Setting route destination for DNAT addresses
Brian Topping
brian.topping at gmail.com
Fri Apr 12 20:41:56 CEST 2019
> On Apr 12, 2019, at 4:34 AM, Ondrej Zajicek <santiago at crfreenet.org> wrote:
>
> On Sun, Apr 07, 2019 at 10:52:23PM -0600, Brian Topping wrote:
>> The problem is when a service on the same host as the container needs
>> to connect to the DNAT address presented for the container. Because the
>> local kernel routing table is set to blackhole for an address, the
>> traffic is immediately sunk instead of being offered to netfilter.
>> Removing that dest line simply sets it to a default of RTD_UNREACHABLE,
>> which does the same thing but politely tells the sender that it did so.
>
> That is probably because BGP_NEXT_HOP reported in the route is not
> resolvable though your local routing table.
>
> You can also set the direct next hop by setting 'gw’.
Thanks for both of those.
> That was changed just recently. Do you have latest version of BIRD?
EPEL has 2.0.2, looks like 2.0.4 is the latest. I’ll build from the spec file and go from there.
Cheers! B
More information about the Bird-users
mailing list