I was trying to run lxd containters in wsl2 distro(Kali linux), I will start with some steps I have taken so far: 1. Installed wsl2 Kali image from MS Store with the latest kernel. 2. Converted it to WSL2 and installed distrod from https://github.com/nullpo-head/wsl-distrod 3. Installed snapd and lxd in stable channel. (Maybe it would be worth poining that I have not done any change to my WSL network configuration) 4. Tried to run lxd init --minimal (I knew the default options an I was fine with it) but got following error message:
table inet lxd {
chain pstrt.lxdbr0 {
type nat hook postrouting priority 100; policy accept;
ip saddr 10.90.183.0/24 ip daddr != 10.90.183.0/24 masquerade
}
}
: Error: Could not process rule: No such file or directory
^^^^^^^^^^^^
Error: Could not process rule: No such file or directory
^^^^^^^^^^^^
I ended up with specifying my current anapter eth0 as default network, but it does not allow the containers I create to connect to the internet. This error seems weird, due to the fact that I did not install nftables in any form or any other firewall utility. What I tried was to create network of type bridge with ipv4 firewall disabled
/snap/lxd/23315/bin/lxc-checkconfig: 72: lxc-start: not found
LXC version
--- Namespaces ---
Namespaces: enabled
Utsname namespace: enabled
Ipc namespace: enabled
Pid namespace: enabled
User namespace: enabled
newuidmap is not installed
newgidmap is not installed
Network namespace: enabled
--- Control groups ---
Cgroups: enabled
Cgroup namespace: enabled
Cgroup v1 mount points:
/sys/fs/cgroup/cpuset
/sys/fs/cgroup/cpu
/sys/fs/cgroup/cpuacct
/sys/fs/cgroup/blkio
/sys/fs/cgroup/memory
/sys/fs/cgroup/devices
/sys/fs/cgroup/freezer
/sys/fs/cgroup/net_cls
/sys/fs/cgroup/perf_event
/sys/fs/cgroup/net_prio
/sys/fs/cgroup/hugetlb
/sys/fs/cgroup/pids
/sys/fs/cgroup/rdma
/sys/fs/cgroup/systemd
Cgroup v2 mount points:
/sys/fs/cgroup/unified
Cgroup v1 clone_children flag: enabled
Cgroup device: enabled
Cgroup sched: enabled
Cgroup cpu account: enabled
Cgroup memory controller: enabled
Cgroup cpuset: enabled
--- Misc ---
Veth pair device: enabled, not loaded
Macvlan: enabled, not loaded
Vlan: enabled, not loaded
Bridges: enabled, not loaded
Advanced netfilter: enabled, not loaded
CONFIG_IP_NF_TARGET_MASQUERADE: enabled, not loaded
CONFIG_IP6_NF_TARGET_MASQUERADE: enabled, not loaded
CONFIG_NETFILTER_XT_TARGET_CHECKSUM: enabled, not loaded
CONFIG_NETFILTER_XT_MATCH_COMMENT: enabled, not loaded
FUSE (for use with lxcfs): enabled, not loaded
--- Checkpoint/Restore ---
checkpoint restore: enabled
CONFIG_FHANDLE: enabled
CONFIG_EVENTFD: enabled
CONFIG_EPOLL: enabled
CONFIG_UNIX_DIAG: enabled
CONFIG_INET_DIAG: enabled
CONFIG_PACKET_DIAG: enabled
CONFIG_NETLINK_DIAG: enabled
File capabilities:
Note : Before booting a new kernel, you can check its configuration
usage : CONFIG=/path/to/config /snap/lxd/23315/bin/lxc-checkconfig```
Is there any other way to check it?
Try running sudo nft flush ruleset then adding a single iptables rule using iptables -A INPUT and then reload LXD using sudo systemctl reload snap.lxd.daemon and then re-run that command and see what the firewall driver is.
In the menatime I came up with a simplier solution(update-alternatives). This could point the system to use iptables legacy independent on the packages that are present