jlin-nf
commented
1 year ago This issue happens on version 0.27.5, i tested it with 0.27.2, the iptables were setup correctly.
Closed jlin-nf closed 1 year ago
jlin-nf
commented
1 year ago This issue happens on version 0.27.5, i tested it with 0.27.2, the iptables were setup correctly.
During a test of modifying the services, I noticed the NF-INTERCEPT chain is removed. After some more testing, I noticed the chain is removed when the last intercept is removed from the node.
After the chain is removed, no more intercepts can be added until I perform a restart of the ziti-router.
The error message from the log:
[2023-04-04 16:21:49.431] DEBUG github.com/openziti/edge/tunnel/router.AddLocalAddress: adding local address '192.11.11.11/32' to interface lo [2023-04-04 16:21:49.431] DEBUG github.com/openziti/edge/tunnel/intercept.addrTracker.AddAddress: adding 192.11.11.11/32 from address tracker: map[192.11.11.11/32:1] [2023-04-04 16:21:49.431] INFO github.com/openziti/edge/tunnel/intercept/tproxy.(tProxy).addInterceptAddr: Adding rule iptables -t mangle -A NF-INTERCEPT [-m comment --comment azurestack-ssh -d 192.11.11.11/32 -p tcp --dport 22:22 -j TPROXY --tproxy-mark 0x1/0x1 --on-ip=127.0.0.1 --on-port=42931] [2023-04-04 16:21:49.435] DEBUG github.com/openziti/edge/tunnel/intercept/tproxy.(tProxy).Apply: failed for service azurestack-ssh, intercepting proto: tcp, cidr: 192.11.11.11/32, ports: 22:22