I’ve checked that ipv4.nat.address is working OK locally on LXD 3.21, here is my test plan:
Check current IP addresses of my ‘external’ interface (in this case the wifi adapter on my laptop):
ip -4 a show dev wlp2s0
3: wlp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
inet 192.168.1.128/24 brd 192.168.1.255 scope global dynamic noprefixroute wlp2s0
valid_lft 85678sec preferred_lft 85678sec
Confirm default lxd network settings:
lxc network show lxdbr0
config:
ipv4.address: 10.96.212.1/24
ipv4.nat: "true"
ipv6.address: fd42:465d:fb7e:2ebd::1/64
ipv6.nat: "true"
Add IP alias to external interface:
ip a add 192.168.1.99/32 dev wlp2s0
Confirm added:
ip -4 a show dev wlp2s0
3: wlp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
inet 192.168.1.128/24 brd 192.168.1.255 scope global dynamic noprefixroute wlp2s0
valid_lft 85678sec preferred_lft 85678sec
inet 192.168.1.99/32 scope global wlp2s0
valid_lft forever preferred_lft forever
Check pingable from another host in same network segment:
home-lxc01:~# ping 192.168.1.99
PING 192.168.1.99 (192.168.1.99): 56 data bytes
64 bytes from 192.168.1.99: seq=0 ttl=64 time=3.003 ms
64 bytes from 192.168.1.99: seq=1 ttl=64 time=26.586 ms
64 bytes from 192.168.1.99: seq=2 ttl=64 time=50.038 ms
64 bytes from 192.168.1.99: seq=3 ttl=64 time=75.565 ms
^C
--- 192.168.1.99 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 3.003/38.798/75.565 ms
Change outbound NAT address for lxdbr0:
lxc network set lxdbr0 ipv4.nat.address 192.168.1.99
Check iptables rules added:
iptables -L -v -n -t nat
Chain PREROUTING (policy ACCEPT 16 packets, 3297 bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 14 packets, 3177 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 120 packets, 11119 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 109 packets, 9462 bytes)
pkts bytes target prot opt in out source destination
13 1777 SNAT all -- * * 10.96.212.0/24 !10.96.212.0/24 /* generated for LXD network lxdbr0 */ to:192.168.1.99
Setup tcpdump on external interface to check outbound packets from 192.168.1.99:
tcpdump -i wlp2s0 icmp and host 192.168.1.99 -nn
Launch new container:
lxc launch ubuntu:18.04 c1
Start an outbound ping inside c1 to 8.8.8.8 and observe tcpdump output:
lxc exec c1 -- ping 8.8.8.8 -c 5
09:37:42.213155 IP 192.168.1.99 > 8.8.8.8: ICMP echo request, id 325, seq 1, length 64
09:37:42.223199 IP 8.8.8.8 > 192.168.1.99: ICMP echo reply, id 325, seq 1, length 64
09:37:43.214394 IP 192.168.1.99 > 8.8.8.8: ICMP echo request, id 325, seq 2, length 64
09:37:43.223718 IP 8.8.8.8 > 192.168.1.99: ICMP echo reply, id 325, seq 2, length 64
09:37:44.215959 IP 192.168.1.99 > 8.8.8.8: ICMP echo request, id 325, seq 3, length 64
09:37:44.228288 IP 8.8.8.8 > 192.168.1.99: ICMP echo reply, id 325, seq 3, length 64
09:37:45.217489 IP 192.168.1.99 > 8.8.8.8: ICMP echo request, id 325, seq 4, length 64
09:37:45.229827 IP 8.8.8.8 > 192.168.1.99: ICMP echo reply, id 325, seq 4, length 64
09:37:46.219040 IP 192.168.1.99 > 8.8.8.8: ICMP echo request, id 325, seq 5, length 64
09:37:46.229046 IP 8.8.8.8 > 192.168.1.99: ICMP echo reply, id 325, seq 5, length 64
So seems to be working OK in a fresh empty environment at least.