Hi,
We are working on deploying Free5G inside an Ubuntu virtual machine running on OpenStack infrastructure. We are connecting the UPF to a virtual router in order to access the Internet from simulated UEs. The simulation of UEs is performed by another virtual machine that runs a custom software that performs the registration and PDU session establishment for a new UE and then captures IP traffic from user applications (ping, wget, etc.) in a third machine. It encapsulates it in the GTP tunnel to send the traffic to the UPF. The scenario is basically the one seen in the diagram that I am attaching.
The deployment is currently working properly for ICMP or UDP traffic, but we are experiencing issues with the NAT MASQUERADE rule when sending TCP traffic to the Internet. It seems that most of the TCP packets are not matching the rule for some reason, and they are sent to the gateway router with the original IP from the application generating the traffic, and consequently are not being routed properly. Nevertheless, some of the packets (usually, retransmissions from the original packet) are actually being translated, routed, and answered by the remote Internet server. I am also attaching a tcpdump capture on the core machine interface connected to the gateway. Packets with 192.168.100.1 as source IP are not being translated while packets with source IP 192.168.1.189 are using the NAT rule. The capture is a wget to google.com.
We have previously tested this exact same scenario in a Virtualbox environment, without experiencing these issues with TCP traffic.
Would anyone have an idea why this could be happening?
tcp-wget-google.pcap (81.4 KB)