docs(troubleshooting.md): add firewalld related docs #403
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
sumire88
approved these changes
Jan 2, 2024
|
@mzz2017 Please proceed to merge this. Thanks for the hard work. |
|
Thanks @jschwinger233 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Background
由于新版本(v0.5.0+)不再使用两次 NAT 方案,所以放行 port 12345 的方案无法使得防火墙放行 dae 流量。
firewalld 会拦截 reroute packets,firewalld 无法支持匹配 mark,因此只能使用 nft 来加入放行规则。
The new version (v0.5.0+) no longer uses the double NAT scheme, so the solution to allow port 12345 cannot make the firewall allow dae traffic.
Firewalld will block reroute packets. Firewalld does not support matching marks, so only NFT (nftables) can be used to add allow rules.
Checklist
Full Changelogs
Issue Reference
Closes #[issue number]
Test Result