Bug ID 1163740
Summary libvirt VMs cannot access network when docker service is active
Classification openSUSE
Product openSUSE Distribution
Version Leap 15.1
Hardware 64bit
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component Containers
Assignee containers-bugowner@suse.de
Reporter ek@research.att.com
QA Contact qa-bugs@suse.de
Found By ---
Blocker --- 

Created attachment 830181 [details]
working and non-working iptables setups

I have two Leap 15.1 servers on the same subnet.
they are both set up to run VMs using libvirt.
on one of the servers I recently enabled and started the docker service.
since then VMs on this server cannot access the network.
I'm using fixed IPs on both the two hosts and the VMs.
on the host with docker running, the VMs can only access their host, nothing
further out.

docker adds / modifies several iptables rules.
(I don't have SuSEFirewall2 running so the default is to have no rules).

if I reset the iptables rules to the state when docker is not running, the VMs
can access the network again.

I noticed that docker sets the default FORWARD rule to DROP. it is ACCEPT by
default.

is it expected to be able to run both VMs and docker containers on the same
host?

You are receiving this mail because: