Gonçalo Sousa:
I’m following the CKA course and I am in the lecture “Prerequisite Network Namespaces” of the Networking chapter. In the end the instructor says that if an outside host wants to communicate with a webapp listening on port 80 to create a iptable rule to allow portfowarding. Now where should the rule iptables -t nat -A PREROUTING --dport 80 --to-destination 192.168.15.2:80 -j DNAT be applied? on the outside host or on the host that contains the namespaces?
Rob Cecchini:
the rule should be applied on the host that contains the namespaces. This is because the rule is intended to take traffic that reaches the host machine and forward it to a specific network namespace inside that host.
Manuel Lazo:
I have a doubt, is recommended to play with iptables when calico is usually managing all stuff related to networking?