Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # iptables --list -t nat
- Chain PREROUTING (policy ACCEPT)
- target prot opt source destination
- KUBE-SERVICES all -- anywhere anywhere /* kubernetes service portals */
- KUBE-PORTALS-CONTAINER all -- anywhere anywhere /* handle ClusterIPs; NOTE: this must be before the NodePort rules */
- DOCKER all -- anywhere anywhere ADDRTYPE match dst-type LOCAL
- KUBE-NODEPORT-CONTAINER all -- anywhere anywhere ADDRTYPE match dst-type LOCAL /* handle service NodePorts; NOTE: this must be the last rule in the chain */
- Chain INPUT (policy ACCEPT)
- target prot opt source destination
- Chain OUTPUT (policy ACCEPT)
- target prot opt source destination
- KUBE-SERVICES all -- anywhere anywhere /* kubernetes service portals */
- KUBE-PORTALS-HOST all -- anywhere anywhere /* handle ClusterIPs; NOTE: this must be before the NodePort rules */
- DOCKER all -- anywhere !loopback/8 ADDRTYPE match dst-type LOCAL
- KUBE-NODEPORT-HOST all -- anywhere anywhere ADDRTYPE match dst-type LOCAL /* handle service NodePorts; NOTE: this must be the last rule in the chain */
- Chain POSTROUTING (policy ACCEPT)
- target prot opt source destination
- KUBE-POSTROUTING all -- anywhere anywhere /* kubernetes postrouting rules */
- MASQUERADE all -- 172.17.0.0/16 anywhere
- Chain DOCKER (2 references)
- target prot opt source destination
- RETURN all -- anywhere anywhere
- Chain KUBE-MARK-MASQ (16 references)
- target prot opt source destination
- MARK all -- anywhere anywhere MARK or 0x4000
- Chain KUBE-NODEPORT-CONTAINER (1 references)
- target prot opt source destination
- Chain KUBE-NODEPORT-HOST (1 references)
- target prot opt source destination
- Chain KUBE-NODEPORTS (1 references)
- target prot opt source destination
- KUBE-MARK-MASQ tcp -- anywhere anywhere /* cbcluster/couchbase-cluster:http-ui */ tcp dpt:30279
- KUBE-SVC-77YHHSEL5NKLMS25 tcp -- anywhere anywhere /* cbcluster/couchbase-cluster:http-ui */ tcp dpt:30279
- Chain KUBE-PORTALS-CONTAINER (1 references)
- target prot opt source destination
- Chain KUBE-PORTALS-HOST (1 references)
- target prot opt source destination
- Chain KUBE-POSTROUTING (1 references)
- target prot opt source destination
- MASQUERADE all -- anywhere anywhere /* kubernetes service traffic requiring SNAT */ mark match 0x4000/0x4000
- Chain KUBE-SEP-3UEZYKN5DLCCLFOG (1 references)
- target prot opt source destination
- KUBE-MARK-MASQ all -- 172.17.0.17 anywhere /* cockpit/openshift-cockpit:http */
- DNAT tcp -- anywhere anywhere /* cockpit/openshift-cockpit:http */ tcp to:172.17.0.17:9090
- Chain KUBE-SEP-AIGIXILM7JRKQDCM (2 references)
- target prot opt source destination
- KUBE-MARK-MASQ all -- localhost.localdomain anywhere /* default/kubernetes:dns-tcp */
- DNAT tcp -- anywhere anywhere /* default/kubernetes:dns-tcp */ recent: SET name: KUBE-SEP-AIGIXILM7JRKQDCM side: source mask: 255.255.255.255 tcp to:10.2.2.2:8053
- Chain KUBE-SEP-BXLCYFA663LFKZZC (1 references)
- target prot opt source destination
- KUBE-MARK-MASQ all -- localhost.localdomain anywhere /* default/router:80-tcp */
- DNAT tcp -- anywhere anywhere /* default/router:80-tcp */ tcp to:10.0.2.15:80
- Chain KUBE-SEP-BZ77QZDWKYFJXEH5 (1 references)
- target prot opt source destination
- KUBE-MARK-MASQ all -- 172.17.0.22 anywhere /* cbcluster/couchbase-cluster:http-ui */
- DNAT tcp -- anywhere anywhere /* cbcluster/couchbase-cluster:http-ui */ tcp to:172.17.0.22:8091
- Chain KUBE-SEP-DJGHOKSTYGXQARXY (2 references)
- target prot opt source destination
- KUBE-MARK-MASQ all -- localhost.localdomain anywhere /* default/kubernetes:https */
- DNAT tcp -- anywhere anywhere /* default/kubernetes:https */ recent: SET name: KUBE-SEP-DJGHOKSTYGXQARXY side: source mask: 255.255.255.255 tcp to:10.2.2.2:8443
- Chain KUBE-SEP-FBIIOBTMOTTBD4VQ (1 references)
- target prot opt source destination
- KUBE-MARK-MASQ all -- localhost.localdomain anywhere /* default/router:1936-tcp */
- DNAT tcp -- anywhere anywhere /* default/router:1936-tcp */ tcp to:10.0.2.15:1936
- Chain KUBE-SEP-FGQW4YEGMTWI26QF (2 references)
- target prot opt source destination
- KUBE-MARK-MASQ all -- 172.17.0.9 anywhere /* default/docker-registry:5000-tcp */
- DNAT tcp -- anywhere anywhere /* default/docker-registry:5000-tcp */ recent: SET name: KUBE-SEP-FGQW4YEGMTWI26QF side: source mask: 255.255.255.255 tcp to:172.17.0.9:5000
- Chain KUBE-SEP-GS626LWEMSF2UZX3 (1 references)
- target prot opt source destination
- KUBE-MARK-MASQ all -- 172.17.0.15 anywhere /* openshift-infra/hawkular-cassandra:tcp-port */
- DNAT tcp -- anywhere anywhere /* openshift-infra/hawkular-cassandra:tcp-port */ tcp to:172.17.0.15:7000
- Chain KUBE-SEP-GUD4NM4U6GYERZ6Z (1 references)
- target prot opt source destination
- KUBE-MARK-MASQ all -- 172.17.0.15 anywhere /* openshift-infra/hawkular-cassandra:cql-port */
- DNAT tcp -- anywhere anywhere /* openshift-infra/hawkular-cassandra:cql-port */ tcp to:172.17.0.15:9042
- Chain KUBE-SEP-QSAQ7OT5HEEWJQRM (1 references)
- target prot opt source destination
- KUBE-MARK-MASQ all -- localhost.localdomain anywhere /* default/router:443-tcp */
- DNAT tcp -- anywhere anywhere /* default/router:443-tcp */ tcp to:10.0.2.15:443
- Chain KUBE-SEP-UTKPFOYQWGKEI4GJ (1 references)
- target prot opt source destination
- KUBE-MARK-MASQ all -- 172.17.0.15 anywhere /* openshift-infra/hawkular-cassandra:ssl-port */
- DNAT tcp -- anywhere anywhere /* openshift-infra/hawkular-cassandra:ssl-port */ tcp to:172.17.0.15:7001
- Chain KUBE-SEP-UYPNQJJIX6Q35XQL (2 references)
- target prot opt source destination
- KUBE-MARK-MASQ all -- localhost.localdomain anywhere /* default/kubernetes:dns */
- DNAT udp -- anywhere anywhere /* default/kubernetes:dns */ recent: SET name: KUBE-SEP-UYPNQJJIX6Q35XQL side: source mask: 255.255.255.255 udp to:10.2.2.2:8053
- Chain KUBE-SEP-WIHCPXG6T5GQBPT2 (1 references)
- target prot opt source destination
- KUBE-MARK-MASQ all -- 172.17.0.15 anywhere /* openshift-infra/hawkular-cassandra:thift-port */
- DNAT tcp -- anywhere anywhere /* openshift-infra/hawkular-cassandra:thift-port */ tcp to:172.17.0.15:9160
- Chain KUBE-SERVICES (2 references)
- target prot opt source destination
- KUBE-SVC-4JCRTMMYZAAYMIJ2 tcp -- anywhere 172.30.198.186 /* default/router:1936-tcp cluster IP */ tcp dpt:jetcmeserver
- KUBE-SVC-77YHHSEL5NKLMS25 tcp -- anywhere 172.30.118.19 /* cbcluster/couchbase-cluster:http-ui cluster IP */ tcp dpt:jamlink
- KUBE-MARK-MASQ tcp -- anywhere 172.46.103.138 /* cbcluster/couchbase-cluster:http-ui external IP */ tcp dpt:jamlink
- KUBE-SVC-77YHHSEL5NKLMS25 tcp -- anywhere 172.46.103.138 /* cbcluster/couchbase-cluster:http-ui external IP */ tcp dpt:jamlink PHYSDEV match ! --physdev-is-in ADDRTYPE match src-type !LOCAL
- KUBE-SVC-77YHHSEL5NKLMS25 tcp -- anywhere 172.46.103.138 /* cbcluster/couchbase-cluster:http-ui external IP */ tcp dpt:jamlink ADDRTYPE match dst-type LOCAL
- KUBE-MARK-MASQ tcp -- anywhere 172.46.103.138 /* cbcluster/couchbase-cluster:http-ui loadbalancer IP */ tcp dpt:jamlink
- KUBE-SVC-77YHHSEL5NKLMS25 tcp -- anywhere 172.46.103.138 /* cbcluster/couchbase-cluster:http-ui loadbalancer IP */ tcp dpt:jamlink
- KUBE-SVC-NPX46M4PTMTKRN6Y tcp -- anywhere 172.30.0.1 /* default/kubernetes:https cluster IP */ tcp dpt:https
- KUBE-SVC-IKV43KYNCXS2W7KZ tcp -- anywhere 172.30.198.186 /* default/router:443-tcp cluster IP */ tcp dpt:https
- KUBE-SVC-MSVZI6DZZNOM75U6 tcp -- anywhere 172.30.48.16 /* openshift-infra/hawkular-cassandra:ssl-port cluster IP */ tcp dpt:afs3-callback
- KUBE-SVC-BA6I5HTZKAAAJT56 tcp -- anywhere 172.30.0.1 /* default/kubernetes:dns-tcp cluster IP */ tcp dpt:domain
- KUBE-SVC-3VQ6B3MLH7E2SZT4 udp -- anywhere 172.30.0.1 /* default/kubernetes:dns cluster IP */ udp dpt:domain
- KUBE-SVC-GQKZAHCS5DTMHUQ6 tcp -- anywhere 172.30.198.186 /* default/router:80-tcp cluster IP */ tcp dpt:http
- KUBE-SVC-CUWWUHHNOYUE7XCB tcp -- anywhere 172.30.230.230 /* openshift-infra/hawkular-metrics:https-endpoint cluster IP */ tcp dpt:https
- KUBE-SVC-5WKXUCCBPW4WXMKW tcp -- anywhere 172.30.48.16 /* openshift-infra/hawkular-cassandra:tcp-port cluster IP */ tcp dpt:afs3-fileserver
- KUBE-SVC-ECTPRXTXBM34L34Q tcp -- anywhere 172.30.53.244 /* default/docker-registry:5000-tcp cluster IP */ tcp dpt:commplex-main
- KUBE-SVC-IFVMONO6R7UKLXIJ tcp -- anywhere 172.30.48.16 /* openshift-infra/hawkular-cassandra:cql-port cluster IP */ tcp dpt:9042
- KUBE-SVC-LXGWHLGFLZ6UGNWA tcp -- anywhere 172.30.48.242 /* openshift-infra/heapster: cluster IP */ tcp dpt:http
- KUBE-SVC-6ZO3N7G65IT6WZ2F tcp -- anywhere 172.30.107.190 /* cockpit/openshift-cockpit:http cluster IP */ tcp dpt:http
- KUBE-SVC-76GJ7A5QDKD24MJX tcp -- anywhere 172.30.48.16 /* openshift-infra/hawkular-cassandra:thift-port cluster IP */ tcp dpt:apani1
- KUBE-NODEPORTS all -- anywhere anywhere /* kubernetes service nodeports; NOTE: this must be the last rule in this chain */ ADDRTYPE match dst-type LOCAL
- Chain KUBE-SVC-3VQ6B3MLH7E2SZT4 (1 references)
- target prot opt source destination
- KUBE-SEP-UYPNQJJIX6Q35XQL all -- anywhere anywhere /* default/kubernetes:dns */ recent: CHECK seconds: 180 reap name: KUBE-SEP-UYPNQJJIX6Q35XQL side: source mask: 255.255.255.255
- KUBE-SEP-UYPNQJJIX6Q35XQL all -- anywhere anywhere /* default/kubernetes:dns */
- Chain KUBE-SVC-4JCRTMMYZAAYMIJ2 (1 references)
- target prot opt source destination
- KUBE-SEP-FBIIOBTMOTTBD4VQ all -- anywhere anywhere /* default/router:1936-tcp */
- Chain KUBE-SVC-5WKXUCCBPW4WXMKW (1 references)
- target prot opt source destination
- KUBE-SEP-GS626LWEMSF2UZX3 all -- anywhere anywhere /* openshift-infra/hawkular-cassandra:tcp-port */
- Chain KUBE-SVC-6ZO3N7G65IT6WZ2F (1 references)
- target prot opt source destination
- KUBE-SEP-3UEZYKN5DLCCLFOG all -- anywhere anywhere /* cockpit/openshift-cockpit:http */
- Chain KUBE-SVC-76GJ7A5QDKD24MJX (1 references)
- target prot opt source destination
- KUBE-SEP-WIHCPXG6T5GQBPT2 all -- anywhere anywhere /* openshift-infra/hawkular-cassandra:thift-port */
- Chain KUBE-SVC-77YHHSEL5NKLMS25 (5 references)
- target prot opt source destination
- KUBE-SEP-BZ77QZDWKYFJXEH5 all -- anywhere anywhere /* cbcluster/couchbase-cluster:http-ui */
- Chain KUBE-SVC-BA6I5HTZKAAAJT56 (1 references)
- target prot opt source destination
- KUBE-SEP-AIGIXILM7JRKQDCM all -- anywhere anywhere /* default/kubernetes:dns-tcp */ recent: CHECK seconds: 180 reap name: KUBE-SEP-AIGIXILM7JRKQDCM side: source mask: 255.255.255.255
- KUBE-SEP-AIGIXILM7JRKQDCM all -- anywhere anywhere /* default/kubernetes:dns-tcp */
- Chain KUBE-SVC-CUWWUHHNOYUE7XCB (1 references)
- target prot opt source destination
- Chain KUBE-SVC-ECTPRXTXBM34L34Q (1 references)
- target prot opt source destination
- KUBE-SEP-FGQW4YEGMTWI26QF all -- anywhere anywhere /* default/docker-registry:5000-tcp */ recent: CHECK seconds: 180 reap name: KUBE-SEP-FGQW4YEGMTWI26QF side: source mask: 255.255.255.255
- KUBE-SEP-FGQW4YEGMTWI26QF all -- anywhere anywhere /* default/docker-registry:5000-tcp */
- Chain KUBE-SVC-GQKZAHCS5DTMHUQ6 (1 references)
- target prot opt source destination
- KUBE-SEP-BXLCYFA663LFKZZC all -- anywhere anywhere /* default/router:80-tcp */
- Chain KUBE-SVC-IFVMONO6R7UKLXIJ (1 references)
- target prot opt source destination
- KUBE-SEP-GUD4NM4U6GYERZ6Z all -- anywhere anywhere /* openshift-infra/hawkular-cassandra:cql-port */
- Chain KUBE-SVC-IKV43KYNCXS2W7KZ (1 references)
- target prot opt source destination
- KUBE-SEP-QSAQ7OT5HEEWJQRM all -- anywhere anywhere /* default/router:443-tcp */
- Chain KUBE-SVC-LXGWHLGFLZ6UGNWA (1 references)
- target prot opt source destination
- Chain KUBE-SVC-MSVZI6DZZNOM75U6 (1 references)
- target prot opt source destination
- KUBE-SEP-UTKPFOYQWGKEI4GJ all -- anywhere anywhere /* openshift-infra/hawkular-cassandra:ssl-port */
- Chain KUBE-SVC-NPX46M4PTMTKRN6Y (1 references)
- target prot opt source destination
- KUBE-SEP-DJGHOKSTYGXQARXY all -- anywhere anywhere /* default/kubernetes:https */ recent: CHECK seconds: 180 reap name: KUBE-SEP-DJGHOKSTYGXQARXY side: source mask: 255.255.255.255
- KUBE-SEP-DJGHOKSTYGXQARXY all -- anywhere anywhere /* default/kubernetes:https */
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement