I’m pretty new to docker, and I have been struggling several times to get it working, but every time i end up removing it, because i cannot get the iptables rules to behave the way I want.
I have en existing server running local services, and LXD.
My server is running ubuntu 20.04
Docker version is: 19.03.13, build 4484c46d9d
My NIC’s name is enp2s0, and I have a virtual bridge called virbr0
The virtual bridge is used by LXD, and has my LAN address 10.0.0.200
Docker is creating another virtual bridge called docker0
Whenever i try to install docker, it adds some iptables rules, and everything stops working.
an example is my LXD based pi-hole acting as DNS client for the PC’s on my network. Whenever docker is installed all DNS stops working. I can still ssh from my laptop to the LXD host via IP address though.
If I manually change the forward policy to accept, like this: iptables --policy FORWARD ACCEPT
Everything starts working again, my problem is that this is not persistent, and all my attempts to make it persistent has failed. I have tried different methods, some of the are:
iptables-save > /etc/iptables/rules.v4 and creating a systemd service file restoring the saved rules - no luck
I am also not sure if changing the policy is the right way to do it, I have tried with this:
iptables -A FORWARD -i virbr0 -o enp2s0 -j ACCEPT
iptables -A FORWARD -i enp2s0 -o virbr0 -j ACCEPT
But no success.
Another place i read that changes should be made to the DOCKER-USER chain, I have tried that as well, with no success.
So my questions are:
How do i make my changes persistent (the right way)?
What is the right way to make my existing network work, but still have some docker isolation.
I hope you are able to see what i want, otherwise please ask.
Best regards Kasper