Virsh Nat Network
Version vom 17. Oktober 2017, 17:33 Uhr von Thomas (Diskussion | Beiträge) (→iptables -nvL -t filter)
<network>
<name>nat</name>
<forward mode='nat'/>
<bridge name='virbr0-nat' stp='on' delay='0'/>
<mac address='52:54:00:08:28:fb'/>
<ip address='172.16.122.1' netmask='255.255.255.0'>
<dhcp>
<range start='172.16.122.2' end='172.16.122.254'/>
</dhcp>
</ip>
</network>
iptables -nvL -t filter
iptables -nvL
Chain INPUT (policy ACCEPT 474 packets, 467K bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- virbr0-nat * 0.0.0.0/0 0.0.0.0/0 udp dpt:53
0 0 ACCEPT tcp -- virbr0-nat * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
0 0 ACCEPT udp -- virbr0-nat * 0.0.0.0/0 0.0.0.0/0 udp dpt:67
0 0 ACCEPT tcp -- virbr0-nat * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * virbr0-nat 0.0.0.0/0 172.16.122.0/24 ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- virbr0-nat * 172.16.122.0/24 0.0.0.0/0
0 0 ACCEPT all -- virbr0-nat virbr0-nat 0.0.0.0/0 0.0.0.0/0
0 0 REJECT all -- * virbr0-nat 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
0 0 REJECT all -- virbr0-nat * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
Chain OUTPUT (policy ACCEPT 410 packets, 44251 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- * virbr0-nat 0.0.0.0/0 0.0.0.0/0 udp dpt:68
iptables -nvL POSTROUTING -t nat
Chain POSTROUTING (policy ACCEPT 33 packets, 2024 bytes)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- * * 172.16.122.0/24 224.0.0.0/24
0 0 RETURN all -- * * 172.16.122.0/24 255.255.255.255
0 0 MASQUERADE tcp -- * * 172.16.122.0/24 !172.16.122.0/24 masq ports: 1024-65535
0 0 MASQUERADE udp -- * * 172.16.122.0/24 !172.16.122.0/24 masq ports: 1024-65535
0 0 MASQUERADE all -- * * 172.16.122.0/24 !172.16.122.0/24