Description of problem: Test egress router feature in dual-stack cluster, comparing ipv4, there are no NAT rules created in ip6tables-save Version-Release number of selected component (if applicable): 4.10.0-0.nightly-2021-12-14-083101 How reproducible: Always Steps to Reproduce: ## Test egress router ipv4 [weliang@weliang ~]$ oc new-project test Now using project "test" on server "https://api.weliang-203.qe.devcluster.openshift.com:6443". You can add applications to this project with the 'new-app' command. For example, try: oc new-app rails-postgresql-example to build a new example application in Ruby. Or use kubectl to deploy a simple Kubernetes application: kubectl create deployment hello-node --image=k8s.gcr.io/serve_hostname [weliang@weliang ~]$ oc create -f test.yaml egressrouter.network.operator.openshift.io/egress-router-test created [weliang@weliang ~]$ oc get pod -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES egress-router-cni-deployment-6db7d48667-98fqf 1/1 Running 0 9s 10.128.2.34 worker-01.weliang-203.qe.devcluster.openshift.com <none> <none> [weliang@weliang ~]$ oc exec egress-router-cni-deployment-6db7d48667-98fqf -- ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 3: eth0@if41: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1400 qdisc noqueue state UP group default link/ether 0a:58:0a:80:02:22 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 10.128.2.34/23 brd 10.128.3.255 scope global eth0 valid_lft forever preferred_lft forever inet6 fd01:0:0:5::22/64 scope global valid_lft forever preferred_lft forever inet6 fe80::858:aff:fe80:222/64 scope link valid_lft forever preferred_lft forever 4: net1@if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 2a:47:3c:d2:55:09 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 147.75.197.175/30 brd 147.75.197.175 scope global net1 valid_lft forever preferred_lft forever inet6 fe80::2847:3cff:fed2:5509/64 scope link valid_lft forever preferred_lft forever [weliang@weliang ~]$ oc debug node/worker-01.weliang-203.qe.devcluster.openshift.com W1220 15:18:01.166951 11861 warnings.go:70] would violate "latest" version of "baseline" PodSecurity profile: host namespaces (hostNetwork=true, hostPID=true), hostPath volumes (volume "host"), privileged (container "container-00" must not set securityContext.privileged=true) Starting pod/worker-01weliang-203qedevclusteropenshiftcom-debug ... To use host binaries, run `chroot /host` Pod IP: 147.75.197.174 If you don't see a command prompt, try pressing enter. sh-4.4# chroot /host sh-4.4# cat /tmp/egress-router-log 2021-12-20T18:35:24Z [debug] Called CNI ADD 2021-12-20T18:35:24Z [debug] Gateway: 10.0.192.1 2021-12-20T18:35:24Z [debug] IP Source Addresses: [10.0.212.194/19] 2021-12-20T18:35:24Z [debug] IP Destinations: [80 TCP 142.250.81.206] 2021-12-20T18:35:24Z [debug] Created macvlan interface 2021-12-20T18:35:24Z [debug] Renamed macvlan to "net1" 2021-12-20T18:35:24Z [debug] Adding IPv4 route to gateway 10.0.192.1 on macvlan interface 2021-12-20T18:35:24Z [debug] deleted default route {Ifindex: 3 Dst: <nil> Src: <nil> Gw: 10.128.2.1 Flags: [] Table: 254} 2021-12-20T18:35:24Z [debug] Added new default route with gateway 10.0.192.1 2021-12-20T18:35:24Z [debug] Added iptables rule: iptables -t nat PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 142.250.81.206 2021-12-20T18:35:24Z [debug] Added iptables rule: iptables -t nat -o net1 -j SNAT --to-source 10.0.212.194 2021-12-20T18:39:57Z [debug] Called CNI ADD 2021-12-20T18:39:57Z [debug] Gateway: fe80::5054:ff:fe1f:5fc 2021-12-20T18:39:57Z [debug] IP Source Addresses: [fd2e:6f44:5dd8::64/64] 2021-12-20T18:39:57Z [debug] IP Destinations: [80 TCP 2607:f8b0:4004:808::200e] 2021-12-20T18:39:57Z [debug] Created macvlan interface 2021-12-20T18:39:57Z [debug] Renamed macvlan to "net1" 2021-12-20T18:39:57Z [error] Unable to read sysctl value net.ipv6.conf.lo.disable_ipv6 2021-12-20T18:39:57Z [error] Unable to read sysctl value net.ipv6.conf.net1.disable_ipv6 2021-12-20T18:39:59Z [debug] Adding IPv6 route to gateway fe80::5054:ff:fe1f:5fc on macvlan interface 2021-12-20T18:39:59Z [debug] deleted default route {Ifindex: 3 Dst: <nil> Src: <nil> Gw: fd01:0:0:5::1 Flags: [] Table: 254} 2021-12-20T18:39:59Z [debug] Added new default route with gateway fe80::5054:ff:fe1f:5fc 2021-12-20T18:39:59Z [debug] Added iptables rule: iptables -t nat PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 2607:f8b0:4004:808::200e 2021-12-20T18:39:59Z [debug] Added iptables rule: iptables -t nat -o net1 -j SNAT --to-source fd2e:6f44:5dd8::64 2021-12-20T19:54:02Z [debug] Called CNI ADD 2021-12-20T19:54:02Z [debug] Gateway: 147.75.197.173 2021-12-20T19:54:02Z [debug] IP Source Addresses: [147.75.197.175/30] 2021-12-20T19:54:02Z [debug] IP Destinations: [80 TCP 142.250.81.206] 2021-12-20T19:54:02Z [debug] Created macvlan interface 2021-12-20T19:54:02Z [debug] Renamed macvlan to "net1" 2021-12-20T19:54:02Z [debug] Adding IPv4 route to gateway 147.75.197.173 on macvlan interface 2021-12-20T19:54:02Z [debug] deleted default route {Ifindex: 3 Dst: <nil> Src: <nil> Gw: 10.128.2.1 Flags: [] Table: 254} 2021-12-20T19:54:02Z [debug] Added new default route with gateway 147.75.197.173 2021-12-20T19:54:02Z [debug] Added iptables rule: iptables -t nat PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 142.250.81.206 2021-12-20T19:54:02Z [debug] Added iptables rule: iptables -t nat -o net1 -j SNAT --to-source 147.75.197.175 2021-12-20T19:59:16Z [debug] Called CNI ADD 2021-12-20T19:59:16Z [debug] Gateway: 2604:1380:0:de00::16 2021-12-20T19:59:16Z [debug] IP Source Addresses: [2604:1380:0:de00::14/127] 2021-12-20T19:59:16Z [debug] IP Destinations: [80 TCP 2607:f8b0:4004:808::200e] 2021-12-20T19:59:16Z [debug] Created macvlan interface 2021-12-20T19:59:16Z [debug] Renamed macvlan to "net1" 2021-12-20T19:59:16Z [error] Unable to read sysctl value net.ipv6.conf.lo.disable_ipv6 2021-12-20T19:59:16Z [error] Unable to read sysctl value net.ipv6.conf.net1.disable_ipv6 2021-12-20T19:59:18Z [debug] Adding IPv6 route to gateway 2604:1380:0:de00::16 on macvlan interface 2021-12-20T19:59:18Z [debug] deleted default route {Ifindex: 3 Dst: <nil> Src: <nil> Gw: fd01:0:0:5::1 Flags: [] Table: 254} 2021-12-20T19:59:18Z [debug] Added new default route with gateway 2604:1380:0:de00::16 2021-12-20T19:59:18Z [debug] Added iptables rule: iptables -t nat PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 2607:f8b0:4004:808::200e 2021-12-20T19:59:18Z [debug] Added iptables rule: iptables -t nat -o net1 -j SNAT --to-source 2604:1380:0:de00::14 2021-12-20T20:17:29Z [debug] Called CNI ADD 2021-12-20T20:17:29Z [debug] Gateway: 147.75.197.173 2021-12-20T20:17:29Z [debug] IP Source Addresses: [147.75.197.175/30] 2021-12-20T20:17:29Z [debug] IP Destinations: [80 TCP 142.250.81.206] 2021-12-20T20:17:29Z [debug] Created macvlan interface 2021-12-20T20:17:29Z [debug] Renamed macvlan to "net1" 2021-12-20T20:17:29Z [debug] Adding IPv4 route to gateway 147.75.197.173 on macvlan interface 2021-12-20T20:17:29Z [debug] deleted default route {Ifindex: 3 Dst: <nil> Src: <nil> Gw: 10.128.2.1 Flags: [] Table: 254} 2021-12-20T20:17:29Z [debug] Added new default route with gateway 147.75.197.173 2021-12-20T20:17:29Z [debug] Added iptables rule: iptables -t nat PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 142.250.81.206 2021-12-20T20:17:29Z [debug] Added iptables rule: iptables -t nat -o net1 -j SNAT --to-source 147.75.197.175 sh-4.4# crictl ps | grep egress 8637ae41d2fa3 d38e39880b6835352c7728cf4d3e1dae0b96313d00f3d242e8323b08c6b1d7a6 58 seconds ago Running egress-router-cni-pod 0 d2c55363b5641 sh-4.4# crictl inspect 8637ae41d2fa3 | grep pid "pid": 266338, "pids": { "type": "pid" sh-4.4# nsenter -n -t 266338 [root@worker-01 /]# iptables-save -t nat # Generated by iptables-save v1.8.4 on Mon Dec 20 20:19:10 2021 *nat :PREROUTING ACCEPT [0:0] :INPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 142.250.81.206 -A POSTROUTING -o net1 -j SNAT --to-source 147.75.197.175 COMMIT # Completed on Mon Dec 20 20:19:10 2021 [root@worker-01 /]# exit logout sh-4.4# exit exit sh-4.4# exit exit Removing debug pod ... [weliang@weliang ~]$ cat test.yaml apiVersion: network.operator.openshift.io/v1 kind: EgressRouter metadata: name: egress-router-test spec: addresses: [ { ip: "147.75.197.175/30", gateway: "147.75.197.173" }, ] mode: Redirect redirect: { redirectRules: [ { destinationIP: "142.250.81.206", port: 80, protocol: TCP }, ] } ## Test egress router ipv6 [weliang@weliang ~]$ oc delete -f test.yaml egressrouter.network.operator.openshift.io "egress-router-test" deleted [weliang@weliang ~]$ oc delete project test project.project.openshift.io "test" deleted [weliang@weliang ~]$ oc new-project test1 Now using project "test1" on server "https://api.weliang-203.qe.devcluster.openshift.com:6443". You can add applications to this project with the 'new-app' command. For example, try: oc new-app rails-postgresql-example to build a new example application in Ruby. Or use kubectl to deploy a simple Kubernetes application: kubectl create deployment hello-node --image=k8s.gcr.io/serve_hostname [weliang@weliang ~]$ cat test1.yaml apiVersion: network.operator.openshift.io/v1 kind: EgressRouter metadata: name: egress-router-test spec: addresses: [ { ip: "2604:1380:0:de00::14/127", gateway: "2604:1380:0:de00::16" }, ] mode: Redirect redirect: { redirectRules: [ { destinationIP: "2607:f8b0:4004:808::200e", port: 80, protocol: TCP, }, ] } [weliang@weliang ~]$ oc create -f test1.yaml egressrouter.network.operator.openshift.io/egress-router-test created [weliang@weliang ~]$ oc get pod -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES egress-router-cni-deployment-6db7d48667-npnzh 1/1 Running 0 6s 10.128.2.35 worker-01.weliang-203.qe.devcluster.openshift.com <none> <none> [weliang@weliang ~]$ oc exec egress-router-cni-deployment-6db7d48667-npnzh -- ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 3: eth0@if42: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1400 qdisc noqueue state UP group default link/ether 0a:58:0a:80:02:23 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 10.128.2.35/23 brd 10.128.3.255 scope global eth0 valid_lft forever preferred_lft forever inet6 fd01:0:0:5::23/64 scope global valid_lft forever preferred_lft forever inet6 fe80::858:aff:fe80:223/64 scope link valid_lft forever preferred_lft forever 4: net1@if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 96:b6:2f:31:bd:53 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet6 2604:1380:0:de00::14/127 scope global valid_lft forever preferred_lft forever inet6 fe80::94b6:2fff:fe31:bd53/64 scope link valid_lft forever preferred_lft forever [weliang@weliang ~]$ oc debug node/worker-01.weliang-203.qe.devcluster.openshift.com W1220 15:23:06.320252 12327 warnings.go:70] would violate "latest" version of "baseline" PodSecurity profile: host namespaces (hostNetwork=true, hostPID=true), hostPath volumes (volume "host"), privileged (container "container-00" must not set securityContext.privileged=true) Starting pod/worker-01weliang-203qedevclusteropenshiftcom-debug ... To use host binaries, run `chroot /host` Pod IP: 147.75.197.174 If you don't see a command prompt, try pressing enter. sh-4.4# chroot /host sh-4.4# cat /tmp/egress-router-log 2021-12-20T18:35:24Z [debug] Called CNI ADD 2021-12-20T18:35:24Z [debug] Gateway: 10.0.192.1 2021-12-20T18:35:24Z [debug] IP Source Addresses: [10.0.212.194/19] 2021-12-20T18:35:24Z [debug] IP Destinations: [80 TCP 142.250.81.206] 2021-12-20T18:35:24Z [debug] Created macvlan interface 2021-12-20T18:35:24Z [debug] Renamed macvlan to "net1" 2021-12-20T18:35:24Z [debug] Adding IPv4 route to gateway 10.0.192.1 on macvlan interface 2021-12-20T18:35:24Z [debug] deleted default route {Ifindex: 3 Dst: <nil> Src: <nil> Gw: 10.128.2.1 Flags: [] Table: 254} 2021-12-20T18:35:24Z [debug] Added new default route with gateway 10.0.192.1 2021-12-20T18:35:24Z [debug] Added iptables rule: iptables -t nat PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 142.250.81.206 2021-12-20T18:35:24Z [debug] Added iptables rule: iptables -t nat -o net1 -j SNAT --to-source 10.0.212.194 2021-12-20T18:39:57Z [debug] Called CNI ADD 2021-12-20T18:39:57Z [debug] Gateway: fe80::5054:ff:fe1f:5fc 2021-12-20T18:39:57Z [debug] IP Source Addresses: [fd2e:6f44:5dd8::64/64] 2021-12-20T18:39:57Z [debug] IP Destinations: [80 TCP 2607:f8b0:4004:808::200e] 2021-12-20T18:39:57Z [debug] Created macvlan interface 2021-12-20T18:39:57Z [debug] Renamed macvlan to "net1" 2021-12-20T18:39:57Z [error] Unable to read sysctl value net.ipv6.conf.lo.disable_ipv6 2021-12-20T18:39:57Z [error] Unable to read sysctl value net.ipv6.conf.net1.disable_ipv6 2021-12-20T18:39:59Z [debug] Adding IPv6 route to gateway fe80::5054:ff:fe1f:5fc on macvlan interface 2021-12-20T18:39:59Z [debug] deleted default route {Ifindex: 3 Dst: <nil> Src: <nil> Gw: fd01:0:0:5::1 Flags: [] Table: 254} 2021-12-20T18:39:59Z [debug] Added new default route with gateway fe80::5054:ff:fe1f:5fc 2021-12-20T18:39:59Z [debug] Added iptables rule: iptables -t nat PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 2607:f8b0:4004:808::200e 2021-12-20T18:39:59Z [debug] Added iptables rule: iptables -t nat -o net1 -j SNAT --to-source fd2e:6f44:5dd8::64 2021-12-20T19:54:02Z [debug] Called CNI ADD 2021-12-20T19:54:02Z [debug] Gateway: 147.75.197.173 2021-12-20T19:54:02Z [debug] IP Source Addresses: [147.75.197.175/30] 2021-12-20T19:54:02Z [debug] IP Destinations: [80 TCP 142.250.81.206] 2021-12-20T19:54:02Z [debug] Created macvlan interface 2021-12-20T19:54:02Z [debug] Renamed macvlan to "net1" 2021-12-20T19:54:02Z [debug] Adding IPv4 route to gateway 147.75.197.173 on macvlan interface 2021-12-20T19:54:02Z [debug] deleted default route {Ifindex: 3 Dst: <nil> Src: <nil> Gw: 10.128.2.1 Flags: [] Table: 254} 2021-12-20T19:54:02Z [debug] Added new default route with gateway 147.75.197.173 2021-12-20T19:54:02Z [debug] Added iptables rule: iptables -t nat PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 142.250.81.206 2021-12-20T19:54:02Z [debug] Added iptables rule: iptables -t nat -o net1 -j SNAT --to-source 147.75.197.175 2021-12-20T19:59:16Z [debug] Called CNI ADD 2021-12-20T19:59:16Z [debug] Gateway: 2604:1380:0:de00::16 2021-12-20T19:59:16Z [debug] IP Source Addresses: [2604:1380:0:de00::14/127] 2021-12-20T19:59:16Z [debug] IP Destinations: [80 TCP 2607:f8b0:4004:808::200e] 2021-12-20T19:59:16Z [debug] Created macvlan interface 2021-12-20T19:59:16Z [debug] Renamed macvlan to "net1" 2021-12-20T19:59:16Z [error] Unable to read sysctl value net.ipv6.conf.lo.disable_ipv6 2021-12-20T19:59:16Z [error] Unable to read sysctl value net.ipv6.conf.net1.disable_ipv6 2021-12-20T19:59:18Z [debug] Adding IPv6 route to gateway 2604:1380:0:de00::16 on macvlan interface 2021-12-20T19:59:18Z [debug] deleted default route {Ifindex: 3 Dst: <nil> Src: <nil> Gw: fd01:0:0:5::1 Flags: [] Table: 254} 2021-12-20T19:59:18Z [debug] Added new default route with gateway 2604:1380:0:de00::16 2021-12-20T19:59:18Z [debug] Added iptables rule: iptables -t nat PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 2607:f8b0:4004:808::200e 2021-12-20T19:59:18Z [debug] Added iptables rule: iptables -t nat -o net1 -j SNAT --to-source 2604:1380:0:de00::14 2021-12-20T20:17:29Z [debug] Called CNI ADD 2021-12-20T20:17:29Z [debug] Gateway: 147.75.197.173 2021-12-20T20:17:29Z [debug] IP Source Addresses: [147.75.197.175/30] 2021-12-20T20:17:29Z [debug] IP Destinations: [80 TCP 142.250.81.206] 2021-12-20T20:17:29Z [debug] Created macvlan interface 2021-12-20T20:17:29Z [debug] Renamed macvlan to "net1" 2021-12-20T20:17:29Z [debug] Adding IPv4 route to gateway 147.75.197.173 on macvlan interface 2021-12-20T20:17:29Z [debug] deleted default route {Ifindex: 3 Dst: <nil> Src: <nil> Gw: 10.128.2.1 Flags: [] Table: 254} 2021-12-20T20:17:29Z [debug] Added new default route with gateway 147.75.197.173 2021-12-20T20:17:29Z [debug] Added iptables rule: iptables -t nat PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 142.250.81.206 2021-12-20T20:17:29Z [debug] Added iptables rule: iptables -t nat -o net1 -j SNAT --to-source 147.75.197.175 2021-12-20T20:22:41Z [debug] Called CNI ADD 2021-12-20T20:22:41Z [debug] Gateway: 2604:1380:0:de00::16 2021-12-20T20:22:41Z [debug] IP Source Addresses: [2604:1380:0:de00::14/127] 2021-12-20T20:22:41Z [debug] IP Destinations: [80 TCP 2607:f8b0:4004:808::200e] 2021-12-20T20:22:41Z [debug] Created macvlan interface 2021-12-20T20:22:41Z [debug] Renamed macvlan to "net1" 2021-12-20T20:22:41Z [error] Unable to read sysctl value net.ipv6.conf.lo.disable_ipv6 2021-12-20T20:22:41Z [error] Unable to read sysctl value net.ipv6.conf.net1.disable_ipv6 2021-12-20T20:22:43Z [debug] Adding IPv6 route to gateway 2604:1380:0:de00::16 on macvlan interface 2021-12-20T20:22:43Z [debug] deleted default route {Ifindex: 3 Dst: <nil> Src: <nil> Gw: fd01:0:0:5::1 Flags: [] Table: 254} 2021-12-20T20:22:43Z [debug] Added new default route with gateway 2604:1380:0:de00::16 2021-12-20T20:22:43Z [debug] Added iptables rule: iptables -t nat PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 2607:f8b0:4004:808::200e 2021-12-20T20:22:43Z [debug] Added iptables rule: iptables -t nat -o net1 -j SNAT --to-source 2604:1380:0:de00::14 sh-4.4# crictl ps | grep egress f4f16a250d7be d38e39880b6835352c7728cf4d3e1dae0b96313d00f3d242e8323b08c6b1d7a6 48 seconds ago Running egress-router-cni-pod 0 5ac3346793463 sh-4.4# crictl inspect f4f16a250d7be | grep pid "pid": 271689, "pids": { "type": "pid" sh-4.4# nsenter -n -t 271689 [root@worker-01 /]# ip6tables-save -t nat # Generated by ip6tables-save v1.8.4 on Mon Dec 20 20:24:18 2021 *nat COMMIT # Completed on Mon Dec 20 20:24:18 2021 [root@worker-01 /]# [root@worker-01 /]# ip6tables-save # Generated by ip6tables-save v1.8.4 on Mon Dec 20 20:28:44 2021 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A FORWARD -p tcp -m tcp --dport 22623 --tcp-flags FIN,SYN,RST,ACK SYN -j REJECT --reject-with icmp6-port-unreachable -A FORWARD -p tcp -m tcp --dport 22624 --tcp-flags FIN,SYN,RST,ACK SYN -j REJECT --reject-with icmp6-port-unreachable -A OUTPUT -p tcp -m tcp --dport 22623 --tcp-flags FIN,SYN,RST,ACK SYN -j REJECT --reject-with icmp6-port-unreachable -A OUTPUT -p tcp -m tcp --dport 22624 --tcp-flags FIN,SYN,RST,ACK SYN -j REJECT --reject-with icmp6-port-unreachable COMMIT # Completed on Mon Dec 20 20:28:44 2021 [root@worker-01 /]# Actual results: [root@worker-01 /]# ip6tables-save -t nat Empty Expected results: As ipv4, show have ipv6 source and destination rules showed in ip6tables-save -t nat Additional info:
Tested and verified in 4.11.0-0.nightly-2022-02-10-031822 sh-4.4# nsenter -n -t 122859 [root@worker-0-1 /]# ip6tables-save -t nat # Generated by ip6tables-save v1.8.4 on Thu Feb 10 19:53:07 2022 *nat :PREROUTING ACCEPT [0:0] :INPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 2607:f8b0:4004:808::200e -A POSTROUTING -o net1 -j SNAT --to-source fd2e:6f44:5dd8::72 COMMIT # Completed on Thu Feb 10 19:53:07 2022 [root@worker-0-1 /]#
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Important: OpenShift Container Platform 4.11.0 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:5069