$ systemctl restart lxd
$ sudo iptables-save
Generated by iptables-save v1.8.8 (nf_tables) on Thu Jan 5 10:26:29 2023
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
Completed on Thu Jan 5 10:26:29 2023
Generated by iptables-save v1.8.8 (nf_tables) on Thu Jan 5 10:26:29 2023
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
Completed on Thu Jan 5 10:26:29 2023
HOST MACHINE
$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:5c:29:73:c3 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
6: wwan0: <POINTOPOINT,NOARP> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/none
7: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 58:ce:2a:fc:33:34 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.24/24 brd 192.168.100.255 scope global dynamic noprefixroute wlan0
valid_lft 86259sec preferred_lft 86259sec
inet6 fe80::e5ce:a2df:d3b3:c42b/64 scope link noprefixroute
valid_lft forever preferred_lft forever
14: lxdbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:16:3e:61:9a:b9 brd ff:ff:ff:ff:ff:ff
inet 10.27.28.1/24 scope global lxdbr0
valid_lft forever preferred_lft forever
16: veth0138a2f0@if15: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master lxdbr0 state UP group default qlen 1000
link/ether 0a:e0:8e:80:02:00 brd ff:ff:ff:ff:ff:ff link-netnsid 0
18: vethef55b590@if17: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master lxdbr0 state UP group default qlen 1000
link/ether 9a:d4:a5:24:0c:15 brd ff:ff:ff:ff:ff:ff link-netnsid 1
20: vethd65b5bfe@if19: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master lxdbr0 state UP group default qlen 1000
link/ether ba:16:ae:90:33:b6 brd ff:ff:ff:ff:ff:ff link-netnsid 2
22: veth416b2c6b@if21: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master lxdbr0 state UP group default qlen 1000
link/ether c6:2f:8c:91:2f:0f brd ff:ff:ff:ff:ff:ff link-netnsid 3
$ ip r
default via 192.168.100.1 dev wlan0 proto dhcp src 192.168.100.24 metric 600
10.27.28.0/24 dev lxdbr0 proto kernel scope link src 10.27.28.1
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
192.168.100.0/24 dev wlan0 proto kernel scope link src 192.168.100.24 metric 600
CONTAINER
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
19: eth0@if20: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:16:3e:84:ed:27 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 10.27.28.25/24 brd 10.27.28.255 scope global dynamic eth0
valid_lft 3442sec preferred_lft 3442sec
inet6 fe80::216:3eff:fe84:ed27/64 scope link
valid_lft forever preferred_lft forever
default via 10.27.28.1 dev eth0 proto dhcp src 10.27.28.25 metric 100
10.27.28.0/24 dev eth0 proto kernel scope link src 10.27.28.25
10.27.28.1 dev eth0 proto dhcp scope link src 10.27.28.25 metric 100
Doing tcpdump while trying to run apt update
sudo tcpdump -i lxdbr0 -nn
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on lxdbr0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
10:29:19.046206 IP 10.27.28.154.56618 > 185.125.188.59.443: Flags [S], seq 2776693986, win 64240, options [mss 1460,sackOK,TS val 3070580524 ecr 0,nop,wscale 7], length 0
10:29:20.112941 IP 10.27.28.154.40512 > 185.125.188.54.443: Flags [S], seq 3042624339, win 64240, options [mss 1460,sackOK,TS val 961428877 ecr 0,nop,wscale 7], length 0
10:29:20.326288 IP 10.27.28.25.43738 > 185.125.188.59.443: Flags [S], seq 3163562916, win 64240, options [mss 1460,sackOK,TS val 1076167079 ecr 0,nop,wscale 7], length 0
10:29:20.539558 IP 10.27.28.60.49874 > 185.125.188.58.443: Flags [S], seq 520329376, win 64240, options [mss 1460,sackOK,TS val 696014621 ecr 0,nop,wscale 7], length 0
10:29:21.179462 ARP, Request who-has 10.27.28.154 tell 10.27.28.1, length 28
10:29:21.179542 ARP, Reply 10.27.28.154 is-at 00:16:3e:63:00:b6, length 28
10:29:21.197505 IP 10.27.28.25.35982 > 10.27.28.1.53: 33360+ [1au] A? learning-man.lxd. (45)
10:29:21.197577 IP 10.27.28.25.50648 > 10.27.28.1.53: 46413+ [1au] AAAA? learning-man.lxd. (45)
10:29:21.197676 IP 10.27.28.1.53 > 10.27.28.25.35982: 33360* 1/0/1 A 10.27.28.25 (61)
10:29:21.197709 IP 10.27.28.1.53 > 10.27.28.25.50648: 46413 0/0/1 (45)
10:29:21.819551 IP 10.27.28.25.59068 > 185.125.188.58.443: Flags [S], seq 787803648, win 64240, options [mss 1460,sackOK,TS val 3134939501 ecr 0,nop,wscale 7], length 0
10:29:21.819580 IP 10.27.28.60.52388 > 185.125.188.55.443: Flags [S], seq 1955269719, win 64240, options [mss 1460,sackOK,TS val 2999382422 ecr 0,nop,wscale 7], length 0
10:29:22.246183 ARP, Request who-has 10.27.28.25 tell 10.27.28.1, length 28
10:29:22.246312 ARP, Reply 10.27.28.25 is-at 00:16:3e:84:ed:27, length 28
10:29:22.459375 ARP, Request who-has 10.27.28.60 tell 10.27.28.1, length 28
10:29:22.459510 ARP, Reply 10.27.28.60 is-at 00:16:3e:7d:3a:6b, length 28
10:29:22.459471 ARP, Request who-has 10.27.28.1 tell 10.27.28.60, length 28
10:29:22.459649 ARP, Reply 10.27.28.1 is-at 00:16:3e:61:9a:b9, length 28
10:29:22.467058 IP 10.27.28.25.37370 > 10.27.28.1.53: 33230+ [1au] A? learning-man.lxd. (45)
10:29:22.467122 IP 10.27.28.25.52276 > 10.27.28.1.53: 59317+ [1au] AAAA? learning-man.lxd. (45)
10:29:22.467159 IP 10.27.28.1.53 > 10.27.28.25.37370: 33230* 1/0/1 A 10.27.28.25 (61)
10:29:22.467189 IP 10.27.28.1.53 > 10.27.28.25.52276: 59317 0/0/1 (45)
10:29:22.521852 IP 10.27.28.25.59468 > 10.27.28.1.53: 34593+ [1au] SRV? _http._tcp.security.ubuntu.com. (59)
10:29:22.521961 IP 10.27.28.25.48329 > 10.27.28.1.53: 4552+ [1au] SRV? _http._tcp.archive.ubuntu.com. (58)
10:29:22.540732 IP 10.27.28.1.53 > 10.27.28.25.59468: 34593 NXDomain 0/1/1 (120)
10:29:22.540769 IP 10.27.28.1.53 > 10.27.28.25.48329: 4552 0/1/1 (119)
10:29:22.540908 IP 10.27.28.25.59468 > 10.27.28.1.53: 34593+ SRV? _http._tcp.security.ubuntu.com. (48)
10:29:22.540997 IP 10.27.28.1.53 > 10.27.28.25.59468: 34593 NXDomain 0/0/0 (48)
10:29:22.541620 IP 10.27.28.25.50874 > 10.27.28.1.53: 45165+ [1au] A? security.ubuntu.com. (48)
10:29:22.541690 IP 10.27.28.25.56282 > 10.27.28.1.53: 2883+ [1au] A? archive.ubuntu.com. (47)
10:29:22.541747 IP 10.27.28.25.43246 > 10.27.28.1.53: 24172+ [1au] AAAA? security.ubuntu.com. (48)
10:29:22.541797 IP 10.27.28.25.43484 > 10.27.28.1.53: 48358+ [1au] AAAA? archive.ubuntu.com. (47)
10:29:22.561811 IP 10.27.28.1.53 > 10.27.28.25.50874: 45165 4/0/1 A 91.189.91.39, A 185.125.190.39, A 185.125.190.36, A 91.189.91.38 (112)
10:29:22.564986 IP 10.27.28.1.53 > 10.27.28.25.56282: 2883 4/0/1 A 91.189.91.39, A 91.189.91.38, A 185.125.190.36, A 185.125.190.39 (111)
10:29:22.569744 IP 10.27.28.1.53 > 10.27.28.25.43484: 48358 4/0/1 AAAA 2620:2d:4000:1::19, AAAA 2620:2d:4000:1::16, AAAA 2001:67c:1562::15, AAAA 2001:67c:1562::18 (159)
10:29:22.570856 IP 10.27.28.25.45842 > 91.189.91.39.80: Flags [S], seq 3515504760, win 64240, options [mss 1460,sackOK,TS val 3894386980 ecr 0,nop,wscale 7], length 0
10:29:22.592712 IP 10.27.28.1.53 > 10.27.28.25.43246: 24172 4/0/1 AAAA 2620:2d:4000:1::19, AAAA 2620:2d:4000:1::16, AAAA 2001:67c:1562::18, AAAA 2001:67c:1562::15 (160)
10:29:22.594063 IP 10.27.28.25.45846 > 91.189.91.39.80: Flags [S], seq 3392921426, win 64240, options [mss 1460,sackOK,TS val 3894387003 ecr 0,nop,wscale 7], length 0
10:29:22.821764 IP 10.27.28.25.43680 > 91.189.91.38.80: Flags [S], seq 2611796340, win 64240, options [mss 1460,sackOK,TS val 3718178721 ecr 0,nop,wscale 7], length 0
10:29:22.844929 IP 10.27.28.25.36230 > 185.125.190.39.80: Flags [S], seq 3596833942, win 64240, options [mss 1460,sackOK,TS val 3056187222 ecr 0,nop,wscale 7], length 0
10:29:23.072729 IP 10.27.28.25.36342 > 185.125.190.36.80: Flags [S], seq 2770239124, win 64240, options [mss 1460,sackOK,TS val 191908704 ecr 0,nop,wscale 7], length 0
10:29:23.095862 IP 10.27.28.25.36352 > 185.125.190.36.80: Flags [S], seq 2457288259, win 64240, options [mss 1460,sackOK,TS val 191908727 ecr 0,nop,wscale 7], length 0
10:29:23.099542 IP 10.27.28.154.56618 > 185.125.188.59.443: Flags [S], seq 2776693986, win 64240, options [mss 1460,sackOK,TS val 3070584578 ecr 0,nop,wscale 7], length 0
10:29:23.215782 IP6 fe80::216:3eff:fe84:ed27 > ff02::2: ICMP6, router solicitation, length 16
10:29:23.323580 IP 10.27.28.25.36232 > 185.125.190.39.80: Flags [S], seq 1564624620, win 64240, options [mss 1460,sackOK,TS val 3056187701 ecr 0,nop,wscale 7], length 0
10:29:23.346424 IP 10.27.28.25.43694 > 91.189.91.38.80: Flags [S], seq 4183826752, win 64240, options [mss 1460,sackOK,TS val 3718179246 ecr 0,nop,wscale 7], length 0
10:29:23.579559 IP 10.27.28.25.45842 > 91.189.91.39.80: Flags [S], seq 3515504760, win 64240, options [mss 1460,sackOK,TS val 3894387989 ecr 0,nop,wscale 7], length 0
10:29:23.606241 IP 10.27.28.25.45846 > 91.189.91.39.80: Flags [S], seq 3392921426, win 64240, options [mss 1460,sackOK,TS val 3894388015 ecr 0,nop,wscale 7], length 0
10:29:23.846212 IP 10.27.28.25.36230 > 185.125.190.39.80: Flags [S], seq 3596833942, win 64240, options [mss 1460,sackOK,TS val 3056188223 ecr 0,nop,wscale 7], length 0
10:29:23.846228 IP 10.27.28.25.43680 > 91.189.91.38.80: Flags [S], seq 2611796340, win 64240, options [mss 1460,sackOK,TS val 3718179745 ecr 0,nop,wscale 7], length 0
10:29:24.086276 IP 10.27.28.25.36342 > 185.125.190.36.80: Flags [S], seq 2770239124, win 64240, options [mss 1460,sackOK,TS val 191909717 ecr 0,nop,wscale 7], length 0
10:29:24.112949 IP 10.27.28.25.36352 > 185.125.190.36.80: Flags [S], seq 2457288259, win 64240, options [mss 1460,sackOK,TS val 191909744 ecr 0,nop,wscale 7], length 0
10:29:24.326249 IP 10.27.28.25.36232 > 185.125.190.39.80: Flags [S], seq 1564624620, win 64240, options [mss 1460,sackOK,TS val 3056188703 ecr 0,nop,wscale 7], length 0
10:29:24.352868 IP 10.27.28.25.43694 > 91.189.91.38.80: Flags [S], seq 4183826752, win 64240, options [mss 1460,sackOK,TS val 3718180252 ecr 0,nop,wscale 7], length 0
10:29:24.379513 IP 10.27.28.25.43738 > 185.125.188.59.443: Flags [S], seq 3163562916, win 64240, options [mss 1460,sackOK,TS val 1076171133 ecr 0,nop,wscale 7], length 0
10:29:24.592938 IP 10.27.28.60.49874 > 185.125.188.58.443: Flags [S], seq 520329376, win 64240, options [mss 1460,sackOK,TS val 696018674 ecr 0,nop,wscale 7], length 0
10:29:25.659557 IP 10.27.28.25.45842 > 91.189.91.39.80: Flags [S], seq 3515504760, win 64240, options [mss 1460,sackOK,TS val 3894390069 ecr 0,nop,wscale 7], length 0
10:29:25.659565 IP 10.27.28.25.45846 > 91.189.91.39.80: Flags [S], seq 3392921426, win 64240, options [mss 1460,sackOK,TS val 3894390069 ecr 0,nop,wscale 7], length 0
10:29:25.872895 IP 10.27.28.25.43680 > 91.189.91.38.80: Flags [S], seq 2611796340, win 64240, options [mss 1460,sackOK,TS val 3718181772 ecr 0,nop,wscale 7], length 0
10:29:25.872896 IP 10.27.28.25.36230 > 185.125.190.39.80: Flags [S], seq 3596833942, win 64240, options [mss 1460,sackOK,TS val 3056190250 ecr 0,nop,wscale 7], length 0
10:29:26.299599 IP 10.27.28.25.36342 > 185.125.190.36.80: Flags [S], seq 2770239124, win 64240, options [mss 1460,sackOK,TS val 191911931 ecr 0,nop,wscale 7], length 0
10:29:26.299610 IP 10.27.28.25.36352 > 185.125.190.36.80: Flags [S], seq 2457288259, win 64240, options [mss 1460,sackOK,TS val 191911931 ecr 0,nop,wscale 7], length 0
10:29:26.512883 IP 10.27.28.25.36232 > 185.125.190.39.80: Flags [S], seq 1564624620, win 64240, options [mss 1460,sackOK,TS val 3056190890 ecr 0,nop,wscale 7], length 0
10:29:26.512905 IP 10.27.28.25.43694 > 91.189.91.38.80: Flags [S], seq 4183826752, win 64240, options [mss 1460,sackOK,TS val 3718182412 ecr 0,nop,wscale 7], length 0
10:29:27.311498 IP6 fe80::216:3eff:fe63:b6 > ff02::2: ICMP6, router solicitation, length 16
10:29:28.219507 ARP, Request who-has 10.27.28.1 tell 10.27.28.154, length 28
10:29:28.219584 ARP, Reply 10.27.28.1 is-at 00:16:3e:61:9a:b9, length 28
10:29:29.712875 IP 10.27.28.25.45842 > 91.189.91.39.80: Flags [S], seq 3515504760, win 64240, options [mss 1460,sackOK,TS val 3894394122 ecr 0,nop,wscale 7], length 0
10:29:29.712891 IP 10.27.28.25.45846 > 91.189.91.39.80: Flags [S], seq 3392921426, win 64240, options [mss 1460,sackOK,TS val 3894394122 ecr 0,nop,wscale 7], length 0
10:29:29.926217 IP 10.27.28.25.36230 > 185.125.190.39.80: Flags [S], seq 3596833942, win 64240, options [mss 1460,sackOK,TS val 3056194303 ecr 0,nop,wscale 7], length 0
10:29:29.926217 IP 10.27.28.25.43680 > 91.189.91.38.80: Flags [S], seq 2611796340, win 64240, options [mss 1460,sackOK,TS val 3718185825 ecr 0,nop,wscale 7], length 0
10:29:30.352877 IP 10.27.28.154.54038 > 185.125.188.54.443: Flags [S], seq 700742991, win 64240, options [mss 1460,sackOK,TS val 961439117 ecr 0,nop,wscale 7], length 0
10:29:30.352878 IP 10.27.28.25.36342 > 185.125.190.36.80: Flags [S], seq 2770239124, win 64240, options [mss 1460,sackOK,TS val 191915984 ecr 0,nop,wscale 7], length 0
10:29:30.352902 IP 10.27.28.25.36352 > 185.125.190.36.80: Flags [S], seq 2457288259, win 64240, options [mss 1460,sackOK,TS val 191915984 ecr 0,nop,wscale 7], length 0
10:29:30.566219 IP 10.27.28.25.36232 > 185.125.190.39.80: Flags [S], seq 1564624620, win 64240, options [mss 1460,sackOK,TS val 3056194943 ecr 0,nop,wscale 7], length 0
10:29:30.566278 IP 10.27.28.25.43694 > 91.189.91.38.80: Flags [S], seq 4183826752, win 64240, options [mss 1460,sackOK,TS val 3718186465 ecr 0,nop,wscale 7], length 0
10:29:31.206222 IP 10.27.28.154.56618 > 185.125.188.59.443: Flags [S], seq 2776693986, win 64240, options [mss 1460,sackOK,TS val 3070592684 ecr 0,nop,wscale 7], length 0
10:29:32.059499 IP 10.27.28.60.58214 > 185.125.188.55.443: Flags [S], seq 3108191411, win 64240, options [mss 1460,sackOK,TS val 2999392662 ecr 0,nop,wscale 7], length 0
10:29:32.062852 IP 10.27.28.25.33612 > 185.125.188.58.443: Flags [S], seq 152400071, win 64240, options [mss 1460,sackOK,TS val 3134949744 ecr 0,nop,wscale 7], length 0
10:29:32.486226 IP 10.27.28.25.43738 > 185.125.188.59.443: Flags [S], seq 3163562916, win 64240, options [mss 1460,sackOK,TS val 1076179239 ecr 0,nop,wscale 7], length 0
10:29:32.699531 IP 10.27.28.60.49874 > 185.125.188.58.443: Flags [S], seq 520329376, win 64240, options [mss 1460,sackOK,TS val 696026781 ecr 0,nop,wscale 7], length 0
^C
81 packets captured
81 packets received by filter
0 packets dropped by kernel
not sure whats ext_if
➜ sudo tcpdump -i -nn
by tab I can see this
docker0 lo lxdbr0 veth0138a2f0@if15 veth416b2c6b@if21 vethd65b5bfe@if19 vethef55b590@if17 wlan0