Comments (4)
pernetz
commented on September 14, 2024
Exact same issue here since upgrade to v0.18.5. I have 4 egress nodes with non of them routing/nating between endpoint networks. However ping inside netmaker network is working fine. Static routes on routers are set.
[OK] Ping from netmaker server to any netclient
[OK] Ping from netclient A to netclient B/C/D
[OK] Ping from netclient A to egress IP of netclient B/C/D
[OK] Ping from netclient A to local router on site B/C/D
[OK] Ping from netclient A to any LAN device on site B/C/D
[FAIL] Ping from any device on LAN A fails to reach netclient egress IP of remote site B/C/D or any device on LAN B/C/D
-- same effect vice versa --
Checked with traceroute and wireshark.
Problem description: Ping request reaches remote point but reply gets blocked.
Temporary solution: Flushing iptables rules/chains via sudo iptables -F makes endpoints reachable.
Netmaker + Netclient on v0.18.6
from netclient.
vxdzero
commented on September 14, 2024
same issue here, removing only drop rule solved for me:
iptables -D netmakerfilter -j DROP
is there any way to edit the firewall rules for nodes on netmaker?
i posted similar question in netmaker git
here
from netclient.
pernetz
commented on September 14, 2024
I am wondering why this iptables DROP rule is added automatically while NAT for egress traffic is enabled. Actually it is blocking site-to-site communication.
Hopefully the Netmaker team will keep an eye on it soon.
from netclient.
jalbstmeijer
commented on September 14, 2024
Having similar issues with 0.19 and docker.
[docker host1] -> [docker netclient1] -> [docker netclient2] -> [docker host2] -> [lan]
The docker host2 has egress to the lan configured with NAT.
In my case I was able to ping the host lan ip of the docker host2 running the netclient2 docker container.
I also was able to connect to services on the host lan ip of the docker host2.
But I could NOT connect to docker services/ports exposed to the host lan ip of the docker host2.
After running this command on docker host2, I was able to connect to docker ports exposed to the host lan ip of the docker host2.
iptables -D netmakerfilter -j DROP
After that I was still not able to ping or connected to services on the egress lan.
Docker sets
-P FORWARD DROP
After following the suggestion at https://docs.docker.com/network/iptables/#docker-on-a-router, running this command on docker host2 made that work too.
iptables -I DOCKER-USER -j ACCEPT
Not saying this is a solution. But for some reason the general Docker forward deny rule seems to byte the netclient forwarding needs.
ps. the netclient docker image is using legacy iptables. If your host uses the newer nf based iptables, you will need to call to do above
iptables-legacy
from netclient.
Related Issues (20)
- netclient v0.21.2 join network error
- Windows /etc/hosts DNS Aliasing Broken? HOT 2
- Can't install Netclient on M1 HOT 2
- Modifying port for Netclient prior to Netmaker Install ? HOT 1
- 1GB of packages needed for netclient?
- Please tell me how to implement full mesh layer 2 tunnel support?
- All Mac netclients are currently broken in sonoma. HOT 2
- How to install netclient on Wireguard-go? HOT 3
- Is netclient running on top of Wireguard go?
- ENDPOINT environment variable not working
- Unable to connect to broker
- [BUG] Netclient Docker OR Netclient Binary Fails to apply iptables rules in synology
- Netclient 0.21.2 - egress routes not deleted from peers when gateway ranges updated or deleted
- Netclient 0.24.0 : instability issue, not connected to broker ( MacOS M1 )
- IP duplication
- Install on k8s, No Public Address after joining
- How to modify the custom stun service address?
- How to prevent netclient to mess with my firewall?
- Netclient Error while connecting to Netmaker Server (Debian 11)
- go mod depend gortc.io/stun invalid HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from netclient.