Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- root@debian-vm:~# ip a
- 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
- link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
- inet 127.0.0.1/8 scope host lo
- valid_lft forever preferred_lft forever
- inet6 ::1/128 scope host
- valid_lft forever preferred_lft forever
- 2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
- link/ether 08:00:27:f5:1f:a6 brd ff:ff:ff:ff:ff:ff
- inet 192.168.178.35/24 brd 192.168.178.255 scope global enp0s3
- valid_lft forever preferred_lft forever
- inet6 fe80::a00:27ff:fef5:1fa6/64 scope link
- valid_lft forever preferred_lft forever
- 3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
- link/ether 02:42:10:e6:49:aa brd ff:ff:ff:ff:ff:ff
- inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
- valid_lft forever preferred_lft forever
- 4: pterodactyl0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
- link/ether 02:42:09:c7:04:ca brd ff:ff:ff:ff:ff:ff
- inet 172.18.0.1/16 brd 172.18.255.255 scope global pterodactyl0
- valid_lft forever preferred_lft forever
- inet6 fdba:17c8:6c94::1011/64 scope global
- valid_lft forever preferred_lft forever
- inet6 fe80::42:9ff:fec7:4ca/64 scope link
- valid_lft forever preferred_lft forever
- inet6 fe80::1/64 scope link
- valid_lft forever preferred_lft forever
- 6: veth41ddd40@if5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master pterodactyl0 state UP group default
- link/ether b6:fe:4a:8d:1c:e6 brd ff:ff:ff:ff:ff:ff link-netnsid 0
- inet6 fe80::b4fe:4aff:fe8d:1ce6/64 scope link
- valid_lft forever preferred_lft forever
- ___________________________________________________________________________________________
- root@debian-vm:~# netstat -ar
- Kernel-IP-Routentabelle
- Ziel Router Genmask Flags MSS Fenster irtt Iface
- default fritz.box 0.0.0.0 UG 0 0 0 enp0s3
- 172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
- 172.18.0.0 0.0.0.0 255.255.0.0 U 0 0 0 pterodactyl0
- 192.168.178.0 0.0.0.0 255.255.255.0 U 0 0 0 enp0s3
- __________________________________________________________________________________________
- root@debian-vm:~# iptables -L
- Chain INPUT (policy ACCEPT)
- target prot opt source destination
- Chain FORWARD (policy DROP)
- target prot opt source destination
- DOCKER-USER all -- anywhere anywhere
- DOCKER-ISOLATION-STAGE-1 all -- anywhere anywhere
- ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
- DOCKER all -- anywhere anywhere
- ACCEPT all -- anywhere anywhere
- ACCEPT all -- anywhere anywhere
- ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
- DOCKER all -- anywhere anywhere
- ACCEPT all -- anywhere anywhere
- ACCEPT all -- anywhere anywhere
- Chain OUTPUT (policy ACCEPT)
- target prot opt source destination
- Chain DOCKER (2 references)
- target prot opt source destination
- ACCEPT tcp -- anywhere 172.18.0.2 tcp dpt:25565
- ACCEPT udp -- anywhere 172.18.0.2 udp dpt:25565
- Chain DOCKER-ISOLATION-STAGE-1 (1 references)
- target prot opt source destination
- DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
- DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
- RETURN all -- anywhere anywhere
- Chain DOCKER-ISOLATION-STAGE-2 (2 references)
- target prot opt source destination
- DROP all -- anywhere anywhere
- DROP all -- anywhere anywhere
- RETURN all -- anywhere anywhere
- Chain DOCKER-USER (1 references)
- target prot opt source destination
- RETURN all -- anywhere anywhere
- ______________________________________________________________________________
- root@debian-vm:~# iptables -t nat -L
- Chain PREROUTING (policy ACCEPT)
- target prot opt source destination
- DOCKER all -- anywhere anywhere ADDRTYPE match dst-type LOCAL
- Chain INPUT (policy ACCEPT)
- target prot opt source destination
- Chain POSTROUTING (policy ACCEPT)
- target prot opt source destination
- MASQUERADE all -- 172.17.0.0/16 anywhere
- MASQUERADE all -- 172.18.0.0/16 anywhere
- MASQUERADE tcp -- 172.18.0.2 172.18.0.2 tcp dpt:25565
- MASQUERADE udp -- 172.18.0.2 172.18.0.2 udp dpt:25565
- Chain OUTPUT (policy ACCEPT)
- target prot opt source destination
- DOCKER all -- anywhere !127.0.0.0/8 ADDRTYPE match dst-type LOCAL
- Chain DOCKER (2 references)
- target prot opt source destination
- RETURN all -- anywhere anywhere
- RETURN all -- anywhere anywhere
- DNAT tcp -- anywhere debian-vm.fritz.box tcp dpt:25565 to:172.18.0.2:25565
- DNAT udp -- anywhere debian-vm.fritz.box udp dpt:25565 to:172.18.0.2:25565
- _______________________________________________________________________________________________________
- root@debian-vm:~# iptables -S
- -P INPUT ACCEPT
- -P FORWARD DROP
- -P OUTPUT ACCEPT
- -N DOCKER
- -N DOCKER-ISOLATION-STAGE-1
- -N DOCKER-ISOLATION-STAGE-2
- -N DOCKER-USER
- -A FORWARD -j DOCKER-USER
- -A FORWARD -j DOCKER-ISOLATION-STAGE-1
- -A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A FORWARD -o docker0 -j DOCKER
- -A FORWARD -i docker0 ! -o docker0 -j ACCEPT
- -A FORWARD -i docker0 -o docker0 -j ACCEPT
- -A FORWARD -o pterodactyl0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A FORWARD -o pterodactyl0 -j DOCKER
- -A FORWARD -i pterodactyl0 ! -o pterodactyl0 -j ACCEPT
- -A FORWARD -i pterodactyl0 -o pterodactyl0 -j ACCEPT
- -A DOCKER -d 172.18.0.2/32 ! -i pterodactyl0 -o pterodactyl0 -p tcp -m tcp --dport 25565 -j ACCEPT
- -A DOCKER -d 172.18.0.2/32 ! -i pterodactyl0 -o pterodactyl0 -p udp -m udp --dport 25565 -j ACCEPT
- -A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
- -A DOCKER-ISOLATION-STAGE-1 -i pterodactyl0 ! -o pterodactyl0 -j DOCKER-ISOLATION-STAGE-2
- -A DOCKER-ISOLATION-STAGE-1 -j RETURN
- -A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
- -A DOCKER-ISOLATION-STAGE-2 -o pterodactyl0 -j DROP
- -A DOCKER-ISOLATION-STAGE-2 -j RETURN
- -A DOCKER-USER -j RETURN
- ________________________________________________________________________________________________________
- root@debian-vm:~# iptables -t nat -L
- Chain PREROUTING (policy ACCEPT)
- target prot opt source destination
- DOCKER all -- anywhere anywhere ADDRTYPE match dst-type LOCAL
- Chain INPUT (policy ACCEPT)
- target prot opt source destination
- Chain POSTROUTING (policy ACCEPT)
- target prot opt source destination
- MASQUERADE all -- 172.17.0.0/16 anywhere
- MASQUERADE all -- 172.18.0.0/16 anywhere
- MASQUERADE tcp -- 172.18.0.2 172.18.0.2 tcp dpt:25565
- MASQUERADE udp -- 172.18.0.2 172.18.0.2 udp dpt:25565
- Chain OUTPUT (policy ACCEPT)
- target prot opt source destination
- DOCKER all -- anywhere !127.0.0.0/8 ADDRTYPE match dst-type LOCAL
- Chain DOCKER (2 references)
- target prot opt source destination
- RETURN all -- anywhere anywhere
- RETURN all -- anywhere anywhere
- DNAT tcp -- anywhere debian-vm.fritz.box tcp dpt:25565 to:172.18.0.2:25565
- DNAT udp -- anywhere debian-vm.fritz.box udp dpt:25565 to:172.18.0.2:25565
- _____________________________________________________________________________________
- root@debian-vm:~# iptables -t nat -S
- -P PREROUTING ACCEPT
- -P INPUT ACCEPT
- -P POSTROUTING ACCEPT
- -P OUTPUT ACCEPT
- -N DOCKER
- -A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
- -A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
- -A POSTROUTING -s 172.18.0.0/16 ! -o pterodactyl0 -j MASQUERADE
- -A POSTROUTING -s 172.18.0.2/32 -d 172.18.0.2/32 -p tcp -m tcp --dport 25565 -j MASQUERADE
- -A POSTROUTING -s 172.18.0.2/32 -d 172.18.0.2/32 -p udp -m udp --dport 25565 -j MASQUERADE
- -A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
- -A DOCKER -i docker0 -j RETURN
- -A DOCKER -i pterodactyl0 -j RETURN
- -A DOCKER -d 192.168.178.35/32 ! -i pterodactyl0 -p tcp -m tcp --dport 25565 -j DNAT --to-destination 172.18.0.2:25565
- -A DOCKER -d 192.168.178.35/32 ! -i pterodactyl0 -p udp -m udp --dport 25565 -j DNAT --to-destination 172.18.0.2:25565
- root@debian-vm:~#
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
