1

Centos 7, lamp stack.

firewall is turned off, sealinux is disabled, Iptables looks fine

if you to localhost/api.php or internal-ip/api.php

from a browser, it works fine, if you ping it's fine, if you open vnc on the server and open the browser it's fine.

if you ssh to the server then curl any of the url's above, you get no route to host

Iptables

iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
DOCKER     all  --  anywhere             anywhere             ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
DOCKER     all  --  anywhere            !loopback/8           ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  all  --  172.17.0.0/16        anywhere
MASQUERADE  all  --  172.18.0.0/16        anywhere
MASQUERADE  tcp  --  172.18.0.2           172.18.0.2           tcp dpt:http
MASQUERADE  tcp  --  172.18.0.2           172.18.0.2           tcp dpt:ssh
MASQUERADE  tcp  --  172.18.0.3           172.18.0.3           tcp dpt:mysql
MASQUERADE  tcp  --  172.18.0.4           172.18.0.4           tcp dpt:21212
MASQUERADE  tcp  --  172.18.0.4           172.18.0.4           tcp dpt:21211
MASQUERADE  tcp  --  172.18.0.4           172.18.0.4           tcp dpt:cslistener
MASQUERADE  tcp  --  172.18.0.4           172.18.0.4           tcp dpt:tproxy
MASQUERADE  tcp  --  172.18.0.4           172.18.0.4           tcp dpt:webcache
MASQUERADE  tcp  --  172.18.0.4           172.18.0.4           tcp dpt:7181
MASQUERADE  tcp  --  172.18.0.4           172.18.0.4           tcp dpt:personal-agent
MASQUERADE  tcp  --  172.18.0.4           172.18.0.4           tcp dpt:agriserver
MASQUERADE  tcp  --  172.18.0.4           172.18.0.4           tcp dpt:ssh
MASQUERADE  tcp  --  172.18.0.5           172.18.0.5           tcp dpt:ddi-tcp-1
MASQUERADE  tcp  --  172.18.0.5           172.18.0.5           tcp dpt:fmtp
MASQUERADE  tcp  --  172.18.0.5           172.18.0.5           tcp dpt:8061
MASQUERADE  tcp  --  172.18.0.6           172.18.0.6           tcp dpt:webcache

Chain DOCKER (2 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere
DNAT       tcp  --  anywhere             anywhere             tcp dpt:amanda to:172.18.0.2:80
DNAT       tcp  --  anywhere             anywhere             tcp dpt:10022 to:172.18.0.2:22
DNAT       tcp  --  anywhere             anywhere             tcp dpt:23306 to:172.18.0.3:3306
DNAT       tcp  --  anywhere             localhost            tcp dpt:lupa to:172.18.0.4:21212
DNAT       tcp  --  anywhere             localhost            tcp dpt:groove-dpp to:172.18.0.4:21211
DNAT       tcp  --  anywhere             localhost            tcp dpt:igrid to:172.18.0.4:9000
DNAT       tcp  --  anywhere             localhost            tcp dpt:18081 to:172.18.0.4:8081
DNAT       tcp  --  anywhere             anywhere             tcp dpt:18090 to:172.18.0.4:8080
DNAT       tcp  --  anywhere             localhost            tcp dpt:17181 to:172.18.0.4:7181
DNAT       tcp  --  anywhere             localhost            tcp dpt:cisco-snat to:172.18.0.4:5555
DNAT       tcp  --  anywhere             localhost            tcp dpt:13021 to:172.18.0.4:3021
DNAT       tcp  --  anywhere             localhost            tcp dpt:20022 to:172.18.0.4:22
DNAT       tcp  --  anywhere             anywhere             tcp dpt:8887 to:172.18.0.5:8888
DNAT       tcp  --  anywhere             localhost            tcp dpt:18500 to:172.18.0.5:8500
DNAT       tcp  --  anywhere             anywhere             tcp dpt:18061 to:172.18.0.5:8061
DNAT       tcp  --  anywhere             anywhere             tcp dpt:38080 to:172.18.0.6:8080
Lynob
  • 241
  • 1
  • 9
  • 17

0 Answers0