VxLAN 实验 -- 不同网段的网络通信

时间:2025-03-25 19:13:22
# Generated by iptables-save v1.4.21 on Thu Jul 26 07:32:12 2018 *filter # These rules allow traffic to be forwarded if it is to or from the flannel network range. -A FORWARD -s 10.244.0.0/16 -j ACCEPT -A FORWARD -d 10.244.0.0/16 -j ACCEPT COMMIT # Completed on Thu Jul 26 07:32:12 2018 # Generated by iptables-save v1.4.21 on Thu Jul 26 07:32:12 2018 *raw :PREROUTING ACCEPT [60131:65785774] :OUTPUT ACCEPT [39490:4150752] COMMIT # Completed on Thu Jul 26 07:32:12 2018 # Generated by iptables-save v1.4.21 on Thu Jul 26 07:32:12 2018 *nat # This rule makes sure we don't NAT traffic within overlay network (. coming out of docker0) -A POSTROUTING -s 10.244.0.0/16 -d 10.244.0.0/16 -j RETURN # NAT if it's not multicast traffic -A POSTROUTING -s 10.244.0.0/16 ! -d 224.0.0.0/4 -j MASQUERADE # Prevent performing Masquerade on external traffic which arrives from a Node that owns the container/pod IP address -A POSTROUTING ! -s 10.244.0.0/16 -d 10.244.0.0/24 -j RETURN # Masquerade anything headed towards flannel from the host -A POSTROUTING ! -s 10.244.0.0/16 -d 10.244.0.0/16 -j MASQUERADE COMMIT # Completed on Thu Jul 26 07:32:12 2018