[feature request] portmap support masquerade-all option
#771
Labels
Comments
|
I'm having trouble understanding what is going on. What addresses live where? |
|
@BSWANG can you clarify the diagram? What are 1.1.1.1 and 2.2.2.2? Is the square a node in a cluster? And is 192.168.0.1 and 0.2 NICs on the node? Is 10.0.0.1 the container? |
|
In your use-case, what is the source-ip and dest-ip of the incoming packet from client -> pod? When the pod replies, what is the source-ip and dest-ip of hte outgoing packet? |
|
Are you able to give the output of 'ip r' on the host node? |
dcbw
changed the title
portmap support masquerad-all optionportmap support masquerade-all option
|
@dcbw @MikeZappa87 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When k8s cluster use
ipvlanL3/L2,macvlanor otherunderlaynetwork plugin. The traffic come back from pod to host maybe not go throughconntrackin host, and can not un-snat tohostipwhich client requested.Masquerad all traffic can make sure the pod reply come back to host and go through
conntrackin host.The text was updated successfully, but these errors were encountered: