Testing if iptables rules working on VirtualBox Linux VM
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
I have this specific set up I created to test squid cache intercept mode.
I have created a VritualBox centos 7 SE linux VM on my mac.
Disabled SE linux (set to Permissive) and disabled the firewall service comes along with that and installed iptables and docker.
uname -aLinux localhost.localdomain 3.10.0-862.el7.x86_64 #1 SMP Fri Apr 20 16:44:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
I ran squid on port 3129 as host mode and added this nat rule as mentioned on the squid documentation,
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to 3129 -w
It was very simple thing to do obviously.
But I have no way to test this. I can not curl from within the VM (because PREROUTING rules does not honor).
I have 2 network interfaces on my VM.
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 08:00:27:c0:49:9c brd ff:ff:ff:ff:ff:ff
inet 192.168.1.7/24 brd 192.168.1.255 scope global noprefixroute dynamic enp0s3
valid_lft 75169sec preferred_lft 75169sec
inet6 fe80::a00:27ff:fec0:499c/64 scope link
valid_lft forever preferred_lft forever
3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 08:00:27:ee:63:05 brd ff:ff:ff:ff:ff:ff
inet 192.168.56.3/24 brd 192.168.56.255 scope global noprefixroute dynamic enp0s8
valid_lft 1051sec preferred_lft 1051sec
inet6 fe80::26b1:aa5:894b:16a2/64 scope link noprefixroute
valid_lft forever preferred_lft forever
Since I can not do curl -I --interface 192.168.1.7 http://www.bbc.com/ -v from with the VM (this took me few days to figure this is not working).
I am trying this, from my host machine,
curl -I --interface 192.168.1.7 http://www.bbc.com/ -v
and this is what I am getting
* Trying 151.101.24.81...
* TCP_NODELAY set
* Local Interface en9 is ip 192.168.1.2 using address family 2
* Local port: 0
* Immediate connect fail for 151.101.24.81: No route to host
* Closing connection 0
curl: (7) Couldn't connect to server
I also created these rules to accept dport 80 on the interfaces.
iptables -I INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
and I know this is the same as above rule, just threw it out there just in case,
These are my filter rules
Chain INPUT (policy ACCEPT 438 packets, 92242 bytes)
num pkts bytes target prot opt in out source destination
1 215 15576 ACCEPT all -- any any anywhere anywhere ctstate RELATED,ESTABLISHED
2 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:http
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 DOCKER-USER all -- any any anywhere anywhere
2 0 0 DOCKER-ISOLATION-STAGE-1 all -- any any anywhere anywhere
3 0 0 ACCEPT all -- any docker0 anywhere anywhere ctstate RELATED,ESTABLISHED
4 0 0 DOCKER all -- any docker0 anywhere anywhere
5 0 0 ACCEPT all -- docker0 !docker0 anywhere anywhere
6 0 0 ACCEPT all -- docker0 docker0 anywhere anywhere
7 0 0 ACCEPT all -- any br-wifi anywhere anywhere ctstate RELATED,ESTABLISHED
8 0 0 DOCKER all -- any br-wifi anywhere anywhere
9 0 0 ACCEPT all -- br-wifi !br-wifi anywhere anywhere
10 0 0 ACCEPT all -- br-wifi br-wifi anywhere anywhere
Chain OUTPUT (policy ACCEPT 114 packets, 14984 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 ACCEPT tcp -- any any anywhere anywhere tcp spt:http
Chain DOCKER (2 references)
num pkts bytes target prot opt in out source destination
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
num pkts bytes target prot opt in out source destination
1 0 0 DOCKER-ISOLATION-STAGE-2 all -- docker0 !docker0 anywhere anywhere
2 0 0 DOCKER-ISOLATION-STAGE-2 all -- br-wifi !br-wifi anywhere anywhere
3 0 0 RETURN all -- any any anywhere anywhere
Chain DOCKER-ISOLATION-STAGE-2 (2 references)
num pkts bytes target prot opt in out source destination
1 0 0 DROP all -- any docker0 anywhere anywhere
2 0 0 DROP all -- any br-wifi anywhere anywhere
3 0 0 RETURN all -- any any anywhere anywhere
Chain DOCKER-USER (1 references)
num pkts bytes target prot opt in out source destination
1 0 0 RETURN all -- any any anywhere anywhere
and these are my nat rules,
Chain PREROUTING (policy ACCEPT 9 packets, 2073 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 REDIRECT tcp -- any any anywhere anywhere tcp dpt:http redir ports 3129
Chain INPUT (policy ACCEPT 9 packets, 2073 bytes)
num pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 3 packets, 206 bytes)
num pkts bytes target prot opt in out source destination
1 2 168 DOCKER all -- any any anywhere !loopback/8 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT 3 packets, 206 bytes)
num pkts bytes target prot opt in out source destination
1 2 168 MASQUERADE all -- any !docker0 172.17.0.0/16 anywhere
2 0 0 MASQUERADE all -- any !br-wifi 172.18.0.0/16 anywhere
Chain DOCKER (1 references)
num pkts bytes target prot opt in out source destination
1 0 0 RETURN all -- docker0 any anywhere anywhere
2 0 0 RETURN all -- br-wifi any anywhere anywhere
I just want to get this to a working state, then I can try hardening these rules. I have no clue this curl test is the right way to go.
iptables virtualbox network-interface curl squid
asked 6 hours ago
Diyoda_
1012
New contributor
Diyoda_ is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
up vote
0
down vote
favorite
I have this specific set up I created to test squid cache intercept mode.
I have created a VritualBox centos 7 SE linux VM on my mac.
Disabled SE linux (set to Permissive) and disabled the firewall service comes along with that and installed iptables and docker.
uname -aLinux localhost.localdomain 3.10.0-862.el7.x86_64 #1 SMP Fri Apr 20 16:44:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
I ran squid on port 3129 as host mode and added this nat rule as mentioned on the squid documentation,
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to 3129 -w
It was very simple thing to do obviously.
But I have no way to test this. I can not curl from within the VM (because PREROUTING rules does not honor).
I have 2 network interfaces on my VM.
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 08:00:27:c0:49:9c brd ff:ff:ff:ff:ff:ff
inet 192.168.1.7/24 brd 192.168.1.255 scope global noprefixroute dynamic enp0s3
valid_lft 75169sec preferred_lft 75169sec
inet6 fe80::a00:27ff:fec0:499c/64 scope link
valid_lft forever preferred_lft forever
3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 08:00:27:ee:63:05 brd ff:ff:ff:ff:ff:ff
inet 192.168.56.3/24 brd 192.168.56.255 scope global noprefixroute dynamic enp0s8
valid_lft 1051sec preferred_lft 1051sec
inet6 fe80::26b1:aa5:894b:16a2/64 scope link noprefixroute
valid_lft forever preferred_lft forever
Since I can not do curl -I --interface 192.168.1.7 http://www.bbc.com/ -v from with the VM (this took me few days to figure this is not working).
I am trying this, from my host machine,
curl -I --interface 192.168.1.7 http://www.bbc.com/ -v
and this is what I am getting
* Trying 151.101.24.81...
* TCP_NODELAY set
* Local Interface en9 is ip 192.168.1.2 using address family 2
* Local port: 0
* Immediate connect fail for 151.101.24.81: No route to host
* Closing connection 0
curl: (7) Couldn't connect to server
I also created these rules to accept dport 80 on the interfaces.
iptables -I INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
and I know this is the same as above rule, just threw it out there just in case,
These are my filter rules
Chain INPUT (policy ACCEPT 438 packets, 92242 bytes)
num pkts bytes target prot opt in out source destination
1 215 15576 ACCEPT all -- any any anywhere anywhere ctstate RELATED,ESTABLISHED
2 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:http
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 DOCKER-USER all -- any any anywhere anywhere
2 0 0 DOCKER-ISOLATION-STAGE-1 all -- any any anywhere anywhere
3 0 0 ACCEPT all -- any docker0 anywhere anywhere ctstate RELATED,ESTABLISHED
4 0 0 DOCKER all -- any docker0 anywhere anywhere
5 0 0 ACCEPT all -- docker0 !docker0 anywhere anywhere
6 0 0 ACCEPT all -- docker0 docker0 anywhere anywhere
7 0 0 ACCEPT all -- any br-wifi anywhere anywhere ctstate RELATED,ESTABLISHED
8 0 0 DOCKER all -- any br-wifi anywhere anywhere
9 0 0 ACCEPT all -- br-wifi !br-wifi anywhere anywhere
10 0 0 ACCEPT all -- br-wifi br-wifi anywhere anywhere
Chain OUTPUT (policy ACCEPT 114 packets, 14984 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 ACCEPT tcp -- any any anywhere anywhere tcp spt:http
Chain DOCKER (2 references)
num pkts bytes target prot opt in out source destination
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
num pkts bytes target prot opt in out source destination
1 0 0 DOCKER-ISOLATION-STAGE-2 all -- docker0 !docker0 anywhere anywhere
2 0 0 DOCKER-ISOLATION-STAGE-2 all -- br-wifi !br-wifi anywhere anywhere
3 0 0 RETURN all -- any any anywhere anywhere
Chain DOCKER-ISOLATION-STAGE-2 (2 references)
num pkts bytes target prot opt in out source destination
1 0 0 DROP all -- any docker0 anywhere anywhere
2 0 0 DROP all -- any br-wifi anywhere anywhere
3 0 0 RETURN all -- any any anywhere anywhere
Chain DOCKER-USER (1 references)
num pkts bytes target prot opt in out source destination
1 0 0 RETURN all -- any any anywhere anywhere
and these are my nat rules,
Chain PREROUTING (policy ACCEPT 9 packets, 2073 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 REDIRECT tcp -- any any anywhere anywhere tcp dpt:http redir ports 3129
Chain INPUT (policy ACCEPT 9 packets, 2073 bytes)
num pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 3 packets, 206 bytes)
num pkts bytes target prot opt in out source destination
1 2 168 DOCKER all -- any any anywhere !loopback/8 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT 3 packets, 206 bytes)
num pkts bytes target prot opt in out source destination
1 2 168 MASQUERADE all -- any !docker0 172.17.0.0/16 anywhere
2 0 0 MASQUERADE all -- any !br-wifi 172.18.0.0/16 anywhere
Chain DOCKER (1 references)
num pkts bytes target prot opt in out source destination
1 0 0 RETURN all -- docker0 any anywhere anywhere
2 0 0 RETURN all -- br-wifi any anywhere anywhere
I just want to get this to a working state, then I can try hardening these rules. I have no clue this curl test is the right way to go.
iptables virtualbox network-interface curl squid
asked 6 hours ago
Diyoda_
1012
New contributor
Diyoda_ is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I have this specific set up I created to test squid cache intercept mode.
I have created a VritualBox centos 7 SE linux VM on my mac.
Disabled SE linux (set to Permissive) and disabled the firewall service comes along with that and installed iptables and docker.
uname -aLinux localhost.localdomain 3.10.0-862.el7.x86_64 #1 SMP Fri Apr 20 16:44:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
I ran squid on port 3129 as host mode and added this nat rule as mentioned on the squid documentation,
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to 3129 -w
It was very simple thing to do obviously.
But I have no way to test this. I can not curl from within the VM (because PREROUTING rules does not honor).
I have 2 network interfaces on my VM.
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 08:00:27:c0:49:9c brd ff:ff:ff:ff:ff:ff
inet 192.168.1.7/24 brd 192.168.1.255 scope global noprefixroute dynamic enp0s3
valid_lft 75169sec preferred_lft 75169sec
inet6 fe80::a00:27ff:fec0:499c/64 scope link
valid_lft forever preferred_lft forever
3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 08:00:27:ee:63:05 brd ff:ff:ff:ff:ff:ff
inet 192.168.56.3/24 brd 192.168.56.255 scope global noprefixroute dynamic enp0s8
valid_lft 1051sec preferred_lft 1051sec
inet6 fe80::26b1:aa5:894b:16a2/64 scope link noprefixroute
valid_lft forever preferred_lft forever
Since I can not do curl -I --interface 192.168.1.7 http://www.bbc.com/ -v from with the VM (this took me few days to figure this is not working).
I am trying this, from my host machine,
curl -I --interface 192.168.1.7 http://www.bbc.com/ -v
and this is what I am getting
* Trying 151.101.24.81...
* TCP_NODELAY set
* Local Interface en9 is ip 192.168.1.2 using address family 2
* Local port: 0
* Immediate connect fail for 151.101.24.81: No route to host
* Closing connection 0
curl: (7) Couldn't connect to server
I also created these rules to accept dport 80 on the interfaces.
iptables -I INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
and I know this is the same as above rule, just threw it out there just in case,
These are my filter rules
Chain INPUT (policy ACCEPT 438 packets, 92242 bytes)
num pkts bytes target prot opt in out source destination
1 215 15576 ACCEPT all -- any any anywhere anywhere ctstate RELATED,ESTABLISHED
2 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:http
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 DOCKER-USER all -- any any anywhere anywhere
2 0 0 DOCKER-ISOLATION-STAGE-1 all -- any any anywhere anywhere
3 0 0 ACCEPT all -- any docker0 anywhere anywhere ctstate RELATED,ESTABLISHED
4 0 0 DOCKER all -- any docker0 anywhere anywhere
5 0 0 ACCEPT all -- docker0 !docker0 anywhere anywhere
6 0 0 ACCEPT all -- docker0 docker0 anywhere anywhere
7 0 0 ACCEPT all -- any br-wifi anywhere anywhere ctstate RELATED,ESTABLISHED
8 0 0 DOCKER all -- any br-wifi anywhere anywhere
9 0 0 ACCEPT all -- br-wifi !br-wifi anywhere anywhere
10 0 0 ACCEPT all -- br-wifi br-wifi anywhere anywhere
Chain OUTPUT (policy ACCEPT 114 packets, 14984 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 ACCEPT tcp -- any any anywhere anywhere tcp spt:http
Chain DOCKER (2 references)
num pkts bytes target prot opt in out source destination
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
num pkts bytes target prot opt in out source destination
1 0 0 DOCKER-ISOLATION-STAGE-2 all -- docker0 !docker0 anywhere anywhere
2 0 0 DOCKER-ISOLATION-STAGE-2 all -- br-wifi !br-wifi anywhere anywhere
3 0 0 RETURN all -- any any anywhere anywhere
Chain DOCKER-ISOLATION-STAGE-2 (2 references)
num pkts bytes target prot opt in out source destination
1 0 0 DROP all -- any docker0 anywhere anywhere
2 0 0 DROP all -- any br-wifi anywhere anywhere
3 0 0 RETURN all -- any any anywhere anywhere
Chain DOCKER-USER (1 references)
num pkts bytes target prot opt in out source destination
1 0 0 RETURN all -- any any anywhere anywhere
and these are my nat rules,
Chain PREROUTING (policy ACCEPT 9 packets, 2073 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 REDIRECT tcp -- any any anywhere anywhere tcp dpt:http redir ports 3129
Chain INPUT (policy ACCEPT 9 packets, 2073 bytes)
num pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 3 packets, 206 bytes)
num pkts bytes target prot opt in out source destination
1 2 168 DOCKER all -- any any anywhere !loopback/8 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT 3 packets, 206 bytes)
num pkts bytes target prot opt in out source destination
1 2 168 MASQUERADE all -- any !docker0 172.17.0.0/16 anywhere
2 0 0 MASQUERADE all -- any !br-wifi 172.18.0.0/16 anywhere
Chain DOCKER (1 references)
num pkts bytes target prot opt in out source destination
1 0 0 RETURN all -- docker0 any anywhere anywhere
2 0 0 RETURN all -- br-wifi any anywhere anywhere
I just want to get this to a working state, then I can try hardening these rules. I have no clue this curl test is the right way to go.
iptables virtualbox network-interface curl squid
asked 6 hours ago
Diyoda_
1012
New contributor
Diyoda_ is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
I have this specific set up I created to test squid cache intercept mode.
I have created a VritualBox centos 7 SE linux VM on my mac.
Disabled SE linux (set to Permissive) and disabled the firewall service comes along with that and installed iptables and docker.
uname -aLinux localhost.localdomain 3.10.0-862.el7.x86_64 #1 SMP Fri Apr 20 16:44:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
I ran squid on port 3129 as host mode and added this nat rule as mentioned on the squid documentation,
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to 3129 -w
It was very simple thing to do obviously.
But I have no way to test this. I can not curl from within the VM (because PREROUTING rules does not honor).
I have 2 network interfaces on my VM.
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 08:00:27:c0:49:9c brd ff:ff:ff:ff:ff:ff
inet 192.168.1.7/24 brd 192.168.1.255 scope global noprefixroute dynamic enp0s3
valid_lft 75169sec preferred_lft 75169sec
inet6 fe80::a00:27ff:fec0:499c/64 scope link
valid_lft forever preferred_lft forever
3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 08:00:27:ee:63:05 brd ff:ff:ff:ff:ff:ff
inet 192.168.56.3/24 brd 192.168.56.255 scope global noprefixroute dynamic enp0s8
valid_lft 1051sec preferred_lft 1051sec
inet6 fe80::26b1:aa5:894b:16a2/64 scope link noprefixroute
valid_lft forever preferred_lft forever
Since I can not do curl -I --interface 192.168.1.7 http://www.bbc.com/ -v from with the VM (this took me few days to figure this is not working).
I am trying this, from my host machine,
curl -I --interface 192.168.1.7 http://www.bbc.com/ -v
and this is what I am getting
* Trying 151.101.24.81...
* TCP_NODELAY set
* Local Interface en9 is ip 192.168.1.2 using address family 2
* Local port: 0
* Immediate connect fail for 151.101.24.81: No route to host
* Closing connection 0
curl: (7) Couldn't connect to server
I also created these rules to accept dport 80 on the interfaces.
iptables -I INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
and I know this is the same as above rule, just threw it out there just in case,
These are my filter rules
Chain INPUT (policy ACCEPT 438 packets, 92242 bytes)
num pkts bytes target prot opt in out source destination
1 215 15576 ACCEPT all -- any any anywhere anywhere ctstate RELATED,ESTABLISHED
2 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:http
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 DOCKER-USER all -- any any anywhere anywhere
2 0 0 DOCKER-ISOLATION-STAGE-1 all -- any any anywhere anywhere
3 0 0 ACCEPT all -- any docker0 anywhere anywhere ctstate RELATED,ESTABLISHED
4 0 0 DOCKER all -- any docker0 anywhere anywhere
5 0 0 ACCEPT all -- docker0 !docker0 anywhere anywhere
6 0 0 ACCEPT all -- docker0 docker0 anywhere anywhere
7 0 0 ACCEPT all -- any br-wifi anywhere anywhere ctstate RELATED,ESTABLISHED
8 0 0 DOCKER all -- any br-wifi anywhere anywhere
9 0 0 ACCEPT all -- br-wifi !br-wifi anywhere anywhere
10 0 0 ACCEPT all -- br-wifi br-wifi anywhere anywhere
Chain OUTPUT (policy ACCEPT 114 packets, 14984 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 ACCEPT tcp -- any any anywhere anywhere tcp spt:http
Chain DOCKER (2 references)
num pkts bytes target prot opt in out source destination
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
num pkts bytes target prot opt in out source destination
1 0 0 DOCKER-ISOLATION-STAGE-2 all -- docker0 !docker0 anywhere anywhere
2 0 0 DOCKER-ISOLATION-STAGE-2 all -- br-wifi !br-wifi anywhere anywhere
3 0 0 RETURN all -- any any anywhere anywhere
Chain DOCKER-ISOLATION-STAGE-2 (2 references)
num pkts bytes target prot opt in out source destination
1 0 0 DROP all -- any docker0 anywhere anywhere
2 0 0 DROP all -- any br-wifi anywhere anywhere
3 0 0 RETURN all -- any any anywhere anywhere
Chain DOCKER-USER (1 references)
num pkts bytes target prot opt in out source destination
1 0 0 RETURN all -- any any anywhere anywhere
and these are my nat rules,
Chain PREROUTING (policy ACCEPT 9 packets, 2073 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 REDIRECT tcp -- any any anywhere anywhere tcp dpt:http redir ports 3129
Chain INPUT (policy ACCEPT 9 packets, 2073 bytes)
num pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 3 packets, 206 bytes)
num pkts bytes target prot opt in out source destination
1 2 168 DOCKER all -- any any anywhere !loopback/8 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT 3 packets, 206 bytes)
num pkts bytes target prot opt in out source destination
1 2 168 MASQUERADE all -- any !docker0 172.17.0.0/16 anywhere
2 0 0 MASQUERADE all -- any !br-wifi 172.18.0.0/16 anywhere
Chain DOCKER (1 references)
num pkts bytes target prot opt in out source destination
1 0 0 RETURN all -- docker0 any anywhere anywhere
2 0 0 RETURN all -- br-wifi any anywhere anywhere
I just want to get this to a working state, then I can try hardening these rules. I have no clue this curl test is the right way to go.
iptables virtualbox network-interface curl squid
iptables virtualbox network-interface curl squid
asked 6 hours ago
Diyoda_
1012
New contributor
Diyoda_ is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 6 hours ago
Diyoda_
1012
New contributor
Diyoda_ is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
edited 5 hours ago
asked 6 hours ago
Diyoda_
1012
New contributor
Diyoda_ is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 6 hours ago
Diyoda_
1012
asked 6 hours ago
Diyoda_
1012
1012
New contributor
Diyoda_ is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
Diyoda_ is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Diyoda_ is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
add a comment |
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
Diyoda_ is a new contributor. Be nice, and check out our Code of Conduct.
Diyoda_ is a new contributor. Be nice, and check out our Code of Conduct.
Diyoda_ is a new contributor. Be nice, and check out our Code of Conduct.
Diyoda_ is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f481140%2ftesting-if-iptables-rules-working-on-virtualbox-linux-vm%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
