- $ sudo iptables -vnL
- Chain INPUT (policy DROP 0 packets, 0 bytes)
- pkts bytes target prot opt in out source destination
- 64 15065 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
- 995 84655 ACCEPT all -- p255p1 * 0.0.0.0/0 0.0.0.0/0
- 117 9628 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
- 300 39219 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
- 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8000
- 33 2364 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10000
- 378 102K ACCEPT all -- em1 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
- 64 5858 LOGGING all -- em1 * 0.0.0.0/0 0.0.0.0/0
- Chain FORWARD (policy DROP 2 packets, 96 bytes)
- pkts bytes target prot opt in out source destination
- 55847 11M ACCEPT all -- p255p1 em1 0.0.0.0/0 0.0.0.0/0
- 60455 177M ACCEPT all -- em1 p255p1 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
- Chain OUTPUT (policy ACCEPT 2309 packets, 507K bytes)
- pkts bytes target prot opt in out source destination
- Chain LOGGING (1 references)
- pkts bytes target prot opt in out source destination
- 64 5858 LOG all -- em1 * 0.0.0.0/0 0.0.0.0/0 limit: avg 5/sec burst 10 LOG flags 0 level 4
- 64 5858 DROP all -- em1 * 0.0.0.0/0 0.0.0.0/0
- $ sudo iptables -t nat -vnL
- Chain PREROUTING (policy ACCEPT 2640 packets, 213K bytes)
- pkts bytes target prot opt in out source destination
- 2 96 DNAT tcp -- em1 * 0.0.0.0/0 MY_PUB_IP tcp dpt:8000 to:10.255.50.75:8000
- Chain INPUT (policy ACCEPT 1112 packets, 83884 bytes)
- pkts bytes target prot opt in out source destination
- Chain OUTPUT (policy ACCEPT 581 packets, 46547 bytes)
- pkts bytes target prot opt in out source destination
- Chain POSTROUTING (policy ACCEPT 31 packets, 2017 bytes)
- pkts bytes target prot opt in out source destination
- 1965 158K MASQUERADE all -- * em1 0.0.0.0/0 0.0.0.0/0
- #### my IPTABLES rules
- # Generated by iptables-save v1.4.21 on Fri Oct 9 13:59:58 2015
- *nat
- :INPUT ACCEPT [0:0]
- :OUTPUT ACCEPT [0:0]
- :POSTROUTING ACCEPT [0:0]
- :PREROUTING ACCEPT [0:0]
- -A PREROUTING -p tcp -m tcp -d MY_PUB_IP -i em1 --dport 8000 -j DNAT --to-destination 10.255.50.75:8000
- -A POSTROUTING -o em1 -j MASQUERADE
- COMMIT
- # Completed on Fri Oct 9 13:59:58 2015
- # Generated by iptables-save v1.4.21 on Fri Oct 9 13:59:58 2015
- *mangle
- :PREROUTING ACCEPT [34:3197]
- :INPUT ACCEPT [34:3197]
- :FORWARD ACCEPT [0:0]
- :OUTPUT ACCEPT [31:7469]
- :POSTROUTING ACCEPT [31:7469]
- COMMIT
- # Completed on Fri Oct 9 13:59:58 2015
- # Generated by iptables-save v1.4.21 on Fri Oct 9 13:59:58 2015
- *filter
- :LOGGING - [0:0]
- :OUTPUT ACCEPT [0:0]
- :FORWARD DROP [0:0]
- :INPUT DROP [0:0]
- -A INPUT -i lo -j ACCEPT
- -A INPUT -i p255p1 -j ACCEPT
- -A INPUT -p icmp -j ACCEPT
- -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
- -A INPUT -p tcp -m tcp --dport 8000 -j ACCEPT
- -A LOGGING -m limit -i em1 --limit 5/second --limit-burst 10 -j LOG
- -A LOGGING -i em1 -j DROP
- -A INPUT -p tcp -m tcp --dport 10000 -j ACCEPT
- -A FORWARD -i p255p1 -o em1 -j ACCEPT
- -A INPUT -m state -i em1 --state ESTABLISHED,RELATED -j ACCEPT
- -A FORWARD -m state -i em1 -o p255p1 --state ESTABLISHED,RELATED -j ACCEPT
- -A INPUT -i em1 -j LOGGING
- COMMIT
- # Completed on Fri Oct 9 13:59:58 2015
SHARE
TWEET
Untitled
a guest
Oct 24th, 2015
104
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
RAW Paste Data