[BUG] The SNAT pod is unable to access fip that bound to another pod

[qcu266]

Kube-OVN Version

v1.12.12

Kubernetes Version

v1.24.1

Operation-system/Kernel Version

CentOS Stream 8 5.4.236-1.el8.elrepo.x86_64

Description

PR: https://github.com/kubeovn/kube-ovn/pull/2911 The addition of the -o net1 parameter in this PR will cause pods within the VPC that use SNAT to be unable to access pods binding with fip. Considering the description of this PR, is it intended to address the issue of vpc-nat-gateway pods being unable to access other pods within the VPC? It seems that removing the -o net1 parameter during testing does not lead to this issue.

Steps To Reproduce

podA  ip: 10.116.80.141  snat: 10.122.194.106
podB  ip: 10.116.80.9    fip:  10.122.195.20

podA access podB fip 10.122.195.20

10.116.80.141 > 10.122.195.20

Current Behavior

It is unable to access, and upon packet capture, it is observed that only the DNAT transformation of the NAT postrouting chain is completed, while the SNAT rules seem to remain unchanged due to the -o net1 parameter.

08:29:42.304406 eth0  In  IP 10.116.80.141.42624 > 10.122.195.20.9640: Flags [S], seq 2568096467, win 64240, options [mss 1460,sackOK,TS val 2353869530 ecr 0,nop,wscale 7], length 0
08:29:42.304429 eth0  Out IP 10.116.80.141.42624 > 10.116.80.9.9640: Flags [S], seq 2568096467, win 64240, options [mss 1460,sackOK,TS val 2353869530 ecr 0,nop,wscale 7], length 0

Expected Behavior

---

[github-actions[bot]]

Issues go stale after 60d of inactivity. Please comment or re-open the issue if you are still interested in getting this issue fixed.

[qcu266]

@oilbeater Could you please help take a look at this issue?

[bobz965]

the bug exists, but we still have no time to fix it. maybe later.

[github-actions[bot]]

Issues go stale after 60d of inactivity. Please comment or re-open the issue if you are still interested in getting this issue fixed.