Firewall issue on 2nd nic

[Fran66]

Hello,

Our nodes block ip traffic of VM via firewall on 2nd, 3rd, and so on but not on eth0 (1st main ip) if we disable the firewall everything works this only happens on "RHEL" flavors like Centos, Almalinux, Rocky, etc

On Debian flavors like Ubuntu and Debian all work.

Firewall is enabled on Datacenter, Nodes, VM, and ethernet card. In/out policy: accept.

Any insight?

regards,
Fran

 

[Fran66]

Fixed:

All cloud-init images based on rhel, (rocky, almalinux, redhat, centos) had rp_filter=1 by default which is strict mode and needs to be changed to 2, (loose mode) edit them via virt and add the following:

Example:
virt-edit CentOS-7-x86_64-GenericCloud.qcow2 /etc/sysctl.conf

and add the following inside the file:

net.ipv4.conf.all.rp_filter=2
net.ipv4.conf.default.rp_filter=2
net.ipv4.ip_forward = 1