UFW, IPTABLES and IP FORWARDING

BY Default, UFW blocks IP Forwarding. To enable packet forwarding, two configuration files will need to be adjusted, in /etc/default/ufw change the DEFAULT_FORWARD_POLICY to “ACCEPT”:

DEFAULT_FORWARD_POLICY="ACCEPT"

Then edit /etc/ufw/sysctl.conf and uncomment:

net/ipv4/ip_forward=1
#for IPv6 forwarding uncomment:
net/ipv6/conf/default/forwarding=1

To enable IPv4 packet forwarding by editing /etc/sysctl.conf and uncomment the following line:

net.ipv4.ip_forward=1
# If you wish to enable IPv6 forwarding also uncomment:
net.ipv6.conf.default.forwarding=1

Execute the sysctl command to enable the new settings in the configuration file:

sudo sysctl -p

Create my-iptables-rules:

$ sudo vi /etc/network/if-up.d/my-iptables-rules
#!/bin/bash
FLAG="/tmp/my-iptables-settings"
if [ -f ${FLAG} ]; then
  echo "Already set my iptables rules. Skip it."
  exit 0
fi

#sample iptables rules
iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE

touch ${FLAG}
exit 0

Reference:https://help.ubuntu.com/lts/serverguide/firewall.html

LXD Containers with Static IP Addresses

1. Edit /etc/default/lxd-bridge and change the value of LXC_CONFILE

$ sudo vi /etc/default/lxd-bridge
...
# Path to an extra dnsmasq configuration file
LXD_CONFILE="/etc/default/lxd_dnsmasq.conf"
...

2. Edit /etc/default/lxd_dnsmasq.conf and add container ip setting

$ sudo vi /etc/default/lxd_dnsmasq.conf
# dhcp-host=containername,ipaddress
dhcp-host=myc1,10.0.3.10

3. Stop container. restart lxd-bridge, start container

$ sudo lxc stop myc1
$ sudo service lxd-bridge stop && sudo service lxd-bridge start
$ sudo lxc start myc1

Reference:http://jason.trickett.us/2016/08/lxd-containers-static-ip-addresses-heres/