[BUG] The SNAT pod is unable to access fip that bound to another pod

[qcu266]

Kube-OVN Version

v1.12.12

Kubernetes Version

v1.24.1

Operation-system/Kernel Version

CentOS Stream 8
5.4.236-1.el8.elrepo.x86_64

Description

PR: #2911
The addition of the -o net1 parameter in this PR will cause pods within the VPC that use SNAT to be unable to access pods binding with fip. Considering the description of this PR, is it intended to address the issue of vpc-nat-gateway pods being unable to access other pods within the VPC? It seems that removing the -o net1 parameter during testing does not lead to this issue.

Steps To Reproduce

podA  ip: 10.116.80.141  snat: 10.122.194.106
podB  ip: 10.116.80.9    fip:  10.122.195.20

podA access podB fip 10.122.195.20

10.116.80.141 > 10.122.195.20

Current Behavior

It is unable to access, and upon packet capture, it is observed that only the DNAT transformation of the NAT postrouting chain is completed, while the SNAT rules seem to remain unchanged due to the -o net1 parameter.

08:29:42.304406 eth0  In  IP 10.116.80.141.42624 > 10.122.195.20.9640: Flags [S], seq 2568096467, win 64240, options [mss 1460,sackOK,TS val 2353869530 ecr 0,nop,wscale 7], length 0
08:29:42.304429 eth0  Out IP 10.116.80.141.42624 > 10.116.80.9.9640: Flags [S], seq 2568096467, win 64240, options [mss 1460,sackOK,TS val 2353869530 ecr 0,nop,wscale 7], length 0

Expected Behavior

---