K
Q

Iptables Add DNAT rules to forward request on an IP:port to a container port

5/10/2017

I have a kubernetes cluster which has 2 interfaces: eth0: 10.10.10.100 (internal) eth1: 20.20.20.100 (External)

There are few pods running in the cluster with flannel networking. POD1: 172.16.54.4 (nginx service)

I want to access 20.20.20.100:80 from another host which is connected to the above k8s cluster, so that I can reach the nginx POD.

I had enabled ip forwarding and also added DNAT rules as follows:

iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j DNAT --to-destination 172.16.54.4:80

After this when I try to do a curl on 20.20.20.100, I get

Failed to connect to 10.10.65.161 port 80: Connection refused

How do I get this working?

-- Pradeep
iptables
kubernetes

Similar Questions

Kubernetes Hostpath External Provisioner - PVC Pending
"kubectl set image" fails with ErrImagePull
Kubernetes Persistent Volume is not working on GCE
Accessing Mongo replicas in kubernetes cluster from AWS lambdas

2 Answers

5/21/2017

You can try

iptables -t nat -A PREROUTING -p tcp -d 20.20.20.100 --dport 80 -j DNAT --to-destination 172.16.54.4:80

But I don't recommend that you manage the iptables by yourself, it's painful to maintain the rules...

You can use the hostPort in the k8s. You can use kubenet as network plugin, since cni plugin does not support hostPort.

-- Xianglin Gao
Source: StackOverflow
5/19/2017

why not use nodeport type? I think it is a better way to access service by hostIP. Please try iptables -nvL -t nat and show me the detail.

-- luke
Source: StackOverflow