KVM windows vm inside docker unable to access internet

docker windows linux iptables kvm-virtualization

I am trying to use kvm inside docker with the inspiration from an article (https://medium.com/axon-technologies/installing-a-windows-virtual-machine-in-a-linux-docker-container-c78e4c3f9ba1) that shows how to enable 3389 on the vm, which is inside docker, to be reach from host. This works, but I would to take it a little further and allow internet access from the vm. Anyone that could help me? This is the current script I am trying to get to work:

set -eou pipefail

chown root:kvm /dev/kvm
service libvirtd start
service virtlogd start
VAGRANT_DEFAULT_PROVIDER=libvirt vagrant up
VAGRANT_ADDRESS=$(vagrant address default)

iptables-save > $HOME/firewall.txt
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

iptables -A FORWARD -i eth0 -o virbr1 -p tcp --syn --dport 3389 -m conntrack --ctstate NEW -j ACCEPT
iptables -A FORWARD -i eth0 -o virbr1 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i virbr1 -o eth0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 3389 -j DNAT --to-destination ${VAGRANT_ADDRESS}
iptables -t nat -A POSTROUTING -o virbr1 -p tcp --dport 3389 -d ${VAGRANT_ADDRESS} -j SNAT --to-source 192.168.121.1


iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination ${VAGRANT_ADDRESS}
iptables -t nat -A POSTROUTING -o virbr1 -p tcp --dport 80 -d ${VAGRANT_ADDRESS} -j SNAT --to-source 192.168.121.1

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j DNAT --to-destination ${VAGRANT_ADDRESS}
iptables -t nat -A POSTROUTING -o virbr1 -p tcp --dport 443 -d ${VAGRANT_ADDRESS} -j SNAT --to-source 192.168.121.1

iptables -t nat -A PREROUTING -i eth0 -p udp --dport 53 -j DNAT --to-destination ${VAGRANT_ADDRESS}
iptables -t nat -A POSTROUTING -o virbr1 -p udp --dport 53 -d ${VAGRANT_ADDRESS} -j SNAT --to-source 192.168.121.1


iptables -D FORWARD -o virbr1 -j REJECT --reject-with icmp-port-unreachable
iptables -D FORWARD -i virbr1 -j REJECT --reject-with icmp-port-unreachable
iptables -D FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
iptables -D FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable

exec "$@"

I can access the internet from within the container, but the windows kvm box cannot.


Solution 1:

After googling and trying a lot of different things, this did the trick:

sysctl -w net.ipv4.ip_forward=1
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Related

vSphere ESX 5.5 hosts cannot connect to NFS Server
Device busy when reading from tape drive with tar
tar/dd - Error writing to tape drive - Device or resource busy
Error getting validation data when Installing Certbot on Debian8.7-Jessie Linux
how to enable http/2 on apache2 using ubuntu 20.04?
Can DNS TXT record broke website? [closed]
subdomain vs subfolder in site address
What IPv4 endpoint should I mention?
sudden "Could not evaluate: Field 'key' is required" errors when generating exported SSH keys
What would happen to our data if our GCP Datacenter goes down?
Required server capabilities for a video platform? [duplicate]
UnicodeDecodeError in Python when reading a file, how to ignore the error and jump to the next line?