{"id":8278,"date":"2020-12-30T02:13:02","date_gmt":"2020-12-30T02:13:02","guid":{"rendered":"http:\/\/localhost:8105\/?p=8278"},"modified":"2021-12-07T15:52:29","modified_gmt":"2021-12-07T15:52:29","slug":"docker-breaks-kvm-bridge-fixed","status":"publish","type":"post","link":"https:\/\/blog.shahada.abubakar.net\/?p=8278","title":{"rendered":"Docker breaks KVM Bridge – Fixed!"},"content":{"rendered":"

\u00a0<\/p>\n

I recently enabled docker on my desktop PC running Ubuntu 20.04LTS … and it ended up breaking Bridged Networking on my VirtManager\/KVM Virtual Machines (NAT still works). It turns out that (1) docker sets up some broad rules in the iptables firewall (2) even directly bridged traffic in KVMs goes through the iptables firewall and (3) the rules set by docker messes up the VM traffic.<\/div>\n
\u00a0<\/div>\n
After some googling I fixed this with:<\/div>\n
\u00a0<\/div>\n
$ sudo systemctl edit docker.service<\/span><\/div>\n
\u00a0<\/div>\n
[Service]<\/span><\/div>\n
ExecStartPre=\/bin\/sh -c “\/usr\/sbin\/iptables -D FORWARD -p all -i br0 -j ACCEPT || true”<\/span><\/div>\n
ExecStartPre=\/usr\/bin\/iptables -A FORWARD -p all -i br0 -j ACCEPT<\/span><\/div>\n
\u00a0<\/div>\n
$ sudo reboot<\/span><\/div>\n
\u00a0<\/div>\n
This creates an overlay file to systemd’s docker settings, that will tweak the iptables firewall rules so that they work better with KVM. Change “br0” to your bridge device interface.<\/div>\n
\u00a0<\/div>\n
References: https:\/\/bbs.archlinux.org\/viewtopic.php?id=233727<\/div>\n

\u00a0<\/p>\n

Originally created with EverNote at 20201230T021302Z<\/i><\/p>\n\n\n

\"\"<\/figure><\/div>\n","protected":false},"excerpt":{"rendered":"

\u00a0 I recently enabled docker on my desktop PC running Ubuntu 20.04LTS … and it ended up breaking Bridged Networking on my VirtManager\/KVM Virtual Machines (NAT still works). It turns out that (1) docker...<\/p>\n","protected":false},"author":1,"featured_media":8802,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[213,116],"tags":[],"class_list":["post-8278","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-docker","category-linux"],"_links":{"self":[{"href":"https:\/\/blog.shahada.abubakar.net\/index.php?rest_route=\/wp\/v2\/posts\/8278","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.shahada.abubakar.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.shahada.abubakar.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.shahada.abubakar.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.shahada.abubakar.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=8278"}],"version-history":[{"count":4,"href":"https:\/\/blog.shahada.abubakar.net\/index.php?rest_route=\/wp\/v2\/posts\/8278\/revisions"}],"predecessor-version":[{"id":8982,"href":"https:\/\/blog.shahada.abubakar.net\/index.php?rest_route=\/wp\/v2\/posts\/8278\/revisions\/8982"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.shahada.abubakar.net\/index.php?rest_route=\/wp\/v2\/media\/8802"}],"wp:attachment":[{"href":"https:\/\/blog.shahada.abubakar.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=8278"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.shahada.abubakar.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=8278"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.shahada.abubakar.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=8278"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}