Network forward routing breaks when used by container in target network

[Linkster78]

Required information

• Distribution: Debian
• Distribution version: 12 (bookworm)
• The output of "incus info":

  config: {}
  api_extensions:
  - storage_zfs_remove_snapshots
  - container_host_shutdown_timeout
  - container_stop_priority
  - container_syscall_filtering
  - auth_pki
  - container_last_used_at
  - etag
  - patch
  - usb_devices
  - https_allowed_credentials
  - image_compression_algorithm
  - directory_manipulation
  - container_cpu_time
  - storage_zfs_use_refquota
  - storage_lvm_mount_options
  - network
  - profile_usedby
  - container_push
  - container_exec_recording
  - certificate_update
  - container_exec_signal_handling
  - gpu_devices
  - container_image_properties
  - migration_progress
  - id_map
  - network_firewall_filtering
  - network_routes
  - storage
  - file_delete
  - file_append
  - network_dhcp_expiry
  - storage_lvm_vg_rename
  - storage_lvm_thinpool_rename
  - network_vlan
  - image_create_aliases
  - container_stateless_copy
  - container_only_migration
  - storage_zfs_clone_copy
  - unix_device_rename
  - storage_lvm_use_thinpool
  - storage_rsync_bwlimit
  - network_vxlan_interface
  - storage_btrfs_mount_options
  - entity_description
  - image_force_refresh
  - storage_lvm_lv_resizing
  - id_map_base
  - file_symlinks
  - container_push_target
  - network_vlan_physical
  - storage_images_delete
  - container_edit_metadata
  - container_snapshot_stateful_migration
  - storage_driver_ceph
  - storage_ceph_user_name
  - resource_limits
  - storage_volatile_initial_source
  - storage_ceph_force_osd_reuse
  - storage_block_filesystem_btrfs
  - resources
  - kernel_limits
  - storage_api_volume_rename
  - network_sriov
  - console
  - restrict_dev_incus
  - migration_pre_copy
  - infiniband
  - dev_incus_events
  - proxy
  - network_dhcp_gateway
  - file_get_symlink
  - network_leases
  - unix_device_hotplug
  - storage_api_local_volume_handling
  - operation_description
  - clustering
  - event_lifecycle
  - storage_api_remote_volume_handling
  - nvidia_runtime
  - container_mount_propagation
  - container_backup
  - dev_incus_images
  - container_local_cross_pool_handling
  - proxy_unix
  - proxy_udp
  - clustering_join
  - proxy_tcp_udp_multi_port_handling
  - network_state
  - proxy_unix_dac_properties
  - container_protection_delete
  - unix_priv_drop
  - pprof_http
  - proxy_haproxy_protocol
  - network_hwaddr
  - proxy_nat
  - network_nat_order
  - container_full
  - backup_compression
  - nvidia_runtime_config
  - storage_api_volume_snapshots
  - storage_unmapped
  - projects
  - network_vxlan_ttl
  - container_incremental_copy
  - usb_optional_vendorid
  - snapshot_scheduling
  - snapshot_schedule_aliases
  - container_copy_project
  - clustering_server_address
  - clustering_image_replication
  - container_protection_shift
  - snapshot_expiry
  - container_backup_override_pool
  - snapshot_expiry_creation
  - network_leases_location
  - resources_cpu_socket
  - resources_gpu
  - resources_numa
  - kernel_features
  - id_map_current
  - event_location
  - storage_api_remote_volume_snapshots
  - network_nat_address
  - container_nic_routes
  - cluster_internal_copy
  - seccomp_notify
  - lxc_features
  - container_nic_ipvlan
  - network_vlan_sriov
  - storage_cephfs
  - container_nic_ipfilter
  - resources_v2
  - container_exec_user_group_cwd
  - container_syscall_intercept
  - container_disk_shift
  - storage_shifted
  - resources_infiniband
  - daemon_storage
  - instances
  - image_types
  - resources_disk_sata
  - clustering_roles
  - images_expiry
  - resources_network_firmware
  - backup_compression_algorithm
  - ceph_data_pool_name
  - container_syscall_intercept_mount
  - compression_squashfs
  - container_raw_mount
  - container_nic_routed
  - container_syscall_intercept_mount_fuse
  - container_disk_ceph
  - virtual-machines
  - image_profiles
  - clustering_architecture
  - resources_disk_id
  - storage_lvm_stripes
  - vm_boot_priority
  - unix_hotplug_devices
  - api_filtering
  - instance_nic_network
  - clustering_sizing
  - firewall_driver
  - projects_limits
  - container_syscall_intercept_hugetlbfs
  - limits_hugepages
  - container_nic_routed_gateway
  - projects_restrictions
  - custom_volume_snapshot_expiry
  - volume_snapshot_scheduling
  - trust_ca_certificates
  - snapshot_disk_usage
  - clustering_edit_roles
  - container_nic_routed_host_address
  - container_nic_ipvlan_gateway
  - resources_usb_pci
  - resources_cpu_threads_numa
  - resources_cpu_core_die
  - api_os
  - container_nic_routed_host_table
  - container_nic_ipvlan_host_table
  - container_nic_ipvlan_mode
  - resources_system
  - images_push_relay
  - network_dns_search
  - container_nic_routed_limits
  - instance_nic_bridged_vlan
  - network_state_bond_bridge
  - usedby_consistency
  - custom_block_volumes
  - clustering_failure_domains
  - resources_gpu_mdev
  - console_vga_type
  - projects_limits_disk
  - network_type_macvlan
  - network_type_sriov
  - container_syscall_intercept_bpf_devices
  - network_type_ovn
  - projects_networks
  - projects_networks_restricted_uplinks
  - custom_volume_backup
  - backup_override_name
  - storage_rsync_compression
  - network_type_physical
  - network_ovn_external_subnets
  - network_ovn_nat
  - network_ovn_external_routes_remove
  - tpm_device_type
  - storage_zfs_clone_copy_rebase
  - gpu_mdev
  - resources_pci_iommu
  - resources_network_usb
  - resources_disk_address
  - network_physical_ovn_ingress_mode
  - network_ovn_dhcp
  - network_physical_routes_anycast
  - projects_limits_instances
  - network_state_vlan
  - instance_nic_bridged_port_isolation
  - instance_bulk_state_change
  - network_gvrp
  - instance_pool_move
  - gpu_sriov
  - pci_device_type
  - storage_volume_state
  - network_acl
  - migration_stateful
  - disk_state_quota
  - storage_ceph_features
  - projects_compression
  - projects_images_remote_cache_expiry
  - certificate_project
  - network_ovn_acl
  - projects_images_auto_update
  - projects_restricted_cluster_target
  - images_default_architecture
  - network_ovn_acl_defaults
  - gpu_mig
  - project_usage
  - network_bridge_acl
  - warnings
  - projects_restricted_backups_and_snapshots
  - clustering_join_token
  - clustering_description
  - server_trusted_proxy
  - clustering_update_cert
  - storage_api_project
  - server_instance_driver_operational
  - server_supported_storage_drivers
  - event_lifecycle_requestor_address
  - resources_gpu_usb
  - clustering_evacuation
  - network_ovn_nat_address
  - network_bgp
  - network_forward
  - custom_volume_refresh
  - network_counters_errors_dropped
  - metrics
  - image_source_project
  - clustering_config
  - network_peer
  - linux_sysctl
  - network_dns
  - ovn_nic_acceleration
  - certificate_self_renewal
  - instance_project_move
  - storage_volume_project_move
  - cloud_init
  - network_dns_nat
  - database_leader
  - instance_all_projects
  - clustering_groups
  - ceph_rbd_du
  - instance_get_full
  - qemu_metrics
  - gpu_mig_uuid
  - event_project
  - clustering_evacuation_live
  - instance_allow_inconsistent_copy
  - network_state_ovn
  - storage_volume_api_filtering
  - image_restrictions
  - storage_zfs_export
  - network_dns_records
  - storage_zfs_reserve_space
  - network_acl_log
  - storage_zfs_blocksize
  - metrics_cpu_seconds
  - instance_snapshot_never
  - certificate_token
  - instance_nic_routed_neighbor_probe
  - event_hub
  - agent_nic_config
  - projects_restricted_intercept
  - metrics_authentication
  - images_target_project
  - images_all_projects
  - cluster_migration_inconsistent_copy
  - cluster_ovn_chassis
  - container_syscall_intercept_sched_setscheduler
  - storage_lvm_thinpool_metadata_size
  - storage_volume_state_total
  - instance_file_head
  - instances_nic_host_name
  - image_copy_profile
  - container_syscall_intercept_sysinfo
  - clustering_evacuation_mode
  - resources_pci_vpd
  - qemu_raw_conf
  - storage_cephfs_fscache
  - network_load_balancer
  - vsock_api
  - instance_ready_state
  - network_bgp_holdtime
  - storage_volumes_all_projects
  - metrics_memory_oom_total
  - storage_buckets
  - storage_buckets_create_credentials
  - metrics_cpu_effective_total
  - projects_networks_restricted_access
  - storage_buckets_local
  - loki
  - acme
  - internal_metrics
  - cluster_join_token_expiry
  - remote_token_expiry
  - init_preseed
  - storage_volumes_created_at
  - cpu_hotplug
  - projects_networks_zones
  - network_txqueuelen
  - cluster_member_state
  - instances_placement_scriptlet
  - storage_pool_source_wipe
  - zfs_block_mode
  - instance_generation_id
  - disk_io_cache
  - amd_sev
  - storage_pool_loop_resize
  - migration_vm_live
  - ovn_nic_nesting
  - oidc
  - network_ovn_l3only
  - ovn_nic_acceleration_vdpa
  - cluster_healing
  - instances_state_total
  - auth_user
  - security_csm
  - instances_rebuild
  - numa_cpu_placement
  - custom_volume_iso
  - network_allocations
  - zfs_delegate
  - storage_api_remote_volume_snapshot_copy
  - operations_get_query_all_projects
  - metadata_configuration
  - syslog_socket
  - event_lifecycle_name_and_project
  - instances_nic_limits_priority
  - disk_initial_volume_configuration
  - operation_wait
  - image_restriction_privileged
  - cluster_internal_custom_volume_copy
  - disk_io_bus
  - storage_cephfs_create_missing
  - instance_move_config
  - ovn_ssl_config
  - certificate_description
  - disk_io_bus_virtio_blk
  - loki_config_instance
  - instance_create_start
  - clustering_evacuation_stop_options
  - boot_host_shutdown_action
  - agent_config_drive
  - network_state_ovn_lr
  - image_template_permissions
  - storage_bucket_backup
  - storage_lvm_cluster
  - shared_custom_block_volumes
  - auth_tls_jwt
  - oidc_claim
  - device_usb_serial
  - numa_cpu_balanced
  - image_restriction_nesting
  - network_integrations
  - instance_memory_swap_bytes
  - network_bridge_external_create
  - network_zones_all_projects
  - storage_zfs_vdev
  - container_migration_stateful
  - profiles_all_projects
  - instances_scriptlet_get_instances
  - instances_scriptlet_get_cluster_members
  - instances_scriptlet_get_project
  - network_acl_stateless
  - instance_state_started_at
  - networks_all_projects
  - network_acls_all_projects
  - storage_buckets_all_projects
  - resources_load
  - instance_access
  - project_access
  - projects_force_delete
  - resources_cpu_flags
  - disk_io_bus_cache_filesystem
  - instance_oci
  - clustering_groups_config
  - instances_lxcfs_per_instance
  - clustering_groups_vm_cpu_definition
  - disk_volume_subpath
  - projects_limits_disk_pool
  - network_ovn_isolated
  api_status: stable
  api_version: "1.0"
  auth: trusted
  public: false
  auth_methods:
  - tls
  auth_user_name: root
  auth_user_method: unix
  environment:
  addresses: []
  architectures:
  - x86_64
  - i686
  certificate: |
  -----BEGIN CERTIFICATE-----
  MIICHTCCAaKgAwIBAgIRAOPFPNkJgMxaRyCYH8mF2RwwCgYIKoZIzj0EAwMwOzEZ
  MBcGA1UEChMQTGludXggQ29udGFpbmVyczEeMBwGA1UEAwwVcm9vdEBkZWJpYW4t
  MmdiLWFzaC0xMB4XDTI0MDkwMjA1MTUxN1oXDTM0MDgzMTA1MTUxN1owOzEZMBcG
  A1UEChMQTGludXggQ29udGFpbmVyczEeMBwGA1UEAwwVcm9vdEBkZWJpYW4tMmdi
  LWFzaC0xMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE81jzM5XyKEmZngxI19nZa9oE
  MKarmvnVAv+W+HzPoSWKjqk3FDMHQRKFBwr5SSFuf2hZx2Rf15OKxSM6LeDHlfqI
  MXxme0frUPd4jo1pa7MyMBtlZuowB3fjaU86+lr4o2owaDAOBgNVHQ8BAf8EBAMC
  BaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAzBgNVHREELDAq
  ghBkZWJpYW4tMmdiLWFzaC0xhwR/AAABhxAAAAAAAAAAAAAAAAAAAAABMAoGCCqG
  SM49BAMDA2kAMGYCMQC9g4Q+o2vaMem+r5ROD+hpPFKcsFVndmbIXbae7CKzmJWZ
  rdGKs2lGQmPfIgbCIoICMQC+cG38zOvEYgIQrBAWuBd7JqWbfFRWn+3NNmvfm04L
  l9P6EX+lz3P1ukyeMWP3MUk=
  -----END CERTIFICATE-----
  certificate_fingerprint: 8c0ee3128f245eddbb2f9392f5a96d9cb91c0f68337734800cdca0634be730eb
  driver: lxc
  driver_version: 6.0.1
  firewall: nftables
  kernel: Linux
  kernel_architecture: x86_64
  kernel_features:
  idmapped_mounts: "true"
  netnsid_getifaddrs: "true"
  seccomp_listener: "true"
  seccomp_listener_continue: "true"
  uevent_injection: "true"
  unpriv_binfmt: "false"
  unpriv_fscaps: "true"
  kernel_version: 6.1.0-23-amd64
  lxc_features:
  cgroup2: "true"
  core_scheduling: "true"
  devpts_fd: "true"
  idmapped_mounts_v2: "true"
  mount_injection_file: "true"
  network_gateway_device_route: "true"
  network_ipvlan: "true"
  network_l2proxy: "true"
  network_phys_macvlan_mtu: "true"
  network_veth_router: "true"
  pidfd: "true"
  seccomp_allow_deny_syntax: "true"
  seccomp_notify: "true"
  seccomp_proxy_send_notify_fd: "true"
  os_name: Debian GNU/Linux
  os_version: "12"
  project: default
  server: incus
  server_clustered: false
  server_event_mode: full-mesh
  server_name: debian-2gb-ash-1
  server_pid: 29417
  server_version: "6.4"
  storage: btrfs
  storage_version: "6.2"
  storage_supported_drivers:
  - name: dir
  version: "1"
  remote: false
  - name: lvm
  version: 2.03.16(2) (2022-05-18) / 1.02.185 (2022-05-18) / 4.47.0
  remote: false
  - name: lvmcluster
  version: 2.03.16(2) (2022-05-18) / 1.02.185 (2022-05-18) / 4.47.0
  remote: true
  - name: btrfs
  version: "6.2"
  remote: false

Issue description

Taking two containers in the same network, let's say "client" and "server". Assuming that a network forward exists forwarding connections to the public IP to the internal "server" container, the "client" will be able to connect directly to "server" but won't be able to connect to "server" through the public IP/network forward.

This might be expected behaviour, I must admit that I'm not extremely familiar with the Linux networking stack.

Steps to reproduce

1. Setup both containers and the forward.

   
   export PUBLIC_IP="..."

incus admin init --minimal incus launch images:debian/bookworm server incus exec server -- apt install -y netcat-openbsd # used for testing incus copy server client && incus start client incus network forward create incusbr0 $PUBLIC_IP target_address=$(incus ls -c4 -fcsv server | awk '{print $1}')

2. Listen on a certain port on the "server" container, try to connect to it directly from the "client" container. Should work.
3. Listen on a certain port on the "server" container, try to connect to the $PUBLIC_IP from the outside. Should work.
4. Listen on a certain port on the "server" container, try to connect to the $PUBLIC_IP from the "client" container. Should not work.

# Information to attach

captured on the host, port 10 could be replaced with any other port...

10.36.104.232 is the "client" container

10.36.104.154 is the "server" container

178.156.132.168 is the public IP

$ tcpdump -ni any port 10 tcpdump: data link type LINUX_SLL2 tcpdump: verbose output suppressed, use -v[v]... for full protocol decode listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes 05:39:18.875191 vethfa027476 P IP 10.36.104.232.60942 > 178.156.132.168.10: Flags [S], seq 2192346995, win 64240, options [mss 1460,sackOK,TS val 2531906438 ecr 0,nop,wscale 7], length 0 05:39:18.875199 incusbr0 In IP 10.36.104.232.60942 > 178.156.132.168.10: Flags [S], seq 2192346995, win 64240, options [mss 1460,sackOK,TS val 2531906438 ecr 0,nop,wscale 7], length 0 05:39:18.875237 incusbr0 Out IP 10.36.104.232.60942 > 10.36.104.154.10: Flags [S], seq 2192346995, win 64240, options [mss 1460,sackOK,TS val 2531906438 ecr 0,nop,wscale 7], length 0 05:39:18.875242 vethb451bc43 Out IP 10.36.104.232.60942 > 10.36.104.154.10: Flags [S], seq 2192346995, win 64240, options [mss 1460,sackOK,TS val 2531906438 ecr 0,nop,wscale 7], length 0 05:39:18.875261 vethb451bc43 P IP 10.36.104.154.10 > 10.36.104.232.60942: Flags [S.], seq 2012877585, ack 2192346996, win 65160, options [mss 1460,sackOK,TS val 1854899413 ecr 2531906438,nop,wscale 7], length 0 05:39:18.875263 vethfa027476 Out IP 10.36.104.154.10 > 10.36.104.232.60942: Flags [S.], seq 2012877585, ack 2192346996, win 65160, options [mss 1460,sackOK,TS val 1854899413 ecr 2531906438,nop,wscale 7], length 0 05:39:18.875270 vethfa027476 P IP 10.36.104.232.60942 > 10.36.104.154.10: Flags [R], seq 2192346996, win 0, length 0 05:39:18.875272 vethb451bc43 Out IP 10.36.104.232.60942 > 10.36.104.154.10: Flags [R], seq 2192346996, win 0, length 0

[Linkster78]

Revisiting this with a fresh look, it seems like this is due to incus forward only performing DNAT and not SNAT, so when the SYN packet reaches the "server" container, the "server" container tries to continue the handshake by talking directly to the "client" since the source IP is preserved by the lack of SNAT and the "client" is in the same subnet.

Obviously, the "client" container didn't attempt to initiate a connection with the "server" container's IP, it tried to initiate it with the public forwarded IP, so the attempted connection is reset and the TCP handshake is never completed.

Is there a reason why SNAT'ing is not performed? Or am I missing something entirely?

Nevermind, I can see why that would be a problem by obfuscating the source IP address. I imagine that this might just be an edge case that shouldn't be expected to be supported by Incus, but I'm curious to hear your toughts.

(This could probably be fixed by applying SNAT if the connection is coming from the same subnet as the target_address, but that seems a bit inconsistent to me)