Giter Club home page Giter Club logo

Comments (2)

Luap99 avatar Luap99 commented on September 27, 2024

Can be more specific, what rules are you talking about. Podman doesn't manage any firewall rules that is done by netavark. And netavark create normal NAT rules, assuming you use iptables-nft it should already be translated ruleset otherwise we recently added a direct nftables driver. Try using export NETAVARK_FW=nftables and then run podman and have a look if the rules look good to you

from podman.

uenokatsura avatar uenokatsura commented on September 27, 2024

Can be more specific, what rules are you talking about.

I mean route with SRC set. Cause on my machine(Debian Testing), netavark seems to just ignore the SRC value and SNAT to address on the outbound interface.

table ip6 nat { # handle 16
        chain NETAVARK-0D76D767645F0 { # handle 1
                ip6 daddr fdc0:a8::/32 counter packets 0 bytes 0 accept # handle 2
                ip6 daddr != ff00::/8 counter packets 229 bytes 23168 # Warning: XT target MASQUERADE not found
xt target "MASQUERADE" # handle 3
        }

        chain POSTROUTING { # handle 4
                type nat hook postrouting priority srcnat; policy accept;
                counter packets 95951 bytes 20871486 jump NETAVARK-HOSTPORT-MASQ # handle 11
                ip6 saddr fdc0:a8::/32 counter packets 288 bytes 29007 jump NETAVARK-0D76D767645F0 # handle 5
        }

        chain NETAVARK-HOSTPORT-SETMARK { # handle 6
                counter packets 0 bytes 0 meta mark set mark or 0x2000 # handle 9
        }

        chain NETAVARK-HOSTPORT-MASQ { # handle 7
                 meta mark & 0x00002000 == 0x00002000 counter packets 0 bytes 0 # Warning: XT target MASQUERADE not found
xt target "MASQUERADE" # handle 10
        }

        chain NETAVARK-HOSTPORT-DNAT { # handle 8
        }
…
}

The old iptables-nft rule. which doesn’t seems to really handle the SNAT.

export NETAVARK_FW=nftables

Thanks. Can confirm it’s working properly with nf masquerade on latest 5.0.2 .
Though my current distro is on 4.9.3 .

from podman.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.