Closed giobart closed 1 year ago
What would be the solution for the Ipv6 table? @smnzlnsk
I currently have a second iptable ip6table
, which does exactly the same as the "ip4table", but for IPv6 firewall rules.
My addition for IPv6 would be:
err = ip6table.AppendUnique("nat", "OUTPUT", "-j", chain)
if err != nil {
log.Fatal(err.Error())
}
Short
The OUTPUT chain in iptables does not jump to the OAKESTRA DNAT rules. This means that when we expose ports the service is not reachable internally on the same node but only outside
Proposal
Adding a jump to the Oakestra chain in the OUTPUT chain enable the DNAT roules for local calls as well. E.g., If right now I deploy a service that uses port tcp 80, the port tcp 80 is exposed externally towards other nodes, but it's not reachable internally using curl:80.
Solution
Can be easily fixed by adding the following code here
Status
testing
Checklist