Use this guide to install Kubernetes on Vagrant cluster:

https://kubernetes.io/docs/getting-started-guides/kubeadm/

At (2/4) Initializing your master, there came some errors:

[root@localhost ~]# kubeadm init
[kubeadm] WARNING: kubeadm is in beta, please do not use it for production clusters.
[init] Using Kubernetes version: v1.6.4
[init] Using Authorization mode: RBAC
[preflight] Running pre-flight checks
[preflight] Some fatal errors occurred:
    /proc/sys/net/bridge/bridge-nf-call-iptables contents are not set to 1
[preflight] If you know what you are doing, you can skip pre-flight checks with `--skip-preflight-checks`

I checked the /proc/sys/net/bridge/bridge-nf-call-iptables file content, there is only one 0 in it.

At (3/4) Installing a pod network, I downloaded kube-flannel file:

https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

And run kubectl apply -f kube-flannel.yml, got error:

[root@localhost ~]# kubectl apply -f kube-flannel.yml
The connection to the server localhost:8080 was refused - did you specify the right host or port?

Until here, I don't know how to goon.

My Vagrantfile:

  # Master Server
  config.vm.define "master", primary: true do |master|
    master.vm.network :private_network, ip: "192.168.33.200"
    master.vm.network :forwarded_port, guest: 22, host: 1234, id: 'ssh'
  end

In order to set /proc/sys/net/bridge/bridge-nf-call-iptables by editing /etc/sysctl.conf. There you can add [1]

net.bridge.bridge-nf-call-iptables = 1

Then execute

sudo sysctl -p

And the changes will be applied. With this the pre-flight check should pass.

[1] http://wiki.libvirt.org/page/Net.bridge.bridge-nf-call_and_sysctl.conf

Update @2019/09/02

Sometimes modprobe br_netfilter is unreliable, you may need to redo it after relogin, so use the following instead when on a systemd sytem:

echo br_netfilter > /etc/modules-load.d/br_netfilter.conf
systemctl restart systemd-modules-load.service
echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables
echo 1 > /proc/sys/net/bridge/bridge-nf-call-ip6tables

YES, the accepted answer is right, but I faced with

cannot stat /proc/sys/net/bridge/bridge-nf-call-ip6tables: No such file or directory

So I did

modprobe br_netfilter

echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables
echo 1 > /proc/sys/net/bridge/bridge-nf-call-ip6tables
sudo sysctl -p

Then solved.

On Ubuntu 16.04 I just had to:

modprobe br_netfilter

Default value in /proc/sys/net/bridge/bridge-nf-call-iptables is already 1.

Then I added br_netfilter to /etc/modules to load the module automatically on next boot.