Recently my ISP "gifted" me a new ax router for "free". It's Broadcom so no OpenWrt in the future and it doesn't support running in pure AP mode. So I figure I can use ISP router to provide WiFi and do PPPoE, while running OpenWrt on my RasPi3 as the gateway. This is for my parents who is currently having shitty broadband so 100M Ethernet on RPi3 will not be a bottleneck, and I can reclaim my beloved Archer C7 (currently in their house along with RPi as docker host) to use as a pure AP in my apartment.
It was pretty straight forward to set up. I disabled DHCP on ISP router, and put its IP in OpenWrt interface's gateway field. Turned on masquerade on lan firewall zone and I got the thing working.
Except docker.
When I opkg install dockerd the network stops working. I can still ssh into RPi or login ISP router, but forwarding on RPi is complete broken. RPi itself still has the internet. It just won't forwarding any packet for other devices.
I have read docker's document and ran iptables -I DOCKER-USER -j ACCEPT. Still not working. I actually have another router running docker on OpenWrt (ESPRESSObin) and never had to do anything special, although that one has multiple ports and is doing PPPoE on the device with proper wan zone.
At the moment my limited knowledge on iptables is not enough to figure out what's wrong. I'd like to see if anyone has done something similar.