-
-
Save developerinlondon/31b4244113373c22b056 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ubuntu@ip-172-31-23-17:~$ sudo iptables -t nat -F lxc-nat | |
ubuntu@ip-172-31-23-17:~$ sudo iptables -t nat -D PREROUTING -j lxc-nat | |
ubuntu@ip-172-31-23-17:~$ sudo iptables -t nat -X lxc-nat | |
ubuntu@ip-172-31-23-17:~$ sudo iptables -t nat -N lxc-nat | |
ubuntu@ip-172-31-23-17:~$ sudo iptables -t nat -A PREROUTING -j lxc-nat | |
ubuntu@ip-172-31-23-17:~$ sudo iptables -t nat -A lxc-nat -d 172.31.23.17 -p tcp --dport 40000 -j DNAT --to 10.0.3.95:80 | |
ubuntu@ip-172-31-23-17:~$ sudo iptables --list\ | |
> ^C | |
ubuntu@ip-172-31-23-17:~$ sudo iptables --list | |
Chain INPUT (policy ACCEPT) | |
target prot opt source destination | |
ACCEPT udp -- anywhere anywhere udp dpt:domain | |
ACCEPT tcp -- anywhere anywhere tcp dpt:domain | |
ACCEPT udp -- anywhere anywhere udp dpt:bootps | |
ACCEPT tcp -- anywhere anywhere tcp dpt:bootps | |
ACCEPT tcp -- anywhere anywhere tcp dpt:domain | |
ACCEPT udp -- anywhere anywhere udp dpt:domain | |
ACCEPT tcp -- anywhere anywhere tcp dpt:bootps | |
ACCEPT udp -- anywhere anywhere udp dpt:bootps | |
Chain FORWARD (policy ACCEPT) | |
target prot opt source destination | |
ACCEPT all -- anywhere ip-192-168-122-0.ec2.internal/24 ctstate RELATED,ESTABLISHED | |
ACCEPT all -- ip-192-168-122-0.ec2.internal/24 anywhere | |
ACCEPT all -- anywhere anywhere | |
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable | |
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable | |
ACCEPT all -- anywhere anywhere | |
ACCEPT all -- anywhere anywhere | |
Chain OUTPUT (policy ACCEPT) | |
target prot opt source destination | |
ACCEPT udp -- anywhere anywhere udp dpt:bootpc | |
ubuntu@ip-172-31-23-17:~$ nmap -v -A 172.31.23.17 | |
Starting Nmap 6.40 ( http://nmap.org ) at 2014-08-19 00:41 UTC | |
NSE: Loaded 110 scripts for scanning. | |
NSE: Script Pre-scanning. | |
Initiating Ping Scan at 00:41 | |
Scanning 172.31.23.17 [2 ports] | |
Completed Ping Scan at 00:41, 0.00s elapsed (1 total hosts) | |
Initiating Parallel DNS resolution of 1 host. at 00:41 | |
Completed Parallel DNS resolution of 1 host. at 00:41, 0.00s elapsed | |
Initiating Connect Scan at 00:41 | |
Scanning ip-172-31-23-17.ec2.internal (172.31.23.17) [1000 ports] | |
Discovered open port 22/tcp on 172.31.23.17 | |
Discovered open port 5000/tcp on 172.31.23.17 | |
Completed Connect Scan at 00:41, 0.03s elapsed (1000 total ports) | |
Initiating Service scan at 00:41 | |
Scanning 2 services on ip-172-31-23-17.ec2.internal (172.31.23.17) | |
Completed Service scan at 00:41, 6.05s elapsed (2 services on 1 host) | |
NSE: Script scanning 172.31.23.17. | |
Initiating NSE at 00:41 | |
Completed NSE at 00:41, 0.12s elapsed | |
Nmap scan report for ip-172-31-23-17.ec2.internal (172.31.23.17) | |
Host is up (0.00046s latency). | |
Not shown: 998 closed ports | |
PORT STATE SERVICE VERSION | |
22/tcp open ssh (protocol 2.0) | |
| ssh-hostkey: 1024 af:84:11:5a:cd:bd:34:ad:3e:ec:18:c6:4c:f5:42:78 (DSA) | |
| 2048 76:8a:ff:95:d5:32:04:fc:21:73:21:7f:c1:48:22:16 (RSA) | |
|_256 44:8a:54:71:42:53:ac:a8:a8:f2:ba:59:2d:af:39:5f (ECDSA) | |
5000/tcp open http Werkzeug httpd 0.9.6 (Python 2.7.6) | |
|_http-methods: HEAD OPTIONS GET | |
|_http-title: Login - LXC Web Panel | |
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : | |
SF-Port22-TCP:V=6.40%I=7%D=8/19%Time=53F29D29%P=x86_64-pc-linux-gnu%r(NULL | |
SF:,29,"SSH-2\.0-OpenSSH_6\.6\.1p1\x20Ubuntu-2ubuntu2\r\n"); | |
NSE: Script Post-scanning. | |
Initiating NSE at 00:41 | |
Completed NSE at 00:41, 0.00s elapsed | |
Read data files from: /usr/bin/../share/nmap | |
Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . | |
Nmap done: 1 IP address (1 host up) scanned in 6.56 seconds | |
ubuntu@ip-172-31-23-17:~$ curl 172.31.23.17:40000 | |
curl: (7) Failed to connect to 172.31.23.17 port 40000: Connection refused | |
ubuntu@ip-172-31-23-17:~$ nmap -v -A 172.31.23.17 -p 40001 | |
Starting Nmap 6.40 ( http://nmap.org ) at 2014-08-19 00:56 UTC | |
NSE: Loaded 110 scripts for scanning. | |
NSE: Script Pre-scanning. | |
Initiating Ping Scan at 00:56 | |
Scanning 172.31.23.17 [2 ports] | |
Completed Ping Scan at 00:56, 0.00s elapsed (1 total hosts) | |
Initiating Parallel DNS resolution of 1 host. at 00:56 | |
Completed Parallel DNS resolution of 1 host. at 00:56, 0.00s elapsed | |
Initiating Connect Scan at 00:56 | |
Scanning ip-172-31-23-17.ec2.internal (172.31.23.17) [1 port] | |
Completed Connect Scan at 00:56, 0.00s elapsed (1 total ports) | |
Initiating Service scan at 00:56 | |
NSE: Script scanning 172.31.23.17. | |
Initiating NSE at 00:56 | |
Completed NSE at 00:56, 0.00s elapsed | |
Nmap scan report for ip-172-31-23-17.ec2.internal (172.31.23.17) | |
Host is up (0.000051s latency). | |
PORT STATE SERVICE VERSION | |
40001/tcp closed unknown | |
NSE: Script Post-scanning. | |
Read data files from: /usr/bin/../share/nmap | |
Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . | |
Nmap done: 1 IP address (1 host up) scanned in 0.19 seconds | |
ubuntu@ip-172-31-23-17:~$ sudo iptables -L -nv | |
Chain INPUT (policy ACCEPT 6030 packets, 384K bytes) | |
pkts bytes target prot opt in out source destination | |
0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 | |
0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 | |
0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:67 | |
0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67 | |
0 0 ACCEPT tcp -- lxcbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 | |
0 0 ACCEPT udp -- lxcbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 | |
0 0 ACCEPT tcp -- lxcbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67 | |
0 0 ACCEPT udp -- lxcbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:67 | |
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) | |
pkts bytes target prot opt in out source destination | |
0 0 ACCEPT all -- * virbr0 0.0.0.0/0 192.168.122.0/24 ctstate RELATED,ESTABLISHED | |
0 0 ACCEPT all -- virbr0 * 192.168.122.0/24 0.0.0.0/0 | |
0 0 ACCEPT all -- virbr0 virbr0 0.0.0.0/0 0.0.0.0/0 | |
0 0 REJECT all -- * virbr0 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable | |
0 0 REJECT all -- virbr0 * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable | |
0 0 ACCEPT all -- * lxcbr0 0.0.0.0/0 0.0.0.0/0 | |
0 0 ACCEPT all -- lxcbr0 * 0.0.0.0/0 0.0.0.0/0 | |
Chain OUTPUT (policy ACCEPT 5802 packets, 403K bytes) | |
pkts bytes target prot opt in out source destination | |
0 0 ACCEPT udp -- * virbr0 0.0.0.0/0 0.0.0.0/0 udp dpt:68 | |
ubuntu@ip-172-31-23-17:~$ | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
heres the output from iptables-save: