On Sun, Apr 07, 2019 at 10:52:23PM -0600, Brian Topping wrote: > The problem is when a service on the same host as the container needs > to connect to the DNAT address presented for the container. Because the > local kernel routing table is set to blackhole for an address, the > traffic is immediately sunk instead of being offered to netfilter. > Removing that dest line simply sets it to a default of RTD_UNREACHABLE, > which does the same thing but politely tells the sender that it did so.
That is probably because BGP_NEXT_HOP reported in the route is not resolvable though your local routing table. > What I thought would work is to change the line to `ifname = “eno2”`, but > doing so generates a parse error. This seems to be a bug in the documentation > as the `ifname` attribute is not listed as read-only. That was changed just recently. Do you have latest version of BIRD? You can also set the direct next hop by setting 'gw'. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: [email protected]) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
