-
Notifications
You must be signed in to change notification settings - Fork 30
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Firewall blocks requests between networks #323
Comments
Exact same issue here since upgrade to v0.18.5. I have 4 egress nodes with non of them routing/nating between endpoint networks. However ping inside netmaker network is working fine. Static routes on routers are set. [OK] Ping from netmaker server to any netclient Checked with Netmaker + Netclient on v0.18.6 |
same issue here, removing only drop rule solved for me:
is there any way to edit the firewall rules for nodes on netmaker? i posted similar question in netmaker git |
I am wondering why this |
Having similar issues with 0.19 and docker. [docker host1] -> [docker netclient1] -> [docker netclient2] -> [docker host2] -> [lan] The docker host2 has egress to the lan configured with NAT. In my case I was able to ping the host lan ip of the docker host2 running the netclient2 docker container.
After that I was still not able to ping or connected to services on the egress lan. Docker sets
After following the suggestion at https://docs.docker.com/network/iptables/#docker-on-a-router, running this command on docker host2 made that work too.
Not saying this is a solution. But for some reason the general Docker forward deny rule seems to byte the netclient forwarding needs. ps. the netclient docker image is using legacy iptables. If your host uses the newer nf based iptables, you will need to call to do above
|
Netmaker and Netclient are v0.18.5.
I have a netmaker network 10.1.0.0/24 and two nodes: 10.1.0.1/24 (test1) and 10.1.0.2/24 (test2).
Both of the nodes are egress gateways with networks:
Netclient sets iptables rules for 10.1.0.1/24 (test1):
These rules reject all packets from 10.1.6.0/24 network. For example packet from 10.1.6.10 to 10.1.5.10 is forbidden.
The text was updated successfully, but these errors were encountered: