Shorewall 3.4.3 Dump at ns1 - Tue May 15 12:04:18 MDT 2007

Chain INPUT (policy ACCEPT 1247 packets, 98115 bytes)
 pkts bytes target     prot opt in     out     source              
destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source              
destination         

Chain OUTPUT (policy ACCEPT 1340 packets, 173K bytes)
 pkts bytes target     prot opt in     out     source              
destination         

Log (/var/log/messages)


NAT Table

Chain PREROUTING (policy ACCEPT 34 packets, 9918 bytes)
 pkts bytes target     prot opt in     out     source              
destination         

Chain POSTROUTING (policy ACCEPT 287 packets, 17247 bytes)
 pkts bytes target     prot opt in     out     source              
destination         

Chain OUTPUT (policy ACCEPT 287 packets, 17247 bytes)
 pkts bytes target     prot opt in     out     source              
destination         

Mangle Table

Chain PREROUTING (policy ACCEPT 1247 packets, 98115 bytes)
 pkts bytes target     prot opt in     out     source              
destination         

Chain INPUT (policy ACCEPT 1247 packets, 98115 bytes)
 pkts bytes target     prot opt in     out     source              
destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source              
destination         

Chain OUTPUT (policy ACCEPT 1340 packets, 173K bytes)
 pkts bytes target     prot opt in     out     source              
destination         

Chain POSTROUTING (policy ACCEPT 1340 packets, 173K bytes)
 pkts bytes target     prot opt in     out     source              
destination         

Conntrack Table

tcp      6 431999 ESTABLISHED src=67.50.205.66 dst=208.187.196.76
sport=3348 dport=22 packets=215 bytes=20183 src=208.187.196.76
dst=67.50.205.66 sport=22 dport=3348 packets=258 bytes=21301 [ASSURED]
mark=0 secmark=0 use=1
udp      17 69 src=208.187.196.76 dst=208.187.180.2 sport=32770 dport=53
packets=2 bytes=139 src=208.187.180.2 dst=208.187.196.76 sport=53
dport=32770 packets=2 bytes=361 [ASSURED] mark=0 secmark=0 use=1

IP Configuration

1: eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen
1000
    link/ether 00:a0:c9:b6:56:96 brd ff:ff:ff:ff:ff:ff
    inet 208.187.196.76/28 brd 208.187.196.79 scope global eth0
2: lo: <LOOPBACK,UP,10000> mtu 16436 qdisc noqueue 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
3: teql0: <NOARP> mtu 1500 qdisc noop qlen 100
    link/void 
4: tunl0: <NOARP> mtu 1480 qdisc noop 
    link/ipip 0.0.0.0 brd 0.0.0.0

IP Stats

1: eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen
1000
    link/ether 00:a0:c9:b6:56:96 brd ff:ff:ff:ff:ff:ff
    RX: bytes  packets  errors  dropped overrun mcast   
    93501      909      0       0       0       0      
    TX: bytes  packets  errors  dropped carrier collsns 
    159097     837      0       0       0       0      
2: lo: <LOOPBACK,UP,10000> mtu 16436 qdisc noqueue 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    RX: bytes  packets  errors  dropped overrun mcast   
    26306      526      0       0       0       0      
    TX: bytes  packets  errors  dropped carrier collsns 
    26306      526      0       0       0       0      
3: teql0: <NOARP> mtu 1500 qdisc noop qlen 100
    link/void 
    RX: bytes  packets  errors  dropped overrun mcast   
    0          0        0       0       0       0      
    TX: bytes  packets  errors  dropped carrier collsns 
    0          0        0       0       0       0      
4: tunl0: <NOARP> mtu 1480 qdisc noop 
    link/ipip 0.0.0.0 brd 0.0.0.0
    RX: bytes  packets  errors  dropped overrun mcast   
    0          0        0       0       0       0      
    TX: bytes  packets  errors  dropped carrier collsns 
    0          0        0       0       0       0      

/proc

   /proc/version = Linux version 2.6.21.1 (root@ns1) (gcc version 4.1.2)
#1 SMP PREEMPT Tue May 15 06:57:04 MDT 2007
   /proc/sys/net/ipv4/ip_forward = 0
   /proc/sys/net/ipv4/icmp_echo_ignore_all = 0
   /proc/sys/net/ipv4/conf/all/proxy_arp = 0
   /proc/sys/net/ipv4/conf/all/arp_filter = 0
   /proc/sys/net/ipv4/conf/all/arp_ignore = 0
   /proc/sys/net/ipv4/conf/all/rp_filter = 0
   /proc/sys/net/ipv4/conf/all/log_martians = 0
   /proc/sys/net/ipv4/conf/default/proxy_arp = 0
   /proc/sys/net/ipv4/conf/default/arp_filter = 0
   /proc/sys/net/ipv4/conf/default/arp_ignore = 0
   /proc/sys/net/ipv4/conf/default/rp_filter = 0
   /proc/sys/net/ipv4/conf/default/log_martians = 0
   /proc/sys/net/ipv4/conf/eth0/proxy_arp = 0
   /proc/sys/net/ipv4/conf/eth0/arp_filter = 0
   /proc/sys/net/ipv4/conf/eth0/arp_ignore = 0
   /proc/sys/net/ipv4/conf/eth0/rp_filter = 0
   /proc/sys/net/ipv4/conf/eth0/log_martians = 0
   /proc/sys/net/ipv4/conf/lo/proxy_arp = 0
   /proc/sys/net/ipv4/conf/lo/arp_filter = 0
   /proc/sys/net/ipv4/conf/lo/arp_ignore = 0
   /proc/sys/net/ipv4/conf/lo/rp_filter = 0
   /proc/sys/net/ipv4/conf/lo/log_martians = 0
   /proc/sys/net/ipv4/conf/teql0/proxy_arp = 0
   /proc/sys/net/ipv4/conf/teql0/arp_filter = 0
   /proc/sys/net/ipv4/conf/teql0/arp_ignore = 0
   /proc/sys/net/ipv4/conf/teql0/rp_filter = 0
   /proc/sys/net/ipv4/conf/teql0/log_martians = 0
   /proc/sys/net/ipv4/conf/tunl0/proxy_arp = 0
   /proc/sys/net/ipv4/conf/tunl0/arp_filter = 0
   /proc/sys/net/ipv4/conf/tunl0/arp_ignore = 0
   /proc/sys/net/ipv4/conf/tunl0/rp_filter = 0
   /proc/sys/net/ipv4/conf/tunl0/log_martians = 0

Routing Rules

0:	from all lookup local 
32766:	from all lookup main 
32767:	from all lookup default 

Table default:


Table local:

broadcast 127.255.255.255 dev lo  proto kernel  scope link  src 127.0.0.1
broadcast 208.187.196.64 dev eth0  proto kernel  scope link  src
208.187.196.76 
local 208.187.196.76 dev eth0  proto kernel  scope host  src
208.187.196.76 
broadcast 208.187.196.79 dev eth0  proto kernel  scope link  src
208.187.196.76 
broadcast 127.0.0.0 dev lo  proto kernel  scope link  src 127.0.0.1 
local 127.0.0.1 dev lo  proto kernel  scope host  src 127.0.0.1 
local 127.0.0.0/8 dev lo  proto kernel  scope host  src 127.0.0.1 

Table main:

208.187.196.64/28 dev eth0  proto kernel  scope link  src 208.187.196.76
127.0.0.0/8 dev lo  scope link 
default via 208.187.196.65 dev eth0 

ARP

? (208.187.196.65) at 00:14:BF:82:0F:79 [ether] on eth0

Modules


Shorewall has detected the following iptables/netfilter capabilities:
   NAT: Available
   Packet Mangling: Available
   Multi-port Match: Available
   Extended Multi-port Match: Available
   Connection Tracking Match: Available
   Packet Type Match: Available
   Policy Match: Available
   Physdev Match: Available
   Packet length Match: Available
   IP range Match: Available
   Recent Match: Available
   Owner Match: Available
   Ipset Match: Not available
   CONNMARK Target: Available
   Extended CONNMARK Target: Available
   Connmark Match: Available
   Extended Connmark Match: Available
   Raw Table: Available
   IPP2P Match: Not available
   CLASSIFY Target: Available
   Extended REJECT: Available
   Repeat match: Available
   MARK Target: Available
   Extended MARK Target: Available
   Mangle FORWARD Chain: Available
   Comments: Available
   Address Type Match: Available

Traffic Control

Device eth0:
qdisc pfifo_fast 0: root bands 3 priomap  1 2 2 2 1 2 0 0 1 1 1 1 1 1 1
1
 Sent 159097 bytes 837 pkt (dropped 0, overlimits 0 requeues 0) 
 rate 0bit 0pps backlog 0b 0p requeues 0 


TC Filters

Device eth0: