Tom Eastep <[EMAIL PROTECTED]> wrote:
| mess-mate wrote:
| > Tom Eastep <[EMAIL PROTECTED]> wrote:
| > Did you read my email with aax.bz2 attached ?
|
| I just received that trace -- it contains no 'command not found' error
| either.
|
| > I said there has changed eth0 to ppp0 and the 'command not found'
| > disappears.
| >
| > But the purpose of that command is to get the website on the server
| > on the lan from a lan desktop via internet, is it ?
|
| Can someone translate the above sentence for me? I suspect that it is
| saying that the poster is trying to use the tip from Shorewall FAQ 1d.
|
| Definitely sounds like Shorewall faq 1d. What I really suspect is that
| the error message is not 'command not found' but rather than
| find_first_interface_address is failing when passed 'eth0. But who knows....
|
| mess-mate -- if you send another trace, please insure that it contains
| the error message your are complaining about. And please show us the
| output of "ip addr ls" as well.
|
Ok, you're right, i followed the tip from FAQ 1d.
But hace changed now 'eth0' to 'ppp0'.
Attached ip-addr.txt and statux.txt
mess-mate
--
Generosity and perfection are your everlasting goals.
Shorewall-3.2.6 Dump at router - Mon Mar 26 11:00:29 CEST 2007
Counters reset Sat Mar 24 17:15:49 CET 2007
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
27 1440 ACCEPT 0 -- lo * 0.0.0.0/0 0.0.0.0/0
45912 51M ppp0_in 0 -- ppp0 * 0.0.0.0/0 0.0.0.0/0
32661 3997K eth1_in 0 -- eth1 * 0.0.0.0/0 0.0.0.0/0
6061 352K eth2_in 0 -- eth2 * 0.0.0.0/0 0.0.0.0/0
0 0 eth0_in 0 -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 Reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 4 prefix `Shorewall:INPUT:REJECT:'
0 0 reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
5024 301K TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:0x06/0x02 TCPMSS clamp to PMTU
844K 129M ppp0_fwd 0 -- ppp0 * 0.0.0.0/0 0.0.0.0/0
836K 127M eth1_fwd 0 -- eth1 * 0.0.0.0/0 0.0.0.0/0
1733 825K eth2_fwd 0 -- eth2 * 0.0.0.0/0 0.0.0.0/0
0 0 eth0_fwd 0 -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 Reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 4 prefix `Shorewall:FORWARD:REJECT:'
0 0 reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
27 1440 ACCEPT 0 -- * lo 0.0.0.0/0 0.0.0.0/0
37377 4071K fw2net 0 -- * ppp0 0.0.0.0/0 0.0.0.0/0
policy match dir out pol none
41457 37M fw2loc 0 -- * eth1 0.0.0.0/0 0.0.0.0/0
policy match dir out pol none
11874 17M fw2dmz 0 -- * eth2 0.0.0.0/0 0.0.0.0/0
policy match dir out pol none
5 200 fw2modem 0 -- * eth0 0.0.0.0/0 0.0.0.0/0
policy match dir out pol none
0 0 Reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:OUTPUT:REJECT:'
0 0 reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain Drop (1 references)
pkts bytes target prot opt in out source destination
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:113
0 0 dropBcast 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 3 code 4
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 11
0 0 dropInvalid 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,445
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:137:139
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:137 dpts:1024:65535
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,139,445
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1900
0 0 dropNotSyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:53
Chain Reject (9 references)
pkts bytes target prot opt in out source destination
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:113
90 5486 dropBcast 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 3 code 4
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 11
90 5486 dropInvalid 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,445
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:137:139
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:137 dpts:1024:65535
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,139,445
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1900
0 0 dropNotSyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:53
Chain all2all (4 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 Reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 4 prefix `Shorewall:all2all:REJECT:'
0 0 reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain dmz2all (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 Reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:dmz2all:REJECT:'
0 0 reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain dmz2fw (1 references)
pkts bytes target prot opt in out source destination
6029 350K ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 8
32 1920 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain dmz2loc (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 8
0 0 Reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:dmz2loc:REJECT:'
0 0 reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain dmz2net (1 references)
pkts bytes target prot opt in out source destination
1569 815K ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
25 1498 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:53
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:53
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 8
139 8260 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain dropBcast (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
PKTTYPE = broadcast
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
PKTTYPE = multicast
Chain dropInvalid (2 references)
pkts bytes target prot opt in out source destination
5 200 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID
Chain dropNotSyn (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:!0x17/0x02
Chain dynamic (8 references)
pkts bytes target prot opt in out source destination
Chain eth0_fwd (1 references)
pkts bytes target prot opt in out source destination
0 0 dynamic 0 -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
0 0 all2all 0 -- * ppp0 0.0.0.0/0 0.0.0.0/0
policy match dir out pol none
0 0 all2all 0 -- * eth1 0.0.0.0/0 0.0.0.0/0
policy match dir out pol none
0 0 all2all 0 -- * eth2 0.0.0.0/0 0.0.0.0/0
policy match dir out pol none
Chain eth0_in (1 references)
pkts bytes target prot opt in out source destination
0 0 dynamic 0 -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
0 0 all2all 0 -- * * 0.0.0.0/0 0.0.0.0/0
policy match dir in pol none
Chain eth1_fwd (1 references)
pkts bytes target prot opt in out source destination
17755 1468K dynamic 0 -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
836K 127M loc2net 0 -- * ppp0 0.0.0.0/0 0.0.0.0/0
policy match dir out pol none
0 0 loc2dmz 0 -- * eth2 0.0.0.0/0 0.0.0.0/0
policy match dir out pol none
85 5286 loc2modem 0 -- * eth0 0.0.0.0/0 0.0.0.0/0
policy match dir out pol none
Chain eth1_in (1 references)
pkts bytes target prot opt in out source destination
1034 62124 dynamic 0 -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
32661 3997K loc2fw 0 -- * * 0.0.0.0/0 0.0.0.0/0
policy match dir in pol none
Chain eth2_fwd (1 references)
pkts bytes target prot opt in out source destination
164 9758 dynamic 0 -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
1733 825K dmz2net 0 -- * ppp0 0.0.0.0/0 0.0.0.0/0
policy match dir out pol none
0 0 dmz2loc 0 -- * eth1 0.0.0.0/0 0.0.0.0/0
policy match dir out pol none
0 0 dmz2all 0 -- * eth0 0.0.0.0/0 0.0.0.0/0
policy match dir out pol none
Chain eth2_in (1 references)
pkts bytes target prot opt in out source destination
32 1920 dynamic 0 -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
6061 352K dmz2fw 0 -- * * 0.0.0.0/0 0.0.0.0/0
policy match dir in pol none
Chain fw2all (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
5 200 Reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:fw2all:REJECT:'
0 0 reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain fw2dmz (1 references)
pkts bytes target prot opt in out source destination
11874 17M ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain fw2loc (1 references)
pkts bytes target prot opt in out source destination
41443 37M ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
14 580 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain fw2modem (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:80
5 200 fw2all 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain fw2net (1 references)
pkts bytes target prot opt in out source destination
35088 3932K ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
225 14632 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:53
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:53
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
2064 124K ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain loc2all (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
85 5286 Reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
85 5286 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:loc2all:REJECT:'
85 5286 reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain loc2dmz (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:22
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 8
0 0 ACCEPT tcp -- * * 0.0.0.0/0
192.168.20.1 tcp dpt:80 ctorigdst 86.192.32.248
0 0 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain loc2fw (1 references)
pkts bytes target prot opt in out source destination
31627 3935K ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:22
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 8
950 56896 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:3128
84 5228 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain loc2modem (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:80
85 5286 loc2all 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain loc2net (1 references)
pkts bytes target prot opt in out source destination
818K 125M ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
17670 1462K ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain logdrop (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:logdrop:DROP:'
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain logreject (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:logreject:REJECT:'
0 0 reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain net2all (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 Drop 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 4 prefix `Shorewall:net2all:DROP:'
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain net2dmz (1 references)
pkts bytes target prot opt in out source destination
1516 111K ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
8 396 ACCEPT tcp -- * * 0.0.0.0/0
192.168.20.1 tcp dpt:80 ctorigdst 86.192.32.248
2 88 ACCEPT tcp -- * * 0.0.0.0/0
192.168.20.1 tcp dpt:443 ctorigdst 86.192.32.248
0 0 ACCEPT tcp -- * * 0.0.0.0/0
192.168.20.1 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0
192.168.20.1 tcp dpt:110
0 0 ACCEPT tcp -- * * 0.0.0.0/0
192.168.20.1 tcp dpt:25
0 0 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain net2fw (1 references)
pkts bytes target prot opt in out source destination
43816 51M ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
17 636 reject icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 8
8 392 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:22
2 80 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:113
2069 291K ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain net2loc (1 references)
pkts bytes target prot opt in out source destination
842K 129M ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 Reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:net2loc:REJECT:'
0 0 reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain ppp0_fwd (1 references)
pkts bytes target prot opt in out source destination
10 484 dynamic 0 -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
842K 129M net2loc 0 -- * eth1 0.0.0.0/0 0.0.0.0/0
policy match dir out pol none
1526 111K net2dmz 0 -- * eth2 0.0.0.0/0 0.0.0.0/0
policy match dir out pol none
0 0 net2all 0 -- * eth0 0.0.0.0/0 0.0.0.0/0
policy match dir out pol none
Chain ppp0_in (1 references)
pkts bytes target prot opt in out source destination
2096 292K dynamic 0 -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
45912 51M net2fw 0 -- * * 0.0.0.0/0 0.0.0.0/0
policy match dir in pol none
Chain reject (19 references)
pkts bytes target prot opt in out source destination
0 0 DROP 0 -- * * 255.255.255.255 0.0.0.0/0
0 0 DROP 0 -- * * 224.0.0.0/4 0.0.0.0/0
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
PKTTYPE = broadcast
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
PKTTYPE = multicast
0 0 DROP 0 -- * * 255.255.255.255 0.0.0.0/0
0 0 DROP 0 -- * * 224.0.0.0/4 0.0.0.0/0
10 472 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with tcp-reset
85 5286 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-port-unreachable
17 636 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-unreachable
0 0 REJECT 0 -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-prohibited
Chain shorewall (0 references)
pkts bytes target prot opt in out source destination
Chain smurfs (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG 0 -- * * 192.168.1.255 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'
0 0 DROP 0 -- * * 192.168.1.255 0.0.0.0/0
0 0 LOG 0 -- * * 255.255.255.255 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'
0 0 DROP 0 -- * * 255.255.255.255 0.0.0.0/0
0 0 LOG 0 -- * * 224.0.0.0/4 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'
0 0 DROP 0 -- * * 224.0.0.0/4 0.0.0.0/0
Log (/var/log/messages)
NAT Table
Chain PREROUTING (policy ACCEPT 117K packets, 33M bytes)
pkts bytes target prot opt in out source destination
1922 280K net_dnat 0 -- ppp0 * 0.0.0.0/0 0.0.0.0/0
policy match dir in pol none
115K 32M loc_dnat 0 -- eth1 * 0.0.0.0/0 0.0.0.0/0
policy match dir in pol none
Chain POSTROUTING (policy ACCEPT 2214 packets, 134K bytes)
pkts bytes target prot opt in out source destination
18398 1471K ppp0_masq 0 -- * ppp0 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 2194 packets, 133K bytes)
pkts bytes target prot opt in out source destination
Chain loc_dnat (1 references)
pkts bytes target prot opt in out source destination
0 0 DNAT tcp -- * * 0.0.0.0/0
86.192.32.248 tcp dpt:80 to:192.168.20.1
24 1440 REDIRECT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:80 redir ports 3128
Chain net_dnat (1 references)
pkts bytes target prot opt in out source destination
8 388 DNAT tcp -- * * 0.0.0.0/0
86.192.32.248 tcp dpt:80 to:192.168.20.1
2 80 DNAT tcp -- * * 0.0.0.0/0
86.192.32.248 tcp dpt:443 to:192.168.20.1
Chain ppp0_masq (1 references)
pkts bytes target prot opt in out source destination
16049 1329K MASQUERADE 0 -- * * 192.168.10.0/24 0.0.0.0/0
policy match dir out pol none
158 9494 MASQUERADE 0 -- * * 192.168.20.0/24 0.0.0.0/0
policy match dir out pol none
0 0 MASQUERADE 0 -- * * 192.168.1.0/24 0.0.0.0/0
policy match dir out pol none
Mangle Table
Chain PREROUTING (policy ACCEPT 1863K packets, 343M bytes)
pkts bytes target prot opt in out source destination
1863K 343M tcpre 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain INPUT (policy ACCEPT 84661 packets, 55M bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 1681K packets, 257M bytes)
pkts bytes target prot opt in out source destination
1681K 257M tcfor 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 220K packets, 147M bytes)
pkts bytes target prot opt in out source destination
90740 59M tcout 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain POSTROUTING (policy ACCEPT 1772K packets, 315M bytes)
pkts bytes target prot opt in out source destination
1772K 315M tcpost 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain tcfor (1 references)
pkts bytes target prot opt in out source destination
Chain tcout (1 references)
pkts bytes target prot opt in out source destination
Chain tcpost (1 references)
pkts bytes target prot opt in out source destination
Chain tcpre (1 references)
pkts bytes target prot opt in out source destination
Conntrack Table
tcp 6 341571 ESTABLISHED src=192.168.10.4 dst=87.248.165.105 sport=4614
dport=22700 packets=20 bytes=1249 src=87.248.165.105 dst=86.192.32.248
sport=22700 dport=4614 packets=28 bytes=1839 [ASSURED] mark=0 use=1
tcp 6 341796 ESTABLISHED src=192.168.10.4 dst=86.69.159.53 sport=2078
dport=13604 packets=17 bytes=1206 src=86.69.159.53 dst=86.192.32.248
sport=13604 dport=2078 packets=19 bytes=1460 [ASSURED] mark=0 use=1
udp 17 17 src=192.168.10.2 dst=24.225.19.110 sport=14858 dport=17346
packets=1 bytes=130 src=24.225.19.110 dst=86.192.32.248 sport=17346 dport=14858
packets=1 bytes=62 mark=0 use=1
tcp 6 30 TIME_WAIT src=192.168.10.2 dst=192.168.1.1 sport=2707 dport=3128
packets=14 bytes=1229 src=192.168.1.1 dst=192.168.10.2 sport=3128 dport=2707
packets=14 bytes=14523 [ASSURED] mark=0 use=1
tcp 6 61 TIME_WAIT src=86.192.32.248 dst=12.130.50.206 sport=1871 dport=80
packets=28 bytes=1821 src=12.130.50.206 dst=86.192.32.248 sport=80 dport=1871
packets=28 bytes=37193 [ASSURED] mark=0 use=1
udp 17 7 src=192.168.10.2 dst=81.65.10.107 sport=14858 dport=31954
packets=1 bytes=126 src=81.65.10.107 dst=86.192.32.248 sport=31954 dport=14858
packets=1 bytes=57 mark=0 use=1
tcp 6 431906 ESTABLISHED src=86.192.32.248 dst=69.84.128.38 sport=2453
dport=80 packets=4 bytes=685 src=69.84.128.38 dst=86.192.32.248 sport=80
dport=2453 packets=2 bytes=974 [ASSURED] mark=0 use=1
tcp 6 431909 ESTABLISHED src=86.192.32.248 dst=32.107.37.11 sport=2465
dport=80 packets=7 bytes=1041 src=32.107.37.11 dst=86.192.32.248 sport=80
dport=2465 packets=6 bytes=3639 [ASSURED] mark=0 use=1
udp 17 105 src=86.192.32.248 dst=80.10.246.130 sport=1026 dport=53
packets=5 bytes=330 src=80.10.246.130 dst=86.192.32.248 sport=53 dport=1026
packets=5 bytes=534 [ASSURED] mark=0 use=1
udp 17 27 src=192.168.10.2 dst=72.25.96.9 sport=14858 dport=44752
packets=1 bytes=128 src=72.25.96.9 dst=86.192.32.248 sport=44752 dport=14858
packets=1 bytes=48 mark=0 use=1
tcp 6 118 TIME_WAIT src=192.168.10.2 dst=192.168.1.1 sport=2706 dport=3128
packets=93 bytes=8468 src=192.168.1.1 dst=192.168.10.2 sport=3128 dport=2706
packets=112 bytes=108832 [ASSURED] mark=0 use=1
tcp 6 47 TIME_WAIT src=86.192.32.248 dst=206.124.146.177 sport=4625
dport=80 packets=6 bytes=786 src=206.124.146.177 dst=86.192.32.248 sport=80
dport=4625 packets=4 bytes=439 [ASSURED] mark=0 use=1
tcp 6 431965 ESTABLISHED src=192.168.10.2 dst=24.71.0.91 sport=3623
dport=12779 packets=45 bytes=3135 src=24.71.0.91 dst=86.192.32.248 sport=12779
dport=3623 packets=40 bytes=4674 [ASSURED] mark=0 use=1
tcp 6 30 TIME_WAIT src=86.192.32.248 dst=217.70.177.48 sport=3933 dport=80
packets=6 bytes=912 src=217.70.177.48 dst=86.192.32.248 sport=80 dport=3933
packets=5 bytes=601 [ASSURED] mark=0 use=1
udp 17 130 src=192.168.10.2 dst=82.46.39.173 sport=14858 dport=54242
packets=2 bytes=114 src=82.46.39.173 dst=86.192.32.248 sport=54242 dport=14858
packets=2 bytes=156 [ASSURED] mark=0 use=1
udp 17 9 src=192.168.10.2 dst=81.164.80.33 sport=14858 dport=12969
packets=2 bytes=214 [UNREPLIED] src=81.164.80.33 dst=86.192.32.248 sport=12969
dport=14858 packets=0 bytes=0 mark=0 use=1
tcp 6 46 TIME_WAIT src=86.192.32.248 dst=206.124.146.177 sport=2108
dport=80 packets=6 bytes=829 src=206.124.146.177 dst=86.192.32.248 sport=80
dport=2108 packets=4 bytes=439 [ASSURED] mark=0 use=1
IP Configuration
1: lo: <LOOPBACK,UP,10000> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth2: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:04:76:12:3e:75 brd ff:ff:ff:ff:ff:ff
inet 192.168.20.254/24 brd 192.168.20.255 scope global eth2
inet6 fe80::204:76ff:fe12:3e75/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:e0:29:3c:34:bd brd ff:ff:ff:ff:ff:ff
inet 192.168.10.254/24 brd 192.168.10.255 scope global eth1
inet6 fe80::2e0:29ff:fe3c:34bd/64 scope link
valid_lft forever preferred_lft forever
4: eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:80:c8:ec:92:b5 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.1/24 brd 192.168.1.255 scope global eth0
inet6 fe80::280:c8ff:feec:92b5/64 scope link
valid_lft forever preferred_lft forever
6: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,10000> mtu 1492 qdisc pfifo_fast qlen 3
link/ppp
inet 86.192.32.248 peer 193.253.160.3/32 scope global ppp0
IP Stats
1: lo: <LOOPBACK,UP,10000> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
RX: bytes packets errors dropped overrun mcast
63740 329 0 0 0 0
TX: bytes packets errors dropped carrier collsns
63740 329 0 0 0 0
2: eth2: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:04:76:12:3e:75 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
3665624 10532 0 0 0 0
TX: bytes packets errors dropped carrier collsns
17923341 15328 0 0 0 0
3: eth1: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:e0:29:3c:34:bd brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
246578426 1344862 0 0 0 0
TX: bytes packets errors dropped carrier collsns
302124968 1161647 0 0 0 8497
4: eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:80:c8:ec:92:b5 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
323652095 1212367 0 0 0 0
TX: bytes packets errors dropped carrier collsns
182278523 1156105 0 0 0 0
6: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,10000> mtu 1492 qdisc pfifo_fast qlen 3
link/ppp
RX: bytes packets errors dropped overrun mcast
203516191 924619 0 0 0 0
TX: bytes packets errors dropped carrier collsns
133726753 898566 0 0 0 0
/proc
/proc/version = Linux version 2.6.20.1 ([EMAIL PROTECTED]) (gcc version
4.1.2 20061115 (prerelease) (Debian 4.1.1-21)) #1 PREEMPT Thu Feb 22 18:29:25
CET 2007
/proc/sys/net/ipv4/ip_forward = 1
/proc/sys/net/ipv4/icmp_echo_ignore_all = 0
/proc/sys/net/ipv4/conf/all/proxy_arp = 0
/proc/sys/net/ipv4/conf/all/arp_filter = 0
/proc/sys/net/ipv4/conf/all/arp_ignore = 0
/proc/sys/net/ipv4/conf/all/rp_filter = 1
/proc/sys/net/ipv4/conf/all/log_martians = 0
/proc/sys/net/ipv4/conf/default/proxy_arp = 0
/proc/sys/net/ipv4/conf/default/arp_filter = 0
/proc/sys/net/ipv4/conf/default/arp_ignore = 0
/proc/sys/net/ipv4/conf/default/rp_filter = 1
/proc/sys/net/ipv4/conf/default/log_martians = 0
/proc/sys/net/ipv4/conf/eth0/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth0/arp_filter = 0
/proc/sys/net/ipv4/conf/eth0/arp_ignore = 0
/proc/sys/net/ipv4/conf/eth0/rp_filter = 0
/proc/sys/net/ipv4/conf/eth0/log_martians = 0
/proc/sys/net/ipv4/conf/eth1/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth1/arp_filter = 0
/proc/sys/net/ipv4/conf/eth1/arp_ignore = 0
/proc/sys/net/ipv4/conf/eth1/rp_filter = 0
/proc/sys/net/ipv4/conf/eth1/log_martians = 0
/proc/sys/net/ipv4/conf/eth2/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth2/arp_filter = 0
/proc/sys/net/ipv4/conf/eth2/arp_ignore = 0
/proc/sys/net/ipv4/conf/eth2/rp_filter = 0
/proc/sys/net/ipv4/conf/eth2/log_martians = 0
/proc/sys/net/ipv4/conf/lo/proxy_arp = 0
/proc/sys/net/ipv4/conf/lo/arp_filter = 0
/proc/sys/net/ipv4/conf/lo/arp_ignore = 0
/proc/sys/net/ipv4/conf/lo/rp_filter = 0
/proc/sys/net/ipv4/conf/lo/log_martians = 0
/proc/sys/net/ipv4/conf/ppp0/proxy_arp = 0
/proc/sys/net/ipv4/conf/ppp0/arp_filter = 0
/proc/sys/net/ipv4/conf/ppp0/arp_ignore = 0
/proc/sys/net/ipv4/conf/ppp0/rp_filter = 0
/proc/sys/net/ipv4/conf/ppp0/log_martians = 0
Routing Rules
0: from all lookup 255
32766: from all lookup main
32767: from all lookup default
Table 255:
local 192.168.1.1 dev eth0 proto kernel scope host src 192.168.1.1
local 86.192.32.248 dev ppp0 proto kernel scope host src 86.192.32.248
broadcast 192.168.1.0 dev eth0 proto kernel scope link src 192.168.1.1
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
local 192.168.10.254 dev eth1 proto kernel scope host src 192.168.10.254
broadcast 192.168.10.255 dev eth1 proto kernel scope link src 192.168.10.254
broadcast 192.168.20.255 dev eth2 proto kernel scope link src 192.168.20.254
local 192.168.20.254 dev eth2 proto kernel scope host src 192.168.20.254
broadcast 192.168.1.255 dev eth0 proto kernel scope link src 192.168.1.1
broadcast 192.168.10.0 dev eth1 proto kernel scope link src 192.168.10.254
broadcast 192.168.20.0 dev eth2 proto kernel scope link src 192.168.20.254
broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1
Table default:
Table main:
193.253.160.3 dev ppp0 proto kernel scope link src 86.192.32.248
192.168.20.0/24 dev eth2 proto kernel scope link src 192.168.20.254
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.1
192.168.10.0/24 dev eth1 proto kernel scope link src 192.168.10.254
default dev ppp0 scope link
ARP
? (192.168.1.254) at 00:0E:50:AA:B5:8A [ether] on eth0
? (192.168.10.2) at 00:80:C8:EC:94:29 [ether] on eth1
Modules
iptable_raw 1920 0
ipt_ULOG 8036 0
ipt_TTL 2272 0
ipt_ttl 1792 0
ipt_TOS 2144 0
ipt_tos 1536 0
ipt_SAME 2208 0
ipt_REJECT 4480 4
ipt_REDIRECT 2272 1
ipt_recent 9560 0
ipt_owner 1888 0
ipt_NETMAP 1888 0
ipt_MASQUERADE 3552 3
ipt_LOG 6688 15
ipt_iprange 1728 0
ipt_ECN 2912 0
ipt_ecn 2176 0
ipt_CLUSTERIP 8772 0
ipt_ah 1856 0
ipt_addrtype 1760 0
iptable_nat 7396 1
ipt_TCPMSS 3872 1
iptable_mangle 2720 1
iptable_filter 2880 1
ip_tables 12552 4
iptable_raw,iptable_nat,iptable_mangle,iptable_filter
Shorewall has detected the following iptables/netfilter capabilities:
NAT: Available
Packet Mangling: Available
Multi-port Match: Available
Extended Multi-port Match: Available
Connection Tracking Match: Available
Packet Type Match: Available
Policy Match: Available
Physdev Match: Available
Packet length Match: Available
IP range Match: Available
Recent Match: Available
Owner Match: Available
Ipset Match: Not available
CONNMARK Target: Available
Extended CONNMARK Target: Available
Connmark Match: Available
Extended Connmark Match: Available
Raw Table: Available
IPP2P Match: Not available
CLASSIFY Target: Available
Extended REJECT: Available
Repeat match: Available
MARK Target: Available
Extended MARK Target: Available
Mangle FORWARD Chain: Available
Traffic Control
Device eth2:
qdisc pfifo_fast 0: root bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
Sent 17913951 bytes 15328 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
Device eth1:
qdisc pfifo_fast 0: root bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
Sent 302002328 bytes 1161647 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
Device eth0:
qdisc pfifo_fast 0: root bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
Sent 182278523 bytes 1156105 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
Device ppp0:
qdisc pfifo_fast 0: root bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
Sent 133726699 bytes 898563 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
TC Filters
Device eth2:
Device eth1:
Device eth0:
Device ppp0:
1: lo: <LOOPBACK,UP,10000> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth2: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:04:76:12:3e:75 brd ff:ff:ff:ff:ff:ff
inet 192.168.20.254/24 brd 192.168.20.255 scope global eth2
inet6 fe80::204:76ff:fe12:3e75/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:e0:29:3c:34:bd brd ff:ff:ff:ff:ff:ff
inet 192.168.10.254/24 brd 192.168.10.255 scope global eth1
inet6 fe80::2e0:29ff:fe3c:34bd/64 scope link
valid_lft forever preferred_lft forever
4: eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:80:c8:ec:92:b5 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.1/24 brd 192.168.1.255 scope global eth0
inet6 fe80::280:c8ff:feec:92b5/64 scope link
valid_lft forever preferred_lft forever
6: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,10000> mtu 1492 qdisc pfifo_fast qlen 3
link/ppp
inet 86.192.32.248 peer 193.253.160.3/32 scope global ppp0
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
