@tomp Hi, what do we do now?
I think am going to open new thread, that ipv4.nat.address is not working.
What is your host OS version ? this is important since newer versions of RH family OS are not well supported with current LXD version (3.21)
Open-suse 15.1.
I am absolutely not familiar with Opensuse 15.1, but looking at this post there could be some sort of subterranean upgrade to nftables. If your system is using nftables it may be affected by the problem that default LXD rules are not applied - it’s a problem scheduled to be fixed in 3.22.
no nftables, using pure firewalld. refer to earlier post in this thread where you can see iptables logs.
That trace is quite hard to understand, especially as the actual IPs have been removed (means I cant test from here either).
However generally speaking with networking problems the trick is to break the problem down into smaller chunks.
So first I would strongly suggest taking LXD out of the equation and first focus on getting your IP alias pingable from external sources. That way when you add outbound NAT via LXD back into the equation you can know that the at least the IP alias you’re using for outbound packets will allow returns packets back to the host.
In the trace above there is a Google IP address which is strange, any ideas where that is coming from?
There appears to be several concurrent ping flows going on in your trace, so it would be helpful to narrow it down to a single ping flow (either by stopping any concurrent pings you have running on adding a tcpdump filter for just the IP alias we are interested in).
Hi, i thought you abandoned the thread, nice to know you are back 
i agree about breaking it.
i followed this tut from my server provider.
https://wiki.hetzner.de/index.php/Zusätzliche_IP-Adressen_Suse/en
the thing is each additional ip, has another gateway. and that i can not get to ping it from outside world.
i tried all tutorial online how to add alias ips, same result.
Can you try removing the IP alias and re-adding it as a /32 single host, rather than a /29 as that will result in it setting up a local route for the rest of the subnet, that may be causing problems.
Also, not sure what the eth0:lxdbr1 part is on that line, is that a friendly name?
/29 is what server provider allows for my ip.
lxdbr1 is my alias ip label.
You can use just a /32 even if they have allocated you an IP in a /29 subnet. The only thing the subnet indicates is which IPs in the same subnet your host will use for local ARP resolution rather than forwarding the packets to your default gateway. I was thinking perhaps that is the issue.
Especially as the link you provided specifies that:
IPADDR_2='188.40.40.74/32'
Ah good so that solved it. 
that was a good catch man. Thanks a lot.
last question though. is project good way of separating projects management? and is it possible for 2 lxd managed bridges communicate with each-other, because that seem not to work.