OK I see your point. But since I'm using Centos 7 I'm using firewalld not iptables. I noticed just now if I turn off firewalld, it works perfectly. It really must be the problem with having firewalld on. Is it OK to just turn off firewalld and run kubernetes clusters?
2017년 5월 19일 금요일 오후 5시 44분 27초 UTC+9, Ivan Diao 님의 말: > > Hi Sonic, > > I think the FORWARD chain might drop your packets sent to flannel. > > > > > Chain FORWARD (policy DROP) > > target prot opt source destination > > DOCKER-ISOLATION all -- anywhere anywhere > > ACCEPT all -- anywhere anywhere ctstate > > RELATED,ESTABLISHED > > DOCKER all -- anywhere anywhere > > ACCEPT all -- anywhere anywhere > > ACCEPT all -- anywhere anywhere > > ACCEPT all -- anywhere anywhere ctstate > > RELATED,ESTABLISHED > > ACCEPT all -- anywhere anywhere > > FORWARD_direct all -- anywhere anywhere > > FORWARD_IN_ZONES_SOURCE all -- anywhere anywhere > > FORWARD_IN_ZONES all -- anywhere anywhere > > FORWARD_OUT_ZONES_SOURCE all -- anywhere anywhere > > FORWARD_OUT_ZONES all -- anywhere anywhere > > DROP all -- anywhere anywhere ctstate > > INVALID > > REJECT all -- anywhere anywhere > reject-with > > icmp-host-prohibited > > > > Try change the default rule to ACCEPT and see if it works. > > Regards, > Adieu > -- You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group. To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-users+unsubscr...@googlegroups.com. To post to this group, send email to kubernetes-users@googlegroups.com. Visit this group at https://groups.google.com/group/kubernetes-users. For more options, visit https://groups.google.com/d/optout.