-
-
Save looterz/12ad3cc772983c4d63d978a1a07a1c18 to your computer and use it in GitHub Desktop.
Floating IP Troubleshooting
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default | |
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 | |
inet 127.0.0.1/8 scope host lo | |
valid_lft forever preferred_lft forever | |
inet6 ::1/128 scope host | |
valid_lft forever preferred_lft forever | |
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 | |
link/ether 04:01:d0:d5:4a:01 brd ff:ff:ff:ff:ff:ff | |
inet 104.236.63.95/18 brd 104.236.63.255 scope global eth0 | |
valid_lft forever preferred_lft forever | |
inet 10.17.0.6/16 scope global eth0 | |
valid_lft forever preferred_lft forever | |
inet6 2604:a880:800:10::a31:4001/64 scope global | |
valid_lft forever preferred_lft forever | |
inet6 fe80::601:d0ff:fed5:4a01/64 scope link | |
valid_lft forever preferred_lft forever | |
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 | |
link/ether 04:01:d0:d5:4a:02 brd ff:ff:ff:ff:ff:ff | |
inet 10.132.53.228/16 brd 10.132.255.255 scope global eth1 | |
valid_lft forever preferred_lft forever | |
inet6 fe80::601:d0ff:fed5:4a02/64 scope link | |
valid_lft forever preferred_lft forever | |
4: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default | |
link/ether 02:42:c4:ff:e9:63 brd ff:ff:ff:ff:ff:ff | |
inet 172.17.0.1/16 scope global docker0 | |
valid_lft forever preferred_lft forever | |
inet6 fe80::42:c4ff:feff:e963/64 scope link | |
valid_lft forever preferred_lft forever | |
6: veth3a6af94: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default | |
link/ether 12:6b:f9:29:2b:8d brd ff:ff:ff:ff:ff:ff | |
inet6 fe80::106b:f9ff:fe29:2b8d/64 scope link | |
valid_lft forever preferred_lft forever |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
default via 104.236.0.1 dev eth0 | |
10.17.0.0/16 dev eth0 proto kernel scope link src 10.17.0.6 | |
10.132.0.0/16 dev eth1 proto kernel scope link src 10.132.53.228 | |
104.236.0.0/18 dev eth0 proto kernel scope link src 104.236.63.95 | |
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Generated by iptables-save v1.4.21 on Tue Apr 19 12:51:14 2016 | |
*nat | |
:PREROUTING ACCEPT [445:32725] | |
:INPUT ACCEPT [399:27363] | |
:OUTPUT ACCEPT [5670:342640] | |
:POSTROUTING ACCEPT [5670:342640] | |
:DOCKER - [0:0] | |
[455:33647] -A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER | |
[0:0] -A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER | |
[0:0] -A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE | |
[0:0] -A POSTROUTING -s 172.17.0.2/32 -d 172.17.0.2/32 -p udp -m udp --dport 1194 -j MASQUERADE | |
[0:0] -A DOCKER -i docker0 -j RETURN | |
[0:0] -A DOCKER ! -i docker0 -p udp -m udp --dport 1194 -j DNAT --to-destination 172.17.0.2:1194 | |
COMMIT | |
# Completed on Tue Apr 19 12:51:14 2016 | |
# Generated by iptables-save v1.4.21 on Tue Apr 19 12:51:14 2016 | |
*filter | |
:INPUT DROP [26:3489] | |
:FORWARD DROP [0:0] | |
:OUTPUT ACCEPT [0:0] | |
:DOCKER - [0:0] | |
:DOCKER-ISOLATION - [0:0] | |
:fail2ban-ssh - [0:0] | |
:ufw-after-forward - [0:0] | |
:ufw-after-input - [0:0] | |
:ufw-after-logging-forward - [0:0] | |
:ufw-after-logging-input - [0:0] | |
:ufw-after-logging-output - [0:0] | |
:ufw-after-output - [0:0] | |
:ufw-before-forward - [0:0] | |
:ufw-before-input - [0:0] | |
:ufw-before-logging-forward - [0:0] | |
:ufw-before-logging-input - [0:0] | |
:ufw-before-logging-output - [0:0] | |
:ufw-before-output - [0:0] | |
:ufw-logging-allow - [0:0] | |
:ufw-logging-deny - [0:0] | |
:ufw-not-local - [0:0] | |
:ufw-reject-forward - [0:0] | |
:ufw-reject-input - [0:0] | |
:ufw-reject-output - [0:0] | |
:ufw-skip-to-policy-forward - [0:0] | |
:ufw-skip-to-policy-input - [0:0] | |
:ufw-skip-to-policy-output - [0:0] | |
:ufw-track-input - [0:0] | |
:ufw-track-output - [0:0] | |
:ufw-user-forward - [0:0] | |
:ufw-user-input - [0:0] | |
:ufw-user-limit - [0:0] | |
:ufw-user-limit-accept - [0:0] | |
:ufw-user-logging-forward - [0:0] | |
:ufw-user-logging-input - [0:0] | |
:ufw-user-logging-output - [0:0] | |
:ufw-user-output - [0:0] | |
[4998:285124] -A INPUT -p tcp -m multiport --dports 22 -j fail2ban-ssh | |
[30308:5926749] -A INPUT -j ufw-before-logging-input | |
[30308:5926749] -A INPUT -j ufw-before-input | |
[56:6305] -A INPUT -j ufw-after-input | |
[54:6209] -A INPUT -j ufw-after-logging-input | |
[54:6209] -A INPUT -j ufw-reject-input | |
[54:6209] -A INPUT -j ufw-track-input | |
[0:0] -A FORWARD -j DOCKER-ISOLATION | |
[0:0] -A FORWARD -o docker0 -j DOCKER | |
[0:0] -A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT | |
[0:0] -A FORWARD -i docker0 ! -o docker0 -j ACCEPT | |
[0:0] -A FORWARD -i docker0 -o docker0 -j ACCEPT | |
[0:0] -A FORWARD -j ufw-before-logging-forward | |
[0:0] -A FORWARD -j ufw-before-forward | |
[0:0] -A FORWARD -j ufw-after-forward | |
[0:0] -A FORWARD -j ufw-after-logging-forward | |
[0:0] -A FORWARD -j ufw-reject-forward | |
[30162:6830223] -A OUTPUT -j ufw-before-logging-output | |
[30162:6830223] -A OUTPUT -j ufw-before-output | |
[321:21818] -A OUTPUT -j ufw-after-output | |
[321:21818] -A OUTPUT -j ufw-after-logging-output | |
[321:21818] -A OUTPUT -j ufw-reject-output | |
[321:21818] -A OUTPUT -j ufw-track-output | |
[0:0] -A DOCKER -d 172.17.0.2/32 ! -i docker0 -o docker0 -p udp -m udp --dport 1194 -j ACCEPT | |
[0:0] -A DOCKER-ISOLATION -j RETURN | |
[4998:285124] -A fail2ban-ssh -j RETURN | |
[0:0] -A ufw-after-input -p udp -m udp --dport 137 -j ufw-skip-to-policy-input | |
[0:0] -A ufw-after-input -p udp -m udp --dport 138 -j ufw-skip-to-policy-input | |
[0:0] -A ufw-after-input -p tcp -m tcp --dport 139 -j ufw-skip-to-policy-input | |
[2:96] -A ufw-after-input -p tcp -m tcp --dport 445 -j ufw-skip-to-policy-input | |
[0:0] -A ufw-after-input -p udp -m udp --dport 67 -j ufw-skip-to-policy-input | |
[0:0] -A ufw-after-input -p udp -m udp --dport 68 -j ufw-skip-to-policy-input | |
[0:0] -A ufw-after-input -m addrtype --dst-type BROADCAST -j ufw-skip-to-policy-input | |
[0:0] -A ufw-after-logging-forward -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | |
[26:3489] -A ufw-after-logging-input -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | |
[0:0] -A ufw-before-forward -j ufw-user-forward | |
[17599:3378999] -A ufw-before-input -i lo -j ACCEPT | |
[4790:400714] -A ufw-before-input -m state --state RELATED,ESTABLISHED -j ACCEPT | |
[2:206] -A ufw-before-input -m state --state INVALID -j ufw-logging-deny | |
[2:206] -A ufw-before-input -m state --state INVALID -j DROP | |
[0:0] -A ufw-before-input -p icmp -m icmp --icmp-type 3 -j ACCEPT | |
[0:0] -A ufw-before-input -p icmp -m icmp --icmp-type 4 -j ACCEPT | |
[0:0] -A ufw-before-input -p icmp -m icmp --icmp-type 11 -j ACCEPT | |
[0:0] -A ufw-before-input -p icmp -m icmp --icmp-type 12 -j ACCEPT | |
[4:292] -A ufw-before-input -p icmp -m icmp --icmp-type 8 -j ACCEPT | |
[0:0] -A ufw-before-input -p udp -m udp --sport 67 --dport 68 -j ACCEPT | |
[323:26843] -A ufw-before-input -j ufw-not-local | |
[0:0] -A ufw-before-input -d 224.0.0.251/32 -p udp -m udp --dport 5353 -j ACCEPT | |
[0:0] -A ufw-before-input -d 239.255.255.250/32 -p udp -m udp --dport 1900 -j ACCEPT | |
[323:26843] -A ufw-before-input -j ufw-user-input | |
[17599:3378999] -A ufw-before-output -o lo -j ACCEPT | |
[5293:2526937] -A ufw-before-output -m state --state RELATED,ESTABLISHED -j ACCEPT | |
[164:11565] -A ufw-before-output -j ufw-user-output | |
[0:0] -A ufw-logging-allow -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | |
[2:206] -A ufw-logging-deny -m state --state INVALID -m limit --limit 3/min --limit-burst 10 -j RETURN | |
[0:0] -A ufw-logging-deny -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | |
[323:26843] -A ufw-not-local -m addrtype --dst-type LOCAL -j RETURN | |
[0:0] -A ufw-not-local -m addrtype --dst-type MULTICAST -j RETURN | |
[0:0] -A ufw-not-local -m addrtype --dst-type BROADCAST -j RETURN | |
[0:0] -A ufw-not-local -m limit --limit 3/min --limit-burst 10 -j ufw-logging-deny | |
[0:0] -A ufw-not-local -j DROP | |
[0:0] -A ufw-skip-to-policy-forward -j DROP | |
[2:96] -A ufw-skip-to-policy-input -j DROP | |
[0:0] -A ufw-skip-to-policy-output -j ACCEPT | |
[1:60] -A ufw-track-output -p tcp -m state --state NEW -j ACCEPT | |
[163:11505] -A ufw-track-output -p udp -m state --state NEW -j ACCEPT | |
[14:720] -A ufw-user-input -p tcp -m tcp --dport 80 -j ACCEPT | |
[5:220] -A ufw-user-input -p tcp -m tcp --dport 443 -j ACCEPT | |
[5:288] -A ufw-user-input -p tcp -m tcp --dport 22 -j ACCEPT | |
[0:0] -A ufw-user-input -p udp -m udp --dport 22 -j ACCEPT | |
[0:0] -A ufw-user-input -p tcp -m tcp --dport 10011 -j ACCEPT | |
[0:0] -A ufw-user-input -p udp -m udp --dport 10011 -j ACCEPT | |
[0:0] -A ufw-user-input -p tcp -m tcp --dport 30033 -j ACCEPT | |
[0:0] -A ufw-user-input -p tcp -m tcp --dport 10011 -j ACCEPT | |
[0:0] -A ufw-user-input -p tcp -m tcp --dport 7777 -j ACCEPT | |
[0:0] -A ufw-user-input -p udp -m udp --dport 7777 -j ACCEPT | |
[0:0] -A ufw-user-input -s 216.14.152.243/32 -p tcp -m tcp --dport 1194 -j ACCEPT | |
[0:0] -A ufw-user-input -s 216.14.152.243/32 -p udp -m udp --dport 1194 -j ACCEPT | |
[0:0] -A ufw-user-input -s 216.14.152.243/32 -p tcp -m tcp --dport 53 -j ACCEPT | |
[247:17511] -A ufw-user-input -s 216.14.152.243/32 -p udp -m udp --dport 53 -j ACCEPT | |
[4:208] -A ufw-user-input -s 216.14.152.243/32 -p tcp -m tcp --dport 11000 -j ACCEPT | |
[0:0] -A ufw-user-input -s 216.14.152.243/32 -p udp -m udp --dport 11000 -j ACCEPT | |
[0:0] -A ufw-user-input -p tcp -m tcp --dport 9987 -j ACCEPT | |
[20:4311] -A ufw-user-input -p udp -m udp --dport 9987 -j ACCEPT | |
[0:0] -A ufw-user-input -p tcp -m tcp --dport 30033 -j ACCEPT | |
[0:0] -A ufw-user-input -p udp -m udp --dport 30033 -j ACCEPT | |
[0:0] -A ufw-user-limit -m limit --limit 3/min -j LOG --log-prefix "[UFW LIMIT BLOCK] " | |
[0:0] -A ufw-user-limit -j REJECT --reject-with icmp-port-unreachable | |
[0:0] -A ufw-user-limit-accept -j ACCEPT | |
COMMIT | |
# Completed on Tue Apr 19 12:51:14 2016 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment