>
>>> DNAT:info net:192.168.10.0/24 net:192.168.241.65 all
-
>>> - 192.168.20.33
>>>
>>> But for that packets to go to 192.168.241.65 the source must be also
>>> rewritten to 196.44.33.118.
>>>
>>> Any ideas?
>>> In Shorewall, all source address rewriting is accomplished using
>>> entries in
>> /etc/shorewall/masq.
>>
>> I have added the following line:
>>
>> /etc/shorewall/masq
>> eth0:192.168.241.65 192.168.10.0/24 196.44.33.118
>>
>> But this line/rules is not implemented correctly.
>>
>> The DNAT happens, but not the SNAT.
>>
>> In what following is DNAT and SNAT rules applied?
>>
>
>> DNAT is applied before SNAT.
>
>> And if you have more problems, please include a dump (see
> http://www.shorewall.net/support.htm#Guidelines).
>
> Sorry
>
> Version:
>
> 3.0.4 (Ubuntu dapper package)
>
> ip addr show:
>
> 1: lo: <LOOPBACK,UP,10000> mtu 16436 qdisc noqueue
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> inet 127.0.0.1/8 scope host lo
> inet6 ::1/128 scope host
> valid_lft forever preferred_lft forever
> 2: eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 100
> link/ether 00:13:72:3f:74:20 brd ff:ff:ff:ff:ff:ff
> inet 196.44.33.187/29 brd 196.44.33.191 scope global eth0
> inet 196.44.33.118/32 scope global eth0
> inet 196.44.33.190/29 scope global secondary eth0:0
> inet6 fe80::213:72ff:fe3f:7420/64 scope link
> valid_lft forever preferred_lft forever
> 3: eth1: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen
1000
> link/ether 00:13:72:3f:74:21 brd ff:ff:ff:ff:ff:ff
> inet 192.168.199.1/24 brd 192.168.199.255 scope global eth1
> inet6 fe80::213:72ff:fe3f:7421/64 scope link
> valid_lft forever preferred_lft forever
> 4: sit0: <NOARP> mtu 1480 qdisc noop
> link/sit 0.0.0.0 brd 0.0.0.0
> 5: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,10000> mtu 1500 qdisc
> pfifo_fast qlen 100
> link/[65534]
> inet 192.168.20.1 peer 192.168.20.2/32 scope global tun0
>
> ip route show:
>
> 192.168.1.253 dev eth0 scope link
> 192.168.20.2 dev tun0 proto kernel scope link src 192.168.20.1
> 192.168.241.65 dev eth0 scope link
> 196.44.33.184/29 dev eth0 proto kernel scope link src 196.44.33.187
> 192.168.20.0/27 via 192.168.20.2 dev tun0
> 192.168.199.0/24 dev eth1 proto kernel scope link src 192.168.199.1
> 192.168.10.0/24 dev eth0 scope link
> default via 196.44.33.185 dev eth0
>
>
>>From the logs on Machine B:
>
> Oct 9 20:58:16 neon kernel: [43844718.340000]
> Shorewall:net_dnat:DNAT:IN=eth0 OUT=
> MAC=00:13:72:3f:74:20:00:12:00:6c:ea:d0:08:00 SRC=192.168.10.198
> DST=192.168.20.33 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=42453 DF
> PROTO=TCP
> SPT=60171 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0 Oct 9 20:58:16 neon
> kernel: [43844718.340000] Shorewall:net2all:DROP:IN=eth0 OUT=eth0
> SRC=192.168.10.198
> DST=192.168.241.65 LEN=60 TOS=0x00 PREC=0x00 TTL=62 ID=42453 DF
> PROTO=TCP
> SPT=60171 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0
>
> Thank you for your help Tom.
>Jan -- you are having a connection problem. I need you to:
>a) shorewall reset
>b) Try the connection that isn't working (where the source IP address is
not being rewritten)
>c) shorewall dump > dump.txt
>d) Send me the dump.txt file along with the client IP address, the server
IP address, protocol and port number (or tell me that it is SSH).
I am trying to ssh from a machine (192.168.10.198) behind machine A
(192.168.10.200) to 192.168.20.33.
Between machine A and machine B there is a ipsec vpn.
Config for this vpn:
conn in2one-to-adept
type=tunnel
connaddrfamily=ipv4
left=196.44.33.190
leftnexthop=%direct
leftsubnet=192.168.20.0/24
[EMAIL PROTECTED]
leftrsasigkey=bla
right=196.44.33.114
rightnexthop=%direct
rightsubnet=192.168.10.0/24
[EMAIL PROTECTED]
rightrsasigkey=bla
auto=start
Then machine B must rewrite any packets (on all ports) to 192.168.20.33 ,the
destination to 192.168.241.65 and the source to 196.44.33.118
Between machine B and C is a ipsec vpn:
Config:
conn obw
type=tunnel
connaddrfamily=ipv4
left=196.44.33.190
leftnexthop=%direct
leftsubnet=196.44.33.118/32
right=168.167.251.89
rightnexthop=%direct
rightsubnet=192.168.241.65/32
rightid=193.219.215.3
authby=secret
esp=3des-md5-96
#esp=3des-md5
keyexchange=ike
pfs=no
auto=start
If I ssh from from machine b with the following:
ssh -b 196.44.33.118 [EMAIL PROTECTED]
It works.
If I ssh from 192.168.10.198 then the following is seen on machine B's
syslog
> Shorewall:net_dnat:DNAT:IN=eth0 OUT=
> MAC=00:13:72:3f:74:20:00:12:00:6c:ea:d0:08:00 SRC=192.168.10.198
> DST=192.168.20.33 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=42453 DF
> PROTO=TCP
> SPT=60171 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0 Oct 9 20:58:16 neon
> kernel: [43844718.340000] Shorewall:net2all:DROP:IN=eth0 OUT=eth0
> SRC=192.168.10.198
> DST=192.168.241.65 LEN=60 TOS=0x00 PREC=0x00 TTL=62 ID=42453 DF
> PROTO=TCP
> SPT=60171 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0
Hope this make it more clear.
Let me know If I can give anymore information.
Regards
Jan van der Vyver
Shorewall-3.0.4 Dump at neon - Mon Oct 9 21:16:16 SAST 2006
Counters reset Mon Oct 9 21:14:39 SAST 2006
Chain Drop (1 references)
pkts bytes target prot opt in out source destination
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:113
7 396 dropBcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 3 code 4
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 11
7 396 dropInvalid all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,445
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:137:139
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:137 dpts:1024:65535
2 96 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,139,445
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1900
5 300 dropNotSyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:53
Chain INPUT (policy DROP 2 packets, 144 bytes)
pkts bytes target prot opt in out source destination
10 680 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
106 13633 eth0_in all -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 tun0_in all -- tun0 * 0.0.0.0/0 0.0.0.0/0
25 1520 eth1_in all -- eth1 * 0.0.0.0/0 0.0.0.0/0
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:INPUT:REJECT:'
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
5 300 eth0_fwd all -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 tun0_fwd all -- tun0 * 0.0.0.0/0 0.0.0.0/0
0 0 eth1_fwd all -- eth1 * 0.0.0.0/0 0.0.0.0/0
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:FORWARD:REJECT:'
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy DROP 2 packets, 254 bytes)
pkts bytes target prot opt in out source destination
10 680 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
174 16876 fw2net all -- * eth0 0.0.0.0/0 0.0.0.0/0
0 0 all2all all -- * tun0 0.0.0.0/0 0.0.0.0/0
15 880 fw2bck all -- * eth1 0.0.0.0/0 0.0.0.0/0
0 0 fw2ic all -- * eth0 0.0.0.0/0
192.168.1.253
0 0 fw2vpn all -- * eth0 0.0.0.0/0
192.168.10.0/24
0 0 all2all all -- * eth0 0.0.0.0/0
192.168.241.65
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:OUTPUT:REJECT:'
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
Chain Reject (4 references)
pkts bytes target prot opt in out source destination
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:113
0 0 dropBcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 3 code 4
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 11
0 0 dropInvalid all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,445
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:137:139
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:137 dpts:1024:65535
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,139,445
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1900
0 0 dropNotSyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:53
Chain all2all (32 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:all2all:REJECT:'
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
Chain bck2fw (1 references)
pkts bytes target prot opt in out source destination
25 1520 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain bck2ic (1 references)
pkts bytes target prot opt in out source destination
0 0 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:0x06/0x02 TCPMSS set 1000
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 all2all all -- * * 0.0.0.0/0 0.0.0.0/0
Chain dropBcast (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
PKTTYPE = broadcast
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
PKTTYPE = multicast
Chain dropInvalid (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID
Chain dropNotSyn (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:!0x17/0x02
Chain dun2ic (1 references)
pkts bytes target prot opt in out source destination
0 0 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:0x06/0x02 TCPMSS set 1000
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 all2all all -- * * 0.0.0.0/0 0.0.0.0/0
Chain dynamic (6 references)
pkts bytes target prot opt in out source destination
Chain eth0_fwd (1 references)
pkts bytes target prot opt in out source destination
5 300 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
5 300 smurfs all -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
5 300 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 net2dun all -- * tun0 0.0.0.0/0 0.0.0.0/0
0 0 net2all all -- * eth1 0.0.0.0/0 0.0.0.0/0
0 0 net2ic all -- * eth0 0.0.0.0/0
192.168.1.253
0 0 net2all all -- * eth0 0.0.0.0/0
192.168.10.0/24
5 300 net2all all -- * eth0 0.0.0.0/0
192.168.241.65
0 0 ic2net all -- * eth0 192.168.1.253 0.0.0.0/0
0 0 ic2dun all -- * tun0 192.168.1.253 0.0.0.0/0
0 0 ic2bck all -- * eth1 192.168.1.253 0.0.0.0/0
0 0 ic2vpn all -- * eth0 192.168.1.253
192.168.10.0/24
0 0 ic2obo all -- * eth0 192.168.1.253
192.168.241.65
0 0 all2all all -- * eth0 192.168.10.0/24 0.0.0.0/0
0 0 all2all all -- * tun0 192.168.10.0/24 0.0.0.0/0
0 0 all2all all -- * eth1 192.168.10.0/24 0.0.0.0/0
0 0 vpn2ic all -- * eth0 192.168.10.0/24
192.168.1.253
0 0 all2all all -- * eth0 192.168.10.0/24
192.168.241.65
0 0 all2all all -- * eth0 192.168.241.65 0.0.0.0/0
0 0 all2all all -- * tun0 192.168.241.65 0.0.0.0/0
0 0 all2all all -- * eth1 192.168.241.65 0.0.0.0/0
0 0 obo2ic all -- * eth0 192.168.241.65
192.168.1.253
0 0 all2all all -- * eth0 192.168.241.65
192.168.10.0/24
Chain eth0_in (1 references)
pkts bytes target prot opt in out source destination
4 192 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
4 192 smurfs all -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
50 4512 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
106 13633 net2fw all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 all2all all -- * * 192.168.1.253 0.0.0.0/0
0 0 all2all all -- * * 192.168.10.0/24 0.0.0.0/0
0 0 all2all all -- * * 192.168.241.65 0.0.0.0/0
Chain eth1_fwd (1 references)
pkts bytes target prot opt in out source destination
0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
0 0 all2all all -- * eth0 0.0.0.0/0 0.0.0.0/0
0 0 all2all all -- * tun0 0.0.0.0/0 0.0.0.0/0
0 0 bck2ic all -- * eth0 0.0.0.0/0
192.168.1.253
0 0 all2all all -- * eth0 0.0.0.0/0
192.168.10.0/24
0 0 all2all all -- * eth0 0.0.0.0/0
192.168.241.65
Chain eth1_in (1 references)
pkts bytes target prot opt in out source destination
0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
25 1520 bck2fw all -- * * 0.0.0.0/0 0.0.0.0/0
Chain fw2bck (1 references)
pkts bytes target prot opt in out source destination
15 880 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain fw2ic (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain fw2net (1 references)
pkts bytes target prot opt in out source destination
76 4440 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
49 5383 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT esp -- * * 0.0.0.0/0
196.44.33.114
0 0 ACCEPT ah -- * * 0.0.0.0/0
196.44.33.114
0 0 ACCEPT udp -- * * 0.0.0.0/0
196.44.33.114 udp dpt:500 state NEW
0 0 ACCEPT esp -- * * 0.0.0.0/0
168.167.251.89
0 0 ACCEPT ah -- * * 0.0.0.0/0
168.167.251.89
0 0 ACCEPT udp -- * * 0.0.0.0/0
168.167.251.89 udp dpt:500 state NEW
0 0 ACCEPT esp -- * * 0.0.0.0/0
196.201.83.153
0 0 ACCEPT ah -- * * 0.0.0.0/0
196.201.83.153
0 0 ACCEPT udp -- * * 0.0.0.0/0
196.201.83.153 udp dpt:500 state NEW
49 7053 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain fw2vpn (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0
192.168.10.198 tcp dpt:13013
0 0 all2all all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ic2bck (1 references)
pkts bytes target prot opt in out source destination
0 0 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:0x06/0x02 TCPMSS set 1000
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 all2all all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ic2dun (1 references)
pkts bytes target prot opt in out source destination
0 0 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:0x06/0x02 TCPMSS set 1000
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 all2all all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ic2ic (0 references)
pkts bytes target prot opt in out source destination
0 0 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:0x06/0x02 TCPMSS set 1000
0 0 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:0x06/0x02 TCPMSS set 1000
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ic2net (1 references)
pkts bytes target prot opt in out source destination
0 0 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:0x06/0x02 TCPMSS set 1000
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 all2all all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ic2obo (1 references)
pkts bytes target prot opt in out source destination
0 0 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:0x06/0x02 TCPMSS set 1000
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 all2all all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ic2vpn (1 references)
pkts bytes target prot opt in out source destination
0 0 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:0x06/0x02 TCPMSS set 1000
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 all2all all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logflags (5 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 4 level 6 prefix `Shorewall:logflags:DROP:'
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain net2all (6 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
7 396 Drop all -- * * 0.0.0.0/0 0.0.0.0/0
5 300 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:net2all:DROP:'
5 300 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain net2dun (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 192.168.10.0/24 0.0.0.0/0
icmp type 8
0 0 net2all all -- * * 0.0.0.0/0 0.0.0.0/0
Chain net2fw (1 references)
pkts bytes target prot opt in out source destination
102 13441 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
2 96 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 8
0 0 ACCEPT all -- * * 196.44.33.184/29 0.0.0.0/0
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:22
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:443
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:25
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:21
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:143
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:993
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:110
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:995
0 0 ACCEPT tcp -- * * 192.168.10.0/24 0.0.0.0/0
tcp dpt:873
0 0 ACCEPT esp -- * * 196.44.33.114 0.0.0.0/0
0 0 ACCEPT ah -- * * 196.44.33.114 0.0.0.0/0
0 0 ACCEPT udp -- * * 196.44.33.114 0.0.0.0/0
udp dpt:500 state NEW
0 0 ACCEPT esp -- * * 168.167.251.89 0.0.0.0/0
0 0 ACCEPT ah -- * * 168.167.251.89 0.0.0.0/0
0 0 ACCEPT udp -- * * 168.167.251.89 0.0.0.0/0
udp dpt:500 state NEW
0 0 ACCEPT esp -- * * 196.201.83.153 0.0.0.0/0
0 0 ACCEPT ah -- * * 196.201.83.153 0.0.0.0/0
0 0 ACCEPT udp -- * * 196.201.83.153 0.0.0.0/0
udp dpt:500 state NEW
2 96 net2all all -- * * 0.0.0.0/0 0.0.0.0/0
Chain net2ic (1 references)
pkts bytes target prot opt in out source destination
0 0 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:0x06/0x02 TCPMSS set 1000
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 net2all all -- * * 0.0.0.0/0 0.0.0.0/0
Chain net2net (0 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT all -- * * 192.168.10.0/24 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain obo2ic (1 references)
pkts bytes target prot opt in out source destination
0 0 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:0x06/0x02 TCPMSS set 1000
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 all2all all -- * * 0.0.0.0/0 0.0.0.0/0
Chain reject (10 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
PKTTYPE = broadcast
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
PKTTYPE = multicast
0 0 DROP all -- * * 196.44.33.191 0.0.0.0/0
0 0 DROP all -- * * 192.168.199.255 0.0.0.0/0
0 0 DROP all -- * * 255.255.255.255 0.0.0.0/0
0 0 DROP all -- * * 224.0.0.0/4 0.0.0.0/0
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with tcp-reset
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-port-unreachable
0 0 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-unreachable
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-prohibited
Chain shorewall (0 references)
pkts bytes target prot opt in out source destination
Chain smurfs (4 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 196.44.33.191 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'
0 0 DROP all -- * * 196.44.33.191 0.0.0.0/0
0 0 LOG all -- * * 192.168.199.255 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'
0 0 DROP all -- * * 192.168.199.255 0.0.0.0/0
0 0 LOG all -- * * 255.255.255.255 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'
0 0 DROP all -- * * 255.255.255.255 0.0.0.0/0
0 0 LOG all -- * * 224.0.0.0/4 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'
0 0 DROP all -- * * 224.0.0.0/4 0.0.0.0/0
Chain tcpflags (4 references)
pkts bytes target prot opt in out source destination
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:0x3F/0x29
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:0x3F/0x00
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:0x06/0x06
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:0x03/0x03
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp spt:0 flags:0x17/0x02
Chain tun0_fwd (1 references)
pkts bytes target prot opt in out source destination
0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
0 0 smurfs all -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
0 0 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 all2all all -- * eth0 0.0.0.0/0 0.0.0.0/0
0 0 all2all all -- * eth1 0.0.0.0/0 0.0.0.0/0
0 0 dun2ic all -- * eth0 0.0.0.0/0
192.168.1.253
0 0 all2all all -- * eth0 0.0.0.0/0
192.168.10.0/24
0 0 all2all all -- * eth0 0.0.0.0/0
192.168.241.65
Chain tun0_in (1 references)
pkts bytes target prot opt in out source destination
0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
0 0 smurfs all -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
0 0 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 all2all all -- * * 0.0.0.0/0 0.0.0.0/0
Chain vpn2ic (1 references)
pkts bytes target prot opt in out source destination
0 0 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:0x06/0x02 TCPMSS set 1000
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 all2all all -- * * 0.0.0.0/0 0.0.0.0/0
Oct 9 20:58:10 neon [43844712.340000] Shorewall:net2all:DROP:IN=eth0 OUT=eth0
SRC=192.168.10.198 DST=192.168.241.65 LEN=60 TOS=0x00 PREC=0x00 TTL=62 ID=42451
DF PROTO=TCP SPT=60171 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0
Oct 9 20:58:16 neon [43844718.340000] Shorewall:net_dnat:DNAT:IN=eth0 OUT=
SRC=192.168.10.198 DST=192.168.20.33 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=42453
DF PROTO=TCP SPT=60171 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0
Oct 9 20:58:16 neon [43844718.340000] Shorewall:net2all:DROP:IN=eth0 OUT=eth0
SRC=192.168.10.198 DST=192.168.241.65 LEN=60 TOS=0x00 PREC=0x00 TTL=62 ID=42453
DF PROTO=TCP SPT=60171 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0
Oct 9 20:58:28 neon [43844730.340000] Shorewall:net_dnat:DNAT:IN=eth0 OUT=
SRC=192.168.10.198 DST=192.168.20.33 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=42455
DF PROTO=TCP SPT=60171 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0
Oct 9 20:58:28 neon [43844730.340000] Shorewall:net2all:DROP:IN=eth0 OUT=eth0
SRC=192.168.10.198 DST=192.168.241.65 LEN=60 TOS=0x00 PREC=0x00 TTL=62 ID=42455
DF PROTO=TCP SPT=60171 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0
Oct 9 20:58:52 neon [43844754.340000] Shorewall:net_dnat:DNAT:IN=eth0 OUT=
SRC=192.168.10.198 DST=192.168.20.33 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=42457
DF PROTO=TCP SPT=60171 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0
Oct 9 20:58:52 neon [43844754.340000] Shorewall:net2all:DROP:IN=eth0 OUT=eth0
SRC=192.168.10.198 DST=192.168.241.65 LEN=60 TOS=0x00 PREC=0x00 TTL=62 ID=42457
DF PROTO=TCP SPT=60171 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0
Oct 9 20:59:40 neon [43844802.330000] Shorewall:net_dnat:DNAT:IN=eth0 OUT=
SRC=192.168.10.198 DST=192.168.20.33 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=42459
DF PROTO=TCP SPT=60171 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0
Oct 9 20:59:40 neon [43844802.330000] Shorewall:net2all:DROP:IN=eth0 OUT=eth0
SRC=192.168.10.198 DST=192.168.241.65 LEN=60 TOS=0x00 PREC=0x00 TTL=62 ID=42459
DF PROTO=TCP SPT=60171 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0
Oct 9 21:09:25 neon [43845387.060000] Shorewall:net2all:DROP:IN=eth0 OUT=
SRC=218.108.238.132 DST=196.44.33.190 LEN=404 TOS=0x00 PREC=0x00 TTL=109
ID=38478 PROTO=UDP SPT=3277 DPT=1434 LEN=384
Oct 9 21:15:17 neon [43845739.480000] Shorewall:net_dnat:DNAT:IN=eth0 OUT=
SRC=192.168.10.198 DST=192.168.20.33 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=47347
DF PROTO=TCP SPT=35899 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0
Oct 9 21:15:17 neon [43845739.480000] Shorewall:net2all:DROP:IN=eth0 OUT=eth0
SRC=192.168.10.198 DST=192.168.241.65 LEN=60 TOS=0x00 PREC=0x00 TTL=62 ID=47347
DF PROTO=TCP SPT=35899 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0
Oct 9 21:15:20 neon [43845742.480000] Shorewall:net_dnat:DNAT:IN=eth0 OUT=
SRC=192.168.10.198 DST=192.168.20.33 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=47349
DF PROTO=TCP SPT=35899 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0
Oct 9 21:15:20 neon [43845742.480000] Shorewall:net2all:DROP:IN=eth0 OUT=eth0
SRC=192.168.10.198 DST=192.168.241.65 LEN=60 TOS=0x00 PREC=0x00 TTL=62 ID=47349
DF PROTO=TCP SPT=35899 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0
Oct 9 21:15:26 neon [43845748.480000] Shorewall:net_dnat:DNAT:IN=eth0 OUT=
SRC=192.168.10.198 DST=192.168.20.33 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=47351
DF PROTO=TCP SPT=35899 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0
Oct 9 21:15:26 neon [43845748.480000] Shorewall:net2all:DROP:IN=eth0 OUT=eth0
SRC=192.168.10.198 DST=192.168.241.65 LEN=60 TOS=0x00 PREC=0x00 TTL=62 ID=47351
DF PROTO=TCP SPT=35899 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0
Oct 9 21:15:38 neon [43845760.480000] Shorewall:net_dnat:DNAT:IN=eth0 OUT=
SRC=192.168.10.198 DST=192.168.20.33 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=47353
DF PROTO=TCP SPT=35899 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0
Oct 9 21:15:38 neon [43845760.480000] Shorewall:net2all:DROP:IN=eth0 OUT=eth0
SRC=192.168.10.198 DST=192.168.241.65 LEN=60 TOS=0x00 PREC=0x00 TTL=62 ID=47353
DF PROTO=TCP SPT=35899 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0
Oct 9 21:16:02 neon [43845784.470000] Shorewall:net_dnat:DNAT:IN=eth0 OUT=
SRC=192.168.10.198 DST=192.168.20.33 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=47355
DF PROTO=TCP SPT=35899 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0
Oct 9 21:16:02 neon [43845784.470000] Shorewall:net2all:DROP:IN=eth0 OUT=eth0
SRC=192.168.10.198 DST=192.168.241.65 LEN=60 TOS=0x00 PREC=0x00 TTL=62 ID=47355
DF PROTO=TCP SPT=35899 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0
NAT Table
Chain PREROUTING (policy ACCEPT 869 packets, 55212 bytes)
pkts bytes target prot opt in out source destination
9 492 net_dnat all -- eth0 * 0.0.0.0/0 0.0.0.0/0
Chain POSTROUTING (policy ACCEPT 286 packets, 25222 bytes)
pkts bytes target prot opt in out source destination
0 0 eth0_masq all -- * eth0 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 286 packets, 25222 bytes)
pkts bytes target prot opt in out source destination
Chain eth0_masq (1 references)
pkts bytes target prot opt in out source destination
0 0 SNAT all -- * * 192.168.10.0/24
192.168.241.65 to:196.44.33.118
Chain net_dnat (1 references)
pkts bytes target prot opt in out source destination
5 300 LOG all -- * * 192.168.10.0/24
192.168.20.33 LOG flags 0 level 6 prefix `Shorewall:net_dnat:DNAT:'
5 300 DNAT all -- * * 192.168.10.0/24
192.168.20.33 to:192.168.241.65
Mangle Table
Chain PREROUTING (policy ACCEPT 373K packets, 44M bytes)
pkts bytes target prot opt in out source destination
146 16133 tcpre all -- * * 0.0.0.0/0 0.0.0.0/0
Chain INPUT (policy ACCEPT 373K packets, 44M bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 14 packets, 804 bytes)
pkts bytes target prot opt in out source destination
5 300 tcfor all -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 24M packets, 35G bytes)
pkts bytes target prot opt in out source destination
204 18876 tcout all -- * * 0.0.0.0/0 0.0.0.0/0
Chain POSTROUTING (policy ACCEPT 712K packets, 993M bytes)
pkts bytes target prot opt in out source destination
199 18436 tcpost all -- * * 0.0.0.0/0 0.0.0.0/0
Chain tcfor (1 references)
pkts bytes target prot opt in out source destination
Chain tcout (1 references)
pkts bytes target prot opt in out source destination
Chain tcpost (1 references)
pkts bytes target prot opt in out source destination
Chain tcpre (1 references)
pkts bytes target prot opt in out source destination
udp 17 173 src=127.0.0.1 dst=127.0.0.1 sport=860 dport=936 packets=27
bytes=2160 src=127.0.0.1 dst=127.0.0.1 sport=936 dport=860 packets=27
bytes=1512 [ASSURED] mark=0 use=1
tcp 6 368471 ESTABLISHED src=196.44.33.187 dst=84.189.255.96 sport=21
dport=3502 packets=1 bytes=102 [UNREPLIED] src=84.189.255.96 dst=196.44.33.187
sport=3502 dport=21 packets=0 bytes=0 mark=0 use=1
tcp 6 431999 ESTABLISHED src=192.168.199.1 dst=192.168.199.2 sport=36878
dport=7788 packets=306897 bytes=16626388 src=192.168.199.2 dst=192.168.199.1
sport=7788 dport=36878 packets=322552 bytes=58140112 [ASSURED] mark=0 use=1
tcp 6 116482 ESTABLISHED src=196.44.33.187 dst=165.146.207.248 sport=80
dport=1093 packets=1 bytes=383 [UNREPLIED] src=165.146.207.248
dst=196.44.33.187 sport=1093 dport=80 packets=0 bytes=0 mark=0 use=1
tcp 6 431999 ESTABLISHED src=165.165.235.6 dst=196.44.33.187 sport=21575
dport=22 packets=661 bytes=62247 src=196.44.33.187 dst=165.165.235.6 sport=22
dport=21575 packets=675 bytes=109162 [ASSURED] mark=0 use=1
unknown 50 586 src=196.44.33.114 dst=196.44.33.190 packets=167082
bytes=20088176 src=196.44.33.190 dst=196.44.33.114 packets=336273
bytes=497195000 mark=0 use=1
unknown 50 486 src=196.44.33.190 dst=168.167.251.89 packets=27 bytes=4696
src=168.167.251.89 dst=196.44.33.190 packets=24 bytes=4664 mark=0 use=1
tcp 6 85529 ESTABLISHED src=196.44.33.187 dst=196.11.241.45 sport=25
dport=12006 packets=1 bytes=85 [UNREPLIED] src=196.11.241.45 dst=196.44.33.187
sport=12006 dport=25 packets=0 bytes=0 mark=0 use=1
tcp 6 431629 ESTABLISHED src=192.168.199.2 dst=192.168.199.1 sport=53670
dport=7788 packets=1955071 bytes=103188688 src=192.168.199.1 dst=192.168.199.2
sport=7788 dport=53670 packets=666451 bytes=916357828 [ASSURED] mark=0 use=1
tcp 6 6 TIME_WAIT src=196.44.33.118 dst=192.168.241.65 sport=34825
dport=22 packets=27 bytes=3290 src=192.168.241.65 dst=196.44.33.118 sport=22
dport=34825 packets=24 bytes=3414 [ASSURED] mark=0 use=1
tcp 6 259602 ESTABLISHED src=196.44.33.187 dst=195.218.21.148 sport=25
dport=4951 packets=1 bytes=105 [UNREPLIED] src=195.218.21.148 dst=196.44.33.187
sport=4951 dport=25 packets=0 bytes=0 mark=0 use=1
icmp 1 29 src=196.44.33.187 dst=192.168.10.200 type=8 code=0 id=56094
packets=448042 bytes=49254797 [UNREPLIED] src=192.168.10.200 dst=196.44.33.187
type=0 code=0 id=56094 packets=0 bytes=0 mark=0 use=1
udp 17 176 src=192.168.199.2 dst=192.168.199.1 sport=808 dport=936
packets=26 bytes=2080 src=192.168.199.1 dst=192.168.199.2 sport=936 dport=808
packets=26 bytes=1456 [ASSURED] mark=0 use=1
udp 17 29 src=196.44.33.187 dst=196.44.33.188 sport=32793 dport=694
packets=448049 bytes=64285710 [UNREPLIED] src=196.44.33.188 dst=196.44.33.187
sport=694 dport=32793 packets=0 bytes=0 mark=0 use=1
tcp 6 431886 ESTABLISHED src=192.168.10.215 dst=192.168.20.1 sport=4032
dport=873 packets=167069 bytes=8717692 src=192.168.20.1 dst=192.168.10.215
sport=873 dport=4032 packets=336283 bytes=477033978 [ASSURED] mark=0 use=1
IP Configuration
1: lo: <LOOPBACK,UP,10000> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:13:72:3f:74:20 brd ff:ff:ff:ff:ff:ff
inet 196.44.33.187/29 brd 196.44.33.191 scope global eth0
inet 196.44.33.118/32 scope global eth0
inet 196.44.33.190/29 scope global secondary eth0:0
inet6 fe80::213:72ff:fe3f:7420/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:13:72:3f:74:21 brd ff:ff:ff:ff:ff:ff
inet 192.168.199.1/24 brd 192.168.199.255 scope global eth1
inet6 fe80::213:72ff:fe3f:7421/64 scope link
valid_lft forever preferred_lft forever
4: sit0: <NOARP> mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0
5: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,10000> mtu 1500 qdisc pfifo_fast qlen
100
link/[65534]
inet 192.168.20.1 peer 192.168.20.2/32 scope global tun0
IP Stats
1: lo: <LOOPBACK,UP,10000> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
RX: bytes packets errors dropped overrun mcast
15299781 146432 0 0 0 0
TX: bytes packets errors dropped carrier collsns
15299781 146432 0 0 0 0
2: eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:13:72:3f:74:20 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
518958695 8650551 23 0 0 0
TX: bytes packets errors dropped carrier collsns
2445688884 12768946 0 0 0 0
3: eth1: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:13:72:3f:74:21 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
274851674 2864513 0 0 0 0
TX: bytes packets errors dropped carrier collsns
2116381862 4969042 0 0 0 0
4: sit0: <NOARP> mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
0 0 0 0 0 0
5: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,10000> mtu 1500 qdisc pfifo_fast qlen
100
link/[65534]
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
0 0 0 0 0 0
/proc
/proc/version = Linux version 2.6.17.6-ubuntu1 ([EMAIL PROTECTED]) (gcc
version 4.0.3 (Ubuntu 4.0.3-1ubuntu5)) #1 SMP Mon Aug 21 11:47:12 SAST 2006
/proc/sys/net/ipv4/ip_forward = 1
/proc/sys/net/ipv4/icmp_echo_ignore_all = 0
/proc/sys/net/ipv4/conf/all/proxy_arp = 0
/proc/sys/net/ipv4/conf/all/arp_filter = 0
/proc/sys/net/ipv4/conf/all/arp_ignore = 0
/proc/sys/net/ipv4/conf/all/rp_filter = 1
/proc/sys/net/ipv4/conf/all/log_martians = 0
/proc/sys/net/ipv4/conf/default/proxy_arp = 0
/proc/sys/net/ipv4/conf/default/arp_filter = 0
/proc/sys/net/ipv4/conf/default/arp_ignore = 0
/proc/sys/net/ipv4/conf/default/rp_filter = 1
/proc/sys/net/ipv4/conf/default/log_martians = 0
/proc/sys/net/ipv4/conf/eth0/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth0/arp_filter = 0
/proc/sys/net/ipv4/conf/eth0/arp_ignore = 0
/proc/sys/net/ipv4/conf/eth0/rp_filter = 1
/proc/sys/net/ipv4/conf/eth0/log_martians = 1
/proc/sys/net/ipv4/conf/eth1/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth1/arp_filter = 0
/proc/sys/net/ipv4/conf/eth1/arp_ignore = 0
/proc/sys/net/ipv4/conf/eth1/rp_filter = 0
/proc/sys/net/ipv4/conf/eth1/log_martians = 0
/proc/sys/net/ipv4/conf/lo/proxy_arp = 0
/proc/sys/net/ipv4/conf/lo/arp_filter = 0
/proc/sys/net/ipv4/conf/lo/arp_ignore = 0
/proc/sys/net/ipv4/conf/lo/rp_filter = 0
/proc/sys/net/ipv4/conf/lo/log_martians = 0
/proc/sys/net/ipv4/conf/tun0/proxy_arp = 0
/proc/sys/net/ipv4/conf/tun0/arp_filter = 0
/proc/sys/net/ipv4/conf/tun0/arp_ignore = 0
/proc/sys/net/ipv4/conf/tun0/rp_filter = 1
/proc/sys/net/ipv4/conf/tun0/log_martians = 1
Routing Rules
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
Table default:
Table local:
local 196.44.33.190 dev eth0 proto kernel scope host src 196.44.33.187
local 192.168.199.1 dev eth1 proto kernel scope host src 192.168.199.1
broadcast 196.44.33.191 dev eth0 proto kernel scope link src 196.44.33.187
broadcast 192.168.199.0 dev eth1 proto kernel scope link src 192.168.199.1
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
local 196.44.33.187 dev eth0 proto kernel scope host src 196.44.33.187
broadcast 192.168.199.255 dev eth1 proto kernel scope link src 192.168.199.1
local 192.168.20.1 dev tun0 proto kernel scope host src 192.168.20.1
local 196.44.33.118 dev eth0 proto kernel scope host src 196.44.33.118
broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1
Table main:
192.168.1.253 dev eth0 scope link
192.168.20.2 dev tun0 proto kernel scope link src 192.168.20.1
192.168.241.65 dev eth0 scope link
196.44.33.184/29 dev eth0 proto kernel scope link src 196.44.33.187
192.168.20.0/27 via 192.168.20.2 dev tun0
192.168.199.0/24 dev eth1 proto kernel scope link src 192.168.199.1
192.168.10.0/24 dev eth0 scope link
default via 196.44.33.185 dev eth0
ARP
? (192.168.10.200) at 00:12:00:6C:EA:D0 [ether] on eth0
? (196.44.33.188) at 00:13:72:3F:73:BA [ether] on eth0
? (192.168.199.2) at 00:13:72:3F:73:BB [ether] on eth1
? (196.44.33.185) at 00:12:00:6C:EA:D0 [ether] on eth0
Modules
iptable_raw 3200 0
iptable_mangle 4096 1
ipt_ULOG 9376 0
ipt_TTL 3584 0
ipt_ttl 3072 0
ipt_TOS 3456 0
ipt_tos 2688 0
ipt_TCPMSS 5504 12
ipt_SAME 3456 0
ipt_REJECT 6656 4
ipt_REDIRECT 3200 0
ipt_recent 12428 0
ipt_owner 3200 0
ipt_NETMAP 3072 0
ipt_MASQUERADE 4864 0
ipt_LOG 8320 11
ipt_iprange 2944 0
ipt_hashlimit 10760 0
ipt_ECN 4352 0
ipt_ecn 3456 0
ipt_DSCP 3456 0
ipt_dscp 2816 0
ipt_CLUSTERIP 10116 0
ipt_ah 3072 0
ipt_addrtype 2944 0
ip_nat_irc 3840 0
ip_nat_tftp 2944 0
ip_nat_ftp 4736 0
iptable_nat 9220 1
ip_nat 19860 8
ipt_SAME,ipt_REDIRECT,ipt_NETMAP,ipt_MASQUERADE,ip_nat_irc,ip_nat_tftp,ip_nat_ftp,iptable_nat
ip_conntrack_irc 7960 1 ip_nat_irc
ip_conntrack_tftp 5524 1 ip_nat_tftp
ip_conntrack_ftp 8988 1 ip_nat_ftp
ip_conntrack 54232 12
xt_state,xt_connmark,xt_conntrack,ipt_MASQUERADE,ip_nat_irc,ip_nat_tftp,ip_nat_ftp,iptable_nat,ip_nat,ip_conntrack_irc,ip_conntrack_tftp,ip_conntrack_ftp
iptable_filter 4224 1
ip_tables 15604 4
iptable_raw,iptable_mangle,iptable_nat,iptable_filter
Shorewall has detected the following iptables/netfilter capabilities:
NAT: Available
Packet Mangling: Available
Multi-port Match: Available
Extended Multi-port Match: Available
Connection Tracking Match: Available
Packet Type Match: Available
Policy Match: Not available
Physdev Match: Available
IP range Match: Available
Recent Match: Available
Owner Match: Available
Ipset Match: Not available
CONNMARK Target: Not available
Connmark Match: Available
Raw Table: Available
CLASSIFY Target: Available
Traffic Control
Device eth0:
qdisc pfifo_fast 0: bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
Sent 15269368098 bytes 12656127 pkts (dropped 0, overlimits 0)
Device eth1:
qdisc pfifo_fast 0: bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
Sent 6154703334 bytes 1381643 pkts (dropped 0, overlimits 0)
Device tun0:
qdisc pfifo_fast 0: bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
Traffic Filters
Device eth0:
Device eth1:
Device tun0:
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
