I can access to an application installed in k8s inside proxmox NAT

[Juliet]

idk Kubernetes world, seems there is another sub network.
but why it display 30900 -> 8080 ? if it's true, then you need iptables nat forward --to 192.168.1.2:8080 ...

i have also tries with 8080


i also change the ip tables ..but i still cant access to the app in @ipproxmox:8080

 

[shanreich]

changing the configuration and simply reloading, doesn't always remove the NAT rules from iptables. Can you post the output of

iptables -t nat -L

 

[Juliet]

changing the configuration and simply reloading, doesn't always remove the NAT rules from iptables. Can you post the output of

iptables -t nat -L

hi yes of cours here's the output :

Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
DNAT       tcp  --  anywhere             anywhere             tcp dpt:32768 to:192.168.1.2:22
DOCKER     all  --  anywhere             anywhere             ADDRTYPE match dst-type LOCAL
DNAT       tcp  --  anywhere             anywhere             tcp dpt:32768 to:192.168.1.2:22
DNAT       tcp  --  anywhere             anywhere             tcp dpt:32768 to:192.168.1.2:22
DNAT       tcp  --  anywhere             anywhere             tcp dpt:30800 to:192.168.1.2:30800
DNAT       tcp  --  anywhere             anywhere             tcp dpt:32768 to:192.168.1.2:22
DNAT       tcp  --  anywhere             anywhere             tcp dpt:30800 to:192.168.1.2:30800
DNAT       tcp  --  anywhere             anywhere             tcp dpt:http-alt to:192.168.1.2:8080
DNAT       tcp  --  anywhere             anywhere             tcp dpt:32768 to:192.168.1.2:22
DNAT       tcp  --  anywhere             anywhere             tcp dpt:30800 to:192.168.1.2:30800
DNAT       tcp  --  anywhere             anywhere             tcp dpt:30900 to:192.168.1.2:30900
DNAT       tcp  --  anywhere             anywhere             tcp dpt:32768 to:192.168.1.2:22
DNAT       tcp  --  anywhere             anywhere             tcp dpt:30800 to:192.168.1.2:30800
DNAT       tcp  --  anywhere             anywhere             tcp dpt:30900 to:192.168.1.2:30900
DNAT       tcp  --  anywhere             anywhere             tcp dpt:32768 to:192.168.1.2:22
DNAT       tcp  --  anywhere             anywhere             tcp dpt:30800 to:192.168.1.2:30800
DNAT       tcp  --  anywhere             anywhere             tcp dpt:32768 to:192.168.1.2:22
DNAT       tcp  --  anywhere             anywhere             tcp dpt:30800 to:192.168.1.2:30800
DNAT       tcp  --  anywhere             anywhere             tcp dpt:32768 to:192.168.1.2:22
DNAT       tcp  --  anywhere             anywhere             tcp dpt:30800 to:192.168.1.2:30800
DNAT       tcp  --  anywhere             anywhere             tcp dpt:30900 to:192.168.1.2:30900
DNAT       tcp  --  anywhere             anywhere             tcp dpt:32768 to:192.168.1.2:22
DNAT       tcp  --  anywhere             anywhere             tcp dpt:30800 to:192.168.1.2:30800
DNAT       tcp  --  anywhere             anywhere             tcp dpt:30900 to:192.168.1.2:30900
DNAT       tcp  --  anywhere             anywhere             tcp dpt:32768 to:192.168.1.2:22
DNAT       tcp  --  anywhere             anywhere             tcp dpt:30800 to:192.168.1.2:30800
DNAT       tcp  --  anywhere             anywhere             tcp dpt:30900 to:192.168.1.2:30900
DNAT       tcp  --  anywhere             anywhere             tcp dpt:32768 to:192.168.1.2:22
DNAT       tcp  --  anywhere             anywhere             tcp dpt:30800 to:192.168.1.2:30800
DNAT       tcp  --  anywhere             anywhere             tcp dpt:32768 to:192.168.1.2:22
DNAT       tcp  --  anywhere             anywhere             tcp dpt:30800 to:192.168.1.2:30800
DNAT       tcp  --  anywhere             anywhere             tcp dpt:30900 to:192.168.1.2:30900
DNAT       tcp  --  anywhere             anywhere             tcp dpt:32768 to:192.168.1.2:22
DNAT       tcp  --  anywhere             anywhere             tcp dpt:30800 to:192.168.1.2:30800
DNAT       tcp  --  192.168.1.0/24       anywhere             tcp dpt:30900 to:192.168.1.2:30900
DNAT       tcp  --  anywhere             anywhere             tcp dpt:32768 to:192.168.1.2:22
DNAT       tcp  --  anywhere             anywhere             tcp dpt:30800 to:192.168.1.2:30800
DNAT       tcp  --  192.168.1.0/24       anywhere             tcp dpt:30900 to:192.168.1.2:30900
DNAT       tcp  --  anywhere             anywhere             tcp dpt:32768 to:192.168.1.2:22
DNAT       tcp  --  anywhere             anywhere             tcp dpt:30800 to:192.168.1.2:30800
DNAT       tcp  --  anywhere             anywhere             tcp dpt:http-alt to:192.168.1.2:8080

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
DOCKER     all  --  anywhere            !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  all  --  172.17.0.0/16        anywhere
MASQUERADE  all  --  192.168.1.0/24       anywhere
MASQUERADE  all  --  192.168.1.0/24       anywhere
MASQUERADE  all  --  192.168.1.0/24       anywhere
MASQUERADE  all  --  192.168.1.0/24       anywhere
MASQUERADE  all  --  192.168.1.0/24       anywhere
MASQUERADE  all  --  192.168.1.0/24       anywhere
MASQUERADE  all  --  192.168.1.0/24       anywhere
MASQUERADE  all  --  192.168.1.0/24       anywhere
MASQUERADE  all  --  192.168.1.0/24       anywhere
MASQUERADE  all  --  192.168.1.0/24       anywhere
MASQUERADE  all  --  192.168.1.0/24       anywhere
MASQUERADE  all  --  192.168.1.0/24       anywhere
MASQUERADE  all  --  192.168.1.0/24       anywhere
MASQUERADE  all  --  192.168.1.0/24       anywhere
MASQUERADE  all  --  192.168.1.0/24       anywhere
MASQUERADE  all  --  192.168.1.0/24       anywhere

Chain DOCKER (2 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

if could help please ?

 

[_gabriel]

as already said, reboot to clear iptables.

 

[Juliet]

as already said, reboot to clear iptables.

thanks for your time, but should i reboot the proxmox host ? but why ? if i reboot the host whats going to happen ?
this is what i have in /etc/network/interfaces :

auto vmbr2
#private sub network
iface vmbr2 inet static
        address  192.168.1.1
        netmask  255.255.255.0
        bridge_ports none
        bridge_stp off
        bridge_fd 0

        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up   iptables -t nat -A POSTROUTING -s '192.168.1.0/24' -o vmbr0 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '192.168.1.0/24' -o vmbr0 -j MASQUERADE
       # post-up   iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
       # post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1
# redirection to the web server
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 32768 -j DNAT --to 192.168.1.2:22
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 32768 -j DNAT --to 192.168.1.2:22
        post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 30800 -j DNAT --to 192.168.1.2:30800
        post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 30800 -j DNAT --to 192.168.1.2:30800
        post-up iptables -t nat -A PREROUTING  -i  vmbr0 -p tcp --dport 8080 -j DNAT --to 192.168.1.2:8080
        post-down iptables -t nat -D PREROUTING -i  vmbr0 -p tcp --dport 8080 -j DNAT --to 192.168.1.2:8080

and the app should work at @ip_proxmox_host:8080

ps:
idid not past the vmbr0 content

 

[_gabriel]

all your iptables rules attempts are still there until you reboot your proxmox host.
there is flush commands but idk exactly how it works, easier to reboot.

 

[Juliet]

all your iptables rules attempts are still there until you reboot your proxmox host.
there is flush commands but idk exactly how it works, easier to reboot.

i did so..it does not work..it works only inside the k8s cluster as before :


but from the brower ip_host:8080 no, it is not working.