The exact same setup on Ubuntu 20.04 VPS host it all works perfectly out of the box and there are iptables rules defined with comments like /* generated for LXD network lxdbr0 */, that I suppose allow it to play nicely with the rules added by Docker.
However on Ubuntu 22.04 host it does not work out of the box and I need to add the following workaround to get it to work:
# iptables -A FORWARD -i lxdbr0 -j ACCEPT
# iptables -A FORWARD -o lxdbr0 -j ACCEPT
I guess I can add that workaround permanently, but it seems like I shouldn’t need to? My understanding is that because network lxdbr0 config ipv4.firewall is not set it will default to true and should be creating these iptables rules. Why is it for Ubuntu 20 and isn’t it for Ubuntu 22?
It’s definitely caused by Docker. I tried the command suggested in that link: iptables -I DOCKER-USER -i lxdbr0 -o eth0 -j ACCEPT and it did not work.
The two commands I listed above did work. As did uninstalling Docker (apt purge docker-ce docker-ce-cli containerd.io docker-compose-plugin) and rebooting.
Interestingly when I reinstall Docker, the lxd container networking is fine until after I reboot the host, after which it stops working.
Try adding an empty firewall rule to iptables, such as iptables -A INPUT ensuring that is present before LXD is started. Then restart your system and see if LXD then uses iptables rather than nftables.
That might be enough to get docker and LXD to play nicely.
Also noted that after installing Docker, but before the first reboot, all of the docker iptables rules are listed under iptables-legacy -L. At this stage LXD and Docker play well together. But then after reboot the docker iptables rules move to iptables -L.