Routing configuration – Ping only works one way

networkingrouting

I have a small kubernetes cluster running, and to enable communication between devices on my main network range (192.168.1.0/24) and those of a kubernetes pod (192.168.251.185/32) I have configured a static route on my router to enable routing packets via the relevant kubernetes worker host (192.168.1.151), using the route 192.168.251.0/24 via 192.168.1.151.

In summary

192.168.1.50 (pc) -> router (192.168.1.1) -> k8 worker (192.168.1.151) -> pod (192.168.251.185)

Network diagram, devices, routing tables (unfortunately not enough rep to imbed)

Initially this looked good, as from "my pc"(192.168.1.50) I was able to ping the k8s pod (192.168.251.185) and the the trace route output followed the intended path:

ping output

Pinging 192.168.251.185 with 32 bytes of data:
Reply from 192.168.251.185: bytes=32 time=4ms TTL=63
Reply from 192.168.251.185: bytes=32 time=3ms TTL=63

tracert output

Tracing route to 192.168.251.185 over a maximum of 30 hops

  1     3 ms     3 ms     3 ms  router [192.168.1.1]
  2     3 ms     3 ms     3 ms  192.168.1.151
  3     5 ms     3 ms     3 ms  192.168.251.185

Unable to ping from k8s pod to PC

The issue is that I can't ping from the k8s pod back to my PC, when running wireshark I can see the ping messages arriving at my PC from the K8s pod:

 Source: 192.168.251.185 Dest: 192.168.1.50 ICMP echo ping request

But the reply lists a "no response found!" message, implying there is no route back

Source 192.168.1.50 Dest 192.168.251.185 Echo ping request (No response found!)

This implies there is no route back the the pod, but I can ping directly from my PC to the pod, proving a valid route does indeed exist.

I can also ping my PC from other devices on the network, so do not believe there are any firewall rules preventing return of the ping response.

I've also tried to pinging other devices on my network from the pod, and only the router returns ping requests.

Ignoring the k8s pod, all devices on the 192.168.1.0/24 range can see each other without issue.

Any advice is greatly appreciated, as I cannot see any issues with the network configuration.

Best Answer

I solved the problem. Windows firewall appears to block ICMP requests from OTHER networks, e.g in this case my requests were blocked, after disabling windows firewall the requests went through ok

Related Topic