zoukankan html css js c++ java

防火墙与iptables

root@ubuntu:~# iptables -t nat  -A POSTROUTING -s 10.10.104.83/32  -o enahisic2i0  -j MASQUERADE
root@ubuntu:~# iptables -nvL -t nat
Chain PREROUTING (policy ACCEPT 19 packets, 878 bytes)
 pkts bytes target     prot opt in     out     source               destination         
   12  1272 DOCKER     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 1 packets, 78 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DOCKER     all  --  *      *       0.0.0.0/0           !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 MASQUERADE  all  --  *      !docker0  172.17.0.0/16        0.0.0.0/0           
    0     0 MASQUERADE  all  --  *      enahisic2i0  10.10.104.83         0.0.0.0/0           

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 RETURN     all  --  docker0 *       0.0.0.0/0            0.0.0.0/0           
root@ubuntu:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.10.16.254    0.0.0.0         UG    0      0        0 enahisic2i0
10.10.16.0      0.0.0.0         255.255.255.0   U     0      0        0 enahisic2i0
10.10.104.0     0.0.0.0         255.255.255.0   U     0      0        0 virbr1
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0
root@ubuntu:~# ufw status
Status: inactive

 这条规则没有生效，而且防火墙处于inactive状态

root@ubuntu:~# cat /proc/net/nf_conntrack
cat: /proc/net/nf_conntrack: No such file or directory
root@ubuntu:~#

执行ufw disable可以了

root@ubuntu:~# ufw disable
Firewall stopped and disabled on system startup
root@ubuntu:~# iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N DOCKER
-N DOCKER-ISOLATION-STAGE-1
-N DOCKER-ISOLATION-STAGE-2
-N DOCKER-USER
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
root@ubuntu:~# cat /proc/net/nf_conntrack
cat: /proc/net/nf_conntrack: No such file or directory
root@ubuntu:~# iptables -nvL -t nat
Chain PREROUTING (policy ACCEPT 378 packets, 21207 bytes)
 pkts bytes target     prot opt in     out     source               destination         
   12  1272 DOCKER     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 8 packets, 976 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 1 packets, 76 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DOCKER     all  --  *      *       0.0.0.0/0           !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT 1 packets, 76 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 MASQUERADE  all  --  *      !docker0  172.17.0.0/16        0.0.0.0/0           
    1    60 MASQUERADE  all  --  *      enahisic2i0  10.10.104.83         0.0.0.0/0           

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 RETURN     all  --  docker0 *       0.0.0.0/0            0.0.0.0/0           
root@ubuntu:~#

查看全文

相关阅读:
Android渐变GradientDrawable叠加组合环ring
72.spring boot讨论群【从零开始学Spring Boot】
71.mybatis 如何获取插入的id【从零开始学Spring Boot】
Android GradientDrawable的XML实现
 服务器端架构及实战 — C#分享
 70.打印所有Spring boot载入的bean【从零开始学Spring Boot】
69. JPA实体Bean的生命周期【从零开始学Spring Boot】
Android版网易云音乐唱片机唱片磁盘旋转及唱片机机械臂动画关键代码实现思路
 服务器架构及实战（架构篇）- PHP建站
 创建MyOffice项目

原文地址：https://www.cnblogs.com/dream397/p/13785796.html