On Thu, 2016-10-06 at 14:02 -0500, Dan Williams wrote:
Try running 'iptables-save' before you start docker, and then running
'iptables-save' after. Diff the results. Did docker remove
anything?
Hello,
So this seems to be the source of the problem but I'm a little out of
my depth to all its doing.
So I've attached three files
[1] iptables.onBoot (which is iptables after a clean boot)
[2] iptables.afterDockerService (which is iptables after systemctl
start docker)
[3] iptables.diff ( the difference between the two files where I've
removed differences that don't matter like packet counts etc).
So this seems like docker doesn't play well with libvirtd? Should I be
filing a bug on docker? Or is this just a mis-configuration on my part?
I don't think I've changed either libvirtd/qemu or docker's default
configuration. Other than my VMs all attach to bridge0 instead of using
NAT.
I'll start looking up what the -m addrtype --dst-type LOCAL does and
all the docker related rules that are added but I'm really not sure
what's going on. Particularly since VMs that are running and network
connected when before I run a docker container continue to be. Only VMs
brought up after that aren't. Also at a minimum if I stop the docker
service I would expect these rules to go away which they don't. For
example after systemctl stop docker I still have docker0 bridge
interface up and
[gnat@iridium ~]$ sudo iptables -L -n | grep DOCKER
DOCKER-ISOLATION all -- 0.0.0.0/0 0.0.0.0/0
DOCKER all -- 0.0.0.0/0 0.0.0.0/0
Chain DOCKER (1 references)
Chain DOCKER-ISOLATION (1 references)
still shows the chains are in place...