Docker containers and KVM VMs on host bridge in a single system causes firewall REJECT

Solution Verified - Updated -

Issue

  • When docker is started, KVM VM can not route outside of hypervisor's bridge.
  • ssh from outside the host returns No route to host
$ ssh root@192.168.100.221
ssh: connect to host 192.168.100.221 port 22: No route to host
  • ping from outside the host is successful
$ ping 192.168.100.221
PING 192.168.100.221 (192.168.100.221) 56(84) bytes of data.
64 bytes from 192.168.100.221: icmp_seq=1 ttl=64 time=0.761 ms
64 bytes from 192.168.100.221: icmp_seq=2 ttl=64 time=0.661 ms
^C
--- 192.168.100.221 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 0.661/0.711/0.761/0.050 ms

Environment

  • Red Hat Enterprise Linux 7
  • KVM VM on host provided bridge (not on bridge managed by libvirtd.)
  • systemd docker.service started.

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content