Host:
Ubuntu 20.04
LXD 4.18
Netplan:
network: version: 2 renderer: networkd ethernets: eno1: addresses: - 175.216.215.2/28 - 175.216.215.6/28 - 175.216.215.8/28 # - more/28 gateway4: 175.216.215.1 #routes: #- to: 0.0.0.0/0 # via: 175.216.215.1 nameservers: addresses: [8.8.8.8, 1.1.1.1]
Dnssmasq over 2 brctl bridges (unmanaged):
lxdbr0 10.0.4.0/22 and br3 192.168.100.0/22.
ip r default via 175.216.215.1 dev eno1 proto static 10.0.4.0/22 dev lxdbr0 proto kernel scope link src 10.0.4.1 175.216.215.0/28 dev eno1 proto kernel scope link src 175.216.215.2 192.168.100.0/22 dev br3 proto kernel scope link src 192.168.100.1
Container:
obtains IPs from two bridges dnsmasq:
±-------±--------±----------------------±-----±----------±----------+
| NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS |
±-------±--------±----------------------±-----±----------±----------+
|cont-1 | RUNNING | 192.168.100.61 (eth1) | | CONTAINER | 0 |
| | | 10.0.5.61 (eth0) | | | |
Netplan:
network: version: 2 ethernets: eth0: {dhcp4: true} eth1: {dhcp4: true}
ip r default via 192.168.100.1 dev eth1 proto dhcp src 192.168.100.61 metric 100 default via 10.0.4.1 dev eth0 proto dhcp src 10.0.5.61 metric 100 10.0.4.0/22 dev eth0 proto kernel scope link src 10.0.5.61 10.0.4.1 dev eth0 proto dhcp scope link src 10.0.5.61 metric 100 192.168.100.0/22 dev eth1 proto kernel scope link src 192.168.100.61 192.168.100.1 dev eth1 proto dhcp scope link src 192.168.100.61 metric 100
IP tables:
*mangle
:PREROUTING ACCEPT [74407341:78538397870]
:INPUT ACCEPT [7724778:565291489]
:FORWARD ACCEPT [66647413:77970838394]
:OUTPUT ACCEPT [1446594:71729263238]
:POSTROUTING ACCEPT [68094007:149700101632]
-A POSTROUTING -o br3 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
-A POSTROUTING -o lxdbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
COMMIT
*nat
:PREROUTING ACCEPT [46707:3305360]
:INPUT ACCEPT [11461:1032429]
:OUTPUT ACCEPT [232:18685]
:POSTROUTING ACCEPT [23046:1323477]
-A PREROUTING -d 175.216.215.6/32 -j DNAT --to-destination 192.168.100.61
-A PREROUTING -d 175.216.215.8/32 -j DNAT --to-destination 192.168.100.61
-A POSTROUTING -s 192.168.100.61/32 -j SNAT --to-source 185.216.215.6
-A POSTROUTING -s 192.168.100.61/32 -j SNAT --to-source 185.216.215.8
-A POSTROUTING -s 192.168.100.0/22 ! -d 192.168.100.0/22 -j MASQUERADE
-A POSTROUTING -s 10.0.4.0/22 ! -d 10.0.4.0/22 -j MASQUERADE
COMMIT
*filter
:INPUT ACCEPT [7723989:565224415]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1445815:71729120355]
-A INPUT -i br3 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i br3 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i br3 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i lxdbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i lxdbr0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i lxdbr0 -p udp -m udp --dport 67 -j ACCEPT
-A FORWARD -o br3 -j ACCEPT
-A FORWARD -i br3 -j ACCEPT
-A FORWARD -o lxdbr0 -j ACCEPT
-A FORWARD -i lxdbr0 -j ACCEPT
-A OUTPUT -o br3 -p tcp -m tcp --sport 53 -j ACCEPT
-A OUTPUT -o br3 -p udp -m udp --sport 53 -j ACCEPT
-A OUTPUT -o br3 -p udp -m udp --sport 67 -j ACCEPT
-A OUTPUT -o lxdbr0 -p tcp -m tcp --sport 53 -j ACCEPT
-A OUTPUT -o lxdbr0 -p udp -m udp --sport 53 -j ACCEPT
-A OUTPUT -o lxdbr0 -p udp -m udp --sport 67 -j ACCEPT
COMMIT
Now one IP is mapping to the container and the other ip doesn’t map.
Something is blocking the IP of being mapped to the container IP.
Old containers with same ip rules work, whenever creating a new container, public IP from outside pingable, but do not forward to container ports.