Virsh Nat Network: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Thomas (Diskussion | Beiträge) |
Thomas (Diskussion | Beiträge) |
||
| (Eine dazwischenliegende Version desselben Benutzers wird nicht angezeigt) | |||
| Zeile 12: | Zeile 12: | ||
</network> | </network> | ||
</pre> | </pre> | ||
| − | =iptables -nvL | + | =iptables -nvL= |
<pre> | <pre> | ||
| − | |||
Chain INPUT (policy ACCEPT 474 packets, 467K bytes) | Chain INPUT (policy ACCEPT 474 packets, 467K bytes) | ||
pkts bytes target prot opt in out source destination | pkts bytes target prot opt in out source destination | ||
| Zeile 33: | Zeile 32: | ||
pkts bytes target prot opt in out source destination | pkts bytes target prot opt in out source destination | ||
0 0 ACCEPT udp -- * virbr0-nat 0.0.0.0/0 0.0.0.0/0 udp dpt:68 | 0 0 ACCEPT udp -- * virbr0-nat 0.0.0.0/0 0.0.0.0/0 udp dpt:68 | ||
| + | </pre> | ||
| + | |||
| + | =iptables -nvL POSTROUTING -t nat= | ||
| + | <pre> | ||
| + | Chain POSTROUTING (policy ACCEPT 33 packets, 2024 bytes) | ||
| + | pkts bytes target prot opt in out source destination | ||
| + | 0 0 RETURN all -- * * 172.16.122.0/24 224.0.0.0/24 | ||
| + | 0 0 RETURN all -- * * 172.16.122.0/24 255.255.255.255 | ||
| + | 0 0 MASQUERADE tcp -- * * 172.16.122.0/24 !172.16.122.0/24 masq ports: 1024-65535 | ||
| + | 0 0 MASQUERADE udp -- * * 172.16.122.0/24 !172.16.122.0/24 masq ports: 1024-65535 | ||
| + | 0 0 MASQUERADE all -- * * 172.16.122.0/24 !172.16.122.0/24 | ||
</pre> | </pre> | ||
Aktuelle Version vom 17. Oktober 2017, 17:49 Uhr
<network>
<name>nat</name>
<forward mode='nat'/>
<bridge name='virbr0-nat' stp='on' delay='0'/>
<mac address='52:54:00:08:28:fb'/>
<ip address='172.16.122.1' netmask='255.255.255.0'>
<dhcp>
<range start='172.16.122.2' end='172.16.122.254'/>
</dhcp>
</ip>
</network>
iptables -nvL
Chain INPUT (policy ACCEPT 474 packets, 467K bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- virbr0-nat * 0.0.0.0/0 0.0.0.0/0 udp dpt:53
0 0 ACCEPT tcp -- virbr0-nat * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
0 0 ACCEPT udp -- virbr0-nat * 0.0.0.0/0 0.0.0.0/0 udp dpt:67
0 0 ACCEPT tcp -- virbr0-nat * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * virbr0-nat 0.0.0.0/0 172.16.122.0/24 ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- virbr0-nat * 172.16.122.0/24 0.0.0.0/0
0 0 ACCEPT all -- virbr0-nat virbr0-nat 0.0.0.0/0 0.0.0.0/0
0 0 REJECT all -- * virbr0-nat 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
0 0 REJECT all -- virbr0-nat * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
Chain OUTPUT (policy ACCEPT 410 packets, 44251 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- * virbr0-nat 0.0.0.0/0 0.0.0.0/0 udp dpt:68
iptables -nvL POSTROUTING -t nat
Chain POSTROUTING (policy ACCEPT 33 packets, 2024 bytes)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- * * 172.16.122.0/24 224.0.0.0/24
0 0 RETURN all -- * * 172.16.122.0/24 255.255.255.255
0 0 MASQUERADE tcp -- * * 172.16.122.0/24 !172.16.122.0/24 masq ports: 1024-65535
0 0 MASQUERADE udp -- * * 172.16.122.0/24 !172.16.122.0/24 masq ports: 1024-65535
0 0 MASQUERADE all -- * * 172.16.122.0/24 !172.16.122.0/24