nerdctl
nerdctl copied to clipboard
containerd
Unable to access port in rootful mode.
Description
I'm unable to access any containers. A simple example would be nginx. Bind it to 8080, and curl is unable to reach it.
Steps to reproduce the issue
- Run
sudo nerdctl run -d -p 8080:80 --name=nginx --restart=always nginx - Run
curl localhost:8080
Describe the results you received and expected
I would expect the host to be able to reach the container. Instead, it seems like it times out.
What version of nerdctl are you using?
nerdctl version 2.0.3
Are you using a variant of nerdctl? (e.g., Rancher Desktop)
None
Host information
Client: Namespace: default Debug Mode: false
Server: Server Version: v2.0.2 Storage Driver: overlayfs Logging Driver: json-file Cgroup Driver: systemd Cgroup Version: 2 Plugins: Log: fluentd journald json-file none syslog Storage: btrfs native overlayfs Security Options: apparmor seccomp Profile: builtin cgroupns Kernel Version: 6.5.0-0.deb12.1-amd64 Operating System: Debian GNU/Linux 12 (bookworm) OSType: linux Architecture: x86_64 CPUs: 20 Total Memory: 30.87GiB Name: peeriot-00X ID: 0f398317-967c-4237-9898-5be7c24e7429
WARNING: bridge-nf-call-iptables is disabled WARNING: bridge-nf-call-ip6tables is disabled
Thanks @Jezza
Can you provide the following:
cat /etc/resolv.conf
cat /etc/hosts
curl 127.0.0.1:8080
curl X.Y.Z.W:8080
sudo nerdctl container inspect nginx
(where X.Y.Z.W is the non-localhost ip address of your host machine where the container has been started)
And:
while read -r line; do sudo nsenter --net=$line iptables-save; done < <(lsns -n -u -t net -o PATH) | grep " 8080 "
sudo iptables-save | grep " 8080 "
Thanks.
@AkihiroSuda
Somehow ended-up in a similar situation (albeit rootless, and I have no proof that this is the same problem as @Jezza - albeit a strong hunch)
The bottom-line is very much:
while read -r line; do sudo nsenter --net=$line iptables-save; done < <(lsns -n -u -t net -o PATH) | grep " 9043 "
-A CNI-DN-6fc0eff21b191af3e0816 -s 10.4.0.0/24 -p tcp -m tcp --dport 9043 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-6fc0eff21b191af3e0816 -s 127.0.0.1/32 -p tcp -m tcp --dport 9043 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-6fc0eff21b191af3e0816 -p tcp -m tcp --dport 9043 -j DNAT --to-destination 10.4.0.77:80
-A CNI-DN-87d2e30b7085fd87727f1 -s 10.4.0.0/24 -p tcp -m tcp --dport 9043 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-87d2e30b7085fd87727f1 -s 127.0.0.1/32 -p tcp -m tcp --dport 9043 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-87d2e30b7085fd87727f1 -p tcp -m tcp --dport 9043 -j DNAT --to-destination 10.4.0.76:80
-A CNI-DN-8e5ca74a52a08e331e169 -s 10.4.0.0/24 -p tcp -m tcp --dport 9043 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-8e5ca74a52a08e331e169 -s 127.0.0.1/32 -p tcp -m tcp --dport 9043 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-8e5ca74a52a08e331e169 -p tcp -m tcp --dport 9043 -j DNAT --to-destination 10.4.0.78:80
-A CNI-DN-ea95eedd887ad9612087b -s 10.4.0.0/24 -p tcp -m tcp --dport 9043 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-ea95eedd887ad9612087b -s 127.0.0.1/32 -p tcp -m tcp --dport 9043 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-ea95eedd887ad9612087b -p tcp -m tcp --dport 9043 -j DNAT --to-destination 10.4.0.81:80
-A CNI-DN-eba0d76ac6927895e7b2f -s 10.4.0.0/24 -p tcp -m tcp --dport 9043 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-eba0d76ac6927895e7b2f -s 127.0.0.1/32 -p tcp -m tcp --dport 9043 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-eba0d76ac6927895e7b2f -p tcp -m tcp --dport 9043 -j DNAT --to-destination 10.4.0.79:80
-A CNI-HOSTPORT-DNAT -p tcp -m comment --comment "dnat name: \"bridge\" id: \"default-911868c9bf2151a0947a4a7490287510b4e60e56e2e87ab6a2533cabec22e145\"" -m multiport --dports 9043 -j CNI-DN-87d2e30b7085fd87727f1
-A CNI-HOSTPORT-DNAT -p tcp -m comment --comment "dnat name: \"bridge\" id: \"default-62fa307a24464d9fc9819ce2a2ed5513d9a3618cc36739f9382fd79a6c8bd1fa\"" -m multiport --dports 9043 -j CNI-DN-6fc0eff21b191af3e0816
-A CNI-HOSTPORT-DNAT -p tcp -m comment --comment "dnat name: \"bridge\" id: \"default-fc34bcdbe09e9cf9110299d8594c34eba1a639a0d797d5dd2b71d4764653123c\"" -m multiport --dports 9043 -j CNI-DN-8e5ca74a52a08e331e169
-A CNI-HOSTPORT-DNAT -p tcp -m comment --comment "dnat name: \"bridge\" id: \"default-bb663be629d969e4fd2d852df5207337577104979c4c8c8dc3a7cb8643bca9c4\"" -m multiport --dports 9043 -j CNI-DN-eba0d76ac6927895e7b2f
-A CNI-HOSTPORT-DNAT -p tcp -m comment --comment "dnat name: \"bridge\" id: \"default-3b7b175dfdbb52a37bd52a3094f481f7e9bf5c9bd85c5634b7af078e60ea007f\"" -m multiport --dports 9043 -j CNI-DN-ea95eedd887ad9612087b
Note the multitude of ips binding to 9043 10.4.0.76, 10.4.0.77, 10.4.0.78, 10.4.0.79...
None of them corresponding to any live container here.
Either this is yet again a variant of CNI plugins "cleanup", or we do have a cleanup problem on our side.
while waiting for the fix on the CNI side to be merged, I am working on PR that cleanup container iptable rules using post oci Hook.
Sorry for the delay. Lemme post the outputs, and then catch up with the messages.
> cat /etc/resolv.conf
# Generated by NetworkManager
search fritz.box
nameserver 127.0.0.1
options edns0 trust-ad
> cat /etc/hosts
# Standard host addresses
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
# This host address
127.0.1.1 peeriot-00X
> curl 127.0.0.1:8080
curl: (7) Failed to connect to 127.0.0.1 port 8080 after 3076 ms: Couldn't connect to server
> curl 10.4.0.60:8080
curl: (7) Failed to connect to 10.4.0.64 port 8080 after 0 ms: Couldn't connect to server
> sudo nerdctl container inspect nginx
[
{
"Id": "c8491237a23b13f1d357627717f9f4036e451286f580081ba8e7064020b1abc7",
"Created": "2025-05-19T08:06:07.038825744Z",
"Path": "/docker-entrypoint.sh",
"Args": [
"nginx",
"-g",
"daemon off;"
],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": true,
"Pid": 2224412,
"ExitCode": 0,
"Error": "",
"StartedAt": "2025-05-19T08:06:07.251578908Z",
"FinishedAt": ""
},
"Image": "docker.io/library/nginx:latest",
"ResolvConfPath": "/var/lib/nerdctl/1935db59/containers/default/c8491237a23b13f1d357627717f9f4036e451286f580081ba8e7064020b1abc7/resolv.conf",
"HostnamePath": "/var/lib/nerdctl/1935db59/containers/default/c8491237a23b13f1d357627717f9f4036e451286f580081ba8e7064020b1abc7/hostname",
"LogPath": "/var/lib/nerdctl/1935db59/containers/default/c8491237a23b13f1d357627717f9f4036e451286f580081ba8e7064020b1abc7/c8491237a23b13f1d357627717f9f4036e451286f580081ba8e7064020b1abc7-json.log",
"Name": "nginx",
"RestartCount": 0,
"Driver": "overlayfs",
"Platform": "linux",
"AppArmorProfile": "",
"Mounts": [
{
"Type": "bind",
"Source": "/var/lib/nerdctl/1935db59/containers/default/c8491237a23b13f1d357627717f9f4036e451286f580081ba8e7064020b1abc7/resolv.conf",
"Destination": "/etc/resolv.conf",
"Mode": "bind,rprivate",
"RW": true,
"Propagation": "rprivate"
},
{
"Type": "bind",
"Source": "/var/lib/nerdctl/1935db59/etchosts/default/c8491237a23b13f1d357627717f9f4036e451286f580081ba8e7064020b1abc7/hosts",
"Destination": "/etc/hosts",
"Mode": "bind,rprivate",
"RW": true,
"Propagation": "rprivate"
},
{
"Type": "bind",
"Source": "/var/lib/nerdctl/1935db59/containers/default/c8491237a23b13f1d357627717f9f4036e451286f580081ba8e7064020b1abc7/hostname",
"Destination": "/etc/hostname",
"Mode": "bind,rprivate",
"RW": true,
"Propagation": "rprivate"
}
],
"Config": {
"Hostname": "c8491237a23b",
"AttachStdin": false,
"Labels": {
"containerd.io/restart.loguri": "binary:///usr/local/bin/nerdctl?_NERDCTL_INTERNAL_LOGGING=%2Fvar%2Flib%2Fnerdctl%2F1935db59",
"containerd.io/restart.policy": "always",
"containerd.io/restart.status": "running",
"io.containerd.image.config.stop-signal": "SIGQUIT",
"maintainer": "NGINX Docker Maintainers <[email protected]>",
"nerdctl/auto-remove": "false",
"nerdctl/extraHosts": "[]",
"nerdctl/hostname": "c8491237a23b",
"nerdctl/ipc": "{\"mode\":\"private\"}",
"nerdctl/log-uri": "binary:///usr/local/bin/nerdctl?_NERDCTL_INTERNAL_LOGGING=%2Fvar%2Flib%2Fnerdctl%2F1935db59",
"nerdctl/name": "nginx",
"nerdctl/namespace": "default",
"nerdctl/networks": "[\"bridge\"]",
"nerdctl/platform": "linux/amd64",
"nerdctl/ports": "[{\"HostPort\":8080,\"ContainerPort\":80,\"Protocol\":\"tcp\",\"HostIP\":\"0.0.0.0\"}]",
"nerdctl/state-dir": "/var/lib/nerdctl/1935db59/containers/default/c8491237a23b13f1d357627717f9f4036e451286f580081ba8e7064020b1abc7"
}
},
"NetworkSettings": {
"Ports": {
"80/tcp": [
{
"HostIp": "0.0.0.0",
"HostPort": "8080"
}
]
},
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "10.4.0.64",
"IPPrefixLen": 24,
"MacAddress": "1e:23:5e:20:56:7b",
"Networks": {
"unknown-eth0": {
"IPAddress": "10.4.0.64",
"IPPrefixLen": 24,
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "1e:23:5e:20:56:7b"
}
}
}
}
]
while read -r line; do sudo nsenter --net=$line iptables-save; done
-A CNI-DN-081c3759eb317461edcbb -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-081c3759eb317461edcbb -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-081c3759eb317461edcbb -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.28:8080
-A CNI-DN-15937fa403208771247bc -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-15937fa403208771247bc -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-15937fa403208771247bc -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.38:8080
-A CNI-DN-178166ff625fd397b4e5b -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-178166ff625fd397b4e5b -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-178166ff625fd397b4e5b -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.48:8080
-A CNI-DN-1eda29d95696dcb8453b5 -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-1eda29d95696dcb8453b5 -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-1eda29d95696dcb8453b5 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.27:8080
-A CNI-DN-1ee48c183f07925a95b14 -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-1ee48c183f07925a95b14 -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-1ee48c183f07925a95b14 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.40:8080
-A CNI-DN-2e9922c9277b58ff951eb -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-2e9922c9277b58ff951eb -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-2e9922c9277b58ff951eb -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.52:80
-A CNI-DN-30825be80e2fe7f25d27b -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-30825be80e2fe7f25d27b -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-30825be80e2fe7f25d27b -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.41:8080
-A CNI-DN-31f97289a1748a7589dc0 -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-31f97289a1748a7589dc0 -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-31f97289a1748a7589dc0 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.39:8080
-A CNI-DN-403d4f6d67346a4ebaf86 -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-403d4f6d67346a4ebaf86 -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-403d4f6d67346a4ebaf86 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.26:8080
-A CNI-DN-4a0924dbfe575db663884 -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-4a0924dbfe575db663884 -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-4a0924dbfe575db663884 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.36:8080
-A CNI-DN-5713790cbf68392bde419 -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-5713790cbf68392bde419 -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-5713790cbf68392bde419 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.64:80
-A CNI-DN-5c1467af3d02cf2da7915 -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-5c1467af3d02cf2da7915 -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-5c1467af3d02cf2da7915 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.24:8080
-A CNI-DN-63c550efeb6ced7d52573 -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-63c550efeb6ced7d52573 -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-63c550efeb6ced7d52573 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.34:8080
-A CNI-DN-6e7c5ecc345369bd65e4d -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-6e7c5ecc345369bd65e4d -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-6e7c5ecc345369bd65e4d -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.57:8080
-A CNI-DN-76813d1feaff7141c713b -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-76813d1feaff7141c713b -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-76813d1feaff7141c713b -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.22:8080
-A CNI-DN-76d3453b67258ee807c2b -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-76d3453b67258ee807c2b -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-76d3453b67258ee807c2b -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.23:8080
-A CNI-DN-8dfaa30cc026ca1030653 -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-8dfaa30cc026ca1030653 -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-8dfaa30cc026ca1030653 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.46:8080
-A CNI-DN-8fffd7b1f408ceb77f9a9 -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-8fffd7b1f408ceb77f9a9 -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-8fffd7b1f408ceb77f9a9 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.47:8080
-A CNI-DN-9d04dbc65f4fa7037be95 -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-9d04dbc65f4fa7037be95 -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-9d04dbc65f4fa7037be95 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.33:8080
-A CNI-DN-b6a4f3dce7cb9325eece2 -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-b6a4f3dce7cb9325eece2 -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-b6a4f3dce7cb9325eece2 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.58:8080
-A CNI-DN-bc79bcc15cfe609c0bf96 -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-bc79bcc15cfe609c0bf96 -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-bc79bcc15cfe609c0bf96 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.30:8080
-A CNI-DN-bee23d9a32ae98f29e845 -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-bee23d9a32ae98f29e845 -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-bee23d9a32ae98f29e845 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.37:8080
-A CNI-DN-c361bb265600f830f8b67 -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-c361bb265600f830f8b67 -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-c361bb265600f830f8b67 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.56:8080
-A CNI-DN-c68acd5dc4f852d14db3c -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-c68acd5dc4f852d14db3c -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-c68acd5dc4f852d14db3c -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.35:8080
-A CNI-DN-c72de5bdd6b780a721904 -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-c72de5bdd6b780a721904 -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-c72de5bdd6b780a721904 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.25:8080
-A CNI-DN-c851fef1adf890ad4559d -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-c851fef1adf890ad4559d -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-c851fef1adf890ad4559d -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.32:8080
-A CNI-DN-ce7ba51ef0ee38d47afe5 -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-ce7ba51ef0ee38d47afe5 -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-ce7ba51ef0ee38d47afe5 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.21:8080
-A CNI-DN-d3d8daadf9f031d8cb617 -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-d3d8daadf9f031d8cb617 -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-d3d8daadf9f031d8cb617 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.31:8080
-A CNI-DN-d945ef049c478a6ea229d -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-d945ef049c478a6ea229d -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-d945ef049c478a6ea229d -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.42:8080
-A CNI-DN-db3510c11c24bb9cf4def -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-db3510c11c24bb9cf4def -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-db3510c11c24bb9cf4def -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.20:8080
-A CNI-DN-e533a18484aedc82acf51 -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-e533a18484aedc82acf51 -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-e533a18484aedc82acf51 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.55:8080
-A CNI-HOSTPORT-DNAT -p tcp -m comment --comment "dnat name: \"bridge\" id: \"default-8eff3c04b7e3909dd4a4bab1a116cc77c75aae60c0e1ac5dc78092dccc09453f\"" -m multiport --dports 8080 -j CNI-DN-db3510c11c24bb9cf4def
-A CNI-HOSTPORT-DNAT -p tcp -m comment --comment "dnat name: \"bridge\" id: \"default-12a9c4ffd3fcd2ee3cc497bc1c7f5e20112826c8f78d9d0a3c0b5f6c5ea79acd\"" -m multiport --dports 8080 -j CNI-DN-ce7ba51ef0ee38d47afe5
-A CNI-HOSTPORT-DNAT -p tcp -m comment --comment "dnat name: \"bridge\" id: \"default-53987c0645ebdd6f31f9673ce998360ea886444b2c14e12856018c9db4dd3b9d\"" -m multiport --dports 8080 -j CNI-DN-76813d1feaff7141c713b
-A CNI-HOSTPORT-DNAT -p tcp -m comment --comment "dnat name: \"bridge\" id: \"default-4c13c45a3d58cac40b6821145485131e4dd2175929edf66e1e48f9f6c3d36e8d\"" -m multiport --dports 8080 -j CNI-DN-76d3453b67258ee807c2b
-A CNI-HOSTPORT-DNAT -p tcp -m comment --comment "dnat name: \"bridge\" id: \"default-898261fd77aaaaa298facb829a30f5c41c68d45d106ffeb60a4a93ef2094f20e\"" -m multiport --dports 8080 -j CNI-DN-bee23d9a32ae98f29e845
-A CNI-HOSTPORT-DNAT -p tcp -m comment --comment "dnat name: \"bridge\" id: \"default-1d0bb8eb15a28a1df105a4c3df342cc9e3cb4b95b3ccccd8dfd65853f4546344\"" -m multiport --dports 8080 -j CNI-DN-15937fa403208771247bc
-A CNI-HOSTPORT-DNAT -p tcp -m comment --comment "dnat name: \"bridge\" id: \"default-d84845b12b43f471a17b8e1b521bb00ce529be048d0c9206ad0aed3cfc7469e9\"" -m multiport --dports 8080 -j CNI-DN-31f97289a1748a7589dc0
-A CNI-HOSTPORT-DNAT -p tcp -m comment --comment "dnat name: \"bridge\" id: \"default-7e8af2c3deb92f3c702ce6696f0c6305d5122d7eafac49013dfb63f00bbcb83d\"" -m multiport --dports 8080 -j CNI-DN-1ee48c183f07925a95b14
-A CNI-HOSTPORT-DNAT -p tcp -m comment --comment "dnat name: \"bridge\" id: \"default-f94d9b8cdb43a46edd50caec4473829dc5a297ef82e2ddb0538b3661d8ef92f8\"" -m multiport --dports 8080 -j CNI-DN-30825be80e2fe7f25d27b
-A CNI-HOSTPORT-DNAT -p tcp -m comment --comment "dnat name: \"bridge\" id: \"default-6c607215f97df3450ab9b8ca01131d6df922ace3d3331631ddc433b3d509adb1\"" -m multiport --dports 8080 -j CNI-DN-d945ef049c478a6ea229d
-A CNI-HOSTPORT-DNAT -p tcp -m comment --comment "dnat name: \"bridge\" id: \"default-fb20de5c05dec2edf6165457d4b76a7a0d0534a51d70aeb6fa310b0e189a6b07\"" -m multiport --dports 8080 -j CNI-DN-8dfaa30cc026ca1030653
-A CNI-HOSTPORT-DNAT -p tcp -m comment --comment "dnat name: \"bridge\" id: \"default-522c657a6a06bbaa4be2a63aeeaa0ec817f95788bbe1fd38b87882be78daa121\"" -m multiport --dports 8080 -j CNI-DN-8fffd7b1f408ceb77f9a9
-A CNI-HOSTPORT-DNAT -p tcp -m comment --comment "dnat name: \"bridge\" id: \"default-feb886a25840293f66572eb94067db9c41d797250e5db0f24f74f9ab671287be\"" -m multiport --dports 8080 -j CNI-DN-178166ff625fd397b4e5b
-A CNI-HOSTPORT-DNAT -p tcp -m comment --comment "dnat name: \"bridge\" id: \"default-29537e29beccfcaa63ed2c20f4127252ffd62aa44293d5652248b82c69d975c1\"" -m multiport --dports 8080 -j CNI-DN-2e9922c9277b58ff951eb
-A CNI-HOSTPORT-DNAT -p tcp -m comment --comment "dnat name: \"bridge\" id: \"default-2ba93d590a53c3c57744a9d155f7b9eb29366be3a971e29bf10a7162682986ce\"" -m multiport --dports 8080 -j CNI-DN-e533a18484aedc82acf51
-A CNI-HOSTPORT-DNAT -p tcp -m comment --comment "dnat name: \"bridge\" id: \"default-9d6464d4b2efbc185399d5e1f7d3757e9979f90c457c49a79bd91c693c33dafc\"" -m multiport --dports 8080 -j CNI-DN-c361bb265600f830f8b67
-A CNI-HOSTPORT-DNAT -p tcp -m comment --comment "dnat name: \"bridge\" id: \"default-5df455956fa98b05e1e17fa7c73154d084933d76d4488831def7c202648e484b\"" -m multiport --dports 8080 -j CNI-DN-6e7c5ecc345369bd65e4d
-A CNI-HOSTPORT-DNAT -p tcp -m comment --comment "dnat name: \"bridge\" id: \"default-9aa95c08fdfa376b9f62c33c9d0b7f1557617a360e66d274740485b0e7b892ff\"" -m multiport --dports 8080 -j CNI-DN-b6a4f3dce7cb9325eece2
-A CNI-HOSTPORT-DNAT -p tcp -m comment --comment "dnat name: \"bridge\" id: \"default-c8491237a23b13f1d357627717f9f4036e451286f580081ba8e7064020b1abc7\"" -m multiport --dports 8080 -j CNI-DN-5713790cbf68392bde419
-A CNI-DN-081c3759eb317461edcbb -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-081c3759eb317461edcbb -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-081c3759eb317461edcbb -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.28:8080
-A CNI-DN-15937fa403208771247bc -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-15937fa403208771247bc -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-15937fa403208771247bc -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.38:8080
-A CNI-DN-178166ff625fd397b4e5b -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-178166ff625fd397b4e5b -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-178166ff625fd397b4e5b -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.48:8080
-A CNI-DN-1eda29d95696dcb8453b5 -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-1eda29d95696dcb8453b5 -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-1eda29d95696dcb8453b5 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.27:8080
-A CNI-DN-1ee48c183f07925a95b14 -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-1ee48c183f07925a95b14 -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-1ee48c183f07925a95b14 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.40:8080
-A CNI-DN-2e9922c9277b58ff951eb -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-2e9922c9277b58ff951eb -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-2e9922c9277b58ff951eb -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.52:80
-A CNI-DN-30825be80e2fe7f25d27b -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-30825be80e2fe7f25d27b -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-30825be80e2fe7f25d27b -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.41:8080
-A CNI-DN-31f97289a1748a7589dc0 -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-31f97289a1748a7589dc0 -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-31f97289a1748a7589dc0 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.39:8080
-A CNI-DN-403d4f6d67346a4ebaf86 -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-403d4f6d67346a4ebaf86 -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-403d4f6d67346a4ebaf86 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.26:8080
-A CNI-DN-4a0924dbfe575db663884 -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-4a0924dbfe575db663884 -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-4a0924dbfe575db663884 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.36:8080
-A CNI-DN-5713790cbf68392bde419 -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-5713790cbf68392bde419 -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-5713790cbf68392bde419 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.64:80
-A CNI-DN-5c1467af3d02cf2da7915 -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-5c1467af3d02cf2da7915 -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-5c1467af3d02cf2da7915 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.24:8080
-A CNI-DN-63c550efeb6ced7d52573 -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-63c550efeb6ced7d52573 -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-63c550efeb6ced7d52573 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.34:8080
-A CNI-DN-6e7c5ecc345369bd65e4d -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-6e7c5ecc345369bd65e4d -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-6e7c5ecc345369bd65e4d -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.57:8080
-A CNI-DN-76813d1feaff7141c713b -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-76813d1feaff7141c713b -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-76813d1feaff7141c713b -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.22:8080
-A CNI-DN-76d3453b67258ee807c2b -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-76d3453b67258ee807c2b -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-76d3453b67258ee807c2b -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.23:8080
-A CNI-DN-8dfaa30cc026ca1030653 -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-8dfaa30cc026ca1030653 -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-8dfaa30cc026ca1030653 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.46:8080
-A CNI-DN-8fffd7b1f408ceb77f9a9 -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-8fffd7b1f408ceb77f9a9 -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-8fffd7b1f408ceb77f9a9 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.47:8080
-A CNI-DN-9d04dbc65f4fa7037be95 -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-9d04dbc65f4fa7037be95 -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-9d04dbc65f4fa7037be95 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.33:8080
-A CNI-DN-b6a4f3dce7cb9325eece2 -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-b6a4f3dce7cb9325eece2 -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-b6a4f3dce7cb9325eece2 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.58:8080
-A CNI-DN-bc79bcc15cfe609c0bf96 -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-bc79bcc15cfe609c0bf96 -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-bc79bcc15cfe609c0bf96 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.30:8080
-A CNI-DN-bee23d9a32ae98f29e845 -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-bee23d9a32ae98f29e845 -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-bee23d9a32ae98f29e845 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.37:8080
-A CNI-DN-c361bb265600f830f8b67 -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-c361bb265600f830f8b67 -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-c361bb265600f830f8b67 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.56:8080
-A CNI-DN-c68acd5dc4f852d14db3c -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-c68acd5dc4f852d14db3c -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-c68acd5dc4f852d14db3c -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.35:8080
-A CNI-DN-c72de5bdd6b780a721904 -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-c72de5bdd6b780a721904 -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-c72de5bdd6b780a721904 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.25:8080
-A CNI-DN-c851fef1adf890ad4559d -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-c851fef1adf890ad4559d -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-c851fef1adf890ad4559d -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.32:8080
-A CNI-DN-ce7ba51ef0ee38d47afe5 -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-ce7ba51ef0ee38d47afe5 -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-ce7ba51ef0ee38d47afe5 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.21:8080
-A CNI-DN-d3d8daadf9f031d8cb617 -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-d3d8daadf9f031d8cb617 -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-d3d8daadf9f031d8cb617 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.31:8080
-A CNI-DN-d945ef049c478a6ea229d -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-d945ef049c478a6ea229d -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-d945ef049c478a6ea229d -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.42:8080
-A CNI-DN-db3510c11c24bb9cf4def -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-db3510c11c24bb9cf4def -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-db3510c11c24bb9cf4def -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.20:8080
-A CNI-DN-e533a18484aedc82acf51 -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-e533a18484aedc82acf51 -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-e533a18484aedc82acf51 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.55:8080
-A CNI-HOSTPORT-DNAT -p tcp -m comment --comment "dnat name: \"bridge\" id: \"default-8eff3c04b7e3909dd4a4bab1a116cc77c75aae60c0e1ac5dc78092dccc09453f\"" -m multiport --dports 8080 -j CNI-DN-db3510c11c24bb9cf4def
-A CNI-HOSTPORT-DNAT -p tcp -m comment --comment "dnat name: \"bridge\" id: \"default-12a9c4ffd3fcd2ee3cc497bc1c7f5e20112826c8f78d9d0a3c0b5f6c5ea79acd\"" -m multiport --dports 8080 -j CNI-DN-ce7ba51ef0ee38d47afe5
-A CNI-HOSTPORT-DNAT -p tcp -m comment --comment "dnat name: \"bridge\" id: \"default-53987c0645ebdd6f31f9673ce998360ea886444b2c14e12856018c9db4dd3b9d\"" -m multiport --dports 8080 -j CNI-DN-76813d1feaff7141c713b
-A CNI-HOSTPORT-DNAT -p tcp -m comment --comment "dnat name: \"bridge\" id: \"default-4c13c45a3d58cac40b6821145485131e4dd2175929edf66e1e48f9f6c3d36e8d\"" -m multiport --dports 8080 -j CNI-DN-76d3453b67258ee807c2b
-A CNI-HOSTPORT-DNAT -p tcp -m comment --comment "dnat name: \"bridge\" id: \"default-898261fd77aaaaa298facb829a30f5c41c68d45d106ffeb60a4a93ef2094f20e\"" -m multiport --dports 8080 -j CNI-DN-bee23d9a32ae98f29e845
-A CNI-HOSTPORT-DNAT -p tcp -m comment --comment "dnat name: \"bridge\" id: \"default-1d0bb8eb15a28a1df105a4c3df342cc9e3cb4b95b3ccccd8dfd65853f4546344\"" -m multiport --dports 8080 -j CNI-DN-15937fa403208771247bc
-A CNI-HOSTPORT-DNAT -p tcp -m comment --comment "dnat name: \"bridge\" id: \"default-d84845b12b43f471a17b8e1b521bb00ce529be048d0c9206ad0aed3cfc7469e9\"" -m multiport --dports 8080 -j CNI-DN-31f97289a1748a7589dc0
-A CNI-HOSTPORT-DNAT -p tcp -m comment --comment "dnat name: \"bridge\" id: \"default-7e8af2c3deb92f3c702ce6696f0c6305d5122d7eafac49013dfb63f00bbcb83d\"" -m multiport --dports 8080 -j CNI-DN-1ee48c183f07925a95b14
-A CNI-HOSTPORT-DNAT -p tcp -m comment --comment "dnat name: \"bridge\" id: \"default-f94d9b8cdb43a46edd50caec4473829dc5a297ef82e2ddb0538b3661d8ef92f8\"" -m multiport --dports 8080 -j CNI-DN-30825be80e2fe7f25d27b
-A CNI-HOSTPORT-DNAT -p tcp -m comment --comment "dnat name: \"bridge\" id: \"default-6c607215f97df3450ab9b8ca01131d6df922ace3d3331631ddc433b3d509adb1\"" -m multiport --dports 8080 -j CNI-DN-d945ef049c478a6ea229d
-A CNI-HOSTPORT-DNAT -p tcp -m comment --comment "dnat name: \"bridge\" id: \"default-fb20de5c05dec2edf6165457d4b76a7a0d0534a51d70aeb6fa310b0e189a6b07\"" -m multiport --dports 8080 -j CNI-DN-8dfaa30cc026ca1030653
-A CNI-HOSTPORT-DNAT -p tcp -m comment --comment "dnat name: \"bridge\" id: \"default-522c657a6a06bbaa4be2a63aeeaa0ec817f95788bbe1fd38b87882be78daa121\"" -m multiport --dports 8080 -j CNI-DN-8fffd7b1f408ceb77f9a9
-A CNI-HOSTPORT-DNAT -p tcp -m comment --comment "dnat name: \"bridge\" id: \"default-feb886a25840293f66572eb94067db9c41d797250e5db0f24f74f9ab671287be\"" -m multiport --dports 8080 -j CNI-DN-178166ff625fd397b4e5b
-A CNI-HOSTPORT-DNAT -p tcp -m comment --comment "dnat name: \"bridge\" id: \"default-29537e29beccfcaa63ed2c20f4127252ffd62aa44293d5652248b82c69d975c1\"" -m multiport --dports 8080 -j CNI-DN-2e9922c9277b58ff951eb
-A CNI-HOSTPORT-DNAT -p tcp -m comment --comment "dnat name: \"bridge\" id: \"default-2ba93d590a53c3c57744a9d155f7b9eb29366be3a971e29bf10a7162682986ce\"" -m multiport --dports 8080 -j CNI-DN-e533a18484aedc82acf51
-A CNI-HOSTPORT-DNAT -p tcp -m comment --comment "dnat name: \"bridge\" id: \"default-9d6464d4b2efbc185399d5e1f7d3757e9979f90c457c49a79bd91c693c33dafc\"" -m multiport --dports 8080 -j CNI-DN-c361bb265600f830f8b67
-A CNI-HOSTPORT-DNAT -p tcp -m comment --comment "dnat name: \"bridge\" id: \"default-5df455956fa98b05e1e17fa7c73154d084933d76d4488831def7c202648e484b\"" -m multiport --dports 8080 -j CNI-DN-6e7c5ecc345369bd65e4d
-A CNI-HOSTPORT-DNAT -p tcp -m comment --comment "dnat name: \"bridge\" id: \"default-9aa95c08fdfa376b9f62c33c9d0b7f1557617a360e66d274740485b0e7b892ff\"" -m multiport --dports 8080 -j CNI-DN-b6a4f3dce7cb9325eece2
-A CNI-HOSTPORT-DNAT -p tcp -m comment --comment "dnat name: \"bridge\" id: \"default-c8491237a23b13f1d357627717f9f4036e451286f580081ba8e7064020b1abc7\"" -m multiport --dports 8080 -j CNI-DN-5713790cbf68392bde419
sudo iptables-save | grep " 8080 "
-A CNI-DN-081c3759eb317461edcbb -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-081c3759eb317461edcbb -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-081c3759eb317461edcbb -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.28:8080
-A CNI-DN-15937fa403208771247bc -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-15937fa403208771247bc -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-15937fa403208771247bc -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.38:8080
-A CNI-DN-178166ff625fd397b4e5b -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-178166ff625fd397b4e5b -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-178166ff625fd397b4e5b -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.48:8080
-A CNI-DN-1eda29d95696dcb8453b5 -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-1eda29d95696dcb8453b5 -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-1eda29d95696dcb8453b5 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.27:8080
-A CNI-DN-1ee48c183f07925a95b14 -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-1ee48c183f07925a95b14 -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-1ee48c183f07925a95b14 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.40:8080
-A CNI-DN-2e9922c9277b58ff951eb -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-2e9922c9277b58ff951eb -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-2e9922c9277b58ff951eb -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.52:80
-A CNI-DN-30825be80e2fe7f25d27b -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-30825be80e2fe7f25d27b -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-30825be80e2fe7f25d27b -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.41:8080
-A CNI-DN-31f97289a1748a7589dc0 -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-31f97289a1748a7589dc0 -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-31f97289a1748a7589dc0 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.39:8080
-A CNI-DN-403d4f6d67346a4ebaf86 -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-403d4f6d67346a4ebaf86 -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-403d4f6d67346a4ebaf86 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.26:8080
-A CNI-DN-4a0924dbfe575db663884 -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-4a0924dbfe575db663884 -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-4a0924dbfe575db663884 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.36:8080
-A CNI-DN-5713790cbf68392bde419 -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-5713790cbf68392bde419 -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-5713790cbf68392bde419 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.64:80
-A CNI-DN-5c1467af3d02cf2da7915 -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-5c1467af3d02cf2da7915 -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-5c1467af3d02cf2da7915 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.24:8080
-A CNI-DN-63c550efeb6ced7d52573 -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-63c550efeb6ced7d52573 -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-63c550efeb6ced7d52573 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.34:8080
-A CNI-DN-6e7c5ecc345369bd65e4d -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-6e7c5ecc345369bd65e4d -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-6e7c5ecc345369bd65e4d -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.57:8080
-A CNI-DN-76813d1feaff7141c713b -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-76813d1feaff7141c713b -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-76813d1feaff7141c713b -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.22:8080
-A CNI-DN-76d3453b67258ee807c2b -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-76d3453b67258ee807c2b -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-76d3453b67258ee807c2b -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.23:8080
-A CNI-DN-8dfaa30cc026ca1030653 -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-8dfaa30cc026ca1030653 -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-8dfaa30cc026ca1030653 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.46:8080
-A CNI-DN-8fffd7b1f408ceb77f9a9 -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-8fffd7b1f408ceb77f9a9 -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-8fffd7b1f408ceb77f9a9 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.47:8080
-A CNI-DN-9d04dbc65f4fa7037be95 -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-9d04dbc65f4fa7037be95 -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-9d04dbc65f4fa7037be95 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.33:8080
-A CNI-DN-b6a4f3dce7cb9325eece2 -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-b6a4f3dce7cb9325eece2 -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-b6a4f3dce7cb9325eece2 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.58:8080
-A CNI-DN-bc79bcc15cfe609c0bf96 -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-bc79bcc15cfe609c0bf96 -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-bc79bcc15cfe609c0bf96 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.30:8080
-A CNI-DN-bee23d9a32ae98f29e845 -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-bee23d9a32ae98f29e845 -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-bee23d9a32ae98f29e845 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.37:8080
-A CNI-DN-c361bb265600f830f8b67 -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-c361bb265600f830f8b67 -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-c361bb265600f830f8b67 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.56:8080
-A CNI-DN-c68acd5dc4f852d14db3c -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-c68acd5dc4f852d14db3c -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-c68acd5dc4f852d14db3c -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.35:8080
-A CNI-DN-c72de5bdd6b780a721904 -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-c72de5bdd6b780a721904 -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-c72de5bdd6b780a721904 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.25:8080
-A CNI-DN-c851fef1adf890ad4559d -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-c851fef1adf890ad4559d -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-c851fef1adf890ad4559d -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.32:8080
-A CNI-DN-ce7ba51ef0ee38d47afe5 -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-ce7ba51ef0ee38d47afe5 -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-ce7ba51ef0ee38d47afe5 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.21:8080
-A CNI-DN-d3d8daadf9f031d8cb617 -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-d3d8daadf9f031d8cb617 -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-d3d8daadf9f031d8cb617 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.31:8080
-A CNI-DN-d945ef049c478a6ea229d -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-d945ef049c478a6ea229d -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-d945ef049c478a6ea229d -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.42:8080
-A CNI-DN-db3510c11c24bb9cf4def -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-db3510c11c24bb9cf4def -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-db3510c11c24bb9cf4def -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.20:8080
-A CNI-DN-e533a18484aedc82acf51 -s 10.4.0.0/24 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-e533a18484aedc82acf51 -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-e533a18484aedc82acf51 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.4.0.55:8080
-A CNI-HOSTPORT-DNAT -p tcp -m comment --comment "dnat name: \"bridge\" id: \"default-8eff3c04b7e3909dd4a4bab1a116cc77c75aae60c0e1ac5dc78092dccc09453f\"" -m multiport --dports 8080 -j CNI-DN-db3510c11c24bb9cf4def
-A CNI-HOSTPORT-DNAT -p tcp -m comment --comment "dnat name: \"bridge\" id: \"default-12a9c4ffd3fcd2ee3cc497bc1c7f5e20112826c8f78d9d0a3c0b5f6c5ea79acd\"" -m multiport --dports 8080 -j CNI-DN-ce7ba51ef0ee38d47afe5
-A CNI-HOSTPORT-DNAT -p tcp -m comment --comment "dnat name: \"bridge\" id: \"default-53987c0645ebdd6f31f9673ce998360ea886444b2c14e12856018c9db4dd3b9d\"" -m multiport --dports 8080 -j CNI-DN-76813d1feaff7141c713b
-A CNI-HOSTPORT-DNAT -p tcp -m comment --comment "dnat name: \"bridge\" id: \"default-4c13c45a3d58cac40b6821145485131e4dd2175929edf66e1e48f9f6c3d36e8d\"" -m multiport --dports 8080 -j CNI-DN-76d3453b67258ee807c2b
-A CNI-HOSTPORT-DNAT -p tcp -m comment --comment "dnat name: \"bridge\" id: \"default-898261fd77aaaaa298facb829a30f5c41c68d45d106ffeb60a4a93ef2094f20e\"" -m multiport --dports 8080 -j CNI-DN-bee23d9a32ae98f29e845
-A CNI-HOSTPORT-DNAT -p tcp -m comment --comment "dnat name: \"bridge\" id: \"default-1d0bb8eb15a28a1df105a4c3df342cc9e3cb4b95b3ccccd8dfd65853f4546344\"" -m multiport --dports 8080 -j CNI-DN-15937fa403208771247bc
-A CNI-HOSTPORT-DNAT -p tcp -m comment --comment "dnat name: \"bridge\" id: \"default-d84845b12b43f471a17b8e1b521bb00ce529be048d0c9206ad0aed3cfc7469e9\"" -m multiport --dports 8080 -j CNI-DN-31f97289a1748a7589dc0
-A CNI-HOSTPORT-DNAT -p tcp -m comment --comment "dnat name: \"bridge\" id: \"default-7e8af2c3deb92f3c702ce6696f0c6305d5122d7eafac49013dfb63f00bbcb83d\"" -m multiport --dports 8080 -j CNI-DN-1ee48c183f07925a95b14
-A CNI-HOSTPORT-DNAT -p tcp -m comment --comment "dnat name: \"bridge\" id: \"default-f94d9b8cdb43a46edd50caec4473829dc5a297ef82e2ddb0538b3661d8ef92f8\"" -m multiport --dports 8080 -j CNI-DN-30825be80e2fe7f25d27b
-A CNI-HOSTPORT-DNAT -p tcp -m comment --comment "dnat name: \"bridge\" id: \"default-6c607215f97df3450ab9b8ca01131d6df922ace3d3331631ddc433b3d509adb1\"" -m multiport --dports 8080 -j CNI-DN-d945ef049c478a6ea229d
-A CNI-HOSTPORT-DNAT -p tcp -m comment --comment "dnat name: \"bridge\" id: \"default-fb20de5c05dec2edf6165457d4b76a7a0d0534a51d70aeb6fa310b0e189a6b07\"" -m multiport --dports 8080 -j CNI-DN-8dfaa30cc026ca1030653
-A CNI-HOSTPORT-DNAT -p tcp -m comment --comment "dnat name: \"bridge\" id: \"default-522c657a6a06bbaa4be2a63aeeaa0ec817f95788bbe1fd38b87882be78daa121\"" -m multiport --dports 8080 -j CNI-DN-8fffd7b1f408ceb77f9a9
-A CNI-HOSTPORT-DNAT -p tcp -m comment --comment "dnat name: \"bridge\" id: \"default-feb886a25840293f66572eb94067db9c41d797250e5db0f24f74f9ab671287be\"" -m multiport --dports 8080 -j CNI-DN-178166ff625fd397b4e5b
-A CNI-HOSTPORT-DNAT -p tcp -m comment --comment "dnat name: \"bridge\" id: \"default-29537e29beccfcaa63ed2c20f4127252ffd62aa44293d5652248b82c69d975c1\"" -m multiport --dports 8080 -j CNI-DN-2e9922c9277b58ff951eb
-A CNI-HOSTPORT-DNAT -p tcp -m comment --comment "dnat name: \"bridge\" id: \"default-2ba93d590a53c3c57744a9d155f7b9eb29366be3a971e29bf10a7162682986ce\"" -m multiport --dports 8080 -j CNI-DN-e533a18484aedc82acf51
-A CNI-HOSTPORT-DNAT -p tcp -m comment --comment "dnat name: \"bridge\" id: \"default-9d6464d4b2efbc185399d5e1f7d3757e9979f90c457c49a79bd91c693c33dafc\"" -m multiport --dports 8080 -j CNI-DN-c361bb265600f830f8b67
-A CNI-HOSTPORT-DNAT -p tcp -m comment --comment "dnat name: \"bridge\" id: \"default-5df455956fa98b05e1e17fa7c73154d084933d76d4488831def7c202648e484b\"" -m multiport --dports 8080 -j CNI-DN-6e7c5ecc345369bd65e4d
-A CNI-HOSTPORT-DNAT -p tcp -m comment --comment "dnat name: \"bridge\" id: \"default-9aa95c08fdfa376b9f62c33c9d0b7f1557617a360e66d274740485b0e7b892ff\"" -m multiport --dports 8080 -j CNI-DN-b6a4f3dce7cb9325eece2
-A CNI-HOSTPORT-DNAT -p tcp -m comment --comment "dnat name: \"bridge\" id: \"default-c8491237a23b13f1d357627717f9f4036e451286f580081ba8e7064020b1abc7\"" -m multiport --dports 8080 -j CNI-DN-5713790cbf68392bde419
Thanks a lot @Jezza - the iptables list IMO confirms that your problem is very much #4253
This should be taken care of as part of #4255 - if you are in a hurry, you can use the patch from (the smaller) #4254
@Jezza #4255 has been merged, and should (tentatively) fix this. If you get a chance to test from a build on main, that would be nice. Alternatively, the fix should come in the next patch release.
Feel free to close this if you can confirm your problem is fixed. Alternatively, will close with the next patch release.
Note that the fix will not unfuck already littered iptables (you likely have to manually flush these rules) - it will prevent it from happening again though.