I am attempting to direct client traffic to a kubernetes cluster NodePort listening on 192.168.1.100.30000 (https port).
Client's needs to make a request to 192.168.1.100.8000 so I added the following REDIRECT rule in iptables:
iptables -t nat -I PREROUTING -p tcp --dst 192.168.1.100 --dport 8000 -j REDIRECT --to-port 30000
iptables -t nat -I OUTPUT -d 192.168.1.100 -p tcp --dport 8000 -j REDIRECT --to-port 30000
However, I am getting the following error:
# curl -vk https://192.168.1.100:8000/v1/api
* About to connect() to 192.168.1.100 port 8000 (#0)
* Trying 192.168.1.100...
* Connected to 192.168.1.100 (192.168.1.100) port 8000 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* NSS error -12263 (SSL_ERROR_RX_RECORD_TOO_LONG)
* SSL received a record that exceeded the maximum permissible length.
* Closing connection 0
curl: (35) SSL received a record that exceeded the maximum permissible length.
also attempted to set up remotesystem indicated in this answer and make a request to the same endpoint and got the following error:
# ip netns exec remotesystem curl -vk https://192.168.1.100:8000/v1/api
* About to connect() to 192.168.1.100 port 8000 (#0)
* Trying 192.168.1.100...
* Connection timed out
* Failed connect to 192.168.1.100:8000; Connection timed out
* Closing connection 0
curl: (7) Failed connect to 192.168.1.100:8000; Connection timed out
I know that kubernetes cluster has network policies enforced with calico crds, however, I have added a default allow all to the network policy and traffic seems to still be hanging.
I also checked the logs of the ingress-controller to see if request made it there but did not see any logs output when making the request.
The weird thing is directly curling the node port https://192.168.1.100.30000/v1/api works and I get a successful response back.
Question is, why is curling https://192.168.1.100:8000/v1/api (with the REDIRECT rule to 30000) cause the request to hang?
