Docker Community Forums

Share and learn in the Docker community.

Running docker on exisiting homeserver (iptables)

Hi all,

I’m pretty new to docker, and I have been struggling several times to get it working, but every time i end up removing it, because i cannot get the iptables rules to behave the way I want.

I have en existing server running local services, and LXD.
My server is running ubuntu 20.04
Docker version is: 19.03.13, build 4484c46d9d
My NIC’s name is enp2s0, and I have a virtual bridge called virbr0
The virtual bridge is used by LXD, and has my LAN address
Docker is creating another virtual bridge called docker0

Whenever i try to install docker, it adds some iptables rules, and everything stops working.
an example is my LXD based pi-hole acting as DNS client for the PC’s on my network. Whenever docker is installed all DNS stops working. I can still ssh from my laptop to the LXD host via IP address though.

If I manually change the forward policy to accept, like this: iptables --policy FORWARD ACCEPT
Everything starts working again, my problem is that this is not persistent, and all my attempts to make it persistent has failed. I have tried different methods, some of the are:
iptables-save > /etc/iptables/rules.v4 and creating a systemd service file restoring the saved rules - no luck

I am also not sure if changing the policy is the right way to do it, I have tried with this:
iptables -A FORWARD -i virbr0 -o enp2s0 -j ACCEPT
iptables -A FORWARD -i enp2s0 -o virbr0 -j ACCEPT
But no success.

Another place i read that changes should be made to the DOCKER-USER chain, I have tried that as well, with no success.

So my questions are:
How do i make my changes persistent (the right way)?
What is the right way to make my existing network work, but still have some docker isolation.

I hope you are able to see what i want, otherwise please ask.

Best regards Kasper

For the best experience of developing with Docker and WSL 2, we suggest having your code inside a Linux distribution. This improves the file system performance and thanks to products like VSCode mean you can still do all of your work inside the Windows UI and in an IDE you know and love.

Firstly make sure you are on the Windows insider program, are on 19040 and have installed Docker Desktop Edge.

Next install a WSL distribution of Linux (for this example I will assume something like Ubuntu from the Microsoft store).

You may want to check your distro is set to V2, to check in powershell run

wsl -l -v

If you see your distro is a version one you will need to run

wsl ‐‐set-version DistroName 2

Once you have a V2 WSL distro, Docker Desktop will automatically set this up with Docker.

The next step is to start working with your code inside this Ubuntu distro and ideally with your IDE still in Windows. In VSCode this is pretty straightforward.

You will want to open up VSCode and install the Remote WSL extension, this will allow you to work with a remote server in the Linux distro and your IDE client still on Windows.

Now we need to get started working in VSCode remotely, the easiest way to do this is to open up your terminal and type:

code .

This will open a new VSCode connected remotely to your default distro which you can check in the bottom corner of the screen.

Thank you for a long and thoroughly explanation on WSL, But I think you might replied to the wrong post.