Use fwmark in iptables on a container running in Azure K8S

docker iptables azure kubernetes aks

Solution 1:

So i finally got to the solution. The issue was with the mangling of the packets in PREROUTING. Mangling the packets in POSTROUTING (so, on the exit of eth0) they were then able to return from tap0 to eth0 and then to the client. The end result looks like this:

/sbin/iptables --table mangle --insert POSTROUTING --destination "192.168.0.100" -o eth0 -p tcp --dport "10" --jump MARK --set-mark "10"
/sbin/iptables --table nat --insert PREROUTING --destination "192.168.0.100" -i eth0 -p tcp --dport "10" --jump DNAT --to-destination "10.0.0.4:80"
/sbin/ip rule add prio "10" from all fwmark "10" lookup "10"
/sbin/ip route add "10.0.0.4" via "10.118.0.2" table 10

Related

Committed memory in Linux is less than expected [closed]
Host has no internet access when VMs are running
PHP 7.4 on Ubuntu 18.04 (bionic)
Unable to access GCP Compute Engine VM via domain name
Can't access webUI for Unifi Controller locally running in docker
systemctl status log output
How to add an Exchange Server with AutoDiscover SCP disabled or hidden by default
Domain name + hosting on server 2019
Is it possible to backup a LVM disk to an external server?
How to officially install latest Docker into offline RHEL 8 x86_64 machine?
Ansible - can't refer to module parameter value
Redirect TLS traffic by hostname