so... that did add an iptables entry that was there (the first one) but Netmaker had already added the two that appear to be necessary to forward the traffic. looks like this now: from iptalbes -L: Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere netmakerfilter all -- anywhere 172.17.0.0/16 /* NETMAKER */ netmakerfilter all -- anywhere 172.22.0.0/16 /* NETMAKER */ and it still won't forward any traffic through my container. I did try recreating as a privileged container but still no luck. Any other thoughts?