1
Odkladiště / Re:Maily odesílané cuzk.cz
« kdy: Dnes v 12:00:58 »
Nebo povolanější bude spíš Jiří Veselý (https://x.com/VeselyJir).
Ale teď řeší přechod na cuzk.gov.cz
Ale teď řeší přechod na cuzk.gov.cz
Tato sekce Vám umožňuje zobrazit všechny příspěvky tohoto uživatele. Prosím uvědomte si, že můžete vidět příspěvky pouze z oblastí Vám přístupných.
table ip6 firewalld {
chain nat_PREROUTING {
type nat hook prerouting priority dstnat + 10; policy accept;
jump nat_PREROUTING_POLICIES_pre
jump nat_PREROUTING_ZONES
jump nat_PREROUTING_POLICIES_post
}
chain nat_PREROUTING_POLICIES_pre {
jump nat_PRE_policy_allow-host-ipv6
}
chain nat_PREROUTING_ZONES {
iifname "enp1s0" goto nat_PRE_internal
iifname "eno1" goto nat_PRE_external
iifname "docker0" goto nat_PRE_docker
goto nat_PRE_public
}
chain nat_PREROUTING_POLICIES_post {
}
chain nat_POSTROUTING {
type nat hook postrouting priority srcnat + 10; policy accept;
jump nat_POSTROUTING_POLICIES_pre
jump nat_POSTROUTING_ZONES
jump nat_POSTROUTING_POLICIES_post
}
chain nat_POSTROUTING_POLICIES_pre {
}
chain nat_POSTROUTING_ZONES {
oifname "enp1s0" goto nat_POST_internal
oifname "eno1" goto nat_POST_external
oifname "docker0" goto nat_POST_docker
goto nat_POST_public
}
chain nat_POSTROUTING_POLICIES_post {
}
chain nat_POST_docker {
jump nat_POST_docker_pre
jump nat_POST_docker_log
jump nat_POST_docker_deny
jump nat_POST_docker_allow
jump nat_POST_docker_post
}
chain nat_POST_docker_pre {
}
chain nat_POST_docker_log {
}
chain nat_POST_docker_deny {
}
chain nat_POST_docker_allow {
}
chain nat_POST_docker_post {
}
chain nat_PRE_docker {
jump nat_PRE_docker_pre
jump nat_PRE_docker_log
jump nat_PRE_docker_deny
jump nat_PRE_docker_allow
jump nat_PRE_docker_post
}
chain nat_PRE_docker_pre {
}
chain nat_PRE_docker_log {
}
chain nat_PRE_docker_deny {
}
chain nat_PRE_docker_allow {
}
chain nat_PRE_docker_post {
}
chain nat_POST_external {
jump nat_POST_external_pre
jump nat_POST_external_log
jump nat_POST_external_deny
jump nat_POST_external_allow
jump nat_POST_external_post
}
chain nat_POST_external_pre {
}
chain nat_POST_external_log {
}
chain nat_POST_external_deny {
}
chain nat_POST_external_allow {
}
chain nat_POST_external_post {
}
chain nat_PRE_external {
jump nat_PRE_external_pre
jump nat_PRE_external_log
jump nat_PRE_external_deny
jump nat_PRE_external_allow
jump nat_PRE_external_post
}
chain nat_PRE_external_pre {
}
chain nat_PRE_external_log {
}
chain nat_PRE_external_deny {
}
chain nat_PRE_external_allow {
}
chain nat_PRE_external_post {
}
chain nat_POST_internal {
jump nat_POST_internal_pre
jump nat_POST_internal_log
jump nat_POST_internal_deny
jump nat_POST_internal_allow
jump nat_POST_internal_post
}
chain nat_POST_internal_pre {
}
chain nat_POST_internal_log {
}
chain nat_POST_internal_deny {
}
chain nat_POST_internal_allow {
}
chain nat_POST_internal_post {
}
chain nat_PRE_internal {
jump nat_PRE_internal_pre
jump nat_PRE_internal_log
jump nat_PRE_internal_deny
jump nat_PRE_internal_allow
jump nat_PRE_internal_post
}
chain nat_PRE_internal_pre {
}
chain nat_PRE_internal_log {
}
chain nat_PRE_internal_deny {
}
chain nat_PRE_internal_allow {
}
chain nat_PRE_internal_post {
}
chain nat_POST_public {
jump nat_POST_public_pre
jump nat_POST_public_log
jump nat_POST_public_deny
jump nat_POST_public_allow
jump nat_POST_public_post
}
chain nat_POST_public_pre {
}
chain nat_POST_public_log {
}
chain nat_POST_public_deny {
}
chain nat_POST_public_allow {
}
chain nat_POST_public_post {
}
chain nat_PRE_public {
jump nat_PRE_public_pre
jump nat_PRE_public_log
jump nat_PRE_public_deny
jump nat_PRE_public_allow
jump nat_PRE_public_post
}
chain nat_PRE_public_pre {
}
chain nat_PRE_public_log {
}
chain nat_PRE_public_deny {
}
chain nat_PRE_public_allow {
}
chain nat_PRE_public_post {
}
chain nat_PRE_policy_allow-host-ipv6 {
jump nat_PRE_policy_allow-host-ipv6_pre
jump nat_PRE_policy_allow-host-ipv6_log
jump nat_PRE_policy_allow-host-ipv6_deny
jump nat_PRE_policy_allow-host-ipv6_allow
jump nat_PRE_policy_allow-host-ipv6_post
}
chain nat_PRE_policy_allow-host-ipv6_pre {
}
chain nat_PRE_policy_allow-host-ipv6_log {
}
chain nat_PRE_policy_allow-host-ipv6_deny {
}
chain nat_PRE_policy_allow-host-ipv6_allow {
}
chain nat_PRE_policy_allow-host-ipv6_post {
}
}
table ip6 wg-quick-wg0 {
chain preraw {
type filter hook prerouting priority raw; policy accept;
}
chain premangle {
type filter hook prerouting priority mangle; policy accept;
meta l4proto udp meta mark set ct mark
ct state established,related counter packets 2300 bytes 900798 accept
}
chain postmangle {
type filter hook postrouting priority mangle; policy accept;
meta l4proto udp meta mark 0x0000ca6c ct mark set meta mark
}
}
nft list ruleset
table inet firewalld {
ct helper helper-netbios-ns-udp {
type "netbios-ns" protocol udp
l3proto ip
}
chain raw_PREROUTING {
type filter hook prerouting priority raw + 10; policy accept;
icmpv6 type { destination-unreachable, packet-too-big, time-exceeded, parameter-problem, echo-request, mld-listener-query, nd-router-solicit, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert } accept
meta nfproto ipv6 fib saddr . iif oif missing drop
}
chain mangle_PREROUTING {
type filter hook prerouting priority mangle + 10; policy accept;
jump mangle_PREROUTING_POLICIES_pre
jump mangle_PREROUTING_ZONES
jump mangle_PREROUTING_POLICIES_post
}
chain mangle_PREROUTING_POLICIES_pre {
jump mangle_PRE_policy_allow-host-ipv6
}
chain mangle_PREROUTING_ZONES {
iifname "enp1s0" goto mangle_PRE_internal
iifname "eno1" goto mangle_PRE_external
iifname "docker0" goto mangle_PRE_docker
goto mangle_PRE_public
}
chain mangle_PREROUTING_POLICIES_post {
}
chain filter_INPUT {
type filter hook input priority filter + 10; policy accept;
ct state { established, related } accept
ct status dnat accept
iifname "lo" accept
jump filter_INPUT_POLICIES_pre
jump filter_INPUT_ZONES
jump filter_INPUT_POLICIES_post
ct state invalid drop
reject with icmpx admin-prohibited
}
chain filter_FORWARD {
type filter hook forward priority filter + 10; policy accept;
ct state { established, related } accept
ct status dnat accept
iifname "lo" accept
jump filter_FORWARD_POLICIES_pre
jump filter_FORWARD_IN_ZONES
jump filter_FORWARD_OUT_ZONES
jump filter_FORWARD_POLICIES_post
ct state invalid drop
}
chain filter_OUTPUT {
type filter hook output priority filter + 10; policy accept;
oifname "lo" accept
jump filter_OUTPUT_POLICIES_pre
jump filter_OUTPUT_POLICIES_post
}
chain filter_INPUT_POLICIES_pre {
jump filter_IN_policy_allow-host-ipv6
}
chain filter_INPUT_ZONES {
iifname "enp1s0" goto filter_IN_internal
iifname "eno1" goto filter_IN_external
iifname "docker0" goto filter_IN_docker
goto filter_IN_public
}
chain filter_INPUT_POLICIES_post {
}
chain filter_FORWARD_POLICIES_pre {
}
chain filter_FORWARD_IN_ZONES {
iifname "enp1s0" goto filter_FWDI_internal
iifname "eno1" goto filter_FWDI_external
iifname "docker0" goto filter_FWDI_docker
goto filter_FWDI_public
}
chain filter_FORWARD_OUT_ZONES {
oifname "enp1s0" goto filter_FWDO_internal
oifname "eno1" goto filter_FWDO_external
oifname "docker0" goto filter_FWDO_docker
goto filter_FWDO_public
}
chain filter_FORWARD_POLICIES_post {
}
chain filter_OUTPUT_POLICIES_pre {
}
chain filter_OUTPUT_POLICIES_post {
}
chain filter_IN_docker {
jump filter_IN_docker_pre
jump filter_IN_docker_log
jump filter_IN_docker_deny
jump filter_IN_docker_allow
jump filter_IN_docker_post
accept
}
chain filter_IN_docker_pre {
}
chain filter_IN_docker_log {
}
chain filter_IN_docker_deny {
}
chain filter_IN_docker_allow {
}
chain filter_IN_docker_post {
}
chain filter_FWDO_docker {
jump filter_FWDO_docker_pre
jump filter_FWDO_docker_log
jump filter_FWDO_docker_deny
jump filter_FWDO_docker_allow
jump filter_FWDO_docker_post
accept
}
chain filter_FWDO_docker_pre {
}
chain filter_FWDO_docker_log {
}
chain filter_FWDO_docker_deny {
}
chain filter_FWDO_docker_allow {
}
chain filter_FWDO_docker_post {
}
chain filter_FWDI_docker {
jump filter_FWDI_docker_pre
jump filter_FWDI_docker_log
jump filter_FWDI_docker_deny
jump filter_FWDI_docker_allow
jump filter_FWDI_docker_post
accept
}
chain filter_FWDI_docker_pre {
}
chain filter_FWDI_docker_log {
}
chain filter_FWDI_docker_deny {
}
chain filter_FWDI_docker_allow {
}
chain filter_FWDI_docker_post {
}
chain mangle_PRE_docker {
jump mangle_PRE_docker_pre
jump mangle_PRE_docker_log
jump mangle_PRE_docker_deny
jump mangle_PRE_docker_allow
jump mangle_PRE_docker_post
}
chain mangle_PRE_docker_pre {
}
chain mangle_PRE_docker_log {
}
chain mangle_PRE_docker_deny {
}
chain mangle_PRE_docker_allow {
}
chain mangle_PRE_docker_post {
}
chain filter_IN_external {
jump filter_IN_external_pre
jump filter_IN_external_log
jump filter_IN_external_deny
jump filter_IN_external_allow
jump filter_IN_external_post
meta l4proto { icmp, ipv6-icmp } accept
}
chain filter_IN_external_pre {
}
chain filter_IN_external_log {
}
chain filter_IN_external_deny {
}
chain filter_IN_external_allow {
tcp dport 22 ct state { new, untracked } accept
}
chain filter_IN_external_post {
}
chain filter_FWDO_external {
jump filter_FWDO_external_pre
jump filter_FWDO_external_log
jump filter_FWDO_external_deny
jump filter_FWDO_external_allow
jump filter_FWDO_external_post
}
chain filter_FWDO_external_pre {
}
chain filter_FWDO_external_log {
}
chain filter_FWDO_external_deny {
}
chain filter_FWDO_external_allow {
ct state { new, untracked } accept
}
chain filter_FWDO_external_post {
}
chain filter_FWDI_external {
jump filter_FWDI_external_pre
jump filter_FWDI_external_log
jump filter_FWDI_external_deny
jump filter_FWDI_external_allow
jump filter_FWDI_external_post
meta l4proto { icmp, ipv6-icmp } accept
}
chain filter_FWDI_external_pre {
}
chain filter_FWDI_external_log {
}
chain filter_FWDI_external_deny {
}
chain filter_FWDI_external_allow {
oifname "eno1" accept
}
chain filter_FWDI_external_post {
}
chain mangle_PRE_external {
jump mangle_PRE_external_pre
jump mangle_PRE_external_log
jump mangle_PRE_external_deny
jump mangle_PRE_external_allow
jump mangle_PRE_external_post
}
chain mangle_PRE_external_pre {
}
chain mangle_PRE_external_log {
}
chain mangle_PRE_external_deny {
}
chain mangle_PRE_external_allow {
}
chain mangle_PRE_external_post {
}
chain filter_IN_internal {
jump filter_IN_internal_pre
jump filter_IN_internal_log
jump filter_IN_internal_deny
jump filter_IN_internal_allow
jump filter_IN_internal_post
meta l4proto { icmp, ipv6-icmp } accept
}
chain filter_IN_internal_pre {
}
chain filter_IN_internal_log {
}
chain filter_IN_internal_deny {
}
chain filter_IN_internal_allow {
tcp dport 22 ct state { new, untracked } accept
tcp dport { 80, 443 } accept
ip daddr 224.0.0.251 udp dport 5353 ct state { new, untracked } accept
ip6 daddr ff02::fb udp dport 5353 ct state { new, untracked } accept
udp dport 137 ct helper set "helper-netbios-ns-udp"
udp dport 137 ct state { new, untracked } accept
udp dport 138 ct state { new, untracked } accept
tcp dport 139 ct state { new, untracked } accept
tcp dport 445 ct state { new, untracked } accept
ip6 daddr fe80::/64 udp dport 546 ct state { new, untracked } accept
}
chain filter_IN_internal_post {
}
chain filter_FWDO_internal {
jump filter_FWDO_internal_pre
jump filter_FWDO_internal_log
jump filter_FWDO_internal_deny
jump filter_FWDO_internal_allow
jump filter_FWDO_internal_post
}
chain filter_FWDO_internal_pre {
}
chain filter_FWDO_internal_log {
}
chain filter_FWDO_internal_deny {
}
chain filter_FWDO_internal_allow {
ct state { new, untracked } accept
}
chain filter_FWDO_internal_post {
}
chain filter_FWDI_internal {
jump filter_FWDI_internal_pre
jump filter_FWDI_internal_log
jump filter_FWDI_internal_deny
jump filter_FWDI_internal_allow
jump filter_FWDI_internal_post
meta l4proto { icmp, ipv6-icmp } accept
}
chain filter_FWDI_internal_pre {
}
chain filter_FWDI_internal_log {
}
chain filter_FWDI_internal_deny {
}
chain filter_FWDI_internal_allow {
oifname "enp1s0" accept
}
chain filter_FWDI_internal_post {
}
chain mangle_PRE_internal {
jump mangle_PRE_internal_pre
jump mangle_PRE_internal_log
jump mangle_PRE_internal_deny
jump mangle_PRE_internal_allow
jump mangle_PRE_internal_post
}
chain mangle_PRE_internal_pre {
}
chain mangle_PRE_internal_log {
}
chain mangle_PRE_internal_deny {
}
chain mangle_PRE_internal_allow {
}
chain mangle_PRE_internal_post {
}
chain filter_IN_public {
jump filter_IN_public_pre
jump filter_IN_public_log
jump filter_IN_public_deny
jump filter_IN_public_allow
jump filter_IN_public_post
meta l4proto { icmp, ipv6-icmp } accept
}
chain filter_IN_public_pre {
}
chain filter_IN_public_log {
}
chain filter_IN_public_deny {
}
chain filter_IN_public_allow {
tcp dport 22 ct state { new, untracked } accept
ip6 daddr fe80::/64 udp dport 546 ct state { new, untracked } accept
udp dport 67 ct state { new, untracked } accept
tcp dport 53 ct state { new, untracked } accept
udp dport 53 ct state { new, untracked } accept
}
chain filter_IN_public_post {
}
chain filter_FWDO_public {
jump filter_FWDO_public_pre
jump filter_FWDO_public_log
jump filter_FWDO_public_deny
jump filter_FWDO_public_allow
jump filter_FWDO_public_post
}
chain filter_FWDO_public_pre {
}
chain filter_FWDO_public_log {
}
chain filter_FWDO_public_deny {
}
chain filter_FWDO_public_allow {
}
chain filter_FWDO_public_post {
}
chain filter_FWDI_public {
jump filter_FWDI_public_pre
jump filter_FWDI_public_log
jump filter_FWDI_public_deny
jump filter_FWDI_public_allow
jump filter_FWDI_public_post
meta l4proto { icmp, ipv6-icmp } accept
}
chain filter_FWDI_public_pre {
}
chain filter_FWDI_public_log {
}
chain filter_FWDI_public_deny {
}
chain filter_FWDI_public_allow {
}
chain filter_FWDI_public_post {
}
chain mangle_PRE_public {
jump mangle_PRE_public_pre
jump mangle_PRE_public_log
jump mangle_PRE_public_deny
jump mangle_PRE_public_allow
jump mangle_PRE_public_post
}
chain mangle_PRE_public_pre {
}
chain mangle_PRE_public_log {
}
chain mangle_PRE_public_deny {
}
chain mangle_PRE_public_allow {
}
chain mangle_PRE_public_post {
}
chain filter_IN_policy_allow-host-ipv6 {
jump filter_IN_policy_allow-host-ipv6_pre
jump filter_IN_policy_allow-host-ipv6_log
jump filter_IN_policy_allow-host-ipv6_deny
jump filter_IN_policy_allow-host-ipv6_allow
jump filter_IN_policy_allow-host-ipv6_post
}
chain filter_IN_policy_allow-host-ipv6_pre {
}
chain filter_IN_policy_allow-host-ipv6_log {
}
chain filter_IN_policy_allow-host-ipv6_deny {
}
chain filter_IN_policy_allow-host-ipv6_allow {
icmpv6 type echo-request accept
icmpv6 type nd-router-solicit accept
icmpv6 type nd-neighbor-advert accept
icmpv6 type nd-neighbor-solicit accept
icmpv6 type nd-router-advert accept
icmpv6 type nd-redirect accept
icmpv6 type mld-listener-query accept
icmpv6 type destination-unreachable accept
icmpv6 type packet-too-big accept
icmpv6 type time-exceeded accept
icmpv6 type parameter-problem accept
}
chain filter_IN_policy_allow-host-ipv6_post {
}
chain mangle_PRE_policy_allow-host-ipv6 {
jump mangle_PRE_policy_allow-host-ipv6_pre
jump mangle_PRE_policy_allow-host-ipv6_log
jump mangle_PRE_policy_allow-host-ipv6_deny
jump mangle_PRE_policy_allow-host-ipv6_allow
jump mangle_PRE_policy_allow-host-ipv6_post
}
chain mangle_PRE_policy_allow-host-ipv6_pre {
}
chain mangle_PRE_policy_allow-host-ipv6_log {
}
chain mangle_PRE_policy_allow-host-ipv6_deny {
}
chain mangle_PRE_policy_allow-host-ipv6_allow {
}
chain mangle_PRE_policy_allow-host-ipv6_post {
}
}
host launcher.mojang.com
launcher.mojang.com is an alias for launcher-cdn.azureedge.net.
launcher-cdn.azureedge.net is an alias for launcher-cdn.afd.azureedge.net.
launcher-cdn.afd.azureedge.net is an alias for star-azureedge-prod.trafficmanager.net.
star-azureedge-prod.trafficmanager.net is an alias for dual.part-0017.t-0009.t-msedge.net.
dual.part-0017.t-0009.t-msedge.net is an alias for part-0017.t-0009.t-msedge.net.
part-0017.t-0009.t-msedge.net has address 13.107.246.45
part-0017.t-0009.t-msedge.net has address 13.107.213.45
part-0017.t-0009.t-msedge.net has IPv6 address 2620:1ec:46::45
part-0017.t-0009.t-msedge.net has IPv6 address 2620:1ec:bdf::45
host api.golemio.cz
api.golemio.cz is an alias for golem-9m8-e8a8ekfzc8edchdd.z01.azurefd.net.
golem-9m8-e8a8ekfzc8edchdd.z01.azurefd.net is an alias for star-azurefd-prod.trafficmanager.net.
star-azurefd-prod.trafficmanager.net is an alias for dual.part-0017.t-0009.t-msedge.net.
dual.part-0017.t-0009.t-msedge.net is an alias for global-entry-afdthirdparty-fallback.trafficmanager.net.
global-entry-afdthirdparty-fallback.trafficmanager.net is an alias for dual.part-0017.t-0009.fb-t-msedge.net.
dual.part-0017.t-0009.fb-t-msedge.net is an alias for part-0017.t-0009.fb-t-msedge.net.
part-0017.t-0009.fb-t-msedge.net has address 13.107.226.45
part-0017.t-0009.fb-t-msedge.net has address 13.107.253.45
part-0017.t-0009.fb-t-msedge.net has IPv6 address 2620:1ec:29:1::45
part-0017.t-0009.fb-t-msedge.net has IPv6 address 2620:1ec:48:1::45
wget https://api.golemio.cz
--2023-06-16 11:06:17-- https://api.golemio.cz/
Resolving api.golemio.cz (api.golemio.cz)... 2620:1ec:bdf::44, 2620:1ec:46::44, 13.107.213.44, ...
Connecting to api.golemio.cz (api.golemio.cz)|2620:1ec:bdf::44|:443... connected.
HTTP request sent, awaiting response... 307 Temporary Redirect
Location: https://operator-ict.gitlab.io/golemio/documentation/ [following]
--2023-06-16 11:06:17-- https://operator-ict.gitlab.io/golemio/documentation/
Resolving operator-ict.gitlab.io (operator-ict.gitlab.io)... 35.185.44.232
Connecting to operator-ict.gitlab.io (operator-ict.gitlab.io)|35.185.44.232|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 30174 (29K) [text/html]
Saving to: ‘index.html’
index.html 100%[=======================================================================================>] 29.47K --.-KB/s in 0.1s
2023-06-16 11:06:18 (228 KB/s) - ‘index.html’ saved [30174/30174]
wget https://api.golemio.cz
--2023-06-16 11:07:25-- https://api.golemio.cz/
Překládám api.golemio.cz (api.golemio.cz)… 2620:1ec:46::45, 2620:1ec:bdf::45, 13.107.246.45, ...
Navazuje se spojení s api.golemio.cz (api.golemio.cz)|2620:1ec:46::45|:443… spojeno.
^C
ping 10.0.0.152
PING 10.0.0.152 (10.0.0.152) 56(84) bytes of data.
From 192.168.2.1 icmp_seq=1 Packet filtered
From 192.168.2.1 icmp_seq=2 Packet filtered
From 192.168.2.1 icmp_seq=3 Packet filtered
From 192.168.2.1 icmp_seq=4 Packet filtered
From 192.168.2.1 icmp_seq=5 Packet filtered
From 192.168.2.1 icmp_seq=6 Packet filtered
From 192.168.2.1 icmp_seq=7 Packet filtered
From 192.168.2.1 icmp_seq=8 Packet filtered
From 192.168.2.1 icmp_seq=9 Packet filtered
From 192.168.2.1 icmp_seq=10 Packet filtered
tcpdump -i any icmp
tcpdump: data link type LINUX_SLL2
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes
08:44:27.311669 lan In IP 192.168.2.50 > 10.0.0.152: ICMP echo request, id 72, seq 1, length 64
08:44:27.311730 lan Out IP ROUTER > 192.168.2.50: ICMP host 10.0.0.152 unreachable - admin prohibited filter, length 92
08:44:28.316507 lan In IP 192.168.2.50 > 10.0.0.152: ICMP echo request, id 72, seq 2, length 64
08:44:28.316551 lan Out IP ROUTER > 192.168.2.50: ICMP host 10.0.0.152 unreachable - admin prohibited filter, length 92
08:44:29.340507 lan In IP 192.168.2.50 > 10.0.0.152: ICMP echo request, id 72, seq 3, length 64
08:44:29.340547 lan Out IP ROUTER > 192.168.2.50: ICMP host 10.0.0.152 unreachable - admin prohibited filter, length 92
08:44:30.364431 lan In IP 192.168.2.50 > 10.0.0.152: ICMP echo request, id 72, seq 4, length 64
08:44:30.364472 lan Out IP ROUTER > 192.168.2.50: ICMP host 10.0.0.152 unreachable - admin prohibited filter, length 92
08:44:31.388411 lan In IP 192.168.2.50 > 10.0.0.152: ICMP echo request, id 72, seq 5, length 64
08:44:31.388457 lan Out IP ROUTER > 192.168.2.50: ICMP host 10.0.0.152 unreachable - admin prohibited filter, length 92
08:44:32.412413 lan In IP 192.168.2.50 > 10.0.0.152: ICMP echo request, id 72, seq 6, length 64
08:44:32.412454 lan Out IP ROUTER > 192.168.2.50: ICMP host 10.0.0.152 unreachable - admin prohibited filter, length 92
08:44:33.436361 lan In IP 192.168.2.50 > 10.0.0.152: ICMP echo request, id 72, seq 7, length 64
08:44:33.436402 lan Out IP ROUTER > 192.168.2.50: ICMP host 10.0.0.152 unreachable - admin prohibited filter, length 92
08:44:34.460316 lan In IP 192.168.2.50 > 10.0.0.152: ICMP echo request, id 72, seq 8, length 64
08:44:34.460356 lan Out IP ROUTER > 192.168.2.50: ICMP host 10.0.0.152 unreachable - admin prohibited filter, length 92
08:44:35.484306 lan In IP 192.168.2.50 > 10.0.0.152: ICMP echo request, id 72, seq 9, length 64
08:44:35.484346 lan Out IP ROUTER > 192.168.2.50: ICMP host 10.0.0.152 unreachable - admin prohibited filter, length 92
08:44:36.508247 lan In IP 192.168.2.50 > 10.0.0.152: ICMP echo request, id 72, seq 10, length 64
08:44:36.508288 lan Out IP ROUTER > 192.168.2.50: ICMP host 10.0.0.152 unreachable - admin prohibited filter, length 92
08:44:37.532285 lan In IP 192.168.2.50 > 10.0.0.152: ICMP echo request, id 72, seq 11, length 64
08:44:37.532325 lan Out IP ROUTER > 192.168.2.50: ICMP host 10.0.0.152 unreachable - admin prohibited filter, length 92
tcpdump -i any icmp
tcpdump: data link type LINUX_SLL2
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes
09:39:29.122895 lan In IP 192.168.2.50 > 10.0.0.152: ICMP echo request, id 80, seq 1, length 64
09:39:29.122929 wan Out IP 192.168.2.50 > 10.0.0.152: ICMP echo request, id 80, seq 1, length 64
09:39:30.143463 lan In IP 192.168.2.50 > 10.0.0.152: ICMP echo request, id 80, seq 2, length 64
09:39:30.143481 wan Out IP 192.168.2.50 > 10.0.0.152: ICMP echo request, id 80, seq 2, length 64
09:39:31.167414 lan In IP 192.168.2.50 > 10.0.0.152: ICMP echo request, id 80, seq 3, length 64
09:39:31.167431 wan Out IP 192.168.2.50 > 10.0.0.152: ICMP echo request, id 80, seq 3, length 64
09:39:32.191408 lan In IP 192.168.2.50 > 10.0.0.152: ICMP echo request, id 80, seq 4, length 64
09:39:32.191427 wan Out IP 192.168.2.50 > 10.0.0.152: ICMP echo request, id 80, seq 4, length 64
09:39:33.215340 lan In IP 192.168.2.50 > 10.0.0.152: ICMP echo request, id 80, seq 5, length 64
09:39:33.215357 wan Out IP 192.168.2.50 > 10.0.0.152: ICMP echo request, id 80, seq 5, length 64
09:39:34.239353 lan In IP 192.168.2.50 > 10.0.0.152: ICMP echo request, id 80, seq 6, length 64
09:39:34.239371 wan Out IP 192.168.2.50 > 10.0.0.152: ICMP echo request, id 80, seq 6, length 64
tcpdump -i enp0s31f6 icmp
tcpdump: data link type LINUX_SLL2
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes
09:39:28.668370 enp0s31f6 In IP 192.168.2.50 > thinkpadX270: ICMP echo request, id 80, seq 1, length 64
09:39:28.668513 enp0s31f6 Out IP thinkpadX270 > 192.168.2.50: ICMP echo reply, id 80, seq 1, length 64
09:39:29.688989 enp0s31f6 In IP 192.168.2.50 > thinkpadX270: ICMP echo request, id 80, seq 2, length 64
09:39:29.689088 enp0s31f6 Out IP thinkpadX270 > 192.168.2.50: ICMP echo reply, id 80, seq 2, length 64
09:39:30.712961 enp0s31f6 In IP 192.168.2.50 > thinkpadX270: ICMP echo request, id 80, seq 3, length 64
09:39:30.713073 enp0s31f6 Out IP thinkpadX270 > 192.168.2.50: ICMP echo reply, id 80, seq 3, length 64
09:39:31.736939 enp0s31f6 In IP 192.168.2.50 > thinkpadX270: ICMP echo request, id 80, seq 4, length 64
09:39:31.737043 enp0s31f6 Out IP thinkpadX270 > 192.168.2.50: ICMP echo reply, id 80, seq 4, length 64
09:39:32.760819 enp0s31f6 In IP 192.168.2.50 > thinkpadX270: ICMP echo request, id 80, seq 5, length 64
09:39:32.760935 enp0s31f6 Out IP thinkpadX270 > 192.168.2.50: ICMP echo reply, id 80, seq 5, length 64
09:39:33.784821 enp0s31f6 In IP 192.168.2.50 > thinkpadX270: ICMP echo request, id 80, seq 6, length 64
09:39:33.784922 enp0s31f6 Out IP thinkpadX270 > 192.168.2.50: ICMP echo reply, id 80, seq 6, length 64
sysctl -w net.ipv4.ip_forward=1
sysctl -w net.ipv6.conf.all.forwarding=1
sysctl -p
ip rou
default via 10.0.0.138 dev wan
10.0.0.0/24 dev wan proto kernel scope link src 10.0.0.237
192.168.2.0/24 dev lan proto kernel scope link src 192.168.2.1
ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: wan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 10:60:4b:60:03:92 brd ff:ff:ff:ff:ff:ff
altname enp0s25
altname eno1
inet 10.0.0.237/24 brd 10.0.0.255 scope global wan
valid_lft forever preferred_lft forever
inet6 fe80::1260:4bff:fe60:392/64 scope link
valid_lft forever preferred_lft forever
3: lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether a0:36:9f:a0:65:ec brd ff:ff:ff:ff:ff:ff
altname enp1s0
inet 192.168.2.1/24 brd 192.168.2.255 scope global lan
valid_lft forever preferred_lft forever
inet6 fe80::a236:9fff:fea0:65ec/64 scope link
valid_lft forever preferred_lft forever
firewall-cmd --zone=internal --list-all
internal
target: default
icmp-block-inversion: no
interfaces:
sources:
services: dhcpv6-client mdns samba-client ssh
ports:
protocols:
forward: yes
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
firewall-cmd --zone=external --list-all
external (active)
target: default
icmp-block-inversion: no
interfaces: eno1 wan
sources:
services: ssh
ports:
protocols:
forward: yes
masquerade: yes
forward-ports:
source-ports:
icmp-blocks:
rich rules: