Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Name-based routing to s3 bucket websites doesn't work #3076

Open
samroweemployinc opened this issue Dec 18, 2024 · 0 comments
Open

Name-based routing to s3 bucket websites doesn't work #3076

samroweemployinc opened this issue Dec 18, 2024 · 0 comments

Comments

@samroweemployinc
Copy link

samroweemployinc commented Dec 18, 2024

Describe the problem

We have an S3 bucket with a "simple website" interface which is behind a blah.s3-website-us-west-1.amazonaws.com DNS name. We've tried to create a name-based route for it, but it doesn't work and we see IPv6 addresses show up in it, which I don't think can work over Netbird. "Doesn't work" means that sometimes our IP restrictions give a 403 and sometimes they don't. We enabled logging on the bucket and saw that all of the 403s came directly from my ISP IP and all of the 200s came from the NB Peer as expected.

One final thing we noticed was that the IP list for that name-based-route just grows and grows despite "Keep Routes" being turned on in the n-b-r.

To Reproduce

Steps to reproduce the behavior:

  1. Create an s3 simple site and allow only private IPs via BucketPolicy ( "Condition": {"IpAddress": {"aws:SourceIp": [...
  2. Create a name-based route for that site
  3. curl a file from it over and over and sometimes get a 403 and sometimes get 200

Expected behavior

The route should be used consistently. IPv6 addresses shouldn't be in the list.

Are you using NetBird Cloud?

Self Host

NetBird version

0.34.1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant