API tools faq
paste
Guest User

Untitled

a guest
May 12th, 2015
37
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.67 KB | None | 0 0
raw download clone embed print report
  1. root@r-18-VM:~# iptables-save
  2. # Generated by iptables-save v1.4.14 on Tue May 12 14:23:23 2015
  3. *mangle
  4. :PREROUTING ACCEPT [8758:9214728]
  5. :INPUT ACCEPT [353:48833]
  6. :FORWARD ACCEPT [7404:9124033]
  7. :OUTPUT ACCEPT [349:38480]
  8. :POSTROUTING ACCEPT [7753:9162513]
  9. :ACL_OUTBOUND_eth2 - [0:0]
  10. :VPN_STATS_eth1 - [0:0]
  11. -A PREROUTING -i eth1 -m state --state NEW -j CONNMARK --set-xmark 0x1/0xffffffff
  12. -A PREROUTING -i eth2 -m state --state RELATED,ESTABLISHED -j CONNMARK --restore-mark --nfmask 0xffffffff --ctmask 0xffffffff
  13. -A PREROUTING -s 10.10.10.0/24 ! -d 10.10.10.1/32 -i eth2 -m state --state NEW -j ACL_OUTBOUND_eth2
  14. -A FORWARD -j VPN_STATS_eth1
  15. -A OUTPUT -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
  16. -A ACL_OUTBOUND_eth2 -j ACCEPT
  17. -A ACL_OUTBOUND_eth2 -j DROP
  18. -A VPN_STATS_eth1 -o eth1 -m mark --mark 0x525
  19. -A VPN_STATS_eth1 -i eth1 -m mark --mark 0x524
  20. COMMIT
  21. # Completed on Tue May 12 14:23:23 2015
  22. # Generated by iptables-save v1.4.14 on Tue May 12 14:23:23 2015
  23. *filter
  24. :INPUT DROP [1:118]
  25. :FORWARD DROP [0:0]
  26. :OUTPUT ACCEPT [389:42688]
  27. :ACL_INBOUND_eth2 - [0:0]
  28. :NETWORK_STATS_eth1 - [0:0]
  29. -A INPUT -d 224.0.0.18/32 -j ACCEPT
  30. -A INPUT -d 225.0.0.50/32 -j ACCEPT
  31. -A INPUT -p icmp -j ACCEPT
  32. -A INPUT -i lo -j ACCEPT
  33. -A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 3922 -j ACCEPT
  34. -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
  35. -A INPUT -i eth2 -p udp -m udp --dport 67 -j ACCEPT
  36. -A INPUT -d 10.10.10.1/32 -i eth2 -p udp -m udp --dport 53 -j ACCEPT
  37. -A INPUT -d 10.10.10.1/32 -i eth2 -p tcp -m tcp --dport 53 -j ACCEPT
  38. -A INPUT -d 10.10.10.1/32 -i eth2 -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
  39. -A INPUT -d 10.10.10.1/32 -i eth2 -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
  40. -A FORWARD -j NETWORK_STATS_eth1
  41. -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
  42. -A FORWARD -s 10.0.0.0/8 ! -d 10.0.0.0/8 -j ACCEPT
  43. -A FORWARD -d 10.10.10.0/24 -o eth2 -j ACL_INBOUND_eth2
  44. -A ACL_INBOUND_eth2 -j ACCEPT
  45. -A ACL_INBOUND_eth2 -j DROP
  46. -A NETWORK_STATS_eth1 -s 10.0.0.0/8 -o eth1
  47. -A NETWORK_STATS_eth1 -d 10.0.0.0/8 -i eth1
  48. COMMIT
  49. # Completed on Tue May 12 14:23:23 2015
  50. # Generated by iptables-save v1.4.14 on Tue May 12 14:23:23 2015
  51. *nat
  52. :PREROUTING ACCEPT [982:43567]
  53. :INPUT ACCEPT [15:985]
  54. :OUTPUT ACCEPT [9:684]
  55. :POSTROUTING ACCEPT [0:0]
  56. -A PREROUTING -d XXX.39.228.156/32 -j DNAT --to-destination 10.10.10.10
  57. -A POSTROUTING -s 10.10.10.10/32 -o eth1 -j SNAT --to-source XXX.39.228.156
  58. -A POSTROUTING -o eth1 -j SNAT --to-source XXX.39.228.155
  59. -A POSTROUTING -o eth2 -j SNAT --to-source XXX.39.228.155
  60. -A POSTROUTING -s 10.10.10.0/24 -o eth2 -j SNAT --to-source 10.10.10.1
  61. COMMIT
  62. # Completed on Tue May 12 14:23:23 2015
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!