I am running LXD on a Tumbleweed 32bit x86 VirtualBox host. When launching containers I get an IPv4 address using default bridge for Debian, Alpine containers. If I launch a Tumbleweed container I am not getting an IPv4 address, only IPv6. When executing ss -lntu inside Tumbleweed container I cannot see port 68 (dhcp client) as listening. The problem exist on a Tumbleweed 32bit physical host as well, but it is not an issue on aarch64 (Raspberry Pi 4). Thank you.
You should check whether there are any firewalls running on the host preventing DHCP requests arriving and whether there is a LXD dnsmasq process listening on the host.
Thank you Tom.
I’ve disabled the firewall on the host, that was the first thing I did. Still no luck. Alpine works, Tumbleweed doesn’t.
`
localhost:~ # uname -a
Linux localhost 5.15.2-1-pae #1 SMP Sat Nov 13 14:10:12 UTC 2021 (26a203b) i686 i686 i386 GNU/Linux localhost:~ # lxd --version
4.20
localhost:~ # systemctl status firewalld.service
○ firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: disabled)
Active: inactive (dead)
lines 1-3…skipping…
○ firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: disabled)
Active: inactive (dead)
Docs: man:firewalld(1)
localhost:~ # ss -lntu
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
udp UNCONN 0 0 10.1.215.1:53 0.0.0.0:*
udp UNCONN 0 0 0.0.0.0%lxdbr0:67 0.0.0.0:*
udp UNCONN 0 0 0.0.0.0%enp0s3:68 0.0.0.0:*
udp UNCONN 0 0 127.0.0.1:323 0.0.0.0:*
udp UNCONN 0 0 [::]%lxdbr0:547 [::]:*
udp UNCONN 0 0 [fd42:5a2e:7ad2:a813::1]:53 [::]:*
udp UNCONN 0 0 [::1]:323 [::]:*
tcp LISTEN 0 32 10.1.215.1:53 0.0.0.0:*
tcp LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
tcp LISTEN 0 100 127.0.0.1:25 0.0.0.0:*
tcp LISTEN 0 32 [fd42:5a2e:7ad2:a813::1]:53 [::]:*
tcp LISTEN 0 128 [::]:22 [::]:*
tcp LISTEN 0 100 [::1]:25 [::]:*
localhost:~ # lxc launch images:alpine/3.14 alpine
Creating alpine Starting alpine localhost:~ # lxc info alpine
Name: alpine Status: RUNNING
Type: container Architecture: i686
PID: 2239 Created: 2021/11/23 20:39 GMT
Last Used: 2021/11/23 20:39 GMT
Resources: Processes: 5
CPU usage: CPU usage (in seconds): 2
Memory usage: Memory (current): 944.00KiB
Network usage: eth0:
Type: broadcast State: UP
Host interface: veth85349c0b MAC address: 00:16:3e:78:b4:d1
MTU: 1500 Bytes received: 2.29kB
Bytes sent: 1.51kB Packets received: 13
Packets sent: 12 IP addresses:
inet: 10.1.215.129/24 (global)
inet6: fd42:5a2e:7ad2:a813:216:3eff:fe78:b4d1/64 (global)
inet6: fe80::216:3eff:fe78:b4d1/64 (link)
lo:
Type: loopback
State: UP
MTU: 65536
Bytes received: 0B
Bytes sent: 0B
Packets received: 0
Packets sent: 0
IP addresses:
inet: 127.0.0.1/8 (local)
inet6: ::1/128 (local)
localhost:~ # lxc launch images:opensuse/tumbleweed tumbleweed Creating tumbleweed
Starting tumbleweed
localhost:~ # lxc info tumbleweed
Name: tumbleweed
Status: RUNNING
Type: container
Architecture: i686
PID: 2690
Created: 2021/11/23 20:42 GMT
Last Used: 2021/11/23 20:42 GMT
Resources:
Processes: 7
CPU usage:
CPU usage (in seconds): 5 Memory usage: Memory (current): 18.86MiB
Network usage: eth0: Type: broadcast
State: UP Host interface: vethf8717ef4 MAC address: 00:16:3e:39:a1:f6
MTU: 1500 Bytes received: 228B Bytes sent: 1.13kB
Packets received: 2 Packets sent: 13 IP addresses:
inet6: fd42:5a2e:7ad2:a813:216:3eff:fe39:a1f6/64 (global)
inet6: fe80::216:3eff:fe39:a1f6/64 (link)
lo:
Type: loopback
State: UP
MTU: 65536
Bytes received: 0B
Bytes sent: 0B
Packets received: 0
Packets sent: 0
IP addresses:
inet: 127.0.0.1/8 (local)
inet6: ::1/128 (local)
Please show ip a and ip r from the host and container.
Please also show the output of lxc info | grep firewall: and the output of sudo iptables-save and sudo nft list ruleset.
Hi @tomp. Please see below, as requested. Nothing was returned when executed ip r from container. Thanks again.
localhost:~ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 08:00:27:6a:f8:f9 brd ff:ff:ff:ff:ff:ff
inet 10.0.2.15/24 brd 10.0.2.255 scope global enp0s3
valid_lft forever preferred_lft forever
inet6 fe80::a00:27ff:fe6a:f8f9/64 scope link
valid_lft forever preferred_lft forever
3: lxdbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:16:3e:17:b7:b9 brd ff:ff:ff:ff:ff:ff
inet 10.1.215.1/24 scope global lxdbr0
valid_lft forever preferred_lft forever
inet6 fd42:5a2e:7ad2:a813::1/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::216:3eff:fe17:b7b9/64 scope link
valid_lft forever preferred_lft forever
5: veth913ea59e@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master lxdbr0 state UP group default qlen 1000
link/ether 92:a6:ca:4a:f4:2a brd ff:ff:ff:ff:ff:ff link-netnsid 0
7: veth861f6c11@if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master lxdbr0 state UP group default qlen 1000
link/ether e6:9c:e0:b1:c8:0d brd ff:ff:ff:ff:ff:ff link-netnsid 1
localhost:~ # ip r
default via 10.0.2.2 dev enp0s3 proto dhcp
10.0.2.0/24 dev enp0s3 proto kernel scope link src 10.0.2.15
10.1.215.0/24 dev lxdbr0 proto kernel scope link src 10.1.215.1
tumbleweed:~ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
6: eth0@if7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:16:3e:39:a1:f6 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fd42:5a2e:7ad2:a813:216:3eff:fe39:a1f6/64 scope global dynamic mngtmpaddr
valid_lft forever preferred_lft forever
inet6 fe80::216:3eff:fe39:a1f6/64 scope link
valid_lft forever preferred_lft forever
tumbleweed:~ # ip r
tumbleweed:~ #
localhost:~ # lxc info | grep firewall:
firewall: nftables
localhost:~ # iptables-save
localhost:~ # nft list ruleset
table inet lxd {
chain pstrt.lxdbr0 {
type nat hook postrouting priority srcnat; policy accept;
ip saddr 10.1.215.0/24 ip daddr != 10.1.215.0/24 masquerade
ip6 saddr fd42:5a2e:7ad2:a813::/64 ip6 daddr != fd42:5a2e:7ad2:a813::/64 masquerade
}
chain fwd.lxdbr0 {
type filter hook forward priority filter; policy accept;
ip version 4 oifname "lxdbr0" accept
ip version 4 iifname "lxdbr0" accept
ip6 version 6 oifname "lxdbr0" accept
ip6 version 6 iifname "lxdbr0" accept
}
chain in.lxdbr0 {
type filter hook input priority filter; policy accept;
iifname "lxdbr0" tcp dport 53 accept
iifname "lxdbr0" udp dport 53 accept
iifname "lxdbr0" icmp type { destination-unreachable, time-exceeded, parameter-problem } accept
iifname "lxdbr0" udp dport 67 accept
iifname "lxdbr0" icmpv6 type { destination-unreachable, packet-too-big, time-exceeded, parameter-problem, nd-router-solicit, nd-neighbor-solicit, nd-neighbor-advert, mld2-listener-report } accept
iifname "lxdbr0" udp dport 547 accept
}
chain out.lxdbr0 {
type filter hook output priority filter; policy accept;
oifname "lxdbr0" tcp sport 53 accept
oifname "lxdbr0" udp sport 53 accept
oifname "lxdbr0" icmp type { destination-unreachable, time-exceeded, parameter-problem } accept
oifname "lxdbr0" udp sport 67 accept
oifname "lxdbr0" icmpv6 type { destination-unreachable, packet-too-big, time-exceeded, parameter-problem, echo-request, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert, mld2-listener-report } accept
oifname "lxdbr0" udp sport 547 accept
}
}