Proxy device seemingly not forwarding traffic

Hi all,

I’m having an issue seeing traffic from a proxy device in the container.

To create the proxy device, I’m running the following command

lxc config device add mySqlServer port3306 proxy listen=tcp: connect=tcp:

If I try to connect to port 33306 on the host machine, the following happens:

  • I see the network traffic in tcpdump on the host
  • I can see “Accepted a new connection” in /var/log/lxd/mySqlServer/proxy.port3306.log

What doesn’t happen is anything in the container. When running tcpdump, I see no network traffic, and I can’t connect to mysql (yes it is running and listening on 3306). netstat -tunap on the host shows 33306 listening and on the container shows 3306 listening.

I’m running on Ubuntu 18.04, and lxc version gives

Client version: 3.0.2
Server version: 3.0.2

Any suggestions would be greatly appreciated!



I tried this myself and it worked fine for me. I used LXD 3.8 though.

Can you verify that you got the correct values for the part connect=tcp: Both the loopback and port? If either is wrong, you get the error

ERROR 2013 (HY000): Lost connection to MySQL server at 'reading initial communication packet', system error: 2

Both telnet and mysql can be used to test the connection.

In the container you would run sudo tcpdump -i lo port 3306. You will not see any traffic in realtime due to buffering. You need to Ctrl+C to view the connection attempts.

You also have the alternative of sharing the Unix socket to the host.

Hey, thanks for getting back to me!

I’m going to try the first tcpdump test you suggested.

Also, when you say share the unix socket, can you expand on that?

Hmmm, well it seems that the traffic is going through to MySQL, but for some reason it’s denying the connection, and the problem seems to be MySQL itself, rather than LXC/D.

Also, one thing I found was if you include -l in the tcpdump command, it’ll output without buffering. For testing I was using the following:
tcpdump -l -A -nni lo port 3306

-A will show the packet in ASCII so you can see the packet contents/strings going back and forth.

So, @simos, thanks very much for the help, I do apprecaite it!