GitHub user braveadmin edited a discussion: Configuring MetalLB with as Load
Balancer for Cloudstack
I have been trying to use MetalLB as Load Balancer for my CloudStack
installation. However, I found that the IPs shared by MetalLB are being blocked
by nftables rules.
Only when I modified the nftables and left only the minimum it started working:
```
table inet filter {
chain INPUT {
type filter hook input priority filter; policy accept;
iifname "lo" accept
ct state established,related accept
ip protocol icmp accept
tcp dport { 22, 1798, 5900-6100, 16514, 49152-49216 } accept
tcp dport { 8080, 8250, 8443, 9090 } accept
tcp dport { 111, 2049 } accept
tcp dport 6443 accept
tcp dport 80 accept
}
chain FORWARD {
type filter hook forward priority filter; policy accept;
}
chain OUTPUT {
type filter hook output priority filter; policy accept;
meta pkttype multicast drop
}
}
table bridge filter {
chain OUTPUT {
type filter hook output priority filter; policy accept;
ether daddr 01:80:c2:00:00:00 counter packets 0 bytes 0 drop
ether daddr 01:00:0c:cc:cc:cd counter packets 0 bytes 0 drop
}
}
```
These are the rules generated automatically by CloudStack:
[rules.2.txt](https://github.com/user-attachments/files/18425094/rules.2.txt)
Is there an easier way to configure MetalLB? If not, which rules should I add
to the nftrules to allow IPs to be reached?
GitHub link: https://github.com/apache/cloudstack/discussions/10191
----
This is an automatically sent email for [email protected].
To unsubscribe, please send an email to: [email protected]
