There are 1 debian-gateway-cli and 2 Ubuntu 22.04 lxd containers available:
debian-gateway-cli:
lxc network create debian-br0 ipv4.address=10.0.2.2/24 ipv4.nat=true ipv6.address=none
lxc network create debian-br1 ipv4.address=10.152.152.0/18 ipv4.nat=true ipv4.dhcp.gateway=10.152.152.10 ipv6.address=none
debian-br0 attached to eth0
debian-br1 attached to eth1
The debian-gateway-cli container can update the system
internet-gateway:
lxc network create debian-br1 ipv4.address=10.152.152.0/18 ipv4.nat=true ipv4.dhcp.gateway=10.152.152.10 ipv6.address=none
lxc network create inter-userbr0 ipv4.address=none ipv6.address=none
debian-br1 attached to eth0
inter-userbr0 attached to eth1
lxc exec internet-gateway – echo “nameserver 10.152.152.10” > /etc/resolv.conf
eth0 → dhcp 4
eth0 → 172.16.0.1/24 (static)
route default: via 10.152.152.10 dev eth0 dhcp 10.152.129.235
The internet-gateway container can update the system
Enabled IP forwarding:
nano /etc/sysctl.conf
Added the following line:
net.ipv4.ip_forward=1
nano /etc/default/ufw
DEFAULT_FORWARD_POLICY=“ACCEPT”
On the internet-gateway, the VLANs are on eth0 and eth1. I have added the following iptables rules:
iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
iptables-save > /etc/iptables.rules
end-user:
lxc network create inter-userbr0 ipv4.address=none ipv6.address=none
inter-userbr0 attached to eth0
eth0 → 172.16.0.10/24 (static)
route default: via 172.16.0.1 dev eth0
The end-user container can ping the internet-gateway container, but it cannot update its system, there is no internet
What did I do wrong? What did I not do?