Morning,
Tom Eastep wrote:
You are having a connection problem (external clients cannot connect to your
internal server. According to the flowchart and text in the support
guidelines, that calls for the output of "shorewall dump" collected in a
particular manner.
Attached is a shorewall dump from my current imperfect setup.
To recap:
I am attempting to DNAT a myriad of requests through the Shorewall
firewall to a local machine. The firewall has two NICs where eth1 is an
internal 10.0.50.10 and eth0 is an external to the ISP.
The machine I am trying to DNAT to is 10.0.50.50 and I wish to DNAT
smtp, http, https, pop3, imap, and imaps all on their standard ports.
The quirky thing is that if I configure Shorewall to DNAT from a
non-standard port on the firewall to a standard port on the local
machine, everything works. For example, if I configure the firewall to
listen on port 26 and send those requests to port 25 on the local
machine, that works and I can send mail.
However, using standard ports fail. For example, configuring the
firewall to accept all connections and then just route them to the local
machine on the originating port fails. Likewise, rules specifying
standard ports (like configuring the firewall to accept requests on port
25 and specifically route them to the local machine on port 25) also fail.
I see in the syslog that requests make it through the firewall with the
appropriate dnat_net notation in the log so it appears to be a matter of
the traffic not coming back out.
I have attempted to tcpdump the interface, but my skills are somewhat
rudimentary in this area. Both successful non-standard port and
unsuccessful standard port conversations look the same to me.
I'm really not sure if this is a Shorewall issue -in fact, I somehow
doubt it is. However, I have spent several days on this already and I am
totally out of ideas at this point.
Any and all help is appreciated.
Jon
Shorewall-3.0.4 Dump at server - Mon Mar 19 10:38:25 MDT 2007
Counters reset Mon Mar 19 10:37:56 MDT 2007
Chain Drop (1 references)
pkts bytes target prot opt in out source destination
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:113
0 0 dropBcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 3 code 4
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 11
0 0 dropInvalid all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,445
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:137:139
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:137 dpts:1024:65535
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,139,445
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1900
0 0 dropNotSyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:53
Chain INPUT (policy DROP 1 packets, 52 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
1 236 eth1_in all -- eth1 * 0.0.0.0/0 0.0.0.0/0
0 0 ppp0_in all -- ppp0 * 0.0.0.0/0 0.0.0.0/0
148 9362 eth0_in all -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 ppp_in all -- ppp+ * 0.0.0.0/0 0.0.0.0/0
0 0 vmnet8_in all -- vmnet8 * 0.0.0.0/0 0.0.0.0/0
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:INPUT:REJECT:'
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 1 packets, 130 bytes)
pkts bytes target prot opt in out source destination
18 1500 eth1_fwd all -- eth1 * 0.0.0.0/0 0.0.0.0/0
0 0 ppp0_fwd all -- ppp0 * 0.0.0.0/0 0.0.0.0/0
3 180 eth0_fwd all -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 ppp_fwd all -- ppp+ * 0.0.0.0/0 0.0.0.0/0
0 0 vmnet8_fwd all -- vmnet8 * 0.0.0.0/0 0.0.0.0/0
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:FORWARD:REJECT:'
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp -- * eth0 0.0.0.0/0 0.0.0.0/0
udp dpts:67:68
113 27566 fw2admin all -- * eth0 0.0.0.0/0
161.184.172.35
0 0 fw2admin all -- * eth0 0.0.0.0/0
209.5.161.234
0 0 fw2admin all -- * eth0 0.0.0.0/0
161.184.172.35
0 0 fw2admin all -- * eth0 0.0.0.0/0
74.210.7.209
0 0 fw2loc all -- * eth1 0.0.0.0/0 0.0.0.0/0
0 0 fw2loc all -- * ppp0 0.0.0.0/0 0.0.0.0/0
0 0 fw2loc all -- * ppp+ 0.0.0.0/0 0.0.0.0/0
0 0 fw2loc all -- * vmnet8 0.0.0.0/0 0.0.0.0/0
0 0 fw2net all -- * eth0 0.0.0.0/0 0.0.0.0/0
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:OUTPUT:REJECT:'
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
Chain Reject (4 references)
pkts bytes target prot opt in out source destination
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:113
0 0 dropBcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 3 code 4
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 11
0 0 dropInvalid all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,445
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:137:139
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:137 dpts:1024:65535
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,139,445
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1900
0 0 dropNotSyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:53
Chain admin2fw (4 references)
pkts bytes target prot opt in out source destination
148 9362 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 10000,22 LOG flags 0 level 6 prefix
`Shorewall:admin2fw:ACCEPT:'
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 10000,22
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 8
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:admin2fw:ACCEPT:'
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain admin2loc (4 references)
pkts bytes target prot opt in out source destination
2 120 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 5900,5901,5902,5903,5904,5905,5906,5907,5908,5909 LOG
flags 0 level 6 prefix `Shorewall:admin2loc:ACCEPT:'
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 5900,5901,5902,5903,5904,5905,5906,5907,5908,5909
1 60 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:admin2loc:ACCEPT:'
1 60 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain admin_frwd (4 references)
pkts bytes target prot opt in out source destination
3 180 admin2loc all -- * eth1 0.0.0.0/0 0.0.0.0/0
0 0 admin2loc all -- * ppp0 0.0.0.0/0 0.0.0.0/0
0 0 admin2loc all -- * ppp+ 0.0.0.0/0 0.0.0.0/0
0 0 admin2loc all -- * vmnet8 0.0.0.0/0 0.0.0.0/0
0 0 all2all all -- * eth0 0.0.0.0/0 0.0.0.0/0
Chain all2all (4 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:all2all:REJECT:'
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
Chain dropBcast (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
PKTTYPE = broadcast
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
PKTTYPE = multicast
Chain dropInvalid (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID
Chain dropNotSyn (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:!0x17/0x02
Chain dynamic (10 references)
pkts bytes target prot opt in out source destination
Chain eth0_fwd (1 references)
pkts bytes target prot opt in out source destination
1 60 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
3 180 admin_frwd all -- * * 161.184.172.35 0.0.0.0/0
0 0 admin_frwd all -- * * 209.5.161.234 0.0.0.0/0
0 0 admin_frwd all -- * * 161.184.172.35 0.0.0.0/0
0 0 admin_frwd all -- * * 74.210.7.209 0.0.0.0/0
0 0 net2all all -- * eth0 0.0.0.0/0
161.184.172.35
0 0 net2all all -- * eth0 0.0.0.0/0
209.5.161.234
0 0 net2all all -- * eth0 0.0.0.0/0
161.184.172.35
0 0 net2all all -- * eth0 0.0.0.0/0
74.210.7.209
0 0 net2loc all -- * eth1 0.0.0.0/0 0.0.0.0/0
0 0 net2loc all -- * ppp0 0.0.0.0/0 0.0.0.0/0
0 0 net2loc all -- * ppp+ 0.0.0.0/0 0.0.0.0/0
0 0 net2loc all -- * vmnet8 0.0.0.0/0 0.0.0.0/0
Chain eth0_in (1 references)
pkts bytes target prot opt in out source destination
0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:67:68
148 9362 admin2fw all -- * * 161.184.172.35 0.0.0.0/0
0 0 admin2fw all -- * * 209.5.161.234 0.0.0.0/0
0 0 admin2fw all -- * * 161.184.172.35 0.0.0.0/0
0 0 admin2fw all -- * * 74.210.7.209 0.0.0.0/0
0 0 net2fw all -- * * 0.0.0.0/0 0.0.0.0/0
Chain eth1_fwd (1 references)
pkts bytes target prot opt in out source destination
9 960 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
9 540 loc2admin all -- * eth0 0.0.0.0/0
161.184.172.35
0 0 loc2admin all -- * eth0 0.0.0.0/0
209.5.161.234
0 0 loc2admin all -- * eth0 0.0.0.0/0
161.184.172.35
0 0 loc2admin all -- * eth0 0.0.0.0/0
74.210.7.209
0 0 loc2loc all -- * ppp0 0.0.0.0/0 0.0.0.0/0
0 0 loc2loc all -- * ppp+ 0.0.0.0/0 0.0.0.0/0
0 0 loc2loc all -- * vmnet8 0.0.0.0/0 0.0.0.0/0
9 960 loc2net all -- * eth0 0.0.0.0/0 0.0.0.0/0
Chain eth1_in (1 references)
pkts bytes target prot opt in out source destination
1 236 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
1 236 loc2fw all -- * * 0.0.0.0/0 0.0.0.0/0
Chain fw2admin (4 references)
pkts bytes target prot opt in out source destination
113 27566 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 443,25
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:22222
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 8
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:fw2admin:ACCEPT:'
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain fw2loc (4 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 137,138,139,445
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 53,135,137,138,139,445,1900,40000
0 0 ACCEPT udp -- * * 0.0.0.0/0 10.0.60.255
multiport dports 135,137,138,139,445
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 8
0 0 all2all all -- * * 0.0.0.0/0 0.0.0.0/0
Chain fw2net (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:53
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 123,1194
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 443,25,22,21,110,37
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 8
0 0 ACCEPT 47 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 all2all all -- * * 0.0.0.0/0 0.0.0.0/0
Chain loc2admin (16 references)
pkts bytes target prot opt in out source destination
9 540 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 443,25,110,22
0 0 all2all all -- * * 0.0.0.0/0 0.0.0.0/0
Chain loc2fw (4 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 137,138,139,445
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports
389,110,995,113,443,143,993,25,465,2000,10000,5900,5901
1 236 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 53,135,137,138,139,445,1900
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:10000
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 8
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:902
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:22
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain loc2loc (12 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:22
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain loc2net (4 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 443,25,110
9 960 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain net2all (6 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 Drop all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:net2all:DROP:'
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain net2fw (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 113,443,443,1723
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1194
0 0 LOG tcp -- * * 209.5.161.208 0.0.0.0/0
multiport dports 1040,10000 LOG flags 0 level 6 prefix
`Shorewall:net2fw:ACCEPT:'
0 0 ACCEPT tcp -- * * 209.5.161.208 0.0.0.0/0
multiport dports 1040,10000
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 8
0 0 ACCEPT 47 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:1194
0 0 net2all all -- * * 0.0.0.0/0 0.0.0.0/0
Chain net2loc (4 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 10.0.50.50
tcp dpt:25
0 0 net2all all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ppp0_fwd (1 references)
pkts bytes target prot opt in out source destination
0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
0 0 loc2admin all -- * eth0 0.0.0.0/0
161.184.172.35
0 0 loc2admin all -- * eth0 0.0.0.0/0
209.5.161.234
0 0 loc2admin all -- * eth0 0.0.0.0/0
161.184.172.35
0 0 loc2admin all -- * eth0 0.0.0.0/0
74.210.7.209
0 0 loc2loc all -- * eth1 0.0.0.0/0 0.0.0.0/0
0 0 loc2loc all -- * ppp+ 0.0.0.0/0 0.0.0.0/0
0 0 loc2loc all -- * vmnet8 0.0.0.0/0 0.0.0.0/0
0 0 loc2net all -- * eth0 0.0.0.0/0 0.0.0.0/0
Chain ppp0_in (1 references)
pkts bytes target prot opt in out source destination
0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
0 0 loc2fw all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ppp_fwd (1 references)
pkts bytes target prot opt in out source destination
0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
0 0 loc2admin all -- * eth0 0.0.0.0/0
161.184.172.35
0 0 loc2admin all -- * eth0 0.0.0.0/0
209.5.161.234
0 0 loc2admin all -- * eth0 0.0.0.0/0
161.184.172.35
0 0 loc2admin all -- * eth0 0.0.0.0/0
74.210.7.209
0 0 loc2loc all -- * eth1 0.0.0.0/0 0.0.0.0/0
0 0 loc2loc all -- * ppp0 0.0.0.0/0 0.0.0.0/0
0 0 loc2loc all -- * vmnet8 0.0.0.0/0 0.0.0.0/0
0 0 loc2net all -- * eth0 0.0.0.0/0 0.0.0.0/0
Chain ppp_in (1 references)
pkts bytes target prot opt in out source destination
0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
0 0 loc2fw all -- * * 0.0.0.0/0 0.0.0.0/0
Chain reject (10 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
PKTTYPE = broadcast
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
PKTTYPE = multicast
0 0 DROP all -- * * 10.0.50.255 0.0.0.0/0
0 0 DROP all -- * * 137.186.135.255 0.0.0.0/0
0 0 DROP all -- * * 255.255.255.255 0.0.0.0/0
0 0 DROP all -- * * 224.0.0.0/4 0.0.0.0/0
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with tcp-reset
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-port-unreachable
0 0 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-unreachable
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-prohibited
Chain shorewall (0 references)
pkts bytes target prot opt in out source destination
Chain smurfs (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 10.0.50.255 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'
0 0 DROP all -- * * 10.0.50.255 0.0.0.0/0
0 0 LOG all -- * * 137.186.135.255 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'
0 0 DROP all -- * * 137.186.135.255 0.0.0.0/0
0 0 LOG all -- * * 255.255.255.255 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'
0 0 DROP all -- * * 255.255.255.255 0.0.0.0/0
0 0 LOG all -- * * 224.0.0.0/4 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'
0 0 DROP all -- * * 224.0.0.0/4 0.0.0.0/0
Chain vmnet8_fwd (1 references)
pkts bytes target prot opt in out source destination
0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
0 0 loc2admin all -- * eth0 0.0.0.0/0
161.184.172.35
0 0 loc2admin all -- * eth0 0.0.0.0/0
209.5.161.234
0 0 loc2admin all -- * eth0 0.0.0.0/0
161.184.172.35
0 0 loc2admin all -- * eth0 0.0.0.0/0
74.210.7.209
0 0 loc2loc all -- * eth1 0.0.0.0/0 0.0.0.0/0
0 0 loc2loc all -- * ppp0 0.0.0.0/0 0.0.0.0/0
0 0 loc2loc all -- * ppp+ 0.0.0.0/0 0.0.0.0/0
0 0 loc2net all -- * eth0 0.0.0.0/0 0.0.0.0/0
Chain vmnet8_in (1 references)
pkts bytes target prot opt in out source destination
0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
0 0 loc2fw all -- * * 0.0.0.0/0 0.0.0.0/0
Mar 19 10:22:45 server [17423003.744000] Shorewall:all2all:REJECT:IN=eth1
OUT=eth0 SRC=10.0.50.50 DST=161.184.172.35 LEN=84 TOS=0x00 PREC=0x00 TTL=63
ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=37133 SEQ=11
Mar 19 10:23:26 server [17423045.616000] Shorewall:net2all:DROP:IN=eth0 OUT=
SRC=60.12.166.201 DST=137.186.135.69 LEN=487 TOS=0x00 PREC=0x00 TTL=47 ID=0 DF
PROTO=UDP SPT=51459 DPT=1027 LEN=467
Mar 19 10:23:50 server [17423069.276000] Shorewall:all2all:REJECT:IN=eth1
OUT=eth0 SRC=10.0.50.50 DST=161.184.172.35 LEN=68 TOS=0x00 PREC=0x00 TTL=1
ID=17239 PROTO=UDP SPT=64003 DPT=33437 LEN=48
Mar 19 10:23:50 server [17423069.276000] Shorewall:all2all:REJECT:IN=eth1
OUT=eth0 SRC=10.0.50.50 DST=161.184.172.35 LEN=68 TOS=0x00 PREC=0x00 TTL=1
ID=17240 PROTO=UDP SPT=64004 DPT=33438 LEN=48
Mar 19 10:23:50 server [17423069.276000] Shorewall:all2all:REJECT:IN=eth1
OUT=eth0 SRC=10.0.50.50 DST=161.184.172.35 LEN=68 TOS=0x00 PREC=0x00 TTL=1
ID=17241 PROTO=UDP SPT=64005 DPT=33439 LEN=48
Mar 19 10:23:50 server [17423069.276000] Shorewall:all2all:REJECT:IN=eth1
OUT=eth0 SRC=10.0.50.50 DST=161.184.172.35 LEN=68 TOS=0x00 PREC=0x00 TTL=2
ID=17242 PROTO=UDP SPT=64006 DPT=33440 LEN=48
Mar 19 10:24:46 server [17423125.116000] Shorewall:admin2fw:ACCEPT:IN=eth0 OUT=
SRC=161.184.172.35 DST=137.186.135.69 LEN=48 TOS=0x00 PREC=0x00 TTL=124 ID=1762
DF PROTO=TCP SPT=1064 DPT=1723 WINDOW=64240 RES=0x00 SYN URGP=0
Mar 19 10:24:46 server [17423125.332000] Shorewall:fw2admin:ACCEPT:IN= OUT=eth0
SRC=137.186.135.69 DST=161.184.172.35 LEN=32 TOS=0x00 PREC=0x00 TTL=64 ID=62152
DF PROTO=47
Mar 19 10:26:26 server [17423225.268000] Shorewall:net2all:DROP:IN=eth0 OUT=
SRC=202.97.238.130 DST=137.186.135.69 LEN=485 TOS=0x00 PREC=0x00 TTL=48 ID=0 DF
PROTO=UDP SPT=56589 DPT=1026 LEN=465
Mar 19 10:28:51 server [17423369.720000] Shorewall:admin2loc:ACCEPT:IN=eth0
OUT=eth1 SRC=161.184.172.35 DST=10.0.50.50 LEN=60 TOS=0x00 PREC=0x00 TTL=59
ID=12779 DF PROTO=TCP SPT=34659 DPT=25 WINDOW=5840 RES=0x00 SYN URGP=0
Mar 19 10:29:21 server [17423399.828000] Shorewall:net2all:DROP:IN=eth0 OUT=
SRC=60.11.125.46 DST=137.186.135.69 LEN=919 TOS=0x00 PREC=0x00 TTL=47 ID=0 DF
PROTO=UDP SPT=34621 DPT=1026 LEN=899
Mar 19 10:29:21 server [17423399.832000] Shorewall:net2all:DROP:IN=eth0 OUT=
SRC=60.11.125.46 DST=137.186.135.69 LEN=919 TOS=0x00 PREC=0x00 TTL=47 ID=0 DF
PROTO=UDP SPT=34621 DPT=1027 LEN=899
Mar 19 10:31:40 server [17423539.508000] Shorewall:net2all:DROP:IN=eth0 OUT=
SRC=61.138.137.11 DST=137.186.135.69 LEN=920 TOS=0x00 PREC=0x00 TTL=47 ID=0 DF
PROTO=UDP SPT=45224 DPT=1027 LEN=900
Mar 19 10:31:40 server [17423539.516000] Shorewall:net2all:DROP:IN=eth0 OUT=
SRC=61.138.137.11 DST=137.186.135.69 LEN=920 TOS=0x00 PREC=0x00 TTL=47 ID=0 DF
PROTO=UDP SPT=45224 DPT=1026 LEN=900
Mar 19 10:32:54 server [17423613.160000] Shorewall:net2all:DROP:IN=eth0 OUT=
SRC=60.11.125.52 DST=137.186.135.69 LEN=485 TOS=0x00 PREC=0x00 TTL=47 ID=0 DF
PROTO=UDP SPT=47182 DPT=1026 LEN=465
Mar 19 10:32:54 server [17423613.164000] Shorewall:net2all:DROP:IN=eth0 OUT=
SRC=60.11.125.52 DST=137.186.135.69 LEN=485 TOS=0x00 PREC=0x00 TTL=47 ID=0 DF
PROTO=UDP SPT=47182 DPT=1027 LEN=465
Mar 19 10:35:07 server [17423746.268000] Shorewall:net2all:DROP:IN=eth0 OUT=
SRC=60.12.166.200 DST=137.186.135.69 LEN=487 TOS=0x00 PREC=0x00 TTL=48 ID=0 DF
PROTO=UDP SPT=33724 DPT=1027 LEN=467
Mar 19 10:35:50 server [17423788.940000] Shorewall:net2all:DROP:IN=eth0 OUT=
SRC=221.12.113.238 DST=137.186.135.69 LEN=490 TOS=0x00 PREC=0x00 TTL=46 ID=0 DF
PROTO=UDP SPT=35143 DPT=1026 LEN=470
Mar 19 10:35:50 server [17423788.944000] Shorewall:net2all:DROP:IN=eth0 OUT=
SRC=221.12.113.238 DST=137.186.135.69 LEN=490 TOS=0x00 PREC=0x00 TTL=46 ID=0 DF
PROTO=UDP SPT=35145 DPT=1027 LEN=470
Mar 19 10:38:03 server [17423922.192000] Shorewall:admin2loc:ACCEPT:IN=eth0
OUT=eth1 SRC=161.184.172.35 DST=10.0.50.50 LEN=60 TOS=0x00 PREC=0x00 TTL=59
ID=15062 DF PROTO=TCP SPT=47962 DPT=25 WINDOW=5840 RES=0x00 SYN URGP=0
NAT Table
Chain PREROUTING (policy ACCEPT 1209 packets, 219K bytes)
pkts bytes target prot opt in out source destination
1 60 net_dnat all -- eth0 * 0.0.0.0/0 0.0.0.0/0
Chain POSTROUTING (policy ACCEPT 453 packets, 22275 bytes)
pkts bytes target prot opt in out source destination
5 580 eth0_masq all -- * eth0 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 22 packets, 2075 bytes)
pkts bytes target prot opt in out source destination
Chain eth0_masq (1 references)
pkts bytes target prot opt in out source destination
5 580 MASQUERADE all -- * * 10.0.50.0/24 0.0.0.0/0
Chain net_dnat (1 references)
pkts bytes target prot opt in out source destination
1 60 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:25 to:10.0.50.50:25
Mangle Table
Chain PREROUTING (policy ACCEPT 18397 packets, 2393K bytes)
pkts bytes target prot opt in out source destination
180 14460 tcpre all -- * * 0.0.0.0/0 0.0.0.0/0
Chain INPUT (policy ACCEPT 11594 packets, 929K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 6250 packets, 1297K bytes)
pkts bytes target prot opt in out source destination
21 1680 tcfor all -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 140K packets, 122M bytes)
pkts bytes target prot opt in out source destination
114 28028 tcout all -- * * 0.0.0.0/0 0.0.0.0/0
Chain POSTROUTING (policy ACCEPT 23062 packets, 17M bytes)
pkts bytes target prot opt in out source destination
135 29708 tcpost all -- * * 0.0.0.0/0 0.0.0.0/0
Chain tcfor (1 references)
pkts bytes target prot opt in out source destination
Chain tcout (1 references)
pkts bytes target prot opt in out source destination
Chain tcpost (1 references)
pkts bytes target prot opt in out source destination
Chain tcpre (1 references)
pkts bytes target prot opt in out source destination
udp 17 13 src=10.0.50.50 dst=68.146.71.99 sport=33073 dport=3450 packets=1
bytes=130 [UNREPLIED] src=68.146.71.99 dst=137.186.135.69 sport=3450
dport=33073 packets=0 bytes=0 mark=0 use=1
udp 17 8 src=10.0.50.50 dst=68.146.71.99 sport=33072 dport=3450 packets=2
bytes=260 [UNREPLIED] src=68.146.71.99 dst=137.186.135.69 sport=3450
dport=33072 packets=0 bytes=0 mark=0 use=1
tcp 6 431125 ESTABLISHED src=10.0.50.10 dst=10.0.50.50 sport=54122
dport=22 packets=335 bytes=26828 src=10.0.50.50 dst=10.0.50.10 sport=22
dport=54122 packets=197 bytes=23817 [ASSURED] mark=0 use=1
udp 17 28 src=10.0.50.50 dst=68.146.71.99 sport=33075 dport=3450 packets=1
bytes=130 [UNREPLIED] src=68.146.71.99 dst=137.186.135.69 sport=3450
dport=33075 packets=0 bytes=0 mark=0 use=1
tcp 6 431999 ESTABLISHED src=161.184.172.35 dst=137.186.135.69 sport=42338
dport=902 packets=5099 bytes=268828 src=137.186.135.69 dst=161.184.172.35
sport=902 dport=42338 packets=5180 bytes=2116014 [ASSURED] mark=0 use=1
tcp 6 59 SYN_RECV src=161.184.172.35 dst=137.186.135.69 sport=47962
dport=25 packets=1 bytes=60 src=10.0.50.50 dst=161.184.172.35 sport=25
dport=47962 packets=9 bytes=540 mark=0 use=1
tcp 6 14 SYN_SENT src=10.0.50.50 dst=68.146.71.99 sport=39875 dport=5733
packets=6 bytes=360 [UNREPLIED] src=68.146.71.99 dst=137.186.135.69 sport=5733
dport=39875 packets=0 bytes=0 mark=0 use=1
unknown 47 593 src=137.186.135.69 dst=161.184.172.35 packets=3593
bytes=1164279 src=161.184.172.35 dst=137.186.135.69 packets=3270 bytes=374740
mark=0 use=1
udp 17 23 src=10.0.50.50 dst=68.146.71.99 sport=33074 dport=3450 packets=2
bytes=260 [UNREPLIED] src=68.146.71.99 dst=137.186.135.69 sport=3450
dport=33074 packets=0 bytes=0 mark=0 use=1
tcp 6 431999 ESTABLISHED src=161.184.172.35 dst=137.186.135.69 sport=48599
dport=22 packets=367 bytes=28068 src=137.186.135.69 dst=161.184.172.35 sport=22
dport=48599 packets=285 bytes=100448 [ASSURED] mark=0 use=1
tcp 6 431127 ESTABLISHED src=161.184.172.35 dst=137.186.135.69 sport=36870
dport=22 packets=1357 bytes=114120 src=137.186.135.69 dst=161.184.172.35
sport=22 dport=36870 packets=963 bytes=121980 [ASSURED] mark=0 use=1
tcp 6 431981 ESTABLISHED src=161.184.172.35 dst=137.186.135.69 sport=1064
dport=1723 packets=33 bytes=1924 src=137.186.135.69 dst=161.184.172.35
sport=1723 dport=1064 packets=24 bytes=1448 [ASSURED] mark=0 use=1
tcp 6 119 SYN_SENT src=10.0.50.50 dst=68.146.71.99 sport=37609 dport=5733
packets=3 bytes=180 [UNREPLIED] src=68.146.71.99 dst=137.186.135.69 sport=5733
dport=37609 packets=0 bytes=0 mark=0 use=1
udp 17 16 src=10.0.50.146 dst=10.0.50.255 sport=138 dport=138 packets=1
bytes=236 [UNREPLIED] src=10.0.50.255 dst=10.0.50.146 sport=138 dport=138
packets=0 bytes=0 mark=0 use=1
tcp 6 431942 ESTABLISHED src=161.184.172.35 dst=137.186.135.69 sport=42339
dport=902 packets=12224 bytes=721078 src=137.186.135.69 dst=161.184.172.35
sport=902 dport=42339 packets=23163 bytes=33574453 [ASSURED] mark=0 use=1
tcp 6 431806 ESTABLISHED src=10.0.50.146 dst=10.0.50.10 sport=49989
dport=445 packets=36059 bytes=8063594 src=10.0.50.10 dst=10.0.50.146 sport=445
dport=49989 packets=51782 bytes=41357862 [ASSURED] mark=0 use=1
IP Configuration
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:11:95:c5:0b:83 brd ff:ff:ff:ff:ff:ff
inet 137.186.135.69/22 brd 137.186.135.255 scope global eth0
inet6 fe80::211:95ff:fec5:b83/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:13:d4:b1:6c:ff brd ff:ff:ff:ff:ff:ff
inet 10.0.50.10/24 brd 10.0.50.255 scope global eth1
inet6 fe80::213:d4ff:feb1:6cff/64 scope link
valid_lft forever preferred_lft forever
4: sit0: <NOARP> mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0
6: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP> mtu 1396 qdisc pfifo_fast qlen 3
link/ppp
inet 10.0.50.10 peer 10.0.50.220/32 scope global ppp0
IP Stats
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
RX: bytes packets errors dropped overrun mcast
303807 3157 0 0 0 0
TX: bytes packets errors dropped carrier collsns
303807 3157 0 0 0 0
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:11:95:c5:0b:83 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
54755134 102730 0 0 0 0
TX: bytes packets errors dropped carrier collsns
85028502 114347 0 0 0 0
3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:13:d4:b1:6c:ff brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
54730142 190930 0 0 0 0
TX: bytes packets errors dropped carrier collsns
88755144 100297 0 0 0 0
4: sit0: <NOARP> mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
0 0 0 0 0 0
6: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP> mtu 1396 qdisc pfifo_fast qlen 3
link/ppp
RX: bytes packets errors dropped overrun mcast
249101 3001 0 0 0 0
TX: bytes packets errors dropped carrier collsns
1024166 3460 0 0 0 0
/proc
/proc/version = Linux version 2.6.15-26-386 ([EMAIL PROTECTED]) (gcc version
4.0.3 (Ubuntu 4.0.3-1ubuntu5)) #1 PREEMPT Thu Aug 3 02:52:00 UTC 2006
/proc/sys/net/ipv4/ip_forward = 1
/proc/sys/net/ipv4/icmp_echo_ignore_all = 0
/proc/sys/net/ipv4/conf/all/proxy_arp = 0
/proc/sys/net/ipv4/conf/all/arp_filter = 0
/proc/sys/net/ipv4/conf/all/arp_ignore = 0
/proc/sys/net/ipv4/conf/all/rp_filter = 0
/proc/sys/net/ipv4/conf/all/log_martians = 0
/proc/sys/net/ipv4/conf/default/proxy_arp = 0
/proc/sys/net/ipv4/conf/default/arp_filter = 0
/proc/sys/net/ipv4/conf/default/arp_ignore = 0
/proc/sys/net/ipv4/conf/default/rp_filter = 0
/proc/sys/net/ipv4/conf/default/log_martians = 0
/proc/sys/net/ipv4/conf/eth0/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth0/arp_filter = 0
/proc/sys/net/ipv4/conf/eth0/arp_ignore = 0
/proc/sys/net/ipv4/conf/eth0/rp_filter = 0
/proc/sys/net/ipv4/conf/eth0/log_martians = 0
/proc/sys/net/ipv4/conf/eth1/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth1/arp_filter = 0
/proc/sys/net/ipv4/conf/eth1/arp_ignore = 0
/proc/sys/net/ipv4/conf/eth1/rp_filter = 0
/proc/sys/net/ipv4/conf/eth1/log_martians = 0
/proc/sys/net/ipv4/conf/lo/proxy_arp = 0
/proc/sys/net/ipv4/conf/lo/arp_filter = 0
/proc/sys/net/ipv4/conf/lo/arp_ignore = 0
/proc/sys/net/ipv4/conf/lo/rp_filter = 0
/proc/sys/net/ipv4/conf/lo/log_martians = 0
/proc/sys/net/ipv4/conf/ppp0/proxy_arp = 0
/proc/sys/net/ipv4/conf/ppp0/arp_filter = 0
/proc/sys/net/ipv4/conf/ppp0/arp_ignore = 0
/proc/sys/net/ipv4/conf/ppp0/rp_filter = 0
/proc/sys/net/ipv4/conf/ppp0/log_martians = 0
Routing Rules
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
Table default:
Table local:
broadcast 10.0.50.255 dev eth1 proto kernel scope link src 10.0.50.10
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
local 10.0.50.10 dev eth1 proto kernel scope host src 10.0.50.10
local 10.0.50.10 dev ppp0 proto kernel scope host src 10.0.50.10
local 137.186.135.69 dev eth0 proto kernel scope host src 137.186.135.69
broadcast 10.0.50.0 dev eth1 proto kernel scope link src 10.0.50.10
broadcast 137.186.132.0 dev eth0 proto kernel scope link src 137.186.135.69
broadcast 137.186.135.255 dev eth0 proto kernel scope link src
137.186.135.69
broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1
Table main:
10.0.50.220 dev ppp0 proto kernel scope link src 10.0.50.10
10.0.50.0/24 dev eth1 proto kernel scope link src 10.0.50.10
137.186.132.0/22 dev eth0 proto kernel scope link src 137.186.135.69
default via 137.186.132.1 dev eth0
ARP
? (10.0.50.50) at 00:0C:29:FB:9A:78 [ether] on eth1
? (10.0.50.146) at 00:18:F3:1F:B6:9B [ether] on eth1
? (10.0.50.20) at 00:11:95:35:24:6D [ether] on eth1
? (137.186.132.1) at 00:90:1A:40:90:4D [ether] on eth0
? (10.0.50.220) at <from_interface> PERM PUB on eth1
Modules
iptable_raw 2176 0
iptable_mangle 2944 1
ipt_ULOG 8196 0
ipt_TTL 2688 0
ipt_ttl 2048 0
ipt_TOS 2560 0
ipt_tos 1664 0
ipt_TCPMSS 4608 0
ipt_tcpmss 2432 0
ipt_state 2048 24
ipt_sctp 3072 0
ipt_SAME 2432 0
ipt_REJECT 5632 4
ipt_REDIRECT 2304 0
ipt_recent 11404 0
ipt_realm 2048 0
ipt_pkttype 1792 4
ipt_physdev 2320 0
ipt_owner 2176 0
ipt_NOTRACK 2176 0
ipt_NETMAP 2048 0
ipt_multiport 2816 22
ipt_MASQUERADE 3456 1
ipt_MARK 2560 0
ipt_mark 1792 0
ipt_mac 2048 0
ipt_LOG 6912 15
ipt_limit 2432 0
ipt_length 1792 0
ipt_iprange 1920 0
ipt_helper 2176 0
ipt_hashlimit 9608 0
ipt_esp 2048 0
ipt_ECN 3328 0
ipt_ecn 2304 0
ipt_DSCP 2560 0
ipt_dscp 1792 0
ipt_conntrack 2560 0
ipt_CONNMARK 2432 0
ipt_connmark 1792 0
ipt_comment 1792 0
ipt_CLUSTERIP 8836 0
ipt_CLASSIFY 2176 0
ipt_ah 2048 0
ipt_addrtype 2176 0
ip_nat_irc 2688 0
ip_nat_tftp 1920 0
ip_nat_ftp 3328 0
iptable_nat 7812 1
ip_nat 19628 8
ipt_SAME,ipt_REDIRECT,ipt_NETMAP,ipt_MASQUERADE,ip_nat_irc,ip_nat_tftp,ip_nat_ftp,iptable_nat
ip_conntrack_irc 6768 1 ip_nat_irc
ip_conntrack_tftp 4216 1 ip_nat_tftp
ip_conntrack_ftp 7792 1 ip_nat_ftp
ip_conntrack 51500 14
ipt_state,ipt_NOTRACK,ipt_MASQUERADE,ipt_helper,ipt_conntrack,ipt_CONNMARK,ip_nat_irc,ip_nat_tftp,ip_nat_ftp,iptable_nat,ip_nat,ip_conntrack_irc,ip_conntrack_tftp,ip_conntrack_ftp
iptable_filter 3072 1
ip_tables 22400 47
iptable_raw,iptable_mangle,ipt_ULOG,ipt_TTL,ipt_ttl,ipt_TOS,ipt_tos,ipt_TCPMSS,ipt_tcpmss,ipt_state,ipt_sctp,ipt_SAME,ipt_REJECT,ipt_REDIRECT,ipt_recent,ipt_realm,ipt_pkttype,ipt_physdev,ipt_owner,ipt_NOTRACK,ipt_NETMAP,ipt_multiport,ipt_MASQUERADE,ipt_MARK,ipt_mark,ipt_mac,ipt_LOG,ipt_limit,ipt_length,ipt_iprange,ipt_helper,ipt_hashlimit,ipt_esp,ipt_ECN,ipt_ecn,ipt_DSCP,ipt_dscp,ipt_conntrack,ipt_CONNMARK,ipt_connmark,ipt_comment,ipt_CLUSTERIP,ipt_CLASSIFY,ipt_ah,ipt_addrtype,iptable_nat,iptable_filter
Shorewall has detected the following iptables/netfilter capabilities:
NAT: Available
Packet Mangling: Available
Multi-port Match: Available
Extended Multi-port Match: Available
Connection Tracking Match: Available
Packet Type Match: Available
Policy Match: Not available
Physdev Match: Available
IP range Match: Available
Recent Match: Available
Owner Match: Available
Ipset Match: Not available
CONNMARK Target: Available
Connmark Match: Available
Raw Table: Available
CLASSIFY Target: Available
Traffic Control
Device eth0:
qdisc pfifo_fast 0: bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
Sent 85028502 bytes 114347 pkts (dropped 0, overlimits 0)
Device eth1:
qdisc pfifo_fast 0: bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
Sent 88613074 bytes 100297 pkts (dropped 0, overlimits 0)
Device ppp0:
qdisc pfifo_fast 0: bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
Sent 1024058 bytes 3451 pkts (dropped 4, overlimits 0)
Traffic Filters
Device eth0:
Device eth1:
Device ppp0:
begin:vcard
fn:Jon Watson
n:Watson;Jon
email;internet:[EMAIL PROTECTED]
tel;work:1.403.875.6048
x-mozilla-html:FALSE
url:http://www.jonwatson.ca
version:2.1
end:vcard
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
