If I have a host that does not have Docker and I am creating libvirt VMs, I would just create a bridge network no my host and then have the VM use that and the VM would get an IP on my router/LAN. This works.

But if I have a host that has Docker installed, this won’t work because docker mucks about with FW rules. So the VMs won’t get an IP.

I’m desperate to figure out how to get this to work? There must be a way to make it so a libvirt VM get an IP from my router on a host that’s also running Docker.

This is the related documentation

1. You can add additional rules to the DOCKER-USER chain. This is what I did, but then you need to make sure the rules are added every time you reboot your machine. The “Docker on a router” section in the documentation shows what you could add to the DOCKER-USER chain.
2. You could disable manipulating iptables, but as the documentation says, you can’t completely disable it and it will break your container networking.
3. It is not mentioned in the documentation as it is not relevant there, but depending on what you need Docker for, you could use LXD for containers and virtual machines as well. I also switched to LXD from libvirt, but if you want to run Docker containers, you will have the same issue.
4. Again, this might not be a solution for you, but you could run Docker in a virtual machine.

So I think these are your options.

Thanks. I can’t figure all of the iptables crap out so I’m gonna have to run Docker on a VM.

I do wish Docker had a more native way to not mess with network bridges for libvirt.