Setting route destination for DNAT addresses
Ondrej Zajicek
santiago at crfreenet.org
Fri Apr 12 12:34:36 CEST 2019
On Sun, Apr 07, 2019 at 10:52:23PM -0600, Brian Topping wrote:
> The problem is when a service on the same host as the container needs
> to connect to the DNAT address presented for the container. Because the
> local kernel routing table is set to blackhole for an address, the
> traffic is immediately sunk instead of being offered to netfilter.
> Removing that dest line simply sets it to a default of RTD_UNREACHABLE,
> which does the same thing but politely tells the sender that it did so.
That is probably because BGP_NEXT_HOP reported in the route is not
resolvable though your local routing table.
> What I thought would work is to change the line to `ifname = “eno2”`, but doing so generates a parse error. This seems to be a bug in the documentation as the `ifname` attribute is not listed as read-only.
That was changed just recently. Do you have latest version of BIRD?
You can also set the direct next hop by setting 'gw'.
--
Elen sila lumenn' omentielvo
Ondrej 'Santiago' Zajicek (email: santiago at crfreenet.org)
OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
"To err is human -- to blame it on a computer is even more so."
More information about the Bird-users
mailing list