lyyao09
commented
4 years ago The reason is that the default rule of FORWARD chain in my environment is drop.
Closed lyyao09 closed 4 years ago
lyyao09
commented
4 years ago The reason is that the default rule of FORWARD chain in my environment is drop.
@murali-reddy,I have been using egress for a while and it‘s working well.
However, when using it on the newly installed Centos7.6 operating system recently, it was discovered that the egress traffic from the director to the gateway was discarded by gateway(Occurs probabilistically when installing a new operating system). I guarantee that the iptables rules and policy routing are configured correctly.
The strange thing is that the location of the traffic loss is between the filter.FORWARD and mangle.POSTROUTING chains of iptables(It can be seen by iptables trace log). I don’t know what happened and there is no corresponding debugging method.
Aug 4 16:01:56 node41 kernel: TRACE: filter:FORWARD:policy:10 IN=eth0 OUT=eth0 MAC=0c:da:41:1d:ca:e6:0c:da:41:1d:63:4c:08:00 SRC=177.177.254.67 DST=100.100.2.14 LEN=84 TOS=0x00 PREC=0x00 TTL=62 ID=12251 DF PROTO=ICMP TYPE=8 CODE=0 ID=181 SEQ=1674At present, I suspect that it may be related to the kernel parameters of the operating system. I don’t know what kernel parameters are needed (except rp_filter), or is there any debugging method ?