Skip to content

Instantly share code, notes, and snippets.

@looterz

looterz/ip addr.txt Secret

Created April 19, 2016 16:54
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save looterz/12ad3cc772983c4d63d978a1a07a1c18 to your computer and use it in GitHub Desktop.
Save looterz/12ad3cc772983c4d63d978a1a07a1c18 to your computer and use it in GitHub Desktop.
Download ZIP
Floating IP Troubleshooting
Raw
ip addr.txt
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 04:01:d0:d5:4a:01 brd ff:ff:ff:ff:ff:ff
inet 104.236.63.95/18 brd 104.236.63.255 scope global eth0
valid_lft forever preferred_lft forever
inet 10.17.0.6/16 scope global eth0
valid_lft forever preferred_lft forever
inet6 2604:a880:800:10::a31:4001/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::601:d0ff:fed5:4a01/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 04:01:d0:d5:4a:02 brd ff:ff:ff:ff:ff:ff
inet 10.132.53.228/16 brd 10.132.255.255 scope global eth1
valid_lft forever preferred_lft forever
inet6 fe80::601:d0ff:fed5:4a02/64 scope link
valid_lft forever preferred_lft forever
4: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:c4:ff:e9:63 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:c4ff:feff:e963/64 scope link
valid_lft forever preferred_lft forever
6: veth3a6af94: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether 12:6b:f9:29:2b:8d brd ff:ff:ff:ff:ff:ff
inet6 fe80::106b:f9ff:fe29:2b8d/64 scope link
valid_lft forever preferred_lft forever
Raw
ip route.txt
default via 104.236.0.1 dev eth0
10.17.0.0/16 dev eth0 proto kernel scope link src 10.17.0.6
10.132.0.0/16 dev eth1 proto kernel scope link src 10.132.53.228
104.236.0.0/18 dev eth0 proto kernel scope link src 104.236.63.95
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1
Raw
iptables-save -c.txt
# Generated by iptables-save v1.4.21 on Tue Apr 19 12:51:14 2016
*nat
:PREROUTING ACCEPT [445:32725]
:INPUT ACCEPT [399:27363]
:OUTPUT ACCEPT [5670:342640]
:POSTROUTING ACCEPT [5670:342640]
:DOCKER - [0:0]
[455:33647] -A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
[0:0] -A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
[0:0] -A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
[0:0] -A POSTROUTING -s 172.17.0.2/32 -d 172.17.0.2/32 -p udp -m udp --dport 1194 -j MASQUERADE
[0:0] -A DOCKER -i docker0 -j RETURN
[0:0] -A DOCKER ! -i docker0 -p udp -m udp --dport 1194 -j DNAT --to-destination 172.17.0.2:1194
COMMIT
# Completed on Tue Apr 19 12:51:14 2016
# Generated by iptables-save v1.4.21 on Tue Apr 19 12:51:14 2016
*filter
:INPUT DROP [26:3489]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:DOCKER - [0:0]
:DOCKER-ISOLATION - [0:0]
:fail2ban-ssh - [0:0]
:ufw-after-forward - [0:0]
:ufw-after-input - [0:0]
:ufw-after-logging-forward - [0:0]
:ufw-after-logging-input - [0:0]
:ufw-after-logging-output - [0:0]
:ufw-after-output - [0:0]
:ufw-before-forward - [0:0]
:ufw-before-input - [0:0]
:ufw-before-logging-forward - [0:0]
:ufw-before-logging-input - [0:0]
:ufw-before-logging-output - [0:0]
:ufw-before-output - [0:0]
:ufw-logging-allow - [0:0]
:ufw-logging-deny - [0:0]
:ufw-not-local - [0:0]
:ufw-reject-forward - [0:0]
:ufw-reject-input - [0:0]
:ufw-reject-output - [0:0]
:ufw-skip-to-policy-forward - [0:0]
:ufw-skip-to-policy-input - [0:0]
:ufw-skip-to-policy-output - [0:0]
:ufw-track-input - [0:0]
:ufw-track-output - [0:0]
:ufw-user-forward - [0:0]
:ufw-user-input - [0:0]
:ufw-user-limit - [0:0]
:ufw-user-limit-accept - [0:0]
:ufw-user-logging-forward - [0:0]
:ufw-user-logging-input - [0:0]
:ufw-user-logging-output - [0:0]
:ufw-user-output - [0:0]
[4998:285124] -A INPUT -p tcp -m multiport --dports 22 -j fail2ban-ssh
[30308:5926749] -A INPUT -j ufw-before-logging-input
[30308:5926749] -A INPUT -j ufw-before-input
[56:6305] -A INPUT -j ufw-after-input
[54:6209] -A INPUT -j ufw-after-logging-input
[54:6209] -A INPUT -j ufw-reject-input
[54:6209] -A INPUT -j ufw-track-input
[0:0] -A FORWARD -j DOCKER-ISOLATION
[0:0] -A FORWARD -o docker0 -j DOCKER
[0:0] -A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
[0:0] -A FORWARD -i docker0 ! -o docker0 -j ACCEPT
[0:0] -A FORWARD -i docker0 -o docker0 -j ACCEPT
[0:0] -A FORWARD -j ufw-before-logging-forward
[0:0] -A FORWARD -j ufw-before-forward
[0:0] -A FORWARD -j ufw-after-forward
[0:0] -A FORWARD -j ufw-after-logging-forward
[0:0] -A FORWARD -j ufw-reject-forward
[30162:6830223] -A OUTPUT -j ufw-before-logging-output
[30162:6830223] -A OUTPUT -j ufw-before-output
[321:21818] -A OUTPUT -j ufw-after-output
[321:21818] -A OUTPUT -j ufw-after-logging-output
[321:21818] -A OUTPUT -j ufw-reject-output
[321:21818] -A OUTPUT -j ufw-track-output
[0:0] -A DOCKER -d 172.17.0.2/32 ! -i docker0 -o docker0 -p udp -m udp --dport 1194 -j ACCEPT
[0:0] -A DOCKER-ISOLATION -j RETURN
[4998:285124] -A fail2ban-ssh -j RETURN
[0:0] -A ufw-after-input -p udp -m udp --dport 137 -j ufw-skip-to-policy-input
[0:0] -A ufw-after-input -p udp -m udp --dport 138 -j ufw-skip-to-policy-input
[0:0] -A ufw-after-input -p tcp -m tcp --dport 139 -j ufw-skip-to-policy-input
[2:96] -A ufw-after-input -p tcp -m tcp --dport 445 -j ufw-skip-to-policy-input
[0:0] -A ufw-after-input -p udp -m udp --dport 67 -j ufw-skip-to-policy-input
[0:0] -A ufw-after-input -p udp -m udp --dport 68 -j ufw-skip-to-policy-input
[0:0] -A ufw-after-input -m addrtype --dst-type BROADCAST -j ufw-skip-to-policy-input
[0:0] -A ufw-after-logging-forward -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
[26:3489] -A ufw-after-logging-input -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
[0:0] -A ufw-before-forward -j ufw-user-forward
[17599:3378999] -A ufw-before-input -i lo -j ACCEPT
[4790:400714] -A ufw-before-input -m state --state RELATED,ESTABLISHED -j ACCEPT
[2:206] -A ufw-before-input -m state --state INVALID -j ufw-logging-deny
[2:206] -A ufw-before-input -m state --state INVALID -j DROP
[0:0] -A ufw-before-input -p icmp -m icmp --icmp-type 3 -j ACCEPT
[0:0] -A ufw-before-input -p icmp -m icmp --icmp-type 4 -j ACCEPT
[0:0] -A ufw-before-input -p icmp -m icmp --icmp-type 11 -j ACCEPT
[0:0] -A ufw-before-input -p icmp -m icmp --icmp-type 12 -j ACCEPT
[4:292] -A ufw-before-input -p icmp -m icmp --icmp-type 8 -j ACCEPT
[0:0] -A ufw-before-input -p udp -m udp --sport 67 --dport 68 -j ACCEPT
[323:26843] -A ufw-before-input -j ufw-not-local
[0:0] -A ufw-before-input -d 224.0.0.251/32 -p udp -m udp --dport 5353 -j ACCEPT
[0:0] -A ufw-before-input -d 239.255.255.250/32 -p udp -m udp --dport 1900 -j ACCEPT
[323:26843] -A ufw-before-input -j ufw-user-input
[17599:3378999] -A ufw-before-output -o lo -j ACCEPT
[5293:2526937] -A ufw-before-output -m state --state RELATED,ESTABLISHED -j ACCEPT
[164:11565] -A ufw-before-output -j ufw-user-output
[0:0] -A ufw-logging-allow -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
[2:206] -A ufw-logging-deny -m state --state INVALID -m limit --limit 3/min --limit-burst 10 -j RETURN
[0:0] -A ufw-logging-deny -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
[323:26843] -A ufw-not-local -m addrtype --dst-type LOCAL -j RETURN
[0:0] -A ufw-not-local -m addrtype --dst-type MULTICAST -j RETURN
[0:0] -A ufw-not-local -m addrtype --dst-type BROADCAST -j RETURN
[0:0] -A ufw-not-local -m limit --limit 3/min --limit-burst 10 -j ufw-logging-deny
[0:0] -A ufw-not-local -j DROP
[0:0] -A ufw-skip-to-policy-forward -j DROP
[2:96] -A ufw-skip-to-policy-input -j DROP
[0:0] -A ufw-skip-to-policy-output -j ACCEPT
[1:60] -A ufw-track-output -p tcp -m state --state NEW -j ACCEPT
[163:11505] -A ufw-track-output -p udp -m state --state NEW -j ACCEPT
[14:720] -A ufw-user-input -p tcp -m tcp --dport 80 -j ACCEPT
[5:220] -A ufw-user-input -p tcp -m tcp --dport 443 -j ACCEPT
[5:288] -A ufw-user-input -p tcp -m tcp --dport 22 -j ACCEPT
[0:0] -A ufw-user-input -p udp -m udp --dport 22 -j ACCEPT
[0:0] -A ufw-user-input -p tcp -m tcp --dport 10011 -j ACCEPT
[0:0] -A ufw-user-input -p udp -m udp --dport 10011 -j ACCEPT
[0:0] -A ufw-user-input -p tcp -m tcp --dport 30033 -j ACCEPT
[0:0] -A ufw-user-input -p tcp -m tcp --dport 10011 -j ACCEPT
[0:0] -A ufw-user-input -p tcp -m tcp --dport 7777 -j ACCEPT
[0:0] -A ufw-user-input -p udp -m udp --dport 7777 -j ACCEPT
[0:0] -A ufw-user-input -s 216.14.152.243/32 -p tcp -m tcp --dport 1194 -j ACCEPT
[0:0] -A ufw-user-input -s 216.14.152.243/32 -p udp -m udp --dport 1194 -j ACCEPT
[0:0] -A ufw-user-input -s 216.14.152.243/32 -p tcp -m tcp --dport 53 -j ACCEPT
[247:17511] -A ufw-user-input -s 216.14.152.243/32 -p udp -m udp --dport 53 -j ACCEPT
[4:208] -A ufw-user-input -s 216.14.152.243/32 -p tcp -m tcp --dport 11000 -j ACCEPT
[0:0] -A ufw-user-input -s 216.14.152.243/32 -p udp -m udp --dport 11000 -j ACCEPT
[0:0] -A ufw-user-input -p tcp -m tcp --dport 9987 -j ACCEPT
[20:4311] -A ufw-user-input -p udp -m udp --dport 9987 -j ACCEPT
[0:0] -A ufw-user-input -p tcp -m tcp --dport 30033 -j ACCEPT
[0:0] -A ufw-user-input -p udp -m udp --dport 30033 -j ACCEPT
[0:0] -A ufw-user-limit -m limit --limit 3/min -j LOG --log-prefix "[UFW LIMIT BLOCK] "
[0:0] -A ufw-user-limit -j REJECT --reject-with icmp-port-unreachable
[0:0] -A ufw-user-limit-accept -j ACCEPT
COMMIT
# Completed on Tue Apr 19 12:51:14 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment