IP Forwarding does not work on NIC

Krotz, Dieter 1 Reputation point
2022-08-03T16:39:36.277+00:00

Hello,

i have two interfaces on the host with 172.29.29.120 (Ethernet) and the other with 172.17.1.1 (this is an internal Hyper-V switch).
From within a windows container 172.20.1.20 which has the interface not in the default compartment the
traffic is routed to a endpoint 172.20.1.2 which is in the default compartment.

When I call with curl one service listening on all interfaces 0.0.0.0:8080 on the host it works if i make the calls on the host.
curl --insecure -v -m 4 http://172.29.29.120:8080/albums -> works
curl --insecure -v -m 4 http://172.17.1.1:8080/albums -> works

When I do this from within the container (which routes everything to 172.20.1.2 because 172.20.1.2 is the gateway)
curl --insecure -v -m 4 http://172.29.29.120:8080/albums -> works
curl --insecure -v -m 4 http://172.17.1.1:8080/albums -> does not work !

The 172.20.1.2 Parameters show that Forwarding is on, also the routes are correct, i don't understand what could be wrong.

----------------------------------------------

IfLuid : ethernet_32778
IfIndex : 46
State : connected
Metric : 15
Link MTU : 1450 bytes
Reachable Time : 29000 ms
Base Reachable Time : 30000 ms
Retransmission Interval : 1000 ms
DAD Transmits : 3
Site Prefix Length : 0
Site Id : 1
Forwarding : enabled
Advertising : disabled
Neighbor Discovery : enabled
Neighbor Unreachability Detection : enabled
Router Discovery : dhcp
Managed Address Configuration : enabled
Other Stateful Configuration : enabled
Weak Host Sends : disabled
Weak Host Receives : disabled
Use Automatic Metric : enabled
Ignore Default Routes : disabled
Advertised Router Lifetime : 1800 seconds
Advertise Default Route : disabled
Current Hop Limit : 0
Force ARPND Wake up patterns : disabled
Directed MAC Wake up patterns : disabled
ECN capability : application
RA Based DNS Config (RFC 6106) : disabled
DHCP/Static IP coexistence : disabled

Is there a way to look at the traces ?

Best regards,
lothi14

Windows for business | Windows Client for IT Pros | Networking | Network connectivity and file sharing
{count} votes

1 answer

Sort by: Most helpful
  1. Limitless Technology 39,921 Reputation points
    2022-08-05T15:33:57.163+00:00

    Hi there,

    Try using "policy routing" on the server to route the traffic based on source IP.

    Option 2 is to point the default gateway of the server at a box that can do policy routing. Then that box can route the traffic correctly depending on it's source IP. This may be a useful solution if the server OS doesn't support policy routing.

    Option 3 is to make the NAT box Masquerade for the traffic that it is port forwarding. I would consider this a last-resort option as it hides the real source address of the traffic.

    ------------------------------------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept it as an answer--

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.