No IPv4 IP available

cemzafer · August 14, 2021, 8:24am

What about this? ipv4.firewall
Can you check whether it is true or false?

Kohlrabiherold · August 14, 2021, 12:21pm

Unfortunately I do not receive any output

$ lxc network get lxdbr0 ipv4.firewall

while I get an output for NAT

$ sudo lxc network get lxdbr0 ipv4.nat
true

cemzafer · August 14, 2021, 5:52pm

If you dont get any output that means default value is used which is True.

Kohlrabiherold · August 14, 2021, 5:58pm

So this means there is a command to add the lxc iptables rules afterwards ?

cemzafer · August 14, 2021, 6:03pm

Yep, you can test this.
lxc network set lxdbr0 ipv4.firewall False

Kohlrabiherold · August 15, 2021, 3:28pm

If I understand the command correct, the ipv4.firewall command autogenerates the iptables firewall when lxc is installed. For me the ipv4.firewall looks more like a setting.

What I would like to find is a command that forces the autogeneration of the lxc firewall rules when I execute the command for the currect iptables ruleset.

cemzafer · August 15, 2021, 3:56pm

Yes, correct.
If you set the ipv4.firewall setting to false that means you switch off the lxd firewall rule autogeneration. So if you prevent the dhcp communication with the lxd containers it doesnt get the IP address from the pool.

Kohlrabiherold · August 19, 2021, 8:54pm

Hello cemzafer,

but the iptables rule is a allow rule not a deny rule, which means when I switch off the autogeneration it will not generate the allow rule and it will therefore be denied. This would be the opposite I would like to achieve.

BR

cemzafer · August 20, 2021, 8:29am

Hi Marc,
The case is noipv4 issue, so I just mentioned that there is an option in the lxd firewall generation. In your case why dont you disable lxd iptables autogeneration and define your own iptable rules to overcome that barrier. Somehow container cant reach the host dhcp server, I suppose.
Regards.

tomp · August 20, 2021, 8:32am

When this next occurs, please can you provide output of:

sudo iptables-save
sudo nft list ruleset (if this runs)
sudo ss -ulpn

Also please can you advise if you have Docker installed on the host?

steve_missoh · August 13, 2022, 1:04pm

Hello, fixing firewall rules worked for me.
Had the same issue. dnsmasq checks were okay. Running tcpdump, I found that the host was not responding to dhcp discover queries, or something in between was preventing it to do so.
On the host:
tcpdump -i lxdbr0 port 67
I disabled the LXD firewall and added the bridge to the trusted zone of firewalld:
lxc network set lxdbr0 ipv4.firewall false
firewall-cmd --zone=trusted --change-interface=lxdbr0 --permanent
firewall-cmd --reload
After that, the lxc containers should automatically get ipv4 adresses.
Or you might need to restart them.