LXD containers drops ICMP between one another

Question

So I stumbled across an issue that I cannot figure out. I have setup two host machines each with two LXD VM containers. Both are running LXD via Snap. One host is running Ubuntu 22.04 with two Ubuntu 22.04 containers. The other host is running Debian 12 with two Debian 12 containers. I have setup netplan on the containers and installed bridge-utils etc on both hosts. I then configured a network bridge on both hosts and configured the containers on those hosts to use them, all of which is using the exact same configuration.

Hosts

ip link add dev lxdbr0 type bridge
ip addr add 172.16.0.254/16 broadcast 172.16.255.255 dev lxdbr0
ip link set lxdbr0 up

LXD Container 1

LXD Config

devices:
  lxdbr0:
    hwaddr: 00:16:3e:fb:7d:1c
    nictype: bridged
    parent: lxdbr0
    type: nic  

Netplan

network:
  version: 2
ethernets:
    enp0s0:
      match:
        macaddress: 00:16:3e:fb:7d:1c
      set-name: enp0s0
      dhcp4: false
      addresses:
        - 172.16.0.1/16
      routes:
        - to: 172.16.0.0/16
          via: 172.16.0.254

LXD Container 2

LXD Config

devices:
  lxdbr0:
    hwaddr: 00:16:3e:fb:7d:8d
    nictype: bridged
    parent: lxdbr0
    type: nic

Netplan

network:
  version: 2
ethernets:
    enp0s0:
      match:
        macaddress: 00:16:3e:fb:7d:8d
      set-name: enp0s0
      dhcp4: false
      addresses:
        - 172.16.0.2/16
      routes:
        - to: 172.16.0.0/16
          via: 172.16.0.254

This is working fine on the Ubuntu host, but I have some issues on the Debian host. Normal TCP is working fine, but for some reason it drops ICMP between the containers. I can ping each containers from the host, but I cannot ping one container from another. At first I thought there was a general connection issue, but I tried installing nginx on one of the container which is fully accessible via curl from the other container.

Like I mentioned above. Both configurations are the same on each host and their containers. Maybe Ubuntu's Cloud Init is the reason why this is just working on Ubuntu? But why only ICMP?

There are no iptables configurations made, no ufw or other firewall installed and configured.

I have gone through every ip command check that I can think of, and everything is showing the same configuration between both installations. I have tried tcpdump and various other monitoring options that I could find, and I cannot figure out why or where these packets are dropped.

Answer 1

It would seam that my Ubuntu installation has net.ipv4.conf.all.forwarding=1 configured somewhere. Not sure where as I have looked through both /etc/sysctl.conf and /etc/sysctl.d/. But everything has forwarding enabled by default which is not the case on the Debian installation. Enabling this does fix the issue, although I am unsure why this only affects ICMP Request packets. Not really a major network expert, but does a 'curl' http request not begin with an ARP packet? Find it strange that curl could get through but ping could not.