Virsh Route Network: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Thomas (Diskussion | Beiträge) (Die Seite wurde neu angelegt: „<pre> <network> <name>route</name> <forward mode='route'/> <bridge name='virbr0-route'/> <mac address='52:54:10:08:28:fb'/> <ip address='172.16.222.1…“) |
Thomas (Diskussion | Beiträge) |
||
| (Eine dazwischenliegende Version desselben Benutzers wird nicht angezeigt) | |||
| Zeile 12: | Zeile 12: | ||
</network> | </network> | ||
</pre> | </pre> | ||
| + | =iptables -nvL= | ||
| + | <pre> | ||
| + | Chain INPUT (policy ACCEPT 95 packets, 13126 bytes) | ||
| + | pkts bytes target prot opt in out source destination | ||
| + | 0 0 ACCEPT udp -- virbr0-route * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 | ||
| + | 0 0 ACCEPT tcp -- virbr0-route * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 | ||
| + | 0 0 ACCEPT udp -- virbr0-route * 0.0.0.0/0 0.0.0.0/0 udp dpt:67 | ||
| + | 0 0 ACCEPT tcp -- virbr0-route * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67 | ||
| + | |||
| + | Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) | ||
| + | pkts bytes target prot opt in out source destination | ||
| + | 0 0 ACCEPT all -- * virbr0-route 0.0.0.0/0 172.16.222.0/24 | ||
| + | 0 0 ACCEPT all -- virbr0-route * 172.16.222.0/24 0.0.0.0/0 | ||
| + | 0 0 ACCEPT all -- virbr0-route virbr0-route 0.0.0.0/0 0.0.0.0/0 | ||
| + | 0 0 REJECT all -- * virbr0-route 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable | ||
| + | 0 0 REJECT all -- virbr0-route * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable | ||
| + | |||
| + | Chain OUTPUT (policy ACCEPT 77 packets, 15192 bytes) | ||
| + | pkts bytes target prot opt in out source destination | ||
| + | 0 0 ACCEPT udp -- * virbr0-route 0.0.0.0/0 0.0.0.0/0 udp dpt:68 | ||
| + | </pre> | ||
| + | =iptables -nvL POSTROUTING -t nat= | ||
| + | Chain POSTROUTING (policy ACCEPT 77 packets, 4800 bytes) | ||
| + | pkts bytes target prot opt in out source destination | ||
Aktuelle Version vom 17. Oktober 2017, 17:37 Uhr
<network>
<name>route</name>
<forward mode='route'/>
<bridge name='virbr0-route'/>
<mac address='52:54:10:08:28:fb'/>
<ip address='172.16.222.1' netmask='255.255.255.0'>
<dhcp>
<range start='172.16.222.2' end='172.16.222.254'/>
</dhcp>
</ip>
</network>
iptables -nvL
Chain INPUT (policy ACCEPT 95 packets, 13126 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- virbr0-route * 0.0.0.0/0 0.0.0.0/0 udp dpt:53
0 0 ACCEPT tcp -- virbr0-route * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
0 0 ACCEPT udp -- virbr0-route * 0.0.0.0/0 0.0.0.0/0 udp dpt:67
0 0 ACCEPT tcp -- virbr0-route * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * virbr0-route 0.0.0.0/0 172.16.222.0/24
0 0 ACCEPT all -- virbr0-route * 172.16.222.0/24 0.0.0.0/0
0 0 ACCEPT all -- virbr0-route virbr0-route 0.0.0.0/0 0.0.0.0/0
0 0 REJECT all -- * virbr0-route 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
0 0 REJECT all -- virbr0-route * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
Chain OUTPUT (policy ACCEPT 77 packets, 15192 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- * virbr0-route 0.0.0.0/0 0.0.0.0/0 udp dpt:68
iptables -nvL POSTROUTING -t nat
Chain POSTROUTING (policy ACCEPT 77 packets, 4800 bytes) pkts bytes target prot opt in out source destination