I am running docker swarm in an LXD container. I spent several hours to debug a network issue where I could not access the container from the outside world. It turned out that the issue was that ip forwarding has to be enabled in the ingress-sbox namespace:
nsenter --net=/run/docker/netns/ingress_sbox sysctl -w net.ipv4.ip_forward=1
Only after manually enabeling ip forwarding in this namespace the overlay network is working as expected. Any idea why this manual step is required within an LXD container? Am I missing some setting in LXD?
I also posted this question in the LXD forum as this might require some expertise in both areas.