Hi all,
I am encountering a particular behavior, specifically the traffic between two nodes is first allowed and shortly after various data is blocked by the default deny. I would like to point out that there is a specific permit rule for this traffic.
More specifically:
- Source server: 192.168.50.32 (VM)
- Destination Server: 192.168.150.21 (K8s with MetalLB + BGP rule with os-frr)
- Traffic: PSQL (5432 TCP)
- LAN 50 = VM Networking
- LAN 150 = Dedicated for BGP routing
- Firewall rule: I have a specific rule on LAN 50/150 to allow that traffic.
Lan50:
(https://i.imgur.com/EVqkWo0.png)
Lan150:
(https://i.imgur.com/Bjfhg6I.png)
Step to replicate:
- Jump on the VM
- Use psql import to import psql dump (10Mb)
- Some data pass and then blocked
Below the image of firewall log:
(https://i.imgur.com/bnECVWH.png)
Any tips?
Thanks
Thanks to Monviech on IRC
Quote
Try to set "State Type" in the Advanced Features of the firewall rule that allows the traffic to "Sloppy State" and TCP flags to "Any flags.
And now it works!
Thank you
Though I have to add that this solution circumvents some safety of a proper "keep state". So the root cause of needing this should be fixed in the long run.