Hello All,
Please be patient with me, I am new to the Linux world and I am not a
security expert.
I built a uClibc firewall version 2.0 Linux firewall kernel 2.4.20 from the
image Bering-uClibc_2.0_img_bering-uclibc-1680.exe and I have been
compromised. I have included a lot of information here because I need to
know how the hackers compromised this machine and I want to give you as much
information as you need to help me figure it how. For the most part this is
a default configuration with no special services needed or running, I setup
dropbear (default config) but have not removed the package yet. The
Shorewall is set to accept all outbound traffic and paranoid ALL inbound, I
have not changed anything in this configuration file. Please see
Configuration and rules below for more detail and please let me know if you
need any additional information.
Thank you in advance to all that will help me. I am learning, and I am sure
this is NOT an issue with the shorewall product but with my configuration.
Please also remember who you are addressing (dope newbie/wannabie) so please
if you could. :)
Ken
[EMAIL PROTECTED]
Issue:
===============-==============-=============================================
=
My shorewall has been compromised. I need to find out how they are
compromising this machine repeatedly and what I need to do to stop it! The
hackers have already used the shorewall box to spam others on the internet
and god knows what else.
I have a CISCO PIX 515 behind the shorewall firewall with eth0 set to
192.168.1.99. As far as I can tell it has not been compromised and I have
not noticed any strange events internally on my home network (yet). (I am
told the PIX cannot be configured for dhcp so I am using shorewall for this;
unfortunately in my area I have a choice between Comcast and dialup). The
version of uClibc I am using may need some patches but I am not sure about
this as I downloaded this image and set it up less than a month ago, please
let me know if there are any critical updates that I need to apply. I have
read the installation/user guides and have read hundreds of man pages and I
can only hope I did everything right.
This clip is from my shorewall.log:0: Note the date on the first entry and
the source IP. The problem is that the SRC is my IP and I do not have an IP
192.43.244.18 on my network. I have added 123.1.1.1 to my blacklist. Since
this IP has been added to my blacklist it still shows up in my log and looks
something like the log from DEC 20 below with
Shorewall:blacklst:DROP:IN=eth0 OUT=eth1 SRC=123.1.1.1 DST=192.168.1.99.
This is bad because this IP is eth0 to my CISCO PIX 515.
Jan 1 00:00:00 firewall Shorewall:all2all:REJECT: IN= OUT=eth0 MAC=
SRC=12.213.227.185 DST=192.43.244.18 LEN=60 TOS=00 PREC=0x00 TTL=64 ID=0 DF
PROTO=TCP SPT=4083 DPT=37 SEQ=3441321937 ACK=0 WINDOW=5840 SYN URGP=0
Dec 21 10:19:38 firewall Shorewall:logdrop:DROP: IN=eth0 OUT=
MAC=00:a0:c9:68:18:28:00:01:5c:22:5d:42:08:00 SRC=123.1.1.1
DST=12.213.227.185 LEN=783 TOS=00 PREC=0x00 TTL=112 ID=28872 PROTO=UDP
SPT=14833 DPT=1026 LEN=763
Dec 21 15:13:10 firewall Shorewall:net2all:DROP: IN=eth0 OUT=
MAC=00:a0:c9:68:18:28:00:01:5c:22:5d:42:08:00 SRC=205.240.153.242
DST=12.213.227.185 LEN=60 TOS=00 PREC=0x00 TTL=49 ID=13109 DF PROTO=TCP
SPT=1787 DPT=21 SEQ=3260295433 ACK=0 WINDOW=5840 SYN URGP=0
Also SRC IP 66.218.70.35 has seemingly exploited the uClibc firewall. The
IP 192.168.1.99 is eth0 for my CISCO PIX 515.
You can see shorewall start and then 66.218.70.35 (v4.vc.scd.yahoo.com
[66.218.70.35]) is out eth1, looks bad to me. The hacker is using several
boxes from yahoo IP's: v3.vc.scd.yahoo.com [66.218.70.45],
v1.vc.scd.yahoo.com [66.218.70.32], v13.vc.scd.yahoo.com [66.218.70.34]
Dec 20 14:59:16 firewall dhcpcd.exe: interface eth0 has been configured with
new IP=12.213.227.185
Dec 20 14:59:23 firewall root: Shorewall Started
Dec 20 15:41:06 firewall kernel: Shorewall:blacklst:DROP:IN=eth0 OUT=eth1
SRC=66.218.70.35 DST=192.168.1.99 LEN=44 TOS=0x00 PREC=0x00 TTL=51 ID=2091
DF PROTO=TCP SPT=5001 DPT=10468 WINDOW=65535 RES=0x00 ACK SYN URGP=0
Configuration:
===============-==============-=============================================
=
The Shoewall box has two Intel Pro 100 NIC's. Eth0 to internet with dhcp,
routefilter, blacklist, rfc1918 and dropunclean set to yes.
I had set blacklist logging to 6 (informational) and then changed it to 4
(ergent) just to see if this would show different events in the log.
Eth0 pulls dhcp IP 12.213.227.185 from Comcast.
Eth1 is configured with default address 192.168.1.254.
Incoming ICMP on port 8 set to DROP packets.
Ident Port 113 set to DROP packets.
Modules Loaded:
===============-==============-=============================================
=
Modules:
softdog 1476 1
ip_nat_irc 2176 0 (unused)
ip_nat_ftp 2784 0 (unused)
ip_conntrack_irc 2880 1
ip_conntrack_ftp 3648 1
eepro100 17892 2
mii 2092 0 [eepro100]
Installed Packages:
Name Version Description
===============-==============-=============================================
=
initrd V2.0 uClibc-0. LEAF Bering initial filesystem
root V2.0 uClibc-0. Core LEAF Bering package
config 0.1 Core config and backup system package
etc V2.0 uClibc-0.
local V2.0 uClibc-0. LEAF Bering local package
modules V2.0 uClibc-0. Define & contain your LEAF Bering modules
iptables 1.2.8 IP packet filter administration tools for
2.4.
dhcpcd 1.3.22pl4-7 dhcpcd is a RFC2131 and RFC1541 compliant
DHCP
keyboard 0.3 Define your keyboard settings
shorwall 1.4.5 Shoreline Firewall (Shorewall)
ulogd 1.02 The Netfilter Userspace Logging Daemon
dnscache 1.05a A fast & secure proxy DNS server, patched for
dropbear 0.38 Dropbear SSH 2 server and key generator.
weblet 1.2.2-4 LEAF status via a small web server
Running Process:
===============-==============-=============================================
=
PID Uid VmSize Stat Command
1 root 256 S init [2]
2 root SW [keventd]
3 root SWN [ksoftirqd_CPU0]
4 root SW [kswapd]
5 root SW [bdflush]
6 root SW [kupdated]
28918 root 280 S /sbin/syslogd -m 240
12413 root 240 S /sbin/klogd
20139 root 280 S /sbin/dhcpcd-bin -Y -N -D -d eth0
31742 root 308 S /usr/sbin/dropbear -p 22 -r
/etc/dropbear/dropbear_rs
15242 root 144 S /usr/sbin/watchdog
5006 root 280 S /usr/sbin/inetd
25734 root 280 S /usr/sbin/ulogd -d
30415 root 1216 S [dnscache]
24224 root 288 S /usr/sbin/cron
30450 root 268 S /sbin/getty 38400 tty1
29007 root 268 S /sbin/getty 38400 tty2
1707 sh-httpd 328 S /bin/sh /usr/sbin/sh-httpd
302 sh-httpd 308 S /bin/sh /var/sh-www/cgi-bin/viewsys
28628 root 196 S [sleep]
15224 root 240 S [cat]
27609 sh-httpd 308 R /bin/sh /var/sh-www/cgi-bin/viewsys
12982 root 288 R [ps]
Firewall Rules:
===============-==============-=============================================
=
Shorewall-1.4.5 Chain at - Mon Dec 22 13:42:32 UTC 2003
Chain INPUT (policy DROP 2 packets, 420 bytes)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- lo * 0.0.0.0/0
0.0.0.0/0
0 0 DROP !icmp -- * * 0.0.0.0/0
0.0.0.0/0
state INVALID
0 0 eth0_in all -- eth0 * 0.0.0.0/0
0.0.0.0/0
0 0 eth1_in all -- eth1 * 0.0.0.0/0
0.0.0.0/0
0 0 common all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 ULOG all -- * * 0.0.0.0/0
0.0.0.0/0
ULOG copy_range 0 nlgroup 1 prefix `Shorewall:INPUT:REJECT:'
queue_threshold 1
0 0 reject all -- * * 0.0.0.0/0
0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 DROP !icmp -- * * 0.0.0.0/0
0.0.0.0/0
state INVALID
0 0 eth0_fwd all -- eth0 * 0.0.0.0/0
0.0.0.0/0
0 0 eth1_fwd all -- eth1 * 0.0.0.0/0
0.0.0.0/0
0 0 common all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 ULOG all -- * * 0.0.0.0/0
0.0.0.0/0
ULOG copy_range 0 nlgroup 1 prefix `Shorewall:FORWARD:REJECT:'
queue_threshold 1
0 0 reject all -- * * 0.0.0.0/0
0.0.0.0/0
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * lo 0.0.0.0/0
0.0.0.0/0
0 0 DROP !icmp -- * * 0.0.0.0/0
0.0.0.0/0
state INVALID
0 0 ACCEPT udp -- * eth0 0.0.0.0/0
0.0.0.0/0
udp dpts:67:68
0 0 fw2net all -- * eth0 0.0.0.0/0
0.0.0.0/0
0 0 all2all all -- * eth1 0.0.0.0/0
0.0.0.0/0
0 0 common all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 ULOG all -- * * 0.0.0.0/0
0.0.0.0/0
ULOG copy_range 0 nlgroup 1 prefix `Shorewall:OUTPUT:REJECT:'
queue_threshold 1
0 0 reject all -- * * 0.0.0.0/0
0.0.0.0/0
Chain all2all (3 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0
state RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * * 0.0.0.0/0
0.0.0.0/0
state NEW tcp flags:!0x16/0x02
0 0 common all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 ULOG all -- * * 0.0.0.0/0
0.0.0.0/0
ULOG copy_range 0 nlgroup 1 prefix `Shorewall:all2all:REJECT:'
queue_threshold 1
0 0 reject all -- * * 0.0.0.0/0
0.0.0.0/0
Chain badpkt (2 references)
pkts bytes target prot opt in out source
destination
0 0 ULOG !tcp -- * * 0.0.0.0/0
0.0.0.0/0
ULOG copy_range 0 nlgroup 1 prefix `Shorewall:badpkt:DROP:'
queue_threshold 1
0 0 ULOG tcp -- * * 0.0.0.0/0
0.0.0.0/0
ULOG copy_range 0 nlgroup 1 prefix `Shorewall:badpkt:DROP:'
queue_threshold 1
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0
Chain blacklst (2 references)
pkts bytes target prot opt in out source
destination
0 0 LOG all -- * * 66.218.70.32
0.0.0.0/0
LOG flags 0 level 4 prefix `Shorewall:blacklst:DROP:'
0 0 DROP all -- * * 66.218.70.32
0.0.0.0/0
0 0 LOG all -- * * 66.218.70.46
0.0.0.0/0
LOG flags 0 level 4 prefix `Shorewall:blacklst:DROP:'
0 0 DROP all -- * * 66.218.70.46
0.0.0.0/0
0 0 LOG all -- * * 66.218.70.32
0.0.0.0/0
LOG flags 0 level 4 prefix `Shorewall:blacklst:DROP:'
0 0 DROP all -- * * 66.218.70.32
0.0.0.0/0
0 0 LOG all -- * * 66.218.70.33
0.0.0.0/0
LOG flags 0 level 4 prefix `Shorewall:blacklst:DROP:'
0 0 DROP all -- * * 66.218.70.33
0.0.0.0/0
0 0 LOG all -- * * 66.218.70.34
0.0.0.0/0
LOG flags 0 level 4 prefix `Shorewall:blacklst:DROP:'
0 0 DROP all -- * * 66.218.70.34
0.0.0.0/0
0 0 LOG all -- * * 66.218.70.35
0.0.0.0/0
LOG flags 0 level 4 prefix `Shorewall:blacklst:DROP:'
0 0 DROP all -- * * 66.218.70.35
0.0.0.0/0
0 0 LOG all -- * * 66.218.70.41
0.0.0.0/0
LOG flags 0 level 4 prefix `Shorewall:blacklst:DROP:'
0 0 DROP all -- * * 66.218.70.41
0.0.0.0/0
0 0 LOG all -- * * 66.218.70.45
0.0.0.0/0
LOG flags 0 level 4 prefix `Shorewall:blacklst:DROP:'
0 0 DROP all -- * * 66.218.70.45
0.0.0.0/0
0 0 LOG all -- * * 66.232.141.16
0.0.0.0/0
LOG flags 0 level 4 prefix `Shorewall:blacklst:DROP:'
0 0 DROP all -- * * 66.232.141.16
0.0.0.0/0
0 0 LOG all -- * * 123.1.1.1
0.0.0.0/0
LOG flags 0 level 4 prefix `Shorewall:blacklst:DROP:'
0 0 DROP all -- * * 123.1.1.1
0.0.0.0/0
Chain common (5 references)
pkts bytes target prot opt in out source
destination
0 0 icmpdef icmp -- * * 0.0.0.0/0
0.0.0.0/0
0 0 reject udp -- * * 0.0.0.0/0
0.0.0.0/0
udp dpts:137:139
0 0 reject udp -- * * 0.0.0.0/0
0.0.0.0/0
udp dpt:445
0 0 reject tcp -- * * 0.0.0.0/0
0.0.0.0/0
tcp dpt:139
0 0 reject tcp -- * * 0.0.0.0/0
0.0.0.0/0
tcp dpt:445
0 0 reject tcp -- * * 0.0.0.0/0
0.0.0.0/0
tcp dpt:135
0 0 DROP udp -- * * 0.0.0.0/0
0.0.0.0/0
udp dpt:1900
0 0 DROP all -- * * 0.0.0.0/0
255.255.255.
255
0 0 DROP all -- * * 0.0.0.0/0
224.0.0.0/4
0 0 reject tcp -- * * 0.0.0.0/0
0.0.0.0/0
tcp dpt:113
0 0 DROP udp -- * * 0.0.0.0/0
0.0.0.0/0
udp spt:53 state NEW
0 0 DROP all -- * * 0.0.0.0/0
255.255.255.
255
0 0 DROP all -- * * 0.0.0.0/0
192.168.1.25
5
Chain dynamic (4 references)
pkts bytes target prot opt in out source
destination
Chain eth0_fwd (1 references)
pkts bytes target prot opt in out source
destination
0 0 dynamic all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 badpkt all -- * * 0.0.0.0/0
0.0.0.0/0
unclean
0 0 rfc1918 all -- * * 0.0.0.0/0
0.0.0.0/0
state NEW
0 0 blacklst all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 net2all all -- * eth1 0.0.0.0/0
0.0.0.0/0
Chain eth0_in (1 references)
pkts bytes target prot opt in out source
destination
0 0 dynamic all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 badpkt all -- * * 0.0.0.0/0
0.0.0.0/0
unclean
0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0
udp dpts:67:68
0 0 rfc1918 all -- * * 0.0.0.0/0
0.0.0.0/0
state NEW
0 0 blacklst all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 net2fw all -- * * 0.0.0.0/0
0.0.0.0/0
Chain eth1_fwd (1 references)
pkts bytes target prot opt in out source
destination
0 0 dynamic all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 loc2net all -- * eth0 0.0.0.0/0
0.0.0.0/0
Chain eth1_in (1 references)
pkts bytes target prot opt in out source
destination
0 0 dynamic all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 loc2fw all -- * * 0.0.0.0/0
0.0.0.0/0
Chain fw2net (1 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0
state RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * * 0.0.0.0/0
0.0.0.0/0
state NEW tcp flags:!0x16/0x02
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0
state NEW tcp dpt:53
0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0
state NEW udp dpt:53
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0
icmp type 8
0 0 all2all all -- * * 0.0.0.0/0
0.0.0.0/0
Chain icmpdef (1 references)
pkts bytes target prot opt in out source
destination
Chain loc2fw (1 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0
state RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * * 0.0.0.0/0
0.0.0.0/0
state NEW tcp flags:!0x16/0x02
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0
state NEW tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0
state NEW tcp dpt:53
0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0
state NEW udp dpt:53
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0
state NEW tcp dpt:22
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0
icmp type 8
0 0 all2all all -- * * 0.0.0.0/0
0.0.0.0/0
Chain loc2net (1 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0
state RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * * 0.0.0.0/0
0.0.0.0/0
state NEW tcp flags:!0x16/0x02
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0
Chain logdrop (30 references)
pkts bytes target prot opt in out source
destination
0 0 ULOG all -- * * 0.0.0.0/0
0.0.0.0/0
ULOG copy_range 0 nlgroup 1 prefix `Shorewall:logdrop:DROP:'
queue_threshold 1
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0
Chain net2all (2 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0
state RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * * 0.0.0.0/0
0.0.0.0/0
state NEW tcp flags:!0x16/0x02
0 0 common all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 ULOG all -- * * 0.0.0.0/0
0.0.0.0/0
ULOG copy_range 0 nlgroup 1 prefix `Shorewall:net2all:DROP:'
queue_threshold 1
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0
Chain net2fw (1 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0
state RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * * 0.0.0.0/0
0.0.0.0/0
state NEW tcp flags:!0x16/0x02
0 0 DROP icmp -- * * 0.0.0.0/0
0.0.0.0/0
icmp type 8
0 0 DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0
state NEW tcp dpt:67
0 0 DROP udp -- * * 0.0.0.0/0
0.0.0.0/0
state NEW udp dpt:67
0 0 DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0
state NEW tcp dpt:68
0 0 DROP udp -- * * 0.0.0.0/0
0.0.0.0/0
state NEW udp dpt:68
0 0 DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0
state NEW tcp dpt:113
0 0 DROP udp -- * * 0.0.0.0/0
0.0.0.0/0
state NEW udp dpt:113
0 0 DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0
I have added a lot more ports to DROP but have only included those that
specifically were set to allow or open in the default config. Like port
113, I have set to DROP.
Chain newnotsyn (6 references)
pkts bytes target prot opt in out source
destination
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0
Chain reject (10 references)
pkts bytes target prot opt in out source
destination
0 0 REJECT tcp -- * * 0.0.0.0/0
0.0.0.0/0
reject-with tcp-reset
0 0 REJECT udp -- * * 0.0.0.0/0
0.0.0.0/0
reject-with icmp-port-unreachable
0 0 REJECT icmp -- * * 0.0.0.0/0
0.0.0.0/0
reject-with icmp-host-unreachable
0 0 REJECT all -- * * 0.0.0.0/0
0.0.0.0/0
reject-with icmp-host-prohibited
Chain rfc1918 (2 references)
pkts bytes target prot opt in out source
destination
0 0 RETURN all -- * * 255.255.255.255
0.0.0.0/0
0 0 DROP all -- * * 169.254.0.0/16
0.0.0.0/0
0 0 logdrop all -- * * 172.16.0.0/12
0.0.0.0/0
0 0 logdrop all -- * * 192.0.2.0/24
0.0.0.0/0
0 0 logdrop all -- * * 192.168.0.0/16
0.0.0.0/0
0 0 logdrop all -- * * 0.0.0.0/7
0.0.0.0/0
0 0 logdrop all -- * * 2.0.0.0/8
0.0.0.0/0
0 0 logdrop all -- * * 5.0.0.0/8
0.0.0.0/0
0 0 logdrop all -- * * 7.0.0.0/8
0.0.0.0/0
0 0 logdrop all -- * * 10.0.0.0/8
0.0.0.0/0
0 0 logdrop all -- * * 23.0.0.0/8
0.0.0.0/0
0 0 logdrop all -- * * 27.0.0.0/8
0.0.0.0/0
0 0 logdrop all -- * * 31.0.0.0/8
0.0.0.0/0
0 0 logdrop all -- * * 36.0.0.0/7
0.0.0.0/0
0 0 logdrop all -- * * 39.0.0.0/8
0.0.0.0/0
0 0 logdrop all -- * * 41.0.0.0/8
0.0.0.0/0
0 0 logdrop all -- * * 42.0.0.0/8
0.0.0.0/0
0 0 logdrop all -- * * 49.0.0.0/8
0.0.0.0/0
0 0 logdrop all -- * * 50.0.0.0/8
0.0.0.0/0
0 0 logdrop all -- * * 58.0.0.0/7
0.0.0.0/0
0 0 logdrop all -- * * 60.0.0.0/8
0.0.0.0/0
0 0 logdrop all -- * * 70.0.0.0/7
0.0.0.0/0
0 0 logdrop all -- * * 72.0.0.0/5
0.0.0.0/0
0 0 logdrop all -- * * 83.0.0.0/8
0.0.0.0/0
0 0 logdrop all -- * * 84.0.0.0/6
0.0.0.0/0
0 0 logdrop all -- * * 88.0.0.0/5
0.0.0.0/0
0 0 logdrop all -- * * 96.0.0.0/3
0.0.0.0/0
0 0 logdrop all -- * * 127.0.0.0/8
0.0.0.0/0
0 0 logdrop all -- * * 197.0.0.0/8
0.0.0.0/0
0 0 logdrop all -- * * 198.18.0.0/15
0.0.0.0/0
0 0 logdrop all -- * * 201.0.0.0/8
0.0.0.0/0
0 0 logdrop all -- * * 240.0.0.0/4
0.0.0.0/0
Shorewall-1.4.5 NAT at - Mon Dec 22 13:42:32 UTC 2003
Chain PREROUTING (policy ACCEPT 5 packets, 1186 bytes)
pkts bytes target prot opt in out source
destination
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 eth0_masq all -- * eth0 0.0.0.0/0
0.0.0.0/0
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
Chain eth0_masq (1 references)
pkts bytes target prot opt in out source
destination
0 0 MASQUERADE all -- * * 192.168.1.0/24 0.0.0.0
INTERFACES:
===============-==============-=============================================
=
1: lo: mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
2: dummy0: mtu 1500 qdisc noop
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
3: eth0: mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:a0:c9:68:18:28 brd ff:ff:ff:ff:ff:ff
inet 12.213.227.185/24 brd 255.255.255.255 scope global eth0
4: eth1: mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:d0:b7:75:e8:17 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.254/24 brd 192.168.1.255 scope global eth1
ROUTES:
===============-==============-=============================================
=
12.213.227.0/24 dev eth0 proto kernel scope link src 12.213.227.185
192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.254
default via 12.213.227.1 dev eth0
-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills. Sign up for IBM's
Free Linux Tutorials. Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id�78&alloc_id371&op=click
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
