Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # wg show
- interface: tun0
- public key: ###
- private key: (hidden)
- listening port: 6725
- peer: ###
- preshared key: (hidden)
- endpoint: ###:###
- allowed ips: 192.168.1.0/24
- latest handshake: 53 seconds ago
- transfer: 409.25 MiB received, 560.27 MiB sent
- # ip address show
- 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
- link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
- inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
- valid_lft forever preferred_lft forever
- inet6 ::1/128 scope host
- valid_lft forever preferred_lft forever
- 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
- link/ether ### brd ff:ff:ff:ff:ff:ff
- inet ###/24 brd ### scope global eth0
- valid_lft forever preferred_lft forever
- inet ###/32 scope global eth0
- valid_lft forever preferred_lft forever
- 5: tun0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1360 qdisc noqueue state UNKNOWN group default qlen 1000
- link/none
- inet 192.168.2.1/32 scope global tun0
- valid_lft forever preferred_lft forever
- # ip route show table all
- default via ### dev eth0 metric 2
- ###/24 dev eth0 proto kernel scope link src ###
- 182.168.1.0/24 dev tun0 scope link
- local ### dev eth0 table local proto kernel scope host src ###
- broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1
- local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
- local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
- broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
- broadcast ### dev eth0 table local proto kernel scope link src ###
- local ### dev eth0 table local proto kernel scope host src ###
- broadcast ### dev eth0 table local proto kernel scope link src ###
- local 172.18.0.1 dev vpn table local proto kernel scope host src 172.18.0.1
- local ::1 dev lo table local proto kernel metric 0 pref medium
- # ip rule show
- 0: from all lookup local
- 32766: from all lookup main
- 32767: from all lookup default
- # iptables-save -c
- *nat
- :PREROUTING ACCEPT [96216:4824493]
- :INPUT ACCEPT [2764:163922]
- :OUTPUT ACCEPT [3857:235255]
- :POSTROUTING ACCEPT [14441:769273]
- [9966:492503] -A PREROUTING -d ###/32 -i eth0 -j DNAT --to-destination 182.168.1.100
- [0:0] -A POSTROUTING -s 192.168.1.100/32 -o eth0 -j SNAT --to-source ###
- COMMIT
- # Completed on Fri Jun 11 07:10:54 2021
- # Generated by iptables-save v1.8.6 on Fri Jun 11 07:10:54 2021
- *filter
- :INPUT DROP [91555:4531906]
- :FORWARD DROP [1162:80089]
- :OUTPUT ACCEPT [1047666:1143765839]
- :syn_flood - [0:0]
- [1543581:86837282] -A INPUT -m state --state INVALID -j DROP
- [438990530:71866190130] -A INPUT -i lo -j ACCEPT
- [1135509928:953658970078] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
- [4773:200662] -A INPUT -p icmp -j DROP
- [591946:34744869] -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
- [1642:285837] -A INPUT -p udp -m udp --dport ### -j ACCEPT
- [501440396:744991700709] -A FORWARD -s 192.168.0.0/16 -d 192.168.0.0/16 -j ACCEPT
- [10673:536950] -A FORWARD -d 192.168.1.100/32 -i eth0 -o tun0 -m conntrack --ctstate NEW -j ACCEPT
- [4:399] -A FORWARD -i eth0 -o tun0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- [5:1206] -A FORWARD -i tun0 -o eth0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- COMMIT
- # Completed on Fri Jun 11 07:10:54 2021
- # nft list ruleset
- -bash: nft: command not found
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement