have a centos server with 2 NICs hanging at 2 different gateways can
ping gateway one gateway two not
tested from localhost (10.10.10.10 eth0) to 10.10.10.1
sorry my english is not the best...
i hope i made everything correct... if not please tell me what to do...
horewall 4.0.11 Dump at SerCen0210 - Thu Feb 4 23:53:44 CET 2010
Shorewall-shell 4.0.11
Shorewall-perl 4.0.11.1
Counters reset Thu Feb 4 23:48:43 CET 2010
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
84 6648 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
11 956 eth0_in all -- eth0 * 0.0.0.0/0 0.0.0.0/0
210 36933 eth1_in all -- eth1 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 Drop all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:INPUT:DROP:'
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 eth0_fwd all -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 eth1_fwd all -- eth1 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 Drop all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:FORWARD:DROP:'
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
84 6648 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
6 504 eth0_out all -- * eth0 0.0.0.0/0 0.0.0.0/0
208 64953 eth1_out all -- * eth1 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 Drop all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:OUTPUT:DROP:'
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain Drop (5 references)
pkts bytes target prot opt in out source destination
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:113
11 956 dropBcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 3 code 4
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 11
0 0 dropInvalid all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,445
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:137:139
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:137 dpts:1024:65535
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,139,445
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1900
0 0 dropNotSyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:53
Chain Reject (0 references)
pkts bytes target prot opt in out source destination
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:113
0 0 dropBcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 3 code 4
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 11
0 0 dropInvalid all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,445
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:137:139
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:137 dpts:1024:65535
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,139,445
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1900
0 0 dropNotSyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:53
Chain dmz2fw (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 8
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 8
11 956 Drop all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain dmz2int (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 8
0 0 Drop all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain dropBcast (2 references)
pkts bytes target prot opt in out source destination
10 920 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
PKTTYPE = broadcast
1 36 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
PKTTYPE = multicast
Chain dropInvalid (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID
Chain dropNotSyn (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:!0x17/0x02
Chain dynamic (4 references)
pkts bytes target prot opt in out source destination
Chain eth0_fwd (1 references)
pkts bytes target prot opt in out source destination
0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
0 0 dmz2int all -- * eth1 0.0.0.0/0 0.0.0.0/0
Chain eth0_in (1 references)
pkts bytes target prot opt in out source destination
11 956 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
11 956 dmz2fw all -- * * 0.0.0.0/0 0.0.0.0/0
Chain eth0_out (1 references)
pkts bytes target prot opt in out source destination
6 504 fw2dmz all -- * * 0.0.0.0/0 0.0.0.0/0
Chain eth1_fwd (1 references)
pkts bytes target prot opt in out source destination
0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
0 0 int2dmz all -- * eth0 0.0.0.0/0 0.0.0.0/0
Chain eth1_in (1 references)
pkts bytes target prot opt in out source destination
19 1580 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
210 36933 int2fw all -- * * 0.0.0.0/0 0.0.0.0/0
Chain eth1_out (1 references)
pkts bytes target prot opt in out source destination
208 64953 fw2int all -- * * 0.0.0.0/0 0.0.0.0/0
Chain fw2dmz (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
6 504 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 8
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain fw2int (1 references)
pkts bytes target prot opt in out source destination
178 62960 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 8
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
30 1993 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain int2dmz (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 8
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain int2fw (1 references)
pkts bytes target prot opt in out source destination
191 35353 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 8
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 8
19 1580 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logdrop (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:logdrop:DROP:'
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logreject (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:logreject:REJECT:'
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
Chain reject (7 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
PKTTYPE = broadcast
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
PKTTYPE = multicast
0 0 DROP all -- * * 255.255.255.255 0.0.0.0/0
0 0 DROP all -- * * 224.0.0.0/4 0.0.0.0/0
0 0 DROP 2 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with tcp-reset
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-port-unreachable
0 0 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-unreachable
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-prohibited
Chain shorewall (0 references)
pkts bytes target prot opt in out source destination
Chain smurfs (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 192.168.30.255 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'
0 0 DROP all -- * * 192.168.30.255 0.0.0.0/0
0 0 LOG all -- * * 255.255.255.255 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'
0 0 DROP all -- * * 255.255.255.255 0.0.0.0/0
0 0 LOG all -- * * 224.0.0.0/4 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'
0 0 DROP all -- * * 224.0.0.0/4 0.0.0.0/0
Log (/var/log/messages)
NAT Table
Chain PREROUTING (policy ACCEPT 29 packets, 2500 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 74 packets, 4925 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 74 packets, 4925 bytes)
pkts bytes target prot opt in out source destination
Mangle Table
Chain PREROUTING (policy ACCEPT 306 packets, 44577 bytes)
pkts bytes target prot opt in out source destination
306 44577 tcpre all -- * * 0.0.0.0/0 0.0.0.0/0
Chain INPUT (policy ACCEPT 306 packets, 44577 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 tcfor all -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 5383 packets, 2552K bytes)
pkts bytes target prot opt in out source destination
300 74629 tcout all -- * * 0.0.0.0/0 0.0.0.0/0
Chain POSTROUTING (policy ACCEPT 300 packets, 74629 bytes)
pkts bytes target prot opt in out source destination
300 74629 tcpost all -- * * 0.0.0.0/0 0.0.0.0/0
Chain tcfor (1 references)
pkts bytes target prot opt in out source destination
Chain tcout (1 references)
pkts bytes target prot opt in out source destination
Chain tcpost (1 references)
pkts bytes target prot opt in out source destination
Chain tcpre (1 references)
pkts bytes target prot opt in out source destination
Conntrack Table
tcp 6 431999 ESTABLISHED src=192.168.30.102 dst=192.168.30.10 sport=53259
dport=10000 packets=14 bytes=2635 src=192.168.30.10 dst=192.168.30.102
sport=10000 dport=53259 packets=17 bytes=10253 [ASSURED] mark=0 secmark=0 use=1
tcp 6 431962 ESTABLISHED src=192.168.30.102 dst=192.168.30.10 sport=53257
dport=10000 packets=9 bytes=1914 src=192.168.30.10 dst=192.168.30.102
sport=10000 dport=53257 packets=10 bytes=3481 [ASSURED] mark=0 secmark=0 use=1
icmp 1 22 src=10.10.10.10 dst=10.10.10.1 type=8 code=0 id=29186 packets=3
bytes=252 [UNREPLIED] src=10.10.10.1 dst=10.10.10.10 type=0 code=0 id=29186
packets=0 bytes=0 mark=0 secmark=0 use=1
tcp 6 431962 ESTABLISHED src=192.168.30.102 dst=192.168.30.10 sport=53256
dport=10000 packets=13 bytes=3244 src=192.168.30.10 dst=192.168.30.102
sport=10000 dport=53256 packets=15 bytes=9893 [ASSURED] mark=0 secmark=0 use=1
udp 17 6 src=192.168.30.10 dst=195.50.140.252 sport=60649 dport=53
packets=1 bytes=73 src=195.50.140.252 dst=192.168.30.10 sport=53 dport=60649
packets=1 bytes=148 mark=0 secmark=0 use=1
tcp 6 431962 ESTABLISHED src=192.168.30.102 dst=192.168.30.10 sport=53261
dport=10000 packets=13 bytes=3260 src=192.168.30.10 dst=192.168.30.102
sport=10000 dport=53261 packets=15 bytes=9285 [ASSURED] mark=0 secmark=0 use=1
tcp 6 431962 ESTABLISHED src=192.168.30.102 dst=192.168.30.10 sport=53260
dport=10000 packets=9 bytes=1874 src=192.168.30.10 dst=192.168.30.102
sport=10000 dport=53260 packets=8 bytes=2661 [ASSURED] mark=0 secmark=0 use=1
udp 17 9 src=192.168.30.57 dst=192.168.30.255 sport=138 dport=138
packets=1 bytes=244 [UNREPLIED] src=192.168.30.255 dst=192.168.30.57 sport=138
dport=138 packets=0 bytes=0 mark=0 secmark=0 use=1
udp 17 15 src=192.168.30.1 dst=192.168.30.255 sport=520 dport=520
packets=1 bytes=92 [UNREPLIED] src=192.168.30.255 dst=192.168.30.1 sport=520
dport=520 packets=0 bytes=0 mark=0 secmark=0 use=1
tcp 6 431992 ESTABLISHED src=192.168.30.102 dst=192.168.30.10 sport=53262
dport=22 packets=49 bytes=4440 src=192.168.30.10 dst=192.168.30.102 sport=22
dport=53262 packets=41 bytes=5444 [ASSURED] mark=0 secmark=0 use=1
tcp 6 431962 ESTABLISHED src=192.168.30.102 dst=192.168.30.10 sport=53258
dport=10000 packets=10 bytes=1942 src=192.168.30.10 dst=192.168.30.102
sport=10000 dport=53258 packets=9 bytes=3335 [ASSURED] mark=0 secmark=0 use=1
IP Configuration
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:16:17:a1:23:8d brd ff:ff:ff:ff:ff:ff
inet 10.10.10.10/24 brd 10.10.10.255 scope global eth0
inet6 fe80::216:17ff:fea1:238d/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:50:22:8b:a7:53 brd ff:ff:ff:ff:ff:ff
inet 192.168.30.10/24 brd 192.168.30.255 scope global eth1
inet6 fe80::250:22ff:fe8b:a753/64 scope link
valid_lft forever preferred_lft forever
4: sit0: <NOARP> mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0
IP Stats
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
RX: bytes packets errors dropped overrun mcast
80833 1001 0 0 0 0
TX: bytes packets errors dropped carrier collsns
80833 1001 0 0 0 0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:16:17:a1:23:8d brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
125178 1244 0 0 0 0
TX: bytes packets errors dropped carrier collsns
94990 898 0 0 0 0
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:50:22:8b:a7:53 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
255856328 263003 0 0 0 0
TX: bytes packets errors dropped carrier collsns
20177403 147898 0 0 0 0
4: sit0: <NOARP> mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
0 0 0 0 0 0
PFKEY SPD
No SPD entries.
PFKEY SAD
No SAD entries.
/proc
/proc/version = Linux version 2.6.18-164.11.1.el5
([email protected]) (gcc version 4.1.2 20080704 (Red Hat
4.1.2-46)) #1 SMP Wed Jan 20 07:39:04 EST 2010
/proc/sys/net/ipv4/ip_forward = 1
/proc/sys/net/ipv4/icmp_echo_ignore_all = 0
/proc/sys/net/ipv4/conf/all/proxy_arp = 0
/proc/sys/net/ipv4/conf/all/arp_filter = 0
/proc/sys/net/ipv4/conf/all/arp_ignore = 0
/proc/sys/net/ipv4/conf/all/rp_filter = 1
/proc/sys/net/ipv4/conf/all/log_martians = 0
/proc/sys/net/ipv4/conf/default/proxy_arp = 0
/proc/sys/net/ipv4/conf/default/arp_filter = 0
/proc/sys/net/ipv4/conf/default/arp_ignore = 0
/proc/sys/net/ipv4/conf/default/rp_filter = 0
/proc/sys/net/ipv4/conf/default/log_martians = 0
/proc/sys/net/ipv4/conf/eth0/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth0/arp_filter = 0
/proc/sys/net/ipv4/conf/eth0/arp_ignore = 0
/proc/sys/net/ipv4/conf/eth0/rp_filter = 0
/proc/sys/net/ipv4/conf/eth0/log_martians = 0
/proc/sys/net/ipv4/conf/eth1/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth1/arp_filter = 0
/proc/sys/net/ipv4/conf/eth1/arp_ignore = 0
/proc/sys/net/ipv4/conf/eth1/rp_filter = 0
/proc/sys/net/ipv4/conf/eth1/log_martians = 0
/proc/sys/net/ipv4/conf/lo/proxy_arp = 0
/proc/sys/net/ipv4/conf/lo/arp_filter = 0
/proc/sys/net/ipv4/conf/lo/arp_ignore = 0
/proc/sys/net/ipv4/conf/lo/rp_filter = 0
/proc/sys/net/ipv4/conf/lo/log_martians = 0
Routing Rules
0: from all lookup 255
32766: from all lookup main
32767: from all lookup default
Table 255:
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
broadcast 10.10.10.0 dev eth0 proto kernel scope link src 10.10.10.10
local 192.168.30.10 dev eth1 proto kernel scope host src 192.168.30.10
broadcast 192.168.30.255 dev eth1 proto kernel scope link src 192.168.30.10
local 10.10.10.10 dev eth0 proto kernel scope host src 10.10.10.10
broadcast 10.10.10.255 dev eth0 proto kernel scope link src 10.10.10.10
broadcast 192.168.30.0 dev eth1 proto kernel scope link src 192.168.30.10
broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1
Table default:
Table main:
192.168.30.0/24 dev eth1 proto kernel scope link src 192.168.30.10
10.10.10.0/24 dev eth0 proto kernel scope link src 10.10.10.10
169.254.0.0/16 dev eth1 scope link
default via 192.168.30.1 dev eth1
ARP
? (192.168.30.1) at 00:23:F8:27:99:F0 [ether] on eth1
? (192.168.30.102) at 00:19:DB:CE:1C:7B [ether] on eth1
? (10.10.10.1) at 00:23:F8:27:99:F2 [ether] on eth0
Modules
ip_conntrack 53281 24
ipt_MASQUERADE,ip_nat_tftp,ip_nat_snmp_basic,ip_nat_sip,ip_nat_pptp,ip_nat_irc,ip_nat_h323,ip_nat_ftp,ip_nat_amanda,ip_conntrack_tftp,ip_conntrack_sip,ip_conntrack_pptp,ip_conntrack_irc,ip_conntrack_h323,ip_conntrack_ftp,ip_conntrack_amanda,xt_helper,xt_conntrack,xt_CONNMARK,xt_connmark,xt_state,ip_conntrack_netbios_ns,iptable_nat,ip_nat
ip_conntrack_amanda 8901 1 ip_nat_amanda
ip_conntrack_ftp 11569 1 ip_nat_ftp
ip_conntrack_h323 51421 1 ip_nat_h323
ip_conntrack_irc 10545 1 ip_nat_irc
ip_conntrack_netbios_ns 6977 0
ip_conntrack_pptp 15441 1 ip_nat_pptp
ip_conntrack_sip 11313 1 ip_nat_sip
ip_conntrack_tftp 8249 1 ip_nat_tftp
ip_nat 21101 12
ipt_SAME,ipt_REDIRECT,ipt_NETMAP,ipt_MASQUERADE,ip_nat_tftp,ip_nat_sip,ip_nat_pptp,ip_nat_irc,ip_nat_h323,ip_nat_ftp,ip_nat_amanda,iptable_nat
ip_nat_amanda 6465 0
ip_nat_ftp 7361 0
ip_nat_h323 11073 0
ip_nat_irc 6721 0
ip_nat_pptp 9797 0
ip_nat_sip 8129 0
ip_nat_snmp_basic 13253 0
ip_nat_tftp 5953 0
ip_tables 17029 4
iptable_raw,iptable_filter,iptable_mangle,iptable_nat
ipt_CLUSTERIP 12357 0
ipt_DSCP 6337 0
ipt_ECN 7105 0
ipt_LOG 10049 8
ipt_MASQUERADE 7617 0
ipt_NETMAP 6081 0
ipt_REDIRECT 6081 0
ipt_REJECT 9665 4
ipt_SAME 6465 0
ipt_TCPMSS 8001 0
ipt_TOS 6337 0
ipt_TTL 6337 0
ipt_ULOG 11717 0
ipt_addrtype 5953 0
ipt_ah 5953 0
ipt_dscp 5825 0
ipt_ecn 6337 0
ipt_hashlimit 12617 0
ipt_iprange 5953 0
ipt_owner 6081 0
ipt_recent 12497 0
ipt_tos 5825 0
ipt_ttl 5953 0
iptable_filter 7105 1
iptable_mangle 6849 1
iptable_nat 11077 0
iptable_raw 6209 0
xt_CLASSIFY 5953 0
xt_CONNMARK 6465 0
xt_DSCP 6465 0
xt_MARK 6465 0
xt_NFQUEUE 6209 0
xt_comment 5953 0
xt_connmark 6209 0
xt_conntrack 6593 0
xt_dccp 7365 0
xt_helper 6593 0
xt_length 6081 0
xt_limit 6721 0
xt_mac 6081 0
xt_mark 5953 0
xt_multiport 7233 4
xt_physdev 6993 0
xt_pkttype 6081 4
xt_policy 7617 0
xt_state 6209 14
xt_tcpmss 6337 0
xt_tcpudp 7105 11
Shorewall has detected the following iptables/netfilter capabilities:
NAT: Available
Packet Mangling: Available
Multi-port Match: Available
Extended Multi-port Match: Available
Connection Tracking Match: Available
Packet Type Match: Available
Policy Match: Available
Physdev Match: Available
Physdev-is-bridged Support: Available
Packet length Match: Available
IP range Match: Available
Recent Match: Available
Owner Match: Available
Ipset Match: Not available
CONNMARK Target: Available
Extended CONNMARK Target: Available
Connmark Match: Available
Extended Connmark Match: Available
Raw Table: Available
IPP2P Match: Not available
CLASSIFY Target: Available
Extended REJECT: Available
Repeat match: Not available
MARK Target: Available
Extended MARK Target: Available
Mangle FORWARD Chain: Available
Comments: Available
Address Type Match: Available
TCPMSS Match: Available
Hashlimit Match: Available
NFQUEUE Target: Available
Traffic Control
Device eth0:
qdisc pfifo_fast 0: bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
Sent 94030 bytes 898 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
Device eth1:
qdisc pfifo_fast 0: bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
Sent 20102829 bytes 147926 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
TC Filters
Device eth0:
Device eth1:
------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel
