LXC container cannot ping 8.8.8.8 or other outside ip

I run a LXC container on my ubuntu VM by UTM on my mac laptop
but I cannot ping 8.8.8.8 inside my LXC container.

I downloaded lxc via snap

note: I have search many info to fix the problems, it still not work
I can ping my LXC container on my VM and vice versa.
I can ping my LXC container’s default getway on my LXC container
I have done systemctl restart the snap service
or set ipv4 and firewall to false and true , but the problem still exits.

my container info:

lxc config show ubuntu --expanded
architecture: aarch64
config:
image.architecture: arm64
image.description: Ubuntu focal arm64 (20240118_07:42)
image.os: Ubuntu
image.release: focal
image.serial: “20240118_07:42”
image.type: squashfs
image.variant: default
volatile.base_image: 2c855bd13a6d33ff3ea6a9adcf9f6454da4314cd4629d988c98b7da91e00eb09
volatile.cloud-init.instance-id: 57f1f7c4-33fb-40cb-9bc3-9f4a75bc881c
volatile.eth0.host_name: veth84f5e9b3
volatile.eth0.hwaddr: 00:16:3e:d8:ca:72
volatile.idmap.base: “0”
volatile.idmap.current: ‘[{“Isuid”:true,“Isgid”:false,“Hostid”:1000000,“Nsid”:0,“Maprange”:1000000000},{“Isuid”:false,“Isgid”:true,“Hostid”:1000000,“Nsid”:0,“Maprange”:1000000000}]’
volatile.idmap.next: ‘[{“Isuid”:true,“Isgid”:false,“Hostid”:1000000,“Nsid”:0,“Maprange”:1000000000},{“Isuid”:false,“Isgid”:true,“Hostid”:1000000,“Nsid”:0,“Maprange”:1000000000}]’
volatile.last_state.idmap: ‘[{“Isuid”:true,“Isgid”:false,“Hostid”:1000000,“Nsid”:0,“Maprange”:1000000000},{“Isuid”:false,“Isgid”:true,“Hostid”:1000000,“Nsid”:0,“Maprange”:1000000000}]’
volatile.last_state.power: RUNNING
volatile.uuid: 0c87c07d-4693-4344-bc7d-cb5d95f1747e
volatile.uuid.generation: 0c87c07d-4693-4344-bc7d-cb5d95f1747e
devices:
eth0:
name: eth0
network: lxdbr0
type: nic
root:
path: /
pool: default
type: disk
ephemeral: false
profiles:
default
stateful: false
description: “”

lxc exec ubuntu – ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
26: eth0@if27: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:16:3e:d8:ca:72 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 10.4.135.180/24 brd 10.4.135.255 scope global dynamic eth0
valid_lft 1989sec preferred_lft 1989sec
inet6 fd42:e368:9853:dcf7:216:3eff:fed8:ca72/64 scope global mngtmpaddr noprefixroute
valid_lft forever preferred_lft forever
inet6 fe80::216:3eff:fed8:ca72/64 scope link
valid_lft forever preferred_lft forever

lxc exec ubuntu – ip r
default via 10.4.135.1 dev eth0 proto dhcp src 10.4.135.180 metric 100
10.4.135.0/24 dev eth0 proto kernel scope link src 10.4.135.180
10.4.135.1 dev eth0 proto dhcp scope link src 10.4.135.180 metric 100

my VM info:

ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether d6:ae:f7:20:02:a4 brd ff:ff:ff:ff:ff:ff
inet 192.168.64.3/24 metric 100 brd 192.168.64.255 scope global dynamic enp0s1
valid_lft 72951sec preferred_lft 72951sec
inet6 fdbd:2af3:625b:81be:d4ae:f7ff:fe20:2a4/64 scope global dynamic mngtmpaddr noprefixroute
valid_lft 2591887sec preferred_lft 604687sec
inet6 fe80::d4ae:f7ff:fe20:2a4/64 scope link
valid_lft forever preferred_lft forever
3: br-251cc27d7151: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:59:7f:0b:21 brd ff:ff:ff:ff:ff:ff
inet 172.19.0.1/16 brd 172.19.255.255 scope global br-251cc27d7151
valid_lft forever preferred_lft forever
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:23:b4:8c:aa brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
5: br-df1c5081bc7d: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:34:97:a8:d8 brd ff:ff:ff:ff:ff:ff
inet 172.18.0.1/16 brd 172.18.255.255 scope global br-df1c5081bc7d
valid_lft forever preferred_lft forever
22: lxcbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 00:16:3e:00:00:00 brd ff:ff:ff:ff:ff:ff
inet 10.0.3.1/24 brd 10.0.3.255 scope global lxcbr0
valid_lft forever preferred_lft forever
25: lxdbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:16:3e:6e:79:97 brd ff:ff:ff:ff:ff:ff
inet 10.4.135.1/24 scope global lxdbr0
valid_lft forever preferred_lft forever
inet6 fd42:e368:9853:dcf7::1/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::216:3eff:fe6e:7997/64 scope link
valid_lft forever preferred_lft forever
27: veth84f5e9b3@if26: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master lxdbr0 state UP group default qlen 1000
link/ether a2:36:90:15:0e:ee brd ff:ff:ff:ff:ff:ff link-netnsid 0

ip r
default via 192.168.64.1 dev enp0s1 proto dhcp src 192.168.64.3 metric 100
10.0.3.0/24 dev lxcbr0 proto kernel scope link src 10.0.3.1 linkdown
10.4.135.0/24 dev lxdbr0 proto kernel scope link src 10.4.135.1
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
172.18.0.0/16 dev br-df1c5081bc7d proto kernel scope link src 172.18.0.1 linkdown
172.19.0.0/16 dev br-251cc27d7151 proto kernel scope link src 172.19.0.1 linkdown
192.168.64.0/24 dev enp0s1 proto kernel scope link src 192.168.64.3 metric 100
192.168.64.1 dev enp0s1 proto dhcp scope link src 192.168.64.3 metric 100

ip route get in container:

lxc exec ubuntu – ip route get 8.8.8.8
8.8.8.8 via 10.4.135.1 dev eth0 src 10.4.135.180 uid 0
cache

listening from the VM, output:

sudo tcpdump -ni lxdbr0 icmp
[sudo] password for harris:
tcpdump: verbose output suppressed, use -v[v]… for full protocol decode
listening on lxdbr0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
23:01:50.099598 IP 10.4.135.180 > 8.8.8.8: ICMP echo request, id 188, seq 68, length 64
23:01:51.126634 IP 10.4.135.180 > 8.8.8.8: ICMP echo request, id 188, seq 69, length 64
23:01:52.147930 IP 10.4.135.180 > 8.8.8.8: ICMP echo request, id 188, seq 70, length 64
23:01:53.174693 IP 10.4.135.180 > 8.8.8.8: ICMP echo request, id 188, seq 71, length 64
23:01:54.195179 IP 10.4.135.180 > 8.8.8.8: ICMP echo request, id 188, seq 72, length 64
23:01:55.219536 IP 10.4.135.180 > 8.8.8.8: ICMP echo request, id 188, seq 73, length 64
23:01:56.242768 IP 10.4.135.180 > 8.8.8.8: ICMP echo request, id 188, seq 74, length 64
23:01:57.267456 IP 10.4.135.180 > 8.8.8.8: ICMP echo request, id 188, seq 75, length 64
23:01:58.295056 IP 10.4.135.180 > 8.8.8.8: ICMP echo request, id 188, seq 76, length 64

I’m sorry but given the recent actions from Canonical regarding LXD:

• Linux Containers - LXD - Has been moved to Canonical
• LXD now re-licensed and under a CLA | Stéphane Graber’s website
• LXD has been re-licensed and is now under a CLA

We really can’t be providing support to LXD users on this forum anymore.

You may want to consider switching to Incus instead, or if you’d like to stay on LXD, you should reach out on the Canonical forum instead.

Sorry about that!

If this were about Incus, I’d recommend looking at firewalling, especially if you have firewalld, ufw or docker installed on the host system. There’s a good section about that in our docs.