我想将到达主机(同一主机正在运行 kubernetes - 仅单节点)端口 80 的流量转发到 NodePort 31468。
我使用以下命令向 PREROUTING 添加了规则:
sudo iptables -A PREROUTING -i enp86s0 -p tcp --dport 80 -j REDIRECT --to-port 31468
当前的 PREROUTING 规则:
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
KUBE-SERVICES all -- anywhere anywhere /* kubernetes service portals */
DOCKER all -- anywhere anywhere ADDRTYPE match dst-type LOCAL
REDIRECT tcp -- anywhere anywhere tcp dpt:http redir ports 31468
我还向 INPUT 链添加了规则,如下所示:
sudo iptables -t filter -A INPUT -i enp86s0 -p tcp --dport 80 -j ACCEPT
sudo iptables -t filter -A INPUT -i enp86s0 -p tcp --dport 31468 -j ACCEPT
当前 INPUT 规则:
Chain INPUT (policy DROP)
target prot opt source destination
KUBE-PROXY-FIREWALL all -- anywhere anywhere ctstate NEW /* kubernetes load balancer firewall */
KUBE-NODEPORTS all -- anywhere anywhere /* kubernetes health check service ports */
KUBE-EXTERNAL-SERVICES all -- anywhere anywhere ctstate NEW /* kubernetes externally-visible service portals */
KUBE-FIREWALL all -- anywhere anywhere
ufw-before-logging-input all -- anywhere anywhere
ufw-before-input all -- anywhere anywhere
ufw-after-input all -- anywhere anywhere
ufw-after-logging-input all -- anywhere anywhere
ufw-reject-input all -- anywhere anywhere
ufw-track-input all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:31468
无论我做什么,似乎都无法将端口 80 上的传入流量重定向到此 NodePort。