CERTIFICATE-----
  certificate_fingerprint: 5a412203cf6f070f4bb9298f6947507ea96fd981c5d7540e35118f16b7390caa
  driver: lxc | qemu
  driver_version: 4.0.0 (devel) | 5.2.0
  firewall: xtables
  kernel: Linux
  kernel_architecture: x86_64
  kernel_features:
    netnsid_getifaddrs: "true"
    seccomp_listener: "true"
    seccomp_listener_continue: "true"
    shiftfs: "false"
    uevent_injection: "true"
    unpriv_fscaps: "true"
  kernel_version: 5.8.0-43-generic
  lxc_features:
    cgroup2: "true"
    devpts_fd: "true"
    mount_injection_file: "true"
    network_gateway_device_route: "true"
    network_ipvlan: "true"
    network_l2proxy: "true"
    network_phys_macvlan_mtu: "true"
    network_veth_router: "true"
    pidfd: "true"
    seccomp_allow_deny_syntax: "true"
    seccomp_notify: "true"
    seccomp_proxy_send_notify_fd: "true"
  os_name: Ubuntu
  os_version: "20.04"
  project: default
  server: lxd
  server_clustered: false
  server_name: mars.debuglog.xyz
  server_pid: 166308
  server_version: "4.11"
  storage: btrfs | dir | zfs
  storage_version: 4.15.1 | 1 | 0.8.4-1ubuntu11.1

root@mars:~# nft list ruleset
Command 'nft' not found, but can be installed with:
apt install nftables

OK cool, all seems fine.

Are you able to disable UFW and then reload LXD to see if that restores things first (so we can get a baseline solution before reintroducing UFW)?

Humm, @tomp bingo, disabling UFW and reloading lxd correct the situation, now container gets the IP address. Enabling UFW prevent dhcp packets, i suppose.

We’ve had some success in the past with:

sudo ufw allow in on fanbr0
sudo ufw route allow in on fanbr0

From:

Thanks, sorry for the inconvenience.
Regards.

@tomp can you look into why we’re not generating INPUT firewall rules on fan bridges?

Yep will do.

This should sort it:

finaly, my setup not haven’t issues again, thanks guys
jakarta,best regards