Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No internet after default install of snap lxd in ubuntu jammy (novice users) #11824

Closed
realdmitchell opened this issue Jun 13, 2023 · 7 comments
Closed

No internet after default install of snap lxd in ubuntu jammy (novice users) #11824

realdmitchell opened this issue Jun 13, 2023 · 7 comments
Labels
Maybe Undecided whether in scope for the project

Comments

@realdmitchell
Copy link

realdmitchell commented Jun 13, 2023
edited
Loading

Required information

  • Distribution: Ubuntu
  • Distribution version: 22.04.2 LTS
  driver: lxc | qemu
  driver_version: 5.0.2 | 8.0.0
  firewall: nftables
  kernel: Linux
  kernel_architecture: x86_64
  kernel_features:
    idmapped_mounts: "true"
    netnsid_getifaddrs: "true"
    seccomp_listener: "true"
    seccomp_listener_continue: "true"
    shiftfs: "false"
    uevent_injection: "true"
    unpriv_fscaps: "true"
  kernel_version: 5.15.0-71-generic
  lxc_features:
    cgroup2: "true"
    core_scheduling: "true"
    devpts_fd: "true"
    idmapped_mounts_v2: "true"
    mount_injection_file: "true"
    network_gateway_device_route: "true"
    network_ipvlan: "true"
    network_l2proxy: "true"
    network_phys_macvlan_mtu: "true"
    network_veth_router: "true"
    pidfd: "true"
    seccomp_allow_deny_syntax: "true"
    seccomp_notify: "true"
    seccomp_proxy_send_notify_fd: "true"
  os_name: Ubuntu
  os_version: "22.04"
  project: default
  server: lxd
  server_clustered: false
  server_event_mode: full-mesh
  server_name: scoop10
  server_pid: 4128436
  server_version: "5.14"
  storage: zfs
  storage_version: 2.1.5-1ubuntu6~22.04.1
  storage_supported_drivers:
  - name: btrfs
    version: 5.16.2
    remote: false
  - name: ceph
    version: 17.2.5
    remote: true
  - name: cephfs
    version: 17.2.5
    remote: true
  - name: cephobject
    version: 17.2.5
    remote: true
  - name: dir
    version: "1"
    remote: false
  - name: lvm
    version: 2.03.11(2) (2021-01-08) / 1.02.175 (2021-01-08) / 4.45.0
    remote: false
  - name: zfs
    version: 2.1.5-1ubuntu6~22.04.1
    remote: false

Issue description

No internet in the container after default install of snap lxd in ubuntu jammy

Reference thread: https://discuss.linuxcontainers.org/t/lxd-bridge-doesnt-work-with-ipv4-and-ufw-with-nftables/10034/17

Steps to reproduce

  1. Install Ubuntu
  2. Install snap lxd
  3. Launch a container for example: lxc launch ubuntu:jammy
  4. The NEW launched container has no internet

If one reads this:

https://linuxcontainers.org/lxd/docs/master/howto/network_bridge_firewalld/#ufw-add-rules-for-the-bridge

Suggestion

  1. After finishing

sudo lxd init
2. Could the devs please give link to this https://linuxcontainers.org/lxd/docs/master/howto/network_bridge_firewalld/#ufw-add-rules-for-the-bridge or dump

sudo ufw allow in on <network_bridge>
sudo ufw route allow in on <network_bridge>
sudo ufw route allow out on <network_bridge>
@simondeziel
Copy link
Member

Hello, FYI support questions are best answered by asking for help in our forum so, if you don't mind I'll close this issue and ask you to go to https://discuss.linuxcontainers.org/ instead. Thanks!

@realdmitchell
Copy link
Author

@simondeziel One the maintainers "Tomp" asked me to create an issue. See last comment in the thread.

https://discuss.linuxcontainers.org/t/lxd-bridge-doesnt-work-with-ipv4-and-ufw-with-nftables/10034/32

@simondeziel simondeziel reopened this Jun 13, 2023
@simondeziel
Copy link
Member

@realdmitchell my apologies, I missed that!

@simondeziel
Copy link
Member

@realdmitchell If I followed correctly (this time ;), you are asking for lxd init to point the user to our firewall setup doc. Is that right?

@stgraber stgraber added the Incomplete Waiting on more information from reporter label Jun 14, 2023
@realdmitchell
Copy link
Author

Yes. Or dump those commands.

If you follow "Steps to reproduce" it would be normal for the average user to expect that the 'containers' are automatically connected to internet. And at the moment it is NOT. (Of course the correct solution would be some how fix it but you are the experts... Please decide what is the best)

@realdmitchell
Copy link
Author

anything needed?

@tomponline tomponline added Maybe Undecided whether in scope for the project and removed Incomplete Waiting on more information from reporter labels Jul 14, 2023
@jdstrand
Copy link

Fyi, I commented on some finer-grained rules that could be added to the docs: https://discuss.linuxcontainers.org/t/lxd-bridge-doesnt-work-with-ipv4-and-ufw-with-nftables/10034/34?page=2

ru-fu added a commit to ru-fu/lxd that referenced this issue Sep 18, 2023
@ru-fu
doc/networking/firewall: add more restrictive UFW rules
948abb7 
Add an example for more restrictive firewall rules.

Closes canonical#11824

Signed-off-by: Ruth Fuchss <ruth.fuchss@canonical.com>
@tomponline tomponline mentioned this issue Sep 18, 2023
Merged
ru-fu added a commit to ru-fu/lxd that referenced this issue Sep 19, 2023
@ru-fu
doc/networking/firewall: add more restrictive UFW rules
2255e6d 
Add an example for more restrictive firewall rules.

Closes canonical#11824

Signed-off-by: Ruth Fuchss <ruth.fuchss@canonical.com>
gabrielmougard pushed a commit to gabrielmougard/lxd-fork that referenced this issue Oct 26, 2023
@ru-fu @gabrielmougard
doc/networking/firewall: add more restrictive UFW rules
3356b4b 
Add an example for more restrictive firewall rules.

Closes canonical#11824

Signed-off-by: Ruth Fuchss <ruth.fuchss@canonical.com>
tomponline pushed a commit to tomponline/lxd that referenced this issue Nov 30, 2023
@ru-fu @tomponline
doc/networking/firewall: add more restrictive UFW rules
7a27f2f 
Add an example for more restrictive firewall rules.

Closes canonical#11824

Signed-off-by: Ruth Fuchss <ruth.fuchss@canonical.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Maybe Undecided whether in scope for the project
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@tomponline @simondeziel @jdstrand @stgraber @realdmitchell