Qemu clients lose Internet access on upgrade to Groovy Gorilla
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
docker (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
Starting configuration. Ubuntu 20.04, Qemu (repository version), also the latest Docker snap.
Actions: Upgrade to Ubuntu 20.10. Qemu and Docker will have been upgraded too, I assume.
Result: The system is fine. However, when I start a Qemu client, it can no longer access the Internet (via the host machine).
Investigation: The network is fine. Clients can access the host. Everything checked out. I suspected that there were issues with the iptables.
I discovered that Ubuntu 20.10 had been switched to using nftables rather than the legacy iptables. There are now two iptables command variants - 'iptables-nft' (aliased to 'iptables') and 'iptables-legacy'. Investigation using 'iptables-legacy' showed a rule on the FORWARD chain which dropped all packets. The rule was added by the Docker snap.
I replaced the iptables legacy DROP rule with an ACCEPT rule and the clients were able to access the Internet again. This confirmed the cause of the issue.
I disabled the Docker snap package and rebooted and the legacy rules were not created and the clients could access the Internet via the host.
Conclusion: The Canonical supplied Docker snap is creating the iptables rules using the legacy command, and not the nft version of the command. This is causing the issue with the Qemu client.
Status changed to 'Confirmed' because the bug affects multiple users.