View Issue Details

IDProjectCategoryView StatusLast Update
0016908CentOS-7kernelpublic2020-01-10 08:08
Status newResolutionopen 
Product Version7.7-1908 
Target VersionFixed in Version 
Summary0016908: netns nat rules are setup but not effective on CentOS7.7
DescriptionThere appears to be a netfilter nat bug in the CentOS7.7 kernel (3.10.0-1062.9.1.el7.x86_64) that prevents nat rules within a netns from running for outbound DNAT (and presumably the inbound replies if they were to go out). It appears that the chains are correctly populated into the netns but they just never execute for the nat table. This smells similar to an earlier (but presumably fixed) RHEL/CentOS kernel bug that I found once I knew that this was the problem.
Steps To ReproduceTo reproduce: install a stock/updated CentOS7.7 x86 host with OpenStack train k-a, provider network support, with the x86 host running the neutron containers. Instances spin up just fine and can ping internally but they have no outbound connectivity and cannot be pinged from floating IPs. The problem is that the floating IP is not getting routed correctly due to the above.
TagsNo tags attached.


There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2020-01-10 08:08 jcm New Issue