On 2023-01-19 08:28, Shorewall via Shorewall-users wrote:
On 2023-01-18 23:52, Simon Matter wrote:
Hi,
I am trying to route traffic from LOC to a network I have configured
in
the routes file.
I may be wrong here but I think the routes file is used for special
cases
when you have more than one internet connections and such things.
For your case, did you add a routing entry to the hosts routing table
via
the OS tools and also enable routing in the kernel?
Regards,
Simon
Everything in LOC has the firewall running shorewall configured as the
Default Gateway. Also, as mentioned in the original post with the
entry in the routes file routing works as expected from the firewall.
Also mentioned in the original post, is when everything is allowed in
shorewall via the entry in the policy file, everything routes as
expected from the LOC network. To me this says that "routing" works
but the firewall is blocking. I may be wrong, but that is the
assumption I am making since I have actually made a connection from
LOC to the network exposed in kubernetes network. I am assuming I
need a RULE to allow the traffic to pass, but since the kubernete
network is not a ZONE, I am not really sure how that would look.
From a windows machine (on LOC network) using nmap, it appears I can
successfully perform a traceroute (to exposed kubernetes IP address) and
it reports host is up but when trying to connect to a specific port
(http/80), then nmap reports state closed. Also, from the firewall the
same nmap command successfully connects to port 80 on the exposed
IP/Port.
Also, by adding the entry in the routes file, the output from `ip ro`,
from the firewall, shows another route has been added, and it looks
correct. It shows everything going to the exposed kubernetes network
needs to go to the IP address of the kubernetes controller IP address.
This is what I want.
I tried disabling Windows Firewall as something to try, and it did not
work. I did not think it would work, as I was able to make the
connection to kubernetes IP/Port when shorewall is configured with the
(all all ACCEPT) in the shorewall policy file. Gut feeling is that
shorewall is blocking connection.
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
