KVM bridge - no vm guest connection since Docker install

Issues related to configuring your network
t3kg33k
Posts: 24
Joined: 2016/02/26 19:45:27

KVM bridge - no vm guest connection since Docker install

Post by t3kg33k » 2020/08/21 22:34:26

My virtual guest are not able to get a network connection since installing Docker on my virtual host. This may be a coincident but all things point to Docker being the issue.
Here is what I configured initially for bridging on my host machine with one NIC after installing libvirt:

1. nmcli connection down eno1
2. nmcli connection delete eno1
3. nmcli connection add type bridge con-name br0 ifname br0 ipv6.method ignore ipv4.method manual ipv4.addresses 192.168.15.31/24 ipv4.gateway 192.168.15.1 ipv4.dns 1.1.1.1 bridge.stp no
4. nmcli connection add type ethernet con-name br-eno1 ifname eno1 master br0
5. nmcli connection up br0
6. virsh net-autostart --network default --disable

After, I had no issues with my virtual guest connecting to the network and retrieving an IP address via the bridged network on the same network as the host. Since installing Docker, my guest will no longer connect. My only thought is that Docker did something to the network stack that caused everything to go wonky, specifically with my bridge configuration.
Anyone have any idea how I can fix this without messing up both libvirt and Docker?
Thanks in advance.

t3kg33k
Posts: 24
Joined: 2016/02/26 19:45:27

Re: KVM bridge - no vm guest connection since Docker install

Post by t3kg33k » 2020/08/24 05:13:30

Can anyone assist?

User avatar
jlehtone
Posts: 3180
Joined: 2007/12/11 08:17:33
Location: Finland

Re: KVM bridge - no vm guest connection since Docker install

Post by jlehtone » 2020/08/26 06:15:54

We know what you did, but what you do have now (after Docker)?

Code: Select all

nmcli d s
nmcli c s
ip ro

t3kg33k
Posts: 24
Joined: 2016/02/26 19:45:27

Re: KVM bridge - no vm guest connection since Docker install

Post by t3kg33k » 2020/08/26 10:43:04

nmcli d s

Code: Select all

DEVICE   TYPE      STATE      CONNECTION 
br0      bridge    connected  br0        
docker0  bridge    connected  docker0    
eno1     ethernet  connected  br-eno1    
lo       loopback  unmanaged  --   


nmcli c s

Code: Select all

NAME     UUID                                  TYPE      DEVICE  
br0      eb43ab1c-4604-449a-8ea9-b259a82ba2b8  bridge    br0     
docker0  13772c65-de7c-4adf-82c2-a015784f9819  bridge    docker0 
br-eno1  e845858d-b952-4c63-919a-5c886048493f  ethernet  eno1


ip ro

Code: Select all

default via 192.168.15.1 dev br0 proto static metric 425 
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown 
192.168.15.0/24 dev br0 proto kernel scope link src 192.168.15.31 metric 425 

darthbolek
Posts: 24
Joined: 2019/03/17 11:48:21

Re: KVM bridge - no vm guest connection since Docker install

Post by darthbolek » 2020/08/26 13:09:37

Did docker load module br_netfilter?

lsmod | grep br_netfilter

t3kg33k
Posts: 24
Joined: 2016/02/26 19:45:27

Re: KVM bridge - no vm guest connection since Docker install

Post by t3kg33k » 2020/08/26 13:14:05

darthbolek wrote:
2020/08/26 13:09:37
Did docker load module br_netfilter?

lsmod | grep br_netfilter
It looks like it did

Code: Select all

sudo lsmod | grep br_netfilter
br_netfilter           24576  0
bridge                192512  1 br_netfilter

darthbolek
Posts: 24
Joined: 2019/03/17 11:48:21

Re: KVM bridge - no vm guest connection since Docker install

Post by darthbolek » 2020/08/26 13:35:47

Your bridge traffic goes through firewall now... :)

t3kg33k
Posts: 24
Joined: 2016/02/26 19:45:27

Re: KVM bridge - no vm guest connection since Docker install

Post by t3kg33k » 2020/08/26 13:38:15

darthbolek wrote:
2020/08/26 13:35:47
Your bridge traffic goes through firewall now... :)
Which firewall? iptables? Because I have firewalld stopped and disabled.

darthbolek
Posts: 24
Joined: 2019/03/17 11:48:21

Re: KVM bridge - no vm guest connection since Docker install

Post by darthbolek » 2020/08/26 13:45:48

I am not sure how much docker needs this, but in podman it is required for communication between containers via host ip.
If your containers talk to each other directly (and not via mapped host ip), than it should be safe to unload this module (at least it is for podman).

darthbolek
Posts: 24
Joined: 2019/03/17 11:48:21

Re: KVM bridge - no vm guest connection since Docker install

Post by darthbolek » 2020/08/26 13:54:44

t3kg33k wrote:
2020/08/26 13:38:15
Which firewall? iptables? Because I have firewalld stopped and disabled.
It is nftables now.
br_netfilter module has something to do with firewalls, masquarading, and sending bridge traffic through firewall.
I am not sure what is its relation to firewalld.

Post Reply

Return to “CentOS 8 - Networking Support”