K
Q

How to disable source port translation for pod

6/21/2019

Description

I have a pod in an eks kubernetes (v1.11). I want to send UDP packets from this pod to a machine outside the cluster, from a specific sourceport (eg: 42000). Kubernetes translates the source port of the packet. Is there any way to disable this (preferable only for the given pod)?

More info

iptable rule created by kubernetes:

Chain KUBE-POSTROUTING (1 references)
target     prot opt source               destination
MASQUERADE  all  --  anywhere             anywhere             /* kubernetes service traffic requiring SNAT */ mark match 0x4000/0x4000

sending packet from this pod using netcat (pod is on the node with public ip 2.3.4.5):

netcat -u -p 42000 1.2.3.4 31007

receiving packet on a separate machine (1.2.3.4):

netcat -v -u -l -p 31007
connect to 10.100.0.1 from ec2-2-3-4-5.eu-west-1.compute.amazonaws.com [2.3.4.5] 41639

after deleting the iptables rule, the receiving end shows:

netcat -v -u -l -p 31007
connect to 10.100.0.1 from ec2-2-3-4-5.eu-west-1.compute.amazonaws.com [2.3.4.5] 42000

So clearly this rule changes the source port of the udp packet.

-- Kicsi
kubernetes

Similar Questions

Could not find a ready tiller pod (Error)
where is Kube-proxy executable on Minikube
How to get fresh list of GKE worker nodes using k8s client-go
Deploying ambassador to kubernetes
Kubernetes Secret is not stored in encoded format in environment variables

0 Answers