Skip to content

Instantly share code, notes, and snippets.

@thomasbiddle

thomasbiddle/gist:ef9ad16d33df722f5061106042c2d2ae Secret

Last active September 2, 2016 15:05
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save thomasbiddle/ef9ad16d33df722f5061106042c2d2ae to your computer and use it in GitHub Desktop.
Save thomasbiddle/ef9ad16d33df722f5061106042c2d2ae to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.txt
## NAT SERVER
root@iZ94ks74g92Z:~# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 10.0.0.0/8 anywhere ctstate NEW
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
root@iZ94ks74g92Z:~# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere
root@iZ94ks74g92Z:~# sysctl -a | grep forward
net.ipv4.conf.all.forwarding = 1
net.ipv4.conf.all.mc_forwarding = 0
net.ipv4.conf.default.forwarding = 1
net.ipv4.conf.default.mc_forwarding = 0
net.ipv4.conf.eth0.forwarding = 1
net.ipv4.conf.eth0.mc_forwarding = 0
net.ipv4.conf.eth1.forwarding = 1
net.ipv4.conf.eth1.mc_forwarding = 0
net.ipv4.conf.lo.forwarding = 1
net.ipv4.conf.lo.mc_forwarding = 0
net.ipv4.ip_forward = 1
net.ipv6.conf.all.forwarding = 0
net.ipv6.conf.all.mc_forwarding = 0
net.ipv6.conf.default.forwarding = 0
net.ipv6.conf.default.mc_forwarding = 0
net.ipv6.conf.eth0.forwarding = 0
net.ipv6.conf.eth0.mc_forwarding = 0
net.ipv6.conf.eth1.forwarding = 0
net.ipv6.conf.eth1.mc_forwarding = 0
net.ipv6.conf.lo.forwarding = 0
net.ipv6.conf.lo.mc_forwarding = 0
root@iZ94ks74g92Z:~# ifconfig
eth0 Link encap:Ethernet HWaddr 00:16:3e:00:00:49
inet addr:10.169.121.97 Bcast:10.169.127.255 Mask:255.255.248.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1226 errors:0 dropped:0 overruns:0 frame:0
TX packets:1872 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:147586 (147.5 KB) TX bytes:161113 (161.1 KB)
eth1 Link encap:Ethernet HWaddr 00:16:3e:00:64:64
inet addr:X.X.82.229 Bcast:X.X.83.255 Mask:255.255.252.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4473 errors:0 dropped:0 overruns:0 frame:0
TX packets:3608 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:384511 (384.5 KB) TX bytes:407420 (407.4 KB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:81532 errors:0 dropped:0 overruns:0 frame:0
TX packets:81532 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:5883606 (5.8 MB) TX bytes:5883606 (5.8 MB)
root@iZ94ks74g92Z:~# lsmod
Module Size Used by
ipt_MASQUERADE 12880 1
iptable_nat 13011 1
nf_nat_ipv4 13263 1 iptable_nat
nf_nat 21841 3 ipt_MASQUERADE,nf_nat_ipv4,iptable_nat
nf_conntrack_ipv4 15012 3
nf_defrag_ipv4 12758 1 nf_conntrack_ipv4
xt_conntrack 12760 2
nf_conntrack 96976 6 ipt_MASQUERADE,nf_nat,nf_nat_ipv4,xt_conntrack,iptable_nat,nf_conntrack_ipv4
iptable_filter 12810 1
ip_tables 27239 2 iptable_filter,iptable_nat
x_tables 34059 4 ip_tables,ipt_MASQUERADE,xt_conntrack,iptable_filter
xenfs 12978 1
xen_privcmd 13243 1 xenfs
joydev 17381 0
hid_generic 12548 0
xen_kbdfront 12797 0
usbhid 52570 0
hid 106148 2 hid_generic,usbhid
fb_sys_fops 12703 0
syscopyarea 12529 0
sysfillrect 12701 0
sysimgblt 12640 0
i2c_piix4 22155 0
intel_rapl 18773 0
aesni_intel 55624 0
aes_x86_64 17131 1 aesni_intel
lrw 13286 1 aesni_intel
gf128mul 14951 1 lrw
glue_helper 13990 1 aesni_intel
ablk_helper 13597 1 aesni_intel
cryptd 20359 2 aesni_intel,ablk_helper
serio_raw 13462 0
mac_hid 13205 0
lp 17759 0
parport 42348 1 lp
psmouse 106678 0
pata_acpi 13038 0
floppy 69418 0
root@iZ94ks74g92Z:~# curl www.ubuntu.com
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.ubuntu.com/index_kylin">here</a>.</p>
<hr>
<address>Apache/2.2.22 (Ubuntu) Server at www.ubuntu.com Port 80</address>
</body></html>
root@iZ94ks74g92Z:~# ping www.ubuntu.com
PING www.ubuntu.com (91.189.89.103) 56(84) bytes of data.
64 bytes from www-ubuntu-com.privet.canonical.com (91.189.89.103): icmp_seq=1 ttl=47 time=186 ms
64 bytes from www-ubuntu-com.privet.canonical.com (91.189.89.103): icmp_seq=2 ttl=47 time=186 ms
^C
--- www.ubuntu.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 186.502/186.516/186.531/0.432 ms
root@iZ94ks74g92Z:~# dig www.ubuntu.com
; <<>> DiG 9.9.5-3ubuntu0.2-Ubuntu <<>> www.ubuntu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53518
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.ubuntu.com. IN A
;; ANSWER SECTION:
www.ubuntu.com. 298 IN A 91.189.90.59
;; Query time: 604 msec
;; SERVER: 8.8.4.4#53(8.8.4.4)
;; WHEN: Fri Sep 02 15:48:11 CST 2016
;; MSG SIZE rcvd: 59
## CLIENT SERVER
root@iZ9477cfg1wZ:~# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 10.169.121.97 0.0.0.0 UG 0 0 0 eth0
10.0.0.0 10.169.127.247 255.0.0.0 UG 0 0 0 eth0
10.169.120.0 0.0.0.0 255.255.248.0 U 0 0 0 eth0
100.64.0.0 10.169.127.247 255.192.0.0 UG 0 0 0 eth0
172.16.0.0 10.169.127.247 255.240.0.0 UG 0 0 0 eth0
root@iZ9477cfg1wZ:~#
root@iZ9477cfg1wZ:~# ifconfig
eth0 Link encap:Ethernet HWaddr 00:16:3e:00:4e:05
inet addr:10.169.120.128 Bcast:10.169.127.255 Mask:255.255.248.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2456 errors:0 dropped:0 overruns:0 frame:0
TX packets:2244 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:199447 (199.4 KB) TX bytes:243243 (243.2 KB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
root@iZ9477cfg1wZ:~# curl -v www.ubuntu.com
* Rebuilt URL to: www.ubuntu.com/
* Hostname was NOT found in DNS cache
* Trying 91.189.89.103...
^C
root@iZ9477cfg1wZ:~# ping www.ubuntu.com
PING www.ubuntu.com (91.189.89.110) 56(84) bytes of data.
^C
--- www.ubuntu.com ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 4031ms
root@iZ9477cfg1wZ:~# dig www.ubuntu.com
; <<>> DiG 9.9.5-3ubuntu0.2-Ubuntu <<>> www.ubuntu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14999
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 4
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.ubuntu.com. IN A
;; ANSWER SECTION:
www.ubuntu.com. 145 IN A 91.189.89.110
;; AUTHORITY SECTION:
www.ubuntu.com. 3144 IN NS ns3.canonical.com.
www.ubuntu.com. 3144 IN NS ns2.canonical.com.
www.ubuntu.com. 3144 IN NS ns1.canonical.com.
;; ADDITIONAL SECTION:
ns1.canonical.com. 136132 IN A 91.189.94.173
ns2.canonical.com. 136132 IN A 91.189.95.3
ns3.canonical.com. 136132 IN A 91.189.91.139
;; Query time: 0 msec
;; SERVER: 100.100.2.136#53(100.100.2.136)
;; WHEN: Fri Sep 02 15:49:56 CST 2016
;; MSG SIZE rcvd: 171
@RobBiddle
Copy link

Since you successfully queried the DNS server @ 100.100.2.136 from the Client Server it looks to me like your Routing & NAT is working. If you set the DNS server for Client Server to 8.8.8.8 are you still able to resolve public hostnames? Is there an iptables config on the Client Server?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment