Skip to main content
Unix & Linux

Return to Answer

added 311 characters in body
Source Link
Tom Yan
Tom Yan
  • 1
  • 8
  • 10

I'm pretty sure that's because you have an SNAT rule in your iptables (or an snat rule in your nftables) that sets the source IP to 164.X.X.X for traffics from 10.114.0.0/20 (or, all traffics, so to speak). A MASQUERADE / masquerade rule that does not have any condition that would make the case of loopback traffics excluded could cause you the problem as well (because 127.0.0.1 is "not an option" to it; so the first / primary address of the next interface, namely eth0 is used).

Solutions would be:

  1. adding ! -o lo (oifname != "lo" for nftables) to the rule, or
  2. adding -o eth0 (oifname "eth0" for nftables) to the rule (assuming the interface name is "static")

P.S. For nftables, depending on "details" of your system / distro, you might be able to use oif instead of oifname (especially when the name in concern is lo) for better performace (well, theoretically / technically speaking, at least).

I'm pretty sure that's because you have an SNAT rule in your iptables (or an snat rule in your nftables) that sets the source IP to 164.X.X.X for traffics from 10.114.0.0/20 (or, all traffics, so to speak).

Solutions would be:

  1. adding ! -o lo (oifname != "lo" for nftables) to the rule, or
  2. adding -o eth0 (oifname "eth0" for nftables) to the rule (assuming the interface name is "static")

P.S. For nftables, depending on "details" of your system / distro, you might be able to use oif instead of oifname (especially when the name in concern is lo) for better performace (well, theoretically / technically speaking, at least).

I'm pretty sure that's because you have an SNAT rule in your iptables (or an snat rule in your nftables) that sets the source IP to 164.X.X.X for traffics from 10.114.0.0/20 (or, all traffics, so to speak). A MASQUERADE / masquerade rule that does not have any condition that would make the case of loopback traffics excluded could cause you the problem as well (because 127.0.0.1 is "not an option" to it; so the first / primary address of the next interface, namely eth0 is used).

Solutions would be:

  1. adding ! -o lo (oifname != "lo" for nftables) to the rule, or
  2. adding -o eth0 (oifname "eth0" for nftables) to the rule (assuming the interface name is "static")

P.S. For nftables, depending on "details" of your system / distro, you might be able to use oif instead of oifname (especially when the name in concern is lo) for better performace (well, theoretically / technically speaking, at least).

added 311 characters in body
Source Link
Tom Yan
Tom Yan
  • 1
  • 8
  • 10

I'm pretty sure that's because you have an SNAT rule in your iptables (or an snat rule in your nftables) that sets the source IP to 164.X.X.X for traffics from 10.114.0.0/20 (or, all traffics, so to speak).

Solutions would be:

  1. adding ! -o lo (oifname != "lo" for nftables) to the rule, or
  2. adding -o eth0 (oifname "eth0" for nftables) to the rule (assuming the interface name is "static")

P.S. For nftables, depending on "details" of your system / distro, you might be able to use oif instead of oifname (especially when the name in concern is lo) for better performace (well, theoretically / technically speaking, at least).

I'm pretty sure that's because you have an SNAT rule in your iptables (or an snat rule in your nftables) that sets the source IP to 164.X.X.X for traffics from 10.114.0.0/20 (or, all traffics, so to speak).

Solutions would be:

  1. adding ! -o lo to the rule, or
  2. adding -o eth0 to the rule (assuming the interface name is "static")

I'm pretty sure that's because you have an SNAT rule in your iptables (or an snat rule in your nftables) that sets the source IP to 164.X.X.X for traffics from 10.114.0.0/20 (or, all traffics, so to speak).

Solutions would be:

  1. adding ! -o lo (oifname != "lo" for nftables) to the rule, or
  2. adding -o eth0 (oifname "eth0" for nftables) to the rule (assuming the interface name is "static")

P.S. For nftables, depending on "details" of your system / distro, you might be able to use oif instead of oifname (especially when the name in concern is lo) for better performace (well, theoretically / technically speaking, at least).

Source Link
Tom Yan
Tom Yan
  • 1
  • 8
  • 10

I'm pretty sure that's because you have an SNAT rule in your iptables (or an snat rule in your nftables) that sets the source IP to 164.X.X.X for traffics from 10.114.0.0/20 (or, all traffics, so to speak).

Solutions would be:

  1. adding ! -o lo to the rule, or
  2. adding -o eth0 to the rule (assuming the interface name is "static")