Very new to LXD so I hope I can describe this properly.
I’ve created bridged networks with profiles, and added storage and network devices, then created my instances so I now have endpoints that can communicate across my routed networks.
Problem is, I need to install packages with apt on the containerized instances. I’d like a simple way to add connectivity, then turn it off so that the traffic doesn’t actually get routed onto my physical hosts LAN after installing packages.
Should I do this from within the instances or is there a way to give internet access to the network (which seems better so that I don’t have to configure each and every instance)?
You can likely use LXD network ACLs for this.
With a bridge network, your only option is to apply ACLs to the network itself, but that should work just fine in this case.
Thanks for the reply. Am I missing anything on how to work ACL’s? I’ve created this ACL, then assigned it to my network, but I still can’t ping or get apt installs working. I’ve also logged out, and back in, but not sure if that’s needed.
So just to clarify, did you have connectivity working prior to adding the ACL?
By default LXD doesn’t block anything, so if things were getting blocked before, it’s most likely something else messing with your firewall. A common source of issue is having Docker installed on the host system as it has the annoying habit of altering global firewall rules.
I do have connectivity working between instances now where each instance can ping the other within a network.
I’ve not installed Docker or any other packages to these instances after they’ve been created because, well, I can’t get internet access to them yet. Though, I do want to install Docker when I can access the internet. Docker currently is installed on the host machine.
I disabled the host firewall and tried to ping to 8.8.8.8, but same results.