On Sun, Apr 07, 2019 at 10:52:23PM -0600, Brian Topping wrote:
The problem is when a service on the same host as the container needs to connect to the DNAT address presented for the container. Because the local kernel routing table is set to blackhole for an address, the traffic is immediately sunk instead of being offered to netfilter. Removing that dest line simply sets it to a default of RTD_UNREACHABLE, which does the same thing but politely tells the sender that it did so.
That is probably because BGP_NEXT_HOP reported in the route is not resolvable though your local routing table.
What I thought would work is to change the line to `ifname = “eno2”`, but doing so generates a parse error. This seems to be a bug in the documentation as the `ifname` attribute is not listed as read-only.
That was changed just recently. Do you have latest version of BIRD? You can also set the direct next hop by setting 'gw'. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."