# output (DNS example on a kubernets system nslookup from a container to coredns): Or with the possibility to follow the messages: sudo tail -f /var/log/messages | grep TRACE _log.2 = nf_log_ipv4 Step 4: View Trace Logs Unfiltered (almost) dmesg | grep TRACE Sudo iptables -t raw -A PREROUTING -d $DEST -j TRACE Step 2 (optional): View iptables Trace Config sudo iptables -t raw -L PREROUTING -line-numbersġ TRACE udp - anywhere anywhere udp dpt:domainĢ TRACE tcp - anywhere anywhere tcp dpt:domain Step 3: Activate Tracing modprobe nf_log_ipv4 Which sudo || alias iptables -t raw -A OUTPUT -d $DEST -j TRACE Sudo iptables -t raw -A PREROUTING -p tcp -dport $PORT -j TRACE Destination Example DEST=10.44.0.47 Sudo iptables -t raw -A PREROUTING -p udp -dport $PORT -j TRACE Sudo iptables -t raw -A OUTPUT -p tcp -dport $PORT -j TRACE Which sudo || alias iptables -t raw -A OUTPUT -p udp -dport $PORT -j TRACE
Step 1: Mark Packets to be traced DNS Port Example PORT=53 Most of the other articles on the Internet did not work, because CentOS has changed the way of activating tracing. This is a small cheat sheet that may help to troubleshoot iptables on CentOS systems.
0 kommentar(er)
