No access to containers without "iptables -P FORWARD ACCEPT"

Hi,

I’m new to dockerizing and installed Rancher 2 on a Debian 10.5 VM running docker. I can access the Rancher docker container using the Rancher WebUI from another host. This way I created a kubernetes cluster and added 2 containers to that cluster (guacamole and heimdall). I mapped the ports using Rancher WebUI:

But these ports aren’t accessible by browser from the LAN untill I run “iptables -P FORWARD ACCEPT”.

So it looks like rancher/kubernetes isn’t allowed to forward there ports to the lan.

What is the right way to fix this?
Why are there no iptables forward rules created?
Is it possible to allow forwarding for specific ports using the Rancher WebUI?
I’ve read somewhere that Rancher needs a load balancer to make containers accessible by the internet but I don’t have a load balancer running. May this be the problem and the load balancer should create the forward rules?
Or do I always need to manually edit the docker iptable rules to allow to forward each port I use with my kubernetes cluster?

Is it right to generally allow every forwarded traffic?