Last active
September 2, 2016 15:05
-
-
Save thomasbiddle/ef9ad16d33df722f5061106042c2d2ae to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## NAT SERVER | |
root@iZ94ks74g92Z:~# iptables -L | |
Chain INPUT (policy ACCEPT) | |
target prot opt source destination | |
Chain FORWARD (policy ACCEPT) | |
target prot opt source destination | |
ACCEPT all -- 10.0.0.0/8 anywhere ctstate NEW | |
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED | |
Chain OUTPUT (policy ACCEPT) | |
target prot opt source destination | |
root@iZ94ks74g92Z:~# iptables -t nat -L | |
Chain PREROUTING (policy ACCEPT) | |
target prot opt source destination | |
Chain INPUT (policy ACCEPT) | |
target prot opt source destination | |
Chain OUTPUT (policy ACCEPT) | |
target prot opt source destination | |
Chain POSTROUTING (policy ACCEPT) | |
target prot opt source destination | |
MASQUERADE all -- anywhere anywhere | |
root@iZ94ks74g92Z:~# sysctl -a | grep forward | |
net.ipv4.conf.all.forwarding = 1 | |
net.ipv4.conf.all.mc_forwarding = 0 | |
net.ipv4.conf.default.forwarding = 1 | |
net.ipv4.conf.default.mc_forwarding = 0 | |
net.ipv4.conf.eth0.forwarding = 1 | |
net.ipv4.conf.eth0.mc_forwarding = 0 | |
net.ipv4.conf.eth1.forwarding = 1 | |
net.ipv4.conf.eth1.mc_forwarding = 0 | |
net.ipv4.conf.lo.forwarding = 1 | |
net.ipv4.conf.lo.mc_forwarding = 0 | |
net.ipv4.ip_forward = 1 | |
net.ipv6.conf.all.forwarding = 0 | |
net.ipv6.conf.all.mc_forwarding = 0 | |
net.ipv6.conf.default.forwarding = 0 | |
net.ipv6.conf.default.mc_forwarding = 0 | |
net.ipv6.conf.eth0.forwarding = 0 | |
net.ipv6.conf.eth0.mc_forwarding = 0 | |
net.ipv6.conf.eth1.forwarding = 0 | |
net.ipv6.conf.eth1.mc_forwarding = 0 | |
net.ipv6.conf.lo.forwarding = 0 | |
net.ipv6.conf.lo.mc_forwarding = 0 | |
root@iZ94ks74g92Z:~# ifconfig | |
eth0 Link encap:Ethernet HWaddr 00:16:3e:00:00:49 | |
inet addr:10.169.121.97 Bcast:10.169.127.255 Mask:255.255.248.0 | |
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 | |
RX packets:1226 errors:0 dropped:0 overruns:0 frame:0 | |
TX packets:1872 errors:0 dropped:0 overruns:0 carrier:0 | |
collisions:0 txqueuelen:1000 | |
RX bytes:147586 (147.5 KB) TX bytes:161113 (161.1 KB) | |
eth1 Link encap:Ethernet HWaddr 00:16:3e:00:64:64 | |
inet addr:X.X.82.229 Bcast:X.X.83.255 Mask:255.255.252.0 | |
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 | |
RX packets:4473 errors:0 dropped:0 overruns:0 frame:0 | |
TX packets:3608 errors:0 dropped:0 overruns:0 carrier:0 | |
collisions:0 txqueuelen:1000 | |
RX bytes:384511 (384.5 KB) TX bytes:407420 (407.4 KB) | |
lo Link encap:Local Loopback | |
inet addr:127.0.0.1 Mask:255.0.0.0 | |
UP LOOPBACK RUNNING MTU:65536 Metric:1 | |
RX packets:81532 errors:0 dropped:0 overruns:0 frame:0 | |
TX packets:81532 errors:0 dropped:0 overruns:0 carrier:0 | |
collisions:0 txqueuelen:0 | |
RX bytes:5883606 (5.8 MB) TX bytes:5883606 (5.8 MB) | |
root@iZ94ks74g92Z:~# lsmod | |
Module Size Used by | |
ipt_MASQUERADE 12880 1 | |
iptable_nat 13011 1 | |
nf_nat_ipv4 13263 1 iptable_nat | |
nf_nat 21841 3 ipt_MASQUERADE,nf_nat_ipv4,iptable_nat | |
nf_conntrack_ipv4 15012 3 | |
nf_defrag_ipv4 12758 1 nf_conntrack_ipv4 | |
xt_conntrack 12760 2 | |
nf_conntrack 96976 6 ipt_MASQUERADE,nf_nat,nf_nat_ipv4,xt_conntrack,iptable_nat,nf_conntrack_ipv4 | |
iptable_filter 12810 1 | |
ip_tables 27239 2 iptable_filter,iptable_nat | |
x_tables 34059 4 ip_tables,ipt_MASQUERADE,xt_conntrack,iptable_filter | |
xenfs 12978 1 | |
xen_privcmd 13243 1 xenfs | |
joydev 17381 0 | |
hid_generic 12548 0 | |
xen_kbdfront 12797 0 | |
usbhid 52570 0 | |
hid 106148 2 hid_generic,usbhid | |
fb_sys_fops 12703 0 | |
syscopyarea 12529 0 | |
sysfillrect 12701 0 | |
sysimgblt 12640 0 | |
i2c_piix4 22155 0 | |
intel_rapl 18773 0 | |
aesni_intel 55624 0 | |
aes_x86_64 17131 1 aesni_intel | |
lrw 13286 1 aesni_intel | |
gf128mul 14951 1 lrw | |
glue_helper 13990 1 aesni_intel | |
ablk_helper 13597 1 aesni_intel | |
cryptd 20359 2 aesni_intel,ablk_helper | |
serio_raw 13462 0 | |
mac_hid 13205 0 | |
lp 17759 0 | |
parport 42348 1 lp | |
psmouse 106678 0 | |
pata_acpi 13038 0 | |
floppy 69418 0 | |
root@iZ94ks74g92Z:~# curl www.ubuntu.com | |
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> | |
<html><head> | |
<title>302 Found</title> | |
</head><body> | |
<h1>Found</h1> | |
<p>The document has moved <a href="http://www.ubuntu.com/index_kylin">here</a>.</p> | |
<hr> | |
<address>Apache/2.2.22 (Ubuntu) Server at www.ubuntu.com Port 80</address> | |
</body></html> | |
root@iZ94ks74g92Z:~# ping www.ubuntu.com | |
PING www.ubuntu.com (91.189.89.103) 56(84) bytes of data. | |
64 bytes from www-ubuntu-com.privet.canonical.com (91.189.89.103): icmp_seq=1 ttl=47 time=186 ms | |
64 bytes from www-ubuntu-com.privet.canonical.com (91.189.89.103): icmp_seq=2 ttl=47 time=186 ms | |
^C | |
--- www.ubuntu.com ping statistics --- | |
2 packets transmitted, 2 received, 0% packet loss, time 1001ms | |
rtt min/avg/max/mdev = 186.502/186.516/186.531/0.432 ms | |
root@iZ94ks74g92Z:~# dig www.ubuntu.com | |
; <<>> DiG 9.9.5-3ubuntu0.2-Ubuntu <<>> www.ubuntu.com | |
;; global options: +cmd | |
;; Got answer: | |
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53518 | |
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 | |
;; OPT PSEUDOSECTION: | |
; EDNS: version: 0, flags:; udp: 512 | |
;; QUESTION SECTION: | |
;www.ubuntu.com. IN A | |
;; ANSWER SECTION: | |
www.ubuntu.com. 298 IN A 91.189.90.59 | |
;; Query time: 604 msec | |
;; SERVER: 8.8.4.4#53(8.8.4.4) | |
;; WHEN: Fri Sep 02 15:48:11 CST 2016 | |
;; MSG SIZE rcvd: 59 | |
## CLIENT SERVER | |
root@iZ9477cfg1wZ:~# netstat -rn | |
Kernel IP routing table | |
Destination Gateway Genmask Flags MSS Window irtt Iface | |
0.0.0.0 10.169.121.97 0.0.0.0 UG 0 0 0 eth0 | |
10.0.0.0 10.169.127.247 255.0.0.0 UG 0 0 0 eth0 | |
10.169.120.0 0.0.0.0 255.255.248.0 U 0 0 0 eth0 | |
100.64.0.0 10.169.127.247 255.192.0.0 UG 0 0 0 eth0 | |
172.16.0.0 10.169.127.247 255.240.0.0 UG 0 0 0 eth0 | |
root@iZ9477cfg1wZ:~# | |
root@iZ9477cfg1wZ:~# ifconfig | |
eth0 Link encap:Ethernet HWaddr 00:16:3e:00:4e:05 | |
inet addr:10.169.120.128 Bcast:10.169.127.255 Mask:255.255.248.0 | |
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 | |
RX packets:2456 errors:0 dropped:0 overruns:0 frame:0 | |
TX packets:2244 errors:0 dropped:0 overruns:0 carrier:0 | |
collisions:0 txqueuelen:1000 | |
RX bytes:199447 (199.4 KB) TX bytes:243243 (243.2 KB) | |
lo Link encap:Local Loopback | |
inet addr:127.0.0.1 Mask:255.0.0.0 | |
UP LOOPBACK RUNNING MTU:65536 Metric:1 | |
RX packets:0 errors:0 dropped:0 overruns:0 frame:0 | |
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 | |
collisions:0 txqueuelen:0 | |
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) | |
root@iZ9477cfg1wZ:~# curl -v www.ubuntu.com | |
* Rebuilt URL to: www.ubuntu.com/ | |
* Hostname was NOT found in DNS cache | |
* Trying 91.189.89.103... | |
^C | |
root@iZ9477cfg1wZ:~# ping www.ubuntu.com | |
PING www.ubuntu.com (91.189.89.110) 56(84) bytes of data. | |
^C | |
--- www.ubuntu.com ping statistics --- | |
5 packets transmitted, 0 received, 100% packet loss, time 4031ms | |
root@iZ9477cfg1wZ:~# dig www.ubuntu.com | |
; <<>> DiG 9.9.5-3ubuntu0.2-Ubuntu <<>> www.ubuntu.com | |
;; global options: +cmd | |
;; Got answer: | |
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14999 | |
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 4 | |
;; OPT PSEUDOSECTION: | |
; EDNS: version: 0, flags:; udp: 4096 | |
;; QUESTION SECTION: | |
;www.ubuntu.com. IN A | |
;; ANSWER SECTION: | |
www.ubuntu.com. 145 IN A 91.189.89.110 | |
;; AUTHORITY SECTION: | |
www.ubuntu.com. 3144 IN NS ns3.canonical.com. | |
www.ubuntu.com. 3144 IN NS ns2.canonical.com. | |
www.ubuntu.com. 3144 IN NS ns1.canonical.com. | |
;; ADDITIONAL SECTION: | |
ns1.canonical.com. 136132 IN A 91.189.94.173 | |
ns2.canonical.com. 136132 IN A 91.189.95.3 | |
ns3.canonical.com. 136132 IN A 91.189.91.139 | |
;; Query time: 0 msec | |
;; SERVER: 100.100.2.136#53(100.100.2.136) | |
;; WHEN: Fri Sep 02 15:49:56 CST 2016 | |
;; MSG SIZE rcvd: 171 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Since you successfully queried the DNS server @ 100.100.2.136 from the Client Server it looks to me like your Routing & NAT is working. If you set the DNS server for Client Server to 8.8.8.8 are you still able to resolve public hostnames? Is there an iptables config on the Client Server?