Can't start Multipass with UFW enabled

I’m not able to start up a Multipass when I have UFW enabled.

I’m using the Multipass snap and running it on my Ubuntu 20.10 desktop computer, not over any network.

Does anyone know what port I can open with UFW to allow me to keep UFW enabled?

Not for sure — but have you tried 443?

443 doesn’t work, but thanks for the suggestion

1 Like

Hi @RickAndTired,

You shouldn’t have to add any special UFW rules, but you may be hitting this issue about incompatible iptables variants (legacy vs. nftables). Multipass adds its own iptables rules (depending on the driver) and the snap currently ships with the legacy iptables. Using the nftables variant at the same time will step on that.

What does iptables -V say?

1 Like

On host
$ iptables -V
iptables v1.8.5 (nf_tables)

In multipass shell
$ iptables -V
iptables v1.8.4 (legacy)

Yeah, so I’m afraid you’re hitting that bug :slightly_frowning_face:

The iptables variant inside the instance itself should have no effect though. The conflict is with the iptables variant that the snap ships and uses.

Hi @RickAndTired,

You can try running the script I posted in the bug and see if that helps.

Hi, that script didn’t solve my issue.

$ multipass start ubuntu-dl
start failed: The following errors occurred:
ubuntu-dl: timed out waiting for response

If I disable UFW then $ multipass start ubuntu-dl works fine

Hi @RickAndTired,

Then I believe UFW is blocking access to the Multipass subnet from your host. I’m not familiar with UFW configuration, but I’m sure there is some way to configure it to allow access.

BTW, you can get the Multipass subnet from doing ifconfig mpbr0 and look at what inet reports. For example, if inet has 10.229.75.1, then Multipass is using the 10.229.75.x subnet.

You might be able to allow traffic through your UFW firewall with
sudo ufw allow in on mpqemubr0 && sudo ufw allow out on mpqemubr0

2 Likes

This also happens in MacbookPro