docker / kubernetes breaks Proxmox QEMU KVM Bridge VMs

It's best not to mix the two technologies.  Here is how to fix things but break Docker.

If you do an iptables -L you will notice even if you deleted all the Docker chains that the iptables FORWARD policy is enabled and is set to drop, this causes your VMs to not have networking, at least not outside the host machine.

Chain FORWARD (policy DROP)
target     prot opt source               destination         



Here is how to fix everything:

If your bridge interface is not br0 like below change it (eg. if it's vmbr0 then change it to that).

iptables -A FORWARD -p all -i br0 -j ACCEPT

or for blanket all

iptables --policy FORWARD ACCEPT

Now you'll see it has policy ACCEPT so the VM traffic will work:

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

 

Delete the Docker chains

iptables  -X DOCKER-ISOLATION-STAGE-1

iptables -X DOCKER-ISOLATION-STAGE-2

iptables -X DOCKER

iptables -X DOCKER-USER

What Docker did to our machine with iptables:

root@nfs01:# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy DROP)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain DOCKER (0 references)
target     prot opt source               destination         

Chain DOCKER-ISOLATION-STAGE-1 (0 references)
target     prot opt source               destination         

Chain DOCKER-ISOLATION-STAGE-2 (0 references)
target     prot opt source               destination         

Chain DOCKER-USER (0 references)
target     prot opt source               destination         

 

 

root@nfs01:# iptables  -X DOCKER
root@nfs01:# iptables  -X DOCKER-ISOLATION-STAGE-1
root@nfs01:# iptables -L^C
root@nfs01:# ping 192.168.11.240^C
root@nfs01:# iptables -X DOCKER-ISOLATION-STAGE-2
root@nfs01:# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy DROP)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain DOCKER-USER (0 references)
target     prot opt source               destination         
root@nfs01:# iptables -X DOCKER-USER
root@nfs01:# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy DROP)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination  


Tags:

docker, kubernetes, proxmox, qemu, kvm, vmsit, technologies, iptables, deleted, chains, enabled, vms, networking, prot, opt, destination, interface, br, eg, vmbr, delete, isolation, user, nfs, input, output, references, ping,

Latest Articles

  • Grandstream Phone Vulnerability Security Issue Remote Backdoor Connection to 207.246.119.209:3478
  • Linux How to Check Which NIC is Onboard eth0 or eth1 Ubuntu Centos Debian Mint
  • VboxManage VirtualBox NAT Network Issues Managment Troubleshooting
  • Dell PowerEdge Server iDRAC Remote KVM/IP Default Username, Password Reset and Login Information Solution
  • Nvidia Tesla GPUs K40/K80/M40/P40/P100/V100 at home/desktop hacking, cooling, powering, cable solutions Tutorial AIO Solutions
  • Stop ls in Linux Debian Mint CentOS Ubuntu from applying quotes around filenames and directory names
  • Thunderbird Attachment Download Error Corrupt Wrong filesize of 29 or 27 bytes Solution
  • Generic IP Camera LAN Default IP Settings DVR
  • Ubuntu Debian Mint Linux How To Update Initramfs Manually update-initramfs
  • Enable Turbo Mode for CPU Ubuntu Linux Mint Debian Redhat
  • docker / kubernetes breaks Proxmox QEMU KVM Bridge VMs
  • How To Change Storage Location in Docker.io
  • RTL8812BU and RTL8822BU Linux Driver Ubuntu Setup Archer T3U Plus
  • Kazam video blank/high size and not working when recording solution
  • Cisco UC CME How To Enable Licensed Features
  • from pip._internal.cli.main import main File "/usr/local/lib/python3.5/dist-packages/pip/_internal/cli/main.py", line 60 sys.stderr.write(f"ERROR: {exc}") from pip._internal.cli.main import main File "/usr/local/lib/python3.5/dist-packag
  • ModuleNotFoundError: No module named 'pip._internal' solution python
  • grub blank screen how to manually boot kernel and initrd Linux Ubuntu Debian Centos won't boot solution
  • Cisco Switch / Router How To Restore Factory Default Settings
  • Cisco 2900 3900 Router Password Reset How To Reset Enable Password