Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The iptables rules in the nat table POTROUTING chain are out of order #1261

Closed
opengers opened this issue Mar 9, 2020 · 0 comments · Fixed by #1264
Closed

The iptables rules in the nat table POTROUTING chain are out of order #1261

opengers opened this issue Mar 9, 2020 · 0 comments · Fixed by #1264

Comments

@opengers
Copy link

opengers commented Mar 9, 2020
edited
Loading

The iptables rules in the nat table POTROUTING chain are out of order

Current Behavior

image
As above, it's a kubernetes node, the last 4 rules are out of order, The normal order should be RETURN, then MASQUERADE, then RETURN, then MASQUERADE

Steps to Reproduce (for bugs)

This problem occurs randomly, so I cannot reproduce it

Context

The temporary workaround is to manually delete a rule, and then wait for flannel to set a new correct rule.
image

And I found that the version of iptables in the image of gcr/coreos-flannel:v0.9.1 is 1.4.21, iptables does not use the lock file when running, as shown below
image

Your Environment

  • Flannel version: 0.9.1
  • vxlan
  • Kubernetes version: 1.13.5 + canal(calico, flannel)
  • Operating System and version: ubuntu16.04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Use iptables-restore to preserve order with MASQ & FORWARD rules ryarnyah/flannel
1 participant
@opengers