Can't start Multipass with UFW enabled

RickAndTired · December 28, 2020, 5:38am

I’m not able to start up a Multipass when I have UFW enabled.

I’m using the Multipass snap and running it on my Ubuntu 20.10 desktop computer, not over any network.

Does anyone know what port I can open with UFW to allow me to keep UFW enabled?

stephen-d-allen · December 28, 2020, 2:55pm

Not for sure — but have you tried 443?

RickAndTired · December 30, 2020, 8:29am

443 doesn’t work, but thanks for the suggestion

ricab · January 4, 2021, 3:41pm

Hi @RickAndTired,

You shouldn’t have to add any special UFW rules, but you may be hitting this issue about incompatible iptables variants (legacy vs. nftables). Multipass adds its own iptables rules (depending on the driver) and the snap currently ships with the legacy iptables. Using the nftables variant at the same time will step on that.

What does iptables -V say?

RickAndTired · January 4, 2021, 7:03pm

On host
$ iptables -V
iptables v1.8.5 (nf_tables)

In multipass shell
$ iptables -V
iptables v1.8.4 (legacy)

ricab · January 4, 2021, 7:30pm

Yeah, so I’m afraid you’re hitting that bug

The iptables variant inside the instance itself should have no effect though. The conflict is with the iptables variant that the snap ships and uses.

townsend · January 4, 2021, 7:59pm

Hi @RickAndTired,

You can try running the script I posted in the bug and see if that helps.

RickAndTired · January 4, 2021, 8:38pm

Hi, that script didn’t solve my issue.

$ multipass start ubuntu-dl
start failed: The following errors occurred:
ubuntu-dl: timed out waiting for response

If I disable UFW then $ multipass start ubuntu-dl works fine

townsend · January 4, 2021, 8:53pm

Hi @RickAndTired,

Then I believe UFW is blocking access to the Multipass subnet from your host. I’m not familiar with UFW configuration, but I’m sure there is some way to configure it to allow access.

townsend · January 4, 2021, 8:57pm

BTW, you can get the Multipass subnet from doing ifconfig mpbr0 and look at what inet reports. For example, if inet has 10.229.75.1, then Multipass is using the 10.229.75.x subnet.

addyess · May 13, 2021, 2:45pm

You might be able to allow traffic through your UFW firewall with
sudo ufw allow in on mpqemubr0 && sudo ufw allow out on mpqemubr0

andodeki · October 5, 2023, 9:31pm

This also happens in MacbookPro

bramkrisna16 · June 26, 2024, 9:25am

i got same issue, anyone can helps? please…

bramkrisna16 · June 26, 2024, 9:29am

how do you disable the ufw without shell the instance? please tell me …

RickAndTired · June 27, 2024, 1:01am

I’m not sure I understand your question, but I needed to disable UFW on the host machine, not the VM
sudo ufw disable

eeickmeyer · June 27, 2024, 1:14am

Ubuntu Discourse moderator here.

Normally we don’t allow technical support on this site, but the Multipass team seems to have allowed this thread.

HOWEVER

It is generally not a good idea to necro-bump an old thread that has been dead for a certain amount of time, in this case 2 years, and again 9 months later. This thread started back in 2020.

When this happens, it’s best to start a new topic.

I’m going to leave this open for now, but I’d very much like to hear from the Multipass team what they’d prefer.

ricab · June 27, 2024, 10:38am

@eeickmeyer is right. We generally try to help people out as best we can, but a new GH issue is the correct option to report problems with Multipass.

That said, I don’t think that new question in this thread was addressed to us and I personally didn’t understand it.

eeickmeyer · June 27, 2024, 5:43pm

Thanks, @ricab .

With that in mind, this topic is now closed. Any further technical support issues with Multipass need to be brought to https://github.com/canonical/multipass/issues.