KVM 사용 시 Bridge mode로 GuestOS에 네트워크 셋팅을 해도 동작을 안하는 경우가 있다. 게이트웨이나 DNS로 ping조차 안가는데, docker 와 함께 사용 시 문제가 발생한다.
docker가 iptables 의 FORWARD chain의 정책을 DROP으로 해버리기 때문이다.
oot@justiny-desktop:~# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy DROP)
target prot opt source destination
DOCKER-USER all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-1 all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain DOCKER (1 references)
target prot opt source destination
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target prot opt source destination
DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-ISOLATION-STAGE-2 (1 references)
target prot opt source destination
DROP all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-USER (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere 다음처럼 해주면 잘된다.
# iptables -A FORWARD -i br0 -o br0 -j ACCEPT