Hello, relative newbie here. I’ve been using LXD under an Ubuntu Server host (which is itself a VirtualBox VM on a Windows 11 machine) for about a year now, but that was mostly due to issues I had with a specific VirtualBox/Fedora version pair. Those issues have since been resolved, and with LXD now being Ubuntu-centric, I’m in the process of migrating to Incus on Fedora Server 39.
I’ll briefly mention that I installed Incus from the COPR. I doubt this has much to do with my networking issue, but while following this page, I did need to run the following commands before Incus could successfully start containers:
# echo "root:1000000:1000000000" >> /etc/subuid
# echo "root:1000000:1000000000" >> /etc/subgid
That brings me to my issue, which is that my containers don’t seem to have external network access:
dboeger@localhost:~$ incus list
+-------------------+---------+------+-----------------------------------------------+-----------+-----------+
| NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS |
+-------------------+---------+------+-----------------------------------------------+-----------+-----------+
| cheerful-polliwog | RUNNING | | fd42:4aa9:2dd5:891d:216:3eff:fe9f:a7a2 (eth0) | CONTAINER | 0 |
+-------------------+---------+------+-----------------------------------------------+-----------+-----------+
dboeger@localhost:~$ incus exec cheerful-polliwog -- ping -C 3 8.8.8.8
ping: connect: Network is unreachable
I vaguely remember having a similar issue when setting up LXD a year ago. I did some searching for old topics and found what I thought was the solution back then, which is to tell LXD (now Incus) not to set firewall rules:
incus network set <network_bridge> ipv6.firewall false
incus network set <network_bridge> ipv4.firewall false
However, that didn’t seem to resolve my issue this time around. I apologize for not knowing how to do more of my own digging, as I’m not very well-versed in Linux firewall configuration. How might I go about diagnosing this issue?
Note that I am not running Docker, and at first glance, I don’t think dnsmasq is an issue:
dboeger@localhost:~$ systemctl status dnsmasq
○ dnsmasq.service - DNS caching server.
Loaded: loaded (/usr/lib/systemd/system/dnsmasq.service; disabled; preset: disabled)
Drop-In: /usr/lib/systemd/system/service.d
└─10-timeout-abort.conf
Active: inactive (dead)
dboeger@localhost:~$ journalctl -u dnsmasq.service
-- No entries --