Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- lxc.lxcpath = /home/lxc
- USE_LXC_BRIDGE="true"
- LXC_BRIDGE="lxc-bridge-nat"
- LXC_ADDR="192.168.100.1"
- LXC_NETMASK="255.255.255.0"
- LXC_NETWORK="192.168.100.0/24"
- LXC_DHCP_RANGE="192.168.100.2,192.168.100.254"
- LXC_DHCP_MAX="253"
- LXC_DHCP_CONFILE=""
- LXC_DOMAIN="lxc"
- LXC_IPV6_ADDR="fc27::216:3eff:fe00:1"
- LXC_IPV6_MASK="64"
- LXC_IPV6_NETWORK="fc27::/64"
- LXC_IPV6_NAT="true"
- # Template used to create this container: /usr/share/lxc/templates/lxc-download
- # Parameters passed to the template: -d debian -r buster -a amd64
- # Template script checksum (SHA-1): 273c51343604eb85f7e294c8da0a5eb769d648f3
- # For additional config options, please look at lxc.container.conf(5)
- # Uncomment the following line to support nesting containers:
- #lxc.include = /usr/share/lxc/config/nesting.conf
- # (Be aware this has security implications)
- # Auto start configuration
- # Mount shared folder so the container can access letsencrypt certificates
- # into its own /share folder
- # Distribution configuration
- lxc.include = /usr/share/lxc/config/common.conf
- lxc.arch = linux64
- # Container specific configuration
- lxc.start.auto = 1
- lxc.rootfs.path = dir:/home/lxc/test/rootfs
- lxc.uts.name = test
- # Network configuration
- lxc.net.0.type = veth
- lxc.net.0.flags = up
- lxc.net.0.link = lxc-bridge-nat
- PING 8.8.8.8 (8.8.8.8): 56 data bytes
- ^C--- 8.8.8.8 ping statistics ---
- 18 packets transmitted, 0 packets received, 100% packet loss
- Generated by xtables-save v1.8.3 on Wed Jul 17 11:10:37 2019
- *filter
- :INPUT ACCEPT [245428:1063335794]
- :FORWARD ACCEPT [0:0]
- :OUTPUT ACCEPT [228241:18791314]
- :f2b-sshd - [0:0]
- :f2b-recidive - [0:0]
- -A INPUT -i lxc-bridge-nat -p tcp -m tcp --dport 53 -j ACCEPT
- -A INPUT -i lxc-bridge-nat -p udp -m udp --dport 53 -j ACCEPT
- -A INPUT -i lxc-bridge-nat -p tcp -m tcp --dport 67 -j ACCEPT
- -A INPUT -i lxc-bridge-nat -p udp -m udp --dport 67 -j ACCEPT
- -A INPUT -p tcp -j f2b-recidive
- -A INPUT -p tcp -m multiport --dports 22 -j f2b-sshd
- -A FORWARD -o lxc-bridge-nat -j ACCEPT
- -A FORWARD -i lxc-bridge-nat -j ACCEPT
- -A FORWARD -p tcp -j f2b-recidive
- -A f2b-sshd -j RETURN
- -A f2b-recidive -j RETURN
- COMMIT
- # Completed on Wed Jul 17 11:10:37 2019
- # Generated by xtables-save v1.8.3 on Wed Jul 17 11:10:37 2019
- *nat
- :PREROUTING ACCEPT [0:0]
- :INPUT ACCEPT [0:0]
- :POSTROUTING ACCEPT [0:0]
- :OUTPUT ACCEPT [0:0]
- -A POSTROUTING -s 192.168.100.0/24 ! -d 192.168.100.0/24 -j MASQUERADE
- COMMIT
- # Completed on Wed Jul 17 11:10:37 2019
- # Generated by xtables-save v1.8.3 on Wed Jul 17 11:10:37 2019
- *mangle
- :PREROUTING ACCEPT [248302:1063534761]
- :INPUT ACCEPT [247677:1063489218]
- :FORWARD ACCEPT [538:39768]
- :OUTPUT ACCEPT [228241:18791314]
- :POSTROUTING ACCEPT [228779:18831082]
- -A POSTROUTING -o lxc-bridge-nat -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
- COMMIT
- # Completed on Wed Jul 17 11:10:37 2019
- # Generated by xtables-save v1.8.3 on Wed Jul 17 11:10:37 2019
- *raw
- :PREROUTING ACCEPT [3012:193211]
- :OUTPUT ACCEPT [2048:239550]
- COMMIT
- # Completed on Wed Jul 17 11:10:37 2019
- # Warning: iptables-legacy tables present, use iptables-legacy-save to see them
- tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
- listening on eno1, link-type EN10MB (Ethernet), capture size 262144 bytes
- 11:12:38.938243 IP 192.168.100.78 > 8.8.8.8: ICMP echo request, id 1137, seq 0, length 64
- 11:12:39.939343 IP 192.168.100.78 > 8.8.8.8: ICMP echo request, id 1137, seq 1, length 64
- 11:12:40.940554 IP 192.168.100.78 > 8.8.8.8: ICMP echo request, id 1137, seq 2, length 64
- 11:12:41.941748 IP 192.168.100.78 > 8.8.8.8: ICMP echo request, id 1137, seq 3, length 64
- 11:12:42.942939 IP 192.168.100.78 > 8.8.8.8: ICMP echo request, id 1137, seq 4, length 64
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
