I have a 19.07 LXD installation of OpenWRT serving as router for my network. Seeing as now there is an official way to install it in LXD (as opposed to a hacky way I used before), I did so. I also migrated lxd config and then restored openwrt config backup onto new 21.02 lxd.
The container start just fine and lxc list shows it gets the correct DHCP IP from ISP and static IP on lan interface. I am able to login into Luci and the router can ping both ways (internet addresses and LAN), but LAN machines (including LXD host) are totally cut-off from the internet. They can ping only as far as router's internal and external IP (and each other):
Pinging 8.8.8.8 gives no result, and pinging google.com returns
ping: gooogle.com: Name or service not known
Here are the key config files:
# ls -l /etc/config/
-rw------- 1 root root 2479 Feb 11 01:32 dhcp
-rw------- 1 root root 1000 Jun 14 2021 dhcp-opkg
-rw------- 1 root root 86 Jun 15 2021 dropbear
-rw------- 1 root root 6126 Feb 11 01:03 firewall
-rw------- 1 root root 862 Dec 6 2020 luci
-rw-r--r-- 1 root root 687 Oct 2 17:41 luci-opkg
-rw------- 1 root root 675 Feb 11 00:59 network
-rw------- 1 root root 167 Feb 11 00:58 rpcd
-rw------- 1 root root 423 Oct 27 09:23 system
-rw-r--r-- 1 root root 807 Oct 2 17:41 ucitrack
-rw------- 1 root root 4140 Dec 1 2020 uhttpd
Also, there is this repeating entry in cgi-bin/luci/admin/status/syslog
Fri Feb 11 20:27:40 2022 daemon.warn dnsmasq-dhcp[1595]: no address range available for DHCP request via red0
Fri Feb 11 20:27:41 2022 daemon.warn dnsmasq-dhcp[1595]: no address range available for DHCP request via red0
Fri Feb 11 20:27:42 2022 daemon.warn dnsmasq-dhcp[1595]: no address range available for DHCP request via red0
Fri Feb 11 20:27:43 2022 daemon.warn dnsmasq-dhcp[1595]: no address range available for DHCP request via red0
Fri Feb 11 20:27:43 2022 daemon.warn dnsmasq-dhcp[1595]: no address range available for DHCP request via red0
Fri Feb 11 20:27:43 2022 daemon.warn dnsmasq-dhcp[1595]: no address range available for DHCP request via red0```
Nope, don't restore backup from one major release to another. There are significant changes and you'll end up with weird issues.
Restore the config to defaults, then use the contents of the backup as a guide to reconfigure the router manually.
I am not sure if you fixed it already, but in network configuration you are using GRN and RED as interface names, while in dhcp configuration you kept the lan/wan. If you are not sure, keep the original names.
Because 'lan' and 'wan' are names of zones, not interfaces, and the zones are named correctly in /etc/config/firewall ? That's how I understand it and it is supported by the fact that 19.07 works just fine with the above configuration.
Install tcpdump opkg update; opkg install tcpdump
Run packet capture to see what is going on to the packets: tcpdump -i any -evn host 8.8.4.4
Then on a lan host run the ping 8.8.4.4 , stop it after a few lost packets, count the lost packets, stop tcpdump and copy paste here the output and the amount of lost packets.
# /etc/init.d/firewall restart
Warning: Unable to locate ipset utility, disabling ipset support
Warning: Section @defaults[0] requires unavailable target extension FLOWOFFLOAD, disabling
Warning: Section @defaults[0] requires unavailable target extension FLOWOFFLOAD, disabling
* Set tcp_ecn to off
* Set tcp_syncookies to on
* Set tcp_window_scaling to on
* Running script '/etc/firewall.user'
Evidently there is something weird going on with the firewall as well as the image, since service is missing. As I am not experienced with container installation, I'll refer it to some other members of the forum and hopefully you'll get more lucky.
Just mention where did you get the image from.