OCPBUGS-82501: Fix AWS DualStack CI jobs consistently encounter 2 EgressFirewall Test Failures

test/extended/networking/egress_firewall.go

@@ -156,11 +156,30 @@ func sendEgressFwTraffic(f *e2e.Framework, mgmtFw *e2e.Framework, oc *exutil.CLI
 		out, err := oc.Run("exec").Args(pod, "--", "ping", "-c", "1", "1.1.1.1").Output()
 		expectError(err, "ping to 1.1.1.1 should fail: %s", out)
 	}
+
 	// Test curl to redhat.com should pass
 	// because we have allow dns rule for redhat.com
 	g.By("sending traffic that matches allow dns rule")
-	_, err = oc.Run("exec").Args(pod, "--", "curl", "-q", "-s", "-I", "-m5", "https://redhat.com").Output()
-	expectNoError(err)
+
+	// First, try to resolve DNS to see what IP would be used
+	e2e.Logf("Resolving redhat.com DNS...")
+	dnsOutRedhat, dnsErrRedhat := oc.Run("exec").Args(pod, "--", "nslookup", "redhat.com").Output()
+	if dnsErrRedhat == nil {
+		e2e.Logf("DNS Resolution for redhat.com:\n%s", dnsOutRedhat)
+	} else {
+		e2e.Logf("DNS Resolution failed: %v\nOutput: %s", dnsErrRedhat, dnsOutRedhat)
+	}
+
+	// Try curl with verbose output to see connection details and IP address
+	e2e.Logf("Attempting curl to redhat.com (expected to succeed)...")
+	outRedhat, errRedhat := oc.Run("exec").Args(pod, "--", "curl", "-v", "-I", "-m5", "--connect-timeout", "5", "https://redhat.com").Output()
+	e2e.Logf("Curl output (stdout+stderr):\n%s", outRedhat)
+
+	// Also try to get the resolved IP using curl's --write-out option
+	ipOutRedhat, ipErrRedhat := oc.Run("exec").Args(pod, "--", "curl", "-s", "-o", "/dev/null", "-w", "Remote IP: %{remote_ip}\\nHTTP Code: %{http_code}\\n", "-m5", "https://redhat.com").Output()
+	e2e.Logf("Curl IP info: %s (error: %v)", ipOutRedhat, ipErrRedhat)
+
+	expectNoError(errRedhat)
 
 	// Test curl to amazon.com should pass
 	// because we have allow dns rule for amazon.com
@@ -183,7 +202,30 @@ func sendEgressFwTraffic(f *e2e.Framework, mgmtFw *e2e.Framework, oc *exutil.CLI
 	// Test curl to www.redhat.com should fail
 	// because we don't have allow dns rule for www.redhat.com
 	g.By("sending traffic that does not match allow dns rule")
-	_, err = oc.Run("exec").Args(pod, "--", "curl", "-q", "-s", "-I", "-m5", "https://www.redhat.com").Output()
+
+	// First, try to resolve DNS to see what IP would be used
+	e2e.Logf("Resolving www.redhat.com DNS...")
+	dnsOutWww, dnsErrWww := oc.Run("exec").Args(pod, "--", "nslookup", "www.redhat.com").Output()
+	if dnsErrWww == nil {
+		e2e.Logf("DNS Resolution for www.redhat.com:\n%s", dnsOutWww)
+	} else {
+		e2e.Logf("DNS Resolution failed: %v\nOutput: %s", dnsErrWww, dnsOutWww)
+	}
+
+	// Try curl with verbose output to see connection details and IP address
+	e2e.Logf("Attempting curl to www.redhat.com (expected to fail)...")
+	outWww, errWww := oc.Run("exec").Args(pod, "--", "curl", "-v", "-I", "-m5", "--connect-timeout", "5", "https://www.redhat.com").Output()
+	e2e.Logf("Curl output (stdout+stderr):\n%s", outWww)
+
+	// Also try to get the resolved IP using curl's --write-out option
+	ipOutWww, ipErrWww := oc.Run("exec").Args(pod, "--", "curl", "-s", "-o", "/dev/null", "-w", "Remote IP: %{remote_ip}\\nHTTP Code: %{http_code}\\n", "-m5", "https://www.redhat.com").Output()
+	e2e.Logf("Curl IP info: %s (error: %v)", ipOutWww, ipErrWww)
+	expectError(errWww)
+
+	// Test curl to www.apple.com should fail
+	// because we don't have allow dns rule for www.apple.com
+	g.By("sending traffic that does not match allow dns rule")
+	_, err = oc.Run("exec").Args(pod, "--", "curl", "-q", "-s", "-I", "-m5", "https://www.apple.com").Output()
 	expectError(err)
 
 	if nodeSelectorSupport {