OK I see your point.

But since I'm using Centos 7 I'm using firewalld not iptables.
I noticed just now if I turn off firewalld, it works perfectly.  It really 
must be the problem with having firewalld on.
Is it OK to just turn off firewalld and run kubernetes clusters?

2017년 5월 19일 금요일 오후 5시 44분 27초 UTC+9, Ivan Diao 님의 말:
>
> Hi Sonic, 
>
> I think the FORWARD chain might drop your packets sent to flannel. 
>
> > 
> > Chain FORWARD (policy DROP) 
> > target     prot opt source               destination 
> > DOCKER-ISOLATION  all  --  anywhere             anywhere 
> > ACCEPT     all  --  anywhere             anywhere             ctstate 
> > RELATED,ESTABLISHED 
> > DOCKER     all  --  anywhere             anywhere 
> > ACCEPT     all  --  anywhere             anywhere 
> > ACCEPT     all  --  anywhere             anywhere 
> > ACCEPT     all  --  anywhere             anywhere             ctstate 
> > RELATED,ESTABLISHED 
> > ACCEPT     all  --  anywhere             anywhere 
> > FORWARD_direct  all  --  anywhere             anywhere 
> > FORWARD_IN_ZONES_SOURCE  all  --  anywhere             anywhere 
> > FORWARD_IN_ZONES  all  --  anywhere             anywhere 
> > FORWARD_OUT_ZONES_SOURCE  all  --  anywhere             anywhere 
> > FORWARD_OUT_ZONES  all  --  anywhere             anywhere 
> > DROP       all  --  anywhere             anywhere             ctstate 
> > INVALID 
> > REJECT     all  --  anywhere             anywhere             
> reject-with 
> > icmp-host-prohibited 
> > 
>
> Try change the default rule to ACCEPT and see if it works. 
>
> Regards, 
> Adieu 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Reply via email to