Bug ID | 1163740 |
---|---|
Summary | libvirt VMs cannot access network when docker service is active |
Classification | openSUSE |
Product | openSUSE Distribution |
Version | Leap 15.1 |
Hardware | 64bit |
OS | Other |
Status | NEW |
Severity | Normal |
Priority | P5 - None |
Component | Containers |
Assignee | containers-bugowner@suse.de |
Reporter | ek@research.att.com |
QA Contact | qa-bugs@suse.de |
Found By | --- |
Blocker | --- |
Created attachment 830181 [details]
working and non-working iptables setups
I have two Leap 15.1 servers on the same subnet.
they are both set up to run VMs using libvirt.
on one of the servers I recently enabled and started the docker service.
since then VMs on this server cannot access the network.
I'm using fixed IPs on both the two hosts and the VMs.
on the host with docker running, the VMs can only access their host, nothing
further out.
docker adds / modifies several iptables rules.
(I don't have SuSEFirewall2 running so the default is to have no rules).
if I reset the iptables rules to the state when docker is not running, the VMs
can access the network again.
I noticed that docker sets the default FORWARD rule to DROP. it is ACCEPT by
default.
is it expected to be able to run both VMs and docker containers on the same
host?