API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 8th, 2017
134
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 14.78 KB | None | 0 0
raw download clone embed print report
  1. # iptables --list -t nat
  2. Chain PREROUTING (policy ACCEPT)
  3. target prot opt source destination
  4. KUBE-SERVICES all -- anywhere anywhere /* kubernetes service portals */
  5. KUBE-PORTALS-CONTAINER all -- anywhere anywhere /* handle ClusterIPs; NOTE: this must be before the NodePort rules */
  6. DOCKER all -- anywhere anywhere ADDRTYPE match dst-type LOCAL
  7. KUBE-NODEPORT-CONTAINER all -- anywhere anywhere ADDRTYPE match dst-type LOCAL /* handle service NodePorts; NOTE: this must be the last rule in the chain */
  8.  
  9. Chain INPUT (policy ACCEPT)
  10. target prot opt source destination
  11.  
  12. Chain OUTPUT (policy ACCEPT)
  13. target prot opt source destination
  14. KUBE-SERVICES all -- anywhere anywhere /* kubernetes service portals */
  15. KUBE-PORTALS-HOST all -- anywhere anywhere /* handle ClusterIPs; NOTE: this must be before the NodePort rules */
  16. DOCKER all -- anywhere !loopback/8 ADDRTYPE match dst-type LOCAL
  17. KUBE-NODEPORT-HOST all -- anywhere anywhere ADDRTYPE match dst-type LOCAL /* handle service NodePorts; NOTE: this must be the last rule in the chain */
  18.  
  19. Chain POSTROUTING (policy ACCEPT)
  20. target prot opt source destination
  21. KUBE-POSTROUTING all -- anywhere anywhere /* kubernetes postrouting rules */
  22. MASQUERADE all -- 172.17.0.0/16 anywhere
  23.  
  24. Chain DOCKER (2 references)
  25. target prot opt source destination
  26. RETURN all -- anywhere anywhere
  27.  
  28. Chain KUBE-MARK-MASQ (16 references)
  29. target prot opt source destination
  30. MARK all -- anywhere anywhere MARK or 0x4000
  31.  
  32. Chain KUBE-NODEPORT-CONTAINER (1 references)
  33. target prot opt source destination
  34.  
  35. Chain KUBE-NODEPORT-HOST (1 references)
  36. target prot opt source destination
  37.  
  38. Chain KUBE-NODEPORTS (1 references)
  39. target prot opt source destination
  40. KUBE-MARK-MASQ tcp -- anywhere anywhere /* cbcluster/couchbase-cluster:http-ui */ tcp dpt:30279
  41. KUBE-SVC-77YHHSEL5NKLMS25 tcp -- anywhere anywhere /* cbcluster/couchbase-cluster:http-ui */ tcp dpt:30279
  42.  
  43. Chain KUBE-PORTALS-CONTAINER (1 references)
  44. target prot opt source destination
  45.  
  46. Chain KUBE-PORTALS-HOST (1 references)
  47. target prot opt source destination
  48.  
  49. Chain KUBE-POSTROUTING (1 references)
  50. target prot opt source destination
  51. MASQUERADE all -- anywhere anywhere /* kubernetes service traffic requiring SNAT */ mark match 0x4000/0x4000
  52.  
  53. Chain KUBE-SEP-3UEZYKN5DLCCLFOG (1 references)
  54. target prot opt source destination
  55. KUBE-MARK-MASQ all -- 172.17.0.17 anywhere /* cockpit/openshift-cockpit:http */
  56. DNAT tcp -- anywhere anywhere /* cockpit/openshift-cockpit:http */ tcp to:172.17.0.17:9090
  57.  
  58. Chain KUBE-SEP-AIGIXILM7JRKQDCM (2 references)
  59. target prot opt source destination
  60. KUBE-MARK-MASQ all -- localhost.localdomain anywhere /* default/kubernetes:dns-tcp */
  61. DNAT tcp -- anywhere anywhere /* default/kubernetes:dns-tcp */ recent: SET name: KUBE-SEP-AIGIXILM7JRKQDCM side: source mask: 255.255.255.255 tcp to:10.2.2.2:8053
  62.  
  63. Chain KUBE-SEP-BXLCYFA663LFKZZC (1 references)
  64. target prot opt source destination
  65. KUBE-MARK-MASQ all -- localhost.localdomain anywhere /* default/router:80-tcp */
  66. DNAT tcp -- anywhere anywhere /* default/router:80-tcp */ tcp to:10.0.2.15:80
  67.  
  68. Chain KUBE-SEP-BZ77QZDWKYFJXEH5 (1 references)
  69. target prot opt source destination
  70. KUBE-MARK-MASQ all -- 172.17.0.22 anywhere /* cbcluster/couchbase-cluster:http-ui */
  71. DNAT tcp -- anywhere anywhere /* cbcluster/couchbase-cluster:http-ui */ tcp to:172.17.0.22:8091
  72.  
  73. Chain KUBE-SEP-DJGHOKSTYGXQARXY (2 references)
  74. target prot opt source destination
  75. KUBE-MARK-MASQ all -- localhost.localdomain anywhere /* default/kubernetes:https */
  76. DNAT tcp -- anywhere anywhere /* default/kubernetes:https */ recent: SET name: KUBE-SEP-DJGHOKSTYGXQARXY side: source mask: 255.255.255.255 tcp to:10.2.2.2:8443
  77.  
  78. Chain KUBE-SEP-FBIIOBTMOTTBD4VQ (1 references)
  79. target prot opt source destination
  80. KUBE-MARK-MASQ all -- localhost.localdomain anywhere /* default/router:1936-tcp */
  81. DNAT tcp -- anywhere anywhere /* default/router:1936-tcp */ tcp to:10.0.2.15:1936
  82.  
  83. Chain KUBE-SEP-FGQW4YEGMTWI26QF (2 references)
  84. target prot opt source destination
  85. KUBE-MARK-MASQ all -- 172.17.0.9 anywhere /* default/docker-registry:5000-tcp */
  86. DNAT tcp -- anywhere anywhere /* default/docker-registry:5000-tcp */ recent: SET name: KUBE-SEP-FGQW4YEGMTWI26QF side: source mask: 255.255.255.255 tcp to:172.17.0.9:5000
  87.  
  88. Chain KUBE-SEP-GS626LWEMSF2UZX3 (1 references)
  89. target prot opt source destination
  90. KUBE-MARK-MASQ all -- 172.17.0.15 anywhere /* openshift-infra/hawkular-cassandra:tcp-port */
  91. DNAT tcp -- anywhere anywhere /* openshift-infra/hawkular-cassandra:tcp-port */ tcp to:172.17.0.15:7000
  92.  
  93. Chain KUBE-SEP-GUD4NM4U6GYERZ6Z (1 references)
  94. target prot opt source destination
  95. KUBE-MARK-MASQ all -- 172.17.0.15 anywhere /* openshift-infra/hawkular-cassandra:cql-port */
  96. DNAT tcp -- anywhere anywhere /* openshift-infra/hawkular-cassandra:cql-port */ tcp to:172.17.0.15:9042
  97.  
  98. Chain KUBE-SEP-QSAQ7OT5HEEWJQRM (1 references)
  99. target prot opt source destination
  100. KUBE-MARK-MASQ all -- localhost.localdomain anywhere /* default/router:443-tcp */
  101. DNAT tcp -- anywhere anywhere /* default/router:443-tcp */ tcp to:10.0.2.15:443
  102.  
  103. Chain KUBE-SEP-UTKPFOYQWGKEI4GJ (1 references)
  104. target prot opt source destination
  105. KUBE-MARK-MASQ all -- 172.17.0.15 anywhere /* openshift-infra/hawkular-cassandra:ssl-port */
  106. DNAT tcp -- anywhere anywhere /* openshift-infra/hawkular-cassandra:ssl-port */ tcp to:172.17.0.15:7001
  107.  
  108. Chain KUBE-SEP-UYPNQJJIX6Q35XQL (2 references)
  109. target prot opt source destination
  110. KUBE-MARK-MASQ all -- localhost.localdomain anywhere /* default/kubernetes:dns */
  111. DNAT udp -- anywhere anywhere /* default/kubernetes:dns */ recent: SET name: KUBE-SEP-UYPNQJJIX6Q35XQL side: source mask: 255.255.255.255 udp to:10.2.2.2:8053
  112.  
  113. Chain KUBE-SEP-WIHCPXG6T5GQBPT2 (1 references)
  114. target prot opt source destination
  115. KUBE-MARK-MASQ all -- 172.17.0.15 anywhere /* openshift-infra/hawkular-cassandra:thift-port */
  116. DNAT tcp -- anywhere anywhere /* openshift-infra/hawkular-cassandra:thift-port */ tcp to:172.17.0.15:9160
  117.  
  118. Chain KUBE-SERVICES (2 references)
  119. target prot opt source destination
  120. KUBE-SVC-4JCRTMMYZAAYMIJ2 tcp -- anywhere 172.30.198.186 /* default/router:1936-tcp cluster IP */ tcp dpt:jetcmeserver
  121. KUBE-SVC-77YHHSEL5NKLMS25 tcp -- anywhere 172.30.118.19 /* cbcluster/couchbase-cluster:http-ui cluster IP */ tcp dpt:jamlink
  122. KUBE-MARK-MASQ tcp -- anywhere 172.46.103.138 /* cbcluster/couchbase-cluster:http-ui external IP */ tcp dpt:jamlink
  123. KUBE-SVC-77YHHSEL5NKLMS25 tcp -- anywhere 172.46.103.138 /* cbcluster/couchbase-cluster:http-ui external IP */ tcp dpt:jamlink PHYSDEV match ! --physdev-is-in ADDRTYPE match src-type !LOCAL
  124. KUBE-SVC-77YHHSEL5NKLMS25 tcp -- anywhere 172.46.103.138 /* cbcluster/couchbase-cluster:http-ui external IP */ tcp dpt:jamlink ADDRTYPE match dst-type LOCAL
  125. KUBE-MARK-MASQ tcp -- anywhere 172.46.103.138 /* cbcluster/couchbase-cluster:http-ui loadbalancer IP */ tcp dpt:jamlink
  126. KUBE-SVC-77YHHSEL5NKLMS25 tcp -- anywhere 172.46.103.138 /* cbcluster/couchbase-cluster:http-ui loadbalancer IP */ tcp dpt:jamlink
  127. KUBE-SVC-NPX46M4PTMTKRN6Y tcp -- anywhere 172.30.0.1 /* default/kubernetes:https cluster IP */ tcp dpt:https
  128. KUBE-SVC-IKV43KYNCXS2W7KZ tcp -- anywhere 172.30.198.186 /* default/router:443-tcp cluster IP */ tcp dpt:https
  129. KUBE-SVC-MSVZI6DZZNOM75U6 tcp -- anywhere 172.30.48.16 /* openshift-infra/hawkular-cassandra:ssl-port cluster IP */ tcp dpt:afs3-callback
  130. KUBE-SVC-BA6I5HTZKAAAJT56 tcp -- anywhere 172.30.0.1 /* default/kubernetes:dns-tcp cluster IP */ tcp dpt:domain
  131. KUBE-SVC-3VQ6B3MLH7E2SZT4 udp -- anywhere 172.30.0.1 /* default/kubernetes:dns cluster IP */ udp dpt:domain
  132. KUBE-SVC-GQKZAHCS5DTMHUQ6 tcp -- anywhere 172.30.198.186 /* default/router:80-tcp cluster IP */ tcp dpt:http
  133. KUBE-SVC-CUWWUHHNOYUE7XCB tcp -- anywhere 172.30.230.230 /* openshift-infra/hawkular-metrics:https-endpoint cluster IP */ tcp dpt:https
  134. KUBE-SVC-5WKXUCCBPW4WXMKW tcp -- anywhere 172.30.48.16 /* openshift-infra/hawkular-cassandra:tcp-port cluster IP */ tcp dpt:afs3-fileserver
  135. KUBE-SVC-ECTPRXTXBM34L34Q tcp -- anywhere 172.30.53.244 /* default/docker-registry:5000-tcp cluster IP */ tcp dpt:commplex-main
  136. KUBE-SVC-IFVMONO6R7UKLXIJ tcp -- anywhere 172.30.48.16 /* openshift-infra/hawkular-cassandra:cql-port cluster IP */ tcp dpt:9042
  137. KUBE-SVC-LXGWHLGFLZ6UGNWA tcp -- anywhere 172.30.48.242 /* openshift-infra/heapster: cluster IP */ tcp dpt:http
  138. KUBE-SVC-6ZO3N7G65IT6WZ2F tcp -- anywhere 172.30.107.190 /* cockpit/openshift-cockpit:http cluster IP */ tcp dpt:http
  139. KUBE-SVC-76GJ7A5QDKD24MJX tcp -- anywhere 172.30.48.16 /* openshift-infra/hawkular-cassandra:thift-port cluster IP */ tcp dpt:apani1
  140. KUBE-NODEPORTS all -- anywhere anywhere /* kubernetes service nodeports; NOTE: this must be the last rule in this chain */ ADDRTYPE match dst-type LOCAL
  141.  
  142. Chain KUBE-SVC-3VQ6B3MLH7E2SZT4 (1 references)
  143. target prot opt source destination
  144. KUBE-SEP-UYPNQJJIX6Q35XQL all -- anywhere anywhere /* default/kubernetes:dns */ recent: CHECK seconds: 180 reap name: KUBE-SEP-UYPNQJJIX6Q35XQL side: source mask: 255.255.255.255
  145. KUBE-SEP-UYPNQJJIX6Q35XQL all -- anywhere anywhere /* default/kubernetes:dns */
  146.  
  147. Chain KUBE-SVC-4JCRTMMYZAAYMIJ2 (1 references)
  148. target prot opt source destination
  149. KUBE-SEP-FBIIOBTMOTTBD4VQ all -- anywhere anywhere /* default/router:1936-tcp */
  150.  
  151. Chain KUBE-SVC-5WKXUCCBPW4WXMKW (1 references)
  152. target prot opt source destination
  153. KUBE-SEP-GS626LWEMSF2UZX3 all -- anywhere anywhere /* openshift-infra/hawkular-cassandra:tcp-port */
  154.  
  155. Chain KUBE-SVC-6ZO3N7G65IT6WZ2F (1 references)
  156. target prot opt source destination
  157. KUBE-SEP-3UEZYKN5DLCCLFOG all -- anywhere anywhere /* cockpit/openshift-cockpit:http */
  158.  
  159. Chain KUBE-SVC-76GJ7A5QDKD24MJX (1 references)
  160. target prot opt source destination
  161. KUBE-SEP-WIHCPXG6T5GQBPT2 all -- anywhere anywhere /* openshift-infra/hawkular-cassandra:thift-port */
  162.  
  163. Chain KUBE-SVC-77YHHSEL5NKLMS25 (5 references)
  164. target prot opt source destination
  165. KUBE-SEP-BZ77QZDWKYFJXEH5 all -- anywhere anywhere /* cbcluster/couchbase-cluster:http-ui */
  166.  
  167. Chain KUBE-SVC-BA6I5HTZKAAAJT56 (1 references)
  168. target prot opt source destination
  169. KUBE-SEP-AIGIXILM7JRKQDCM all -- anywhere anywhere /* default/kubernetes:dns-tcp */ recent: CHECK seconds: 180 reap name: KUBE-SEP-AIGIXILM7JRKQDCM side: source mask: 255.255.255.255
  170. KUBE-SEP-AIGIXILM7JRKQDCM all -- anywhere anywhere /* default/kubernetes:dns-tcp */
  171.  
  172. Chain KUBE-SVC-CUWWUHHNOYUE7XCB (1 references)
  173. target prot opt source destination
  174.  
  175. Chain KUBE-SVC-ECTPRXTXBM34L34Q (1 references)
  176. target prot opt source destination
  177. KUBE-SEP-FGQW4YEGMTWI26QF all -- anywhere anywhere /* default/docker-registry:5000-tcp */ recent: CHECK seconds: 180 reap name: KUBE-SEP-FGQW4YEGMTWI26QF side: source mask: 255.255.255.255
  178. KUBE-SEP-FGQW4YEGMTWI26QF all -- anywhere anywhere /* default/docker-registry:5000-tcp */
  179.  
  180. Chain KUBE-SVC-GQKZAHCS5DTMHUQ6 (1 references)
  181. target prot opt source destination
  182. KUBE-SEP-BXLCYFA663LFKZZC all -- anywhere anywhere /* default/router:80-tcp */
  183.  
  184. Chain KUBE-SVC-IFVMONO6R7UKLXIJ (1 references)
  185. target prot opt source destination
  186. KUBE-SEP-GUD4NM4U6GYERZ6Z all -- anywhere anywhere /* openshift-infra/hawkular-cassandra:cql-port */
  187.  
  188. Chain KUBE-SVC-IKV43KYNCXS2W7KZ (1 references)
  189. target prot opt source destination
  190. KUBE-SEP-QSAQ7OT5HEEWJQRM all -- anywhere anywhere /* default/router:443-tcp */
  191.  
  192. Chain KUBE-SVC-LXGWHLGFLZ6UGNWA (1 references)
  193. target prot opt source destination
  194.  
  195. Chain KUBE-SVC-MSVZI6DZZNOM75U6 (1 references)
  196. target prot opt source destination
  197. KUBE-SEP-UTKPFOYQWGKEI4GJ all -- anywhere anywhere /* openshift-infra/hawkular-cassandra:ssl-port */
  198.  
  199. Chain KUBE-SVC-NPX46M4PTMTKRN6Y (1 references)
  200. target prot opt source destination
  201. KUBE-SEP-DJGHOKSTYGXQARXY all -- anywhere anywhere /* default/kubernetes:https */ recent: CHECK seconds: 180 reap name: KUBE-SEP-DJGHOKSTYGXQARXY side: source mask: 255.255.255.255
  202. KUBE-SEP-DJGHOKSTYGXQARXY all -- anywhere anywhere /* default/kubernetes:https */
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!