Lxd "routed" interface config - problem w Ubuntu 20.04 Host and WiFi

tomp · August 19, 2020, 10:24am

No its not normal, but then nor is your ruleset, you’ve got a mix of libvirt and ufw rules in there, and either one of them could have set that.

512YB · April 3, 2021, 11:31pm

Not worked for me. Container can’t be started at all with such profile:

Name: net-test-01
Location: none
Remote: unix://
Architecture: x86_64
Created: 2021/04/03 21:41 UTC
Status: Stopped
Type: container
Profiles: default, net-01-ramesses

Log:

lxc net-test-01 20210403232713.311 WARN     cgfsng - cgroups/cgfsng.c:mkdir_eexist_on_last:1129 - File exists - Failed to create directory "/sys/fs/cgroup/cpuset//lxc.monitor.net-test-01"
lxc net-test-01 20210403232713.312 WARN     cgfsng - cgroups/cgfsng.c:mkdir_eexist_on_last:1129 - File exists - Failed to create directory "/sys/fs/cgroup/cpuset//lxc.payload.net-test-01"
lxc net-test-01 20210403232713.317 ERROR    network - network.c:lxc_setup_l2proxy:2924 - File exists - Failed to add ipv4 dest "192.168.1.200" for network device "lo"
lxc net-test-01 20210403232713.317 ERROR    network - network.c:lxc_create_network_priv:3064 - File exists - Failed to setup l2proxy
lxc net-test-01 20210403232713.317 ERROR    start - start.c:lxc_spawn:1786 - Failed to create the network
lxc net-test-01 20210403232713.317 ERROR    lxccontainer - lxccontainer.c:wait_on_daemonized_start:860 - Received container state "ABORTING" instead of "RUNNING"
lxc net-test-01 20210403232713.318 ERROR    start - start.c:__lxc_start:1999 - Failed to spawn container "net-test-01"
lxc net-test-01 20210403232713.318 WARN     start - start.c:lxc_abort:1013 - No such process - Failed to send SIGKILL via pidfd 31 for process 3348791
lxc 20210403232713.795 WARN     commands - commands.c:lxc_cmd_rsp_recv:126 - Connection reset by peer - Failed to receive response for command "get_state"

Geoff_S · August 27, 2021, 5:29am

I appear to have the same setup, and same issue. Not clear to me how to change the default FORWARD chain policy from DROP (and what to change it to )??

cemzafer · August 27, 2021, 7:09am

Hi,
You can list the iptable rules with iptables -S and change the FORWARD policy rule as the following command.
iptables -P FORWARD ACCEPT
Regards.

Geoff_S · August 29, 2021, 5:25am

Thanks. I used the following which seems to have worked also.
ufw default allow routed