zoukankan      html  css  js  c++  java

  • 防火墙与iptables

    root@ubuntu:~# iptables -t nat  -A POSTROUTING -s 10.10.104.83/32  -o enahisic2i0  -j MASQUERADE
root@ubuntu:~# iptables -nvL -t nat
Chain PREROUTING (policy ACCEPT 19 packets, 878 bytes)
 pkts bytes target     prot opt in     out     source               destination         
   12  1272 DOCKER     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 1 packets, 78 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DOCKER     all  --  *      *       0.0.0.0/0           !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 MASQUERADE  all  --  *      !docker0  172.17.0.0/16        0.0.0.0/0           
    0     0 MASQUERADE  all  --  *      enahisic2i0  10.10.104.83         0.0.0.0/0           

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 RETURN     all  --  docker0 *       0.0.0.0/0            0.0.0.0/0           
root@ubuntu:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.10.16.254    0.0.0.0         UG    0      0        0 enahisic2i0
10.10.16.0      0.0.0.0         255.255.255.0   U     0      0        0 enahisic2i0
10.10.104.0     0.0.0.0         255.255.255.0   U     0      0        0 virbr1
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0
root@ubuntu:~# ufw status
Status: inactive

      

     这条规则没有生效,而且防火墙处于inactive状态

    root@ubuntu:~# cat /proc/net/nf_conntrack
cat: /proc/net/nf_conntrack: No such file or directory
root@ubuntu:~#

    执行ufw disable可以了

    root@ubuntu:~# ufw disable
Firewall stopped and disabled on system startup
root@ubuntu:~# iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N DOCKER
-N DOCKER-ISOLATION-STAGE-1
-N DOCKER-ISOLATION-STAGE-2
-N DOCKER-USER
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
root@ubuntu:~# cat /proc/net/nf_conntrack
cat: /proc/net/nf_conntrack: No such file or directory
root@ubuntu:~# iptables -nvL -t nat
Chain PREROUTING (policy ACCEPT 378 packets, 21207 bytes)
 pkts bytes target     prot opt in     out     source               destination         
   12  1272 DOCKER     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 8 packets, 976 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 1 packets, 76 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DOCKER     all  --  *      *       0.0.0.0/0           !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT 1 packets, 76 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 MASQUERADE  all  --  *      !docker0  172.17.0.0/16        0.0.0.0/0           
    1    60 MASQUERADE  all  --  *      enahisic2i0  10.10.104.83         0.0.0.0/0           

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 RETURN     all  --  docker0 *       0.0.0.0/0            0.0.0.0/0           
root@ubuntu:~#



  • 相关阅读:
    OLTP和OLAP区别
    JAVA实现文件树
    商务智能及其实现模型
    Java打印程序设计
    J2EE的昨天,今天,明天
    常用jar包之commonslang使用
    CRM与ERP整合的六个切入点
    常用jar包之commonscollection使用
    软件安全技术
    常用jar包之commonsbeanutils使用
  • 原文地址:https://www.cnblogs.com/dream397/p/13785796.html
Copyright © 2011-2022 走看看