0

Docker creates its own bridge, and when there is an existing bridge, it seems that the two collide. I have personally experienced that and multiple sources on the Internet mention about that problem. One solution I saw was making Docker use the existing bridge, and this one says that it is because Docker's rules are messing up with KVM's bridge, and provides the solution below.

My question is, why do those two bridge's configuration affect each other? Can't one have completely independent two bridges on one computer with one Ethernet card? That is, one bridge's setting does not affect the other bridge's network.

$ sudo systemctl edit docker.service
 
[Service]
ExecStartPre=/bin/sh -c “/usr/sbin/iptables -D FORWARD -p all -i br0 -j ACCEPT || true”
ExecStartPre=/usr/bin/iptables -A FORWARD -p all -i br0 -j ACCEPT
 
$ sudo reboot
Damn Vegetables
  • 221
  • 2
  • 10

1 Answers1

2

You are mixing things up here. Docker creates a bridge which consists only of all veth interfaces from the running docker containers - the bridge itself does not touch your physical network interface. The communication from your docker containers to the public world is done via routing, not via bridging!

If you would try to add your physical network interface to two different independent bridges, that would be a problem. Having a docker bridge and a different bridge on the same PC does not impose a problem.

You have a different problem though: docker is messing with a kernel setting, causing packets traversing a bridge (layer 2) to be sent up one layer, in order for those packets to be sent through the packet filter, which bridged packets usually do not do. See this question, it has an excellent answer which describes the issue with docker and bridges...

Martin
  • 2,194
  • 7
  • 16