Unable to connect to outside world from Ubuntu 24.04 instance (no Docker/Podman or firewall on host)

Incus
1

Hello,

I am attempting to get an Ubuntu 24.04 instance running on my Void Linux host machine, but when I start the instance I can’t get networks access. I don’t have a firewall running or Docker/Podman installed.

Here’s what I’ve done so far:

incus launch images:ubuntu/24.04/cloud TEST --storage pool-btrfs --network datacenter

incus network show datacenter

config:
  ipv4.address: 10.134.0.1/16
  ipv6.address: none
description: ""
name: datacenter
type: bridge
used_by:
- /1.0/instances/TEST?project=my-project
managed: true
status: Created
locations:
- none
project: default

I then run the following commands:

incus shell TEST
root@TEST:~# ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
^C
--- 1.1.1.1 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1044ms

I don’t get a “Network unreachable” error…but I can’t ping anything. Is there anything obvious that I’m doing wrong? Thank you!

sudo iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     icmp --  anywhere             anywhere             icmp parameter-problem /* generated for Incus network incusbr0 */
ACCEPT     icmp --  anywhere             anywhere             icmp time-exceeded /* generated for Incus network incusbr0 */
ACCEPT     icmp --  anywhere             anywhere             icmp destination-unreachable /* generated for Incus network incusbr0 */
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:domain /* generated for Incus network incusbr0 */
ACCEPT     udp  --  anywhere             anywhere             udp dpt:domain /* generated for Incus network incusbr0 */
ACCEPT     udp  --  anywhere             anywhere             udp dpt:bootps /* generated for Incus network incusbr0 */
ACCEPT     icmp --  anywhere             anywhere             icmp parameter-problem /* generated for Incus network datacenter */
ACCEPT     icmp --  anywhere             anywhere             icmp time-exceeded /* generated for Incus network datacenter */
ACCEPT     icmp --  anywhere             anywhere             icmp destination-unreachable /* generated for Incus network datacenter */
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:domain /* generated for Incus network datacenter */
ACCEPT     udp  --  anywhere             anywhere             udp dpt:domain /* generated for Incus network datacenter */
ACCEPT     udp  --  anywhere             anywhere             udp dpt:bootps /* generated for Incus network datacenter */

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere             /* generated for Incus network incusbr0 */
ACCEPT     all  --  anywhere             anywhere             /* generated for Incus network incusbr0 */
ACCEPT     all  --  anywhere             anywhere             /* generated for Incus network datacenter */
ACCEPT     all  --  anywhere             anywhere             /* generated for Incus network datacenter */

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     icmp --  anywhere             anywhere             icmp parameter-problem /* generated for Incus network incusbr0 */
ACCEPT     icmp --  anywhere             anywhere             icmp time-exceeded /* generated for Incus network incusbr0 */
ACCEPT     icmp --  anywhere             anywhere             icmp destination-unreachable /* generated for Incus network incusbr0 */
ACCEPT     tcp  --  anywhere             anywhere             tcp spt:domain /* generated for Incus network incusbr0 */
ACCEPT     udp  --  anywhere             anywhere             udp spt:domain /* generated for Incus network incusbr0 */
ACCEPT     udp  --  anywhere             anywhere             udp spt:bootps /* generated for Incus network incusbr0 */
ACCEPT     icmp --  anywhere             anywhere             icmp parameter-problem /* generated for Incus network datacenter */
ACCEPT     icmp --  anywhere             anywhere             icmp time-exceeded /* generated for Incus network datacenter */
ACCEPT     icmp --  anywhere             anywhere             icmp destination-unreachable /* generated for Incus network datacenter */
ACCEPT     tcp  --  anywhere             anywhere             tcp spt:domain /* generated for Incus network datacenter */
ACCEPT     udp  --  anywhere             anywhere             udp spt:domain /* generated for Incus network datacenter */
ACCEPT     udp  --  anywhere             anywhere             udp spt:bootps /* generated for Incus network datacenter */
2

You have assigned a private IP range to your profile which requires to enable masquerading to allow outside traffic or an internal routing on your gateway or firewall.

3

You have assigned a private IP range to your profile which requires to enable masquerading to allow outside traffic or an internal routing on your gateway or firewall.

Thanks, this makes sense I guess. I’m not super familiar with networking, what iptables command(s) should I use to do this? I saw this example, but I don’t have firewall-cmd on my machine as I don’t have any firewalls set up.

4

In general this is more a question of howto manual configure Incus. Properly time to read the docs Bridge network, ipv4.natis your friend…

1 Like
5

Okay, so I just had to add the following config to my datacenter network to get masquerading working:

 ipv4.nat: true