Tomas Hruby

> the calico-node pod should start and possibly throw other errors related to the missing kernel module. `calicoctl checksystem` check is you have all the prerequisities. [Here](https://github.com/projectcalico/calico/blob/master/calicoctl/calicoctl/commands/node/checksystem.go#L40-L59) is a list...

> purposely unloaded nf_conntrack_netlink as it causes a crash when starting k3s agent with calico Sure, but what is the cause? Buggy old kernel it seems. If you managed to...

Could you share `ip6tables-save -c` output from the node where your ping pod runs? What is `k8s-lb` IP?

@brentmjohnson `calico/node:v3.27.3-3-g547edf833d4c` should carry the fix. We just missed the 3.27.3 release, but this is essentially 3.27.3 + the fix. Let us know if it works for you and if...

> However, I encountered a connection timeout when the client pod was using host networking (e.g., a calico-controller node) and the destination was a service with an external IP (e.g.,...

> edit2: setting bpfConnectTimeLoadBalancing to TCP solves this problem functionally. before trying the new config, we were using the feature gate approach BPFConnectTimeLoadBalancingWorkaround=udp These two things are equivalent. `bpfConnectTimeLoadBalancing=Disabled` turns...

@sfudeus that is a real issue and I will track it separately as it looks different to the original issue of this ticket.

@antikilahdjs @phillipsj I am closing this issue as stale, but if you have additional information that could help further investigation, feel free to reopen it.

Any update on this?

What is the version of `iptables-nft-save` on your system? Have you installed any rules manually?