[lug] pxe boot and routing

Wed Jan 13 13:55:20 MST 2016

On Wed, 2016-01-13 at 13:25 -0700, Lee Woodworth wrote:
> iptables -L -n -v would show if you still have iptables rules active.
> The -n prevents DNS translations of addresses in the rules to names.

Not completely sure how to read this, but it looks like all rules
currently configured apply to the virbrX interfaces, either in or out. 
 That's not the interface with the private network so don't *think* it
applies to my current problem.

I tried to strip out excess space to make this fit, but it probably
doesn't.

# iptables -L -n -v
Chain INPUT (policy ACCEPT 369M packets, 1255G bytes)
 pkts bytes target prot opt in     out source    destination
 1981  140K ACCEPT udp  --  virbr1 *   0.0.0.0/0 0.0.0.0/0   udp dpt:53
    0     0 ACCEPT tcp  --  virbr1 *   0.0.0.0/0 0.0.0.0/0   tcp dpt:53
 4586 1504K ACCEPT udp  --  virbr1 *   0.0.0.0/0 0.0.0.0/0   udp dpt:67
    0     0 ACCEPT tcp  --  virbr1 *   0.0.0.0/0 0.0.0.0/0   tcp dpt:67
    0     0 ACCEPT udp  --  virbr0 *   0.0.0.0/0 0.0.0.0/0   udp dpt:53
    0     0 ACCEPT tcp  --  virbr0 *   0.0.0.0/0 0.0.0.0/0   tcp dpt:53
    5  2139 ACCEPT udp  --  virbr0 *   0.0.0.0/0 0.0.0.0/0   udp dpt:67
    0     0 ACCEPT tcp  --  virbr0 *   0.0.0.0/0 0.0.0.0/0   tcp dpt:67

Chain FORWARD (policy ACCEPT 31 packets, 2154 bytes)
 pkts bytes target prot opt in     out     source              
 destination
 119K  395M ACCEPT all  --  *      virbr1  0.0.0.0/0       
 192.168.100.0/24 ctstate RELATED,ESTABLISHED
 136K   12M ACCEPT all  --  virbr1 *       192.168.100.0/24 0.0.0.0/0
   60 19680 ACCEPT all  --  virbr1 virbr1  0.0.0.0/0        0.0.0.0/0
    0     0 REJECT all  --  *      virbr1  0.0.0.0/0        0.0.0.0/0  
      reject-with icmp-port-unreachable  
    0     0 REJECT all  --  virbr1 *       0.0.0.0/0        0.0.0.0/0  
      reject-with icmp-port-unreachable  
    0     0 ACCEPT all  --  *      virbr0  0.0.0.0/0       
 192.168.122.0/24 ctstate RELATED,ESTABLISHED
    0     0 ACCEPT all  --  virbr0 *       192.168.122.0/24 0.0.0.0/0
    0     0 ACCEPT all  --  virbr0 virbr0  0.0.0.0/0        0.0.0.0/0
    0     0 REJECT all  --  *      virbr0  0.0.0.0/0        0.0.0.0/0  
      reject-with icmp-port-unreachable  
    0     0 REJECT all  --  virbr0 *       0.0.0.0/0        0.0.0.0/0  
      reject-with icmp-port-unreachable

Chain OUTPUT (policy ACCEPT 377M packets, 2105G bytes)
 pkts bytes target prot opt in out     source    destination
 4557 1583K ACCEPT udp  --  *  virbr1  0.0.0.0/0 0.0.0.0/0  udp dpt:68
    5  1640 ACCEPT udp  --  *  virbr0  0.0.0.0/0 0.0.0.0/0  udp dpt:68
-- 
Michael J. Hammel <mjhammel at graphics-muse.org>