Skip to content

Instantly share code, notes, and snippets.

@timfpark

timfpark/linkerd-init

Created November 18, 2018 16:06
Show Gist options
  • Save timfpark/a007d894982de4b4febd59f1b72907f5 to your computer and use it in GitHub Desktop.
Save timfpark/a007d894982de4b4febd59f1b72907f5 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
linkerd-init
2018/11/18 15:39:08 Tracing this script execution as [1542555548]
2018/11/18 15:39:08 State of iptables rules before run:
2018/11/18 15:39:08 > iptables -t nat -vnL
2018/11/18 15:39:08 < Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
2018/11/18 15:39:08 > iptables -t nat -F PROXY_INIT_REDIRECT
2018/11/18 15:39:08 < iptables: No chain/target/match by that name.
2018/11/18 15:39:08 > iptables -t nat -X PROXY_INIT_REDIRECT
2018/11/18 15:39:08 < iptables: No chain/target/match by that name.
2018/11/18 15:39:08 Will ignore port 4190 on chain PROXY_INIT_REDIRECT
2018/11/18 15:39:08 Will ignore port 4191 on chain PROXY_INIT_REDIRECT
2018/11/18 15:39:08 Will redirect all INPUT ports to proxy
2018/11/18 15:39:08 > iptables -t nat -F PROXY_INIT_OUTPUT
2018/11/18 15:39:08 < iptables: No chain/target/match by that name.
2018/11/18 15:39:08 > iptables -t nat -X PROXY_INIT_OUTPUT
2018/11/18 15:39:08 < iptables: No chain/target/match by that name.
2018/11/18 15:39:08 Ignoring uid 2102
2018/11/18 15:39:08 Redirecting all OUTPUT to 4140
2018/11/18 15:39:08 Executing commands:
2018/11/18 15:39:08 > iptables -t nat -N PROXY_INIT_REDIRECT -m comment --comment proxy-init/redirect-common-chain/1542555548
2018/11/18 15:39:08 <
2018/11/18 15:39:08 > iptables -t nat -A PROXY_INIT_REDIRECT -p tcp --destination-port 4190 -j RETURN -m comment --comment proxy-init/ignore-port-4190/1542555548
2018/11/18 15:39:08 <
2018/11/18 15:39:08 > iptables -t nat -A PROXY_INIT_REDIRECT -p tcp --destination-port 4191 -j RETURN -m comment --comment proxy-init/ignore-port-4191/1542555548
2018/11/18 15:39:08 <
2018/11/18 15:39:08 > iptables -t nat -A PROXY_INIT_REDIRECT -p tcp -j REDIRECT --to-port 4143 -m comment --comment proxy-init/redirect-all-incoming-to-proxy-port/1542555548
2018/11/18 15:39:08 <
2018/11/18 15:39:08 > iptables -t nat -A PREROUTING -j PROXY_INIT_REDIRECT -m comment --comment proxy-init/install-proxy-init-prerouting/1542555548
2018/11/18 15:39:08 <
2018/11/18 15:39:08 > iptables -t nat -N PROXY_INIT_OUTPUT -m comment --comment proxy-init/redirect-common-chain/1542555548
2018/11/18 15:39:08 <
2018/11/18 15:39:08 > iptables -t nat -A PROXY_INIT_OUTPUT -m owner --uid-owner 2102 -o lo ! -d 127.0.0.1/32 -j PROXY_INIT_REDIRECT -m comment --comment proxy-init/redirect-non-loopback-local-traffic/1542555548
2018/11/18 15:39:08 <
2018/11/18 15:39:08 > iptables -t nat -A PROXY_INIT_OUTPUT -m owner --uid-owner 2102 -j RETURN -m comment --comment proxy-init/ignore-proxy-user-id/1542555548
2018/11/18 15:39:08 <
2018/11/18 15:39:08 > iptables -t nat -A PROXY_INIT_OUTPUT -o lo -j RETURN -m comment --comment proxy-init/ignore-loopback/1542555548
2018/11/18 15:39:08 <
2018/11/18 15:39:08 > iptables -t nat -A PROXY_INIT_OUTPUT -p tcp -j REDIRECT --to-port 4140 -m comment --comment proxy-init/redirect-all-outgoing-to-proxy-port/1542555548
2018/11/18 15:39:08 <
2018/11/18 15:39:08 > iptables -t nat -A OUTPUT -j PROXY_INIT_OUTPUT -m comment --comment proxy-init/install-proxy-init-output/1542555548
2018/11/18 15:39:08 <
2018/11/18 15:39:08 > iptables -t nat -vnL
2018/11/18 15:39:08 < Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 PROXY_INIT_REDIRECT all -- * * 0.0.0.0/0 0.0.0.0/0 /* proxy-init/install-proxy-init-prerouting/1542555548 */
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 PROXY_INIT_OUTPUT all -- * * 0.0.0.0/0 0.0.0.0/0 /* proxy-init/install-proxy-init-output/1542555548 */
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain PROXY_INIT_OUTPUT (1 references)
pkts bytes target prot opt in out source destination
0 0 PROXY_INIT_REDIRECT all -- * lo 0.0.0.0/0 !127.0.0.1 owner UID match 2102 /* proxy-init/redirect-non-loopback-local-traffic/1542555548 */
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 2102 /* proxy-init/ignore-proxy-user-id/1542555548 */
0 0 RETURN all -- * lo 0.0.0.0/0 0.0.0.0/0 /* proxy-init/ignore-loopback/1542555548 */
0 0 REDIRECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* proxy-init/redirect-all-outgoing-to-proxy-port/1542555548 */ redir ports 4140
Chain PROXY_INIT_REDIRECT (2 references)
pkts bytes target prot opt in out source destination
0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:4190 /* proxy-init/ignore-port-4190/1542555548 */
0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:4191 /* proxy-init/ignore-port-4191/1542555548 */
0 0 REDIRECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* proxy-init/redirect-all-incoming-to-proxy-port/1542555548 */ redir ports 4143
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment