Hi all,

 

I finally got my IPSec tunnel from my Fedora firewall system (running
Shorewall 4.0.6) to a remote Draytek Router up-and-running, but I'm having
difficulties directing traffic through the tunnel. From the output of
"racoon -F -f racoon.conf" and the connection status page of the Draytek I
can tell the tunnel is UP, but ping and traceroute requests to several hosts
from and to both directions fail and also tcpdump reveals no traffic going
through. Maybe that's because of my limited knowledge of tcpdump or because
of some missing routing entries (or both), but I sure could use someone
helping me in the right direction.

 

SHOREWALL SHOW output is attached; IP ADRR SHOW and IP ROUTE SHOW output
are:

 

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

    inet 127.0.0.1/8 scope host lo

    inet6 ::1/128 scope host

       valid_lft forever preferred_lft forever

2: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen
1000

    link/ether 00:10:18:30:53:1c brd ff:ff:ff:ff:ff:ff

    inet 192.168.0.254/24 brd 192.168.0.255 scope global eth2

    inet6 fe80::210:18ff:fe30:531c/64 scope link

       valid_lft forever preferred_lft forever

3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen
1000

    link/ether 00:19:b9:f2:f9:62 brd ff:ff:ff:ff:ff:ff

    inet 192.168.6.254/24 brd 192.168.6.255 scope global eth1

    inet6 fe80::219:b9ff:fef2:f962/64 scope link

       valid_lft forever preferred_lft forever

4: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen
1000

    link/ether 00:19:b9:f2:f9:60 brd ff:ff:ff:ff:ff:ff

    inet 212.115.197.253/29 brd 212.115.197.255 scope global eth0

    inet6 fe80::219:b9ff:fef2:f960/64 scope link

       valid_lft forever preferred_lft forever

 

212.115.197.248/29 dev eth0  proto kernel  scope link  src 212.115.197.253

192.168.6.0/24 dev eth1  proto kernel  scope link  src 192.168.6.254

192.168.21.0/24 dev eth0  scope link

192.168.0.0/24 dev eth2  proto kernel  scope link  src 192.168.0.254

169.254.0.0/16 dev eth2  scope link

default via 212.115.197.254 dev eth0

 

TIA

Wouter

 

Shorewall 4.0.6 filter Table at omilia.zesgoes.local - Mon Jul  7 12:28:02 CEST 
2008

Counters reset Mon Jul  7 11:05:49 CEST 2008

Chain INPUT (policy DROP 2 packets, 156 bytes)
 pkts bytes target     prot opt in     out     source               destination
  120 10946 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0
 3121 3035K eth0_in    all  --  eth0   *       0.0.0.0/0            0.0.0.0/0
 1886  370K eth1_in    all  --  eth1   *       0.0.0.0/0            0.0.0.0/0
15664 1537K eth2_in    all  --  eth2   *       0.0.0.0/0            0.0.0.0/0
    0     0 ipsec0_in  all  --  ipsec0 *       0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        state RELATED,ESTABLISHED
    6   468 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0
    6   468 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        LOG flags 0 level 6 prefix `Shorewall:INPUT:REJECT:'
    6   468 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
80687   40M eth0_fwd   all  --  eth0   *       0.0.0.0/0            0.0.0.0/0
 775K  676M eth1_fwd   all  --  eth1   *       0.0.0.0/0            0.0.0.0/0
 509K  215M eth2_fwd   all  --  eth2   *       0.0.0.0/0            0.0.0.0/0
    0     0 ipsec0_fwd  all  --  ipsec0 *       0.0.0.0/0            0.0.0.0/0
    1    60 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        state RELATED,ESTABLISHED
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        LOG flags 0 level 6 prefix `Shorewall:FORWARD:REJECT:'
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
  120 10946 ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0
 2660  460K eth0_out   all  --  *      eth0    0.0.0.0/0            0.0.0.0/0
 2960 2861K eth1_out   all  --  *      eth1    0.0.0.0/0            0.0.0.0/0
 2496 1037K eth2_out   all  --  *      eth2    0.0.0.0/0            0.0.0.0/0
    0     0 ipsec0_out  all  --  *      ipsec0  0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        state RELATED,ESTABLISHED
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        LOG flags 0 level 6 prefix `Shorewall:OUTPUT:REJECT:'
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain Drop (1 references)
 pkts bytes target     prot opt in     out     source               destination
    3   180 reject     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
        tcp dpt:113
   86 10498 dropBcast  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0   
        icmp type 3 code 4
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0   
        icmp type 11
   77  6763 dropInvalid  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0   
        udp dpt:1900
   10   540 dropNotSyn  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0   
        udp spt:53

Chain Reject (4 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 reject     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
        tcp dpt:113
  348  303K dropBcast  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0   
        icmp type 3 code 4
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0   
        icmp type 11
  348  303K dropInvalid  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0   
        udp dpt:1900
  197  287K dropNotSyn  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0   
        udp spt:53

Chain all2all (8 references)
 pkts bytes target     prot opt in     out     source               destination
 5114 3596K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        state RELATED,ESTABLISHED
  342  302K Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0
  151 15894 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        LOG flags 0 level 6 prefix `Shorewall:all2all:REJECT:'
  151 15894 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain dropBcast (2 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        PKTTYPE = broadcast
    9  3735 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        PKTTYPE = multicast

Chain dropInvalid (2 references)
 pkts bytes target     prot opt in     out     source               destination
   38  3817 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        state INVALID

Chain dropNotSyn (2 references)
 pkts bytes target     prot opt in     out     source               destination
  193  287K DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
        tcp flags:!0x17/0x02

Chain dynamic (8 references)
 pkts bytes target     prot opt in     out     source               destination

Chain eth0_fwd (1 references)
 pkts bytes target     prot opt in     out     source               destination
 1810 94480 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        state INVALID,NEW
    0     0 inet2all   all  --  *      ipsec0  0.0.0.0/0            10.0.0.0/24 
        policy match dir out pol ipsec mode tunnel
    0     0 inet2all   all  --  *      ipsec0  0.0.0.0/0            
192.168.21.0/24     policy match dir out pol ipsec mode tunnel
80679   40M inet2loc6  all  --  *      eth1    0.0.0.0/0            0.0.0.0/0   
        policy match dir out pol none
    7  5676 inet2all   all  --  *      eth2    0.0.0.0/0            0.0.0.0/0   
        policy match dir out pol none

Chain eth0_in (1 references)
 pkts bytes target     prot opt in     out     source               destination
  153 22830 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        state INVALID,NEW
 3115 3034K inet2fw    all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        policy match dir in pol none

Chain eth0_out (1 references)
 pkts bytes target     prot opt in     out     source               destination
 2660  460K fw2inet    all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        policy match dir out pol none

Chain eth1_fwd (1 references)
 pkts bytes target     prot opt in     out     source               destination
 3878  262K dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        state INVALID,NEW
    0     0 loc62vpn1  all  --  *      ipsec0  0.0.0.0/0            10.0.0.0/24 
        policy match dir out pol ipsec mode tunnel
    0     0 loc62vpn21  all  --  *      ipsec0  0.0.0.0/0            
192.168.21.0/24     policy match dir out pol ipsec mode tunnel
94711   72M loc62inet  all  --  *      eth0    0.0.0.0/0            0.0.0.0/0   
        policy match dir out pol none
 681K  604M loc62loc7  all  --  *      eth2    0.0.0.0/0            0.0.0.0/0   
        policy match dir out pol none

Chain eth1_in (1 references)
 pkts bytes target     prot opt in     out     source               destination
  130 10360 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        state INVALID,NEW
 1886  370K loc62fw    all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        policy match dir in pol none

Chain eth1_out (1 references)
 pkts bytes target     prot opt in     out     source               destination
 2960 2861K all2all    all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        policy match dir out pol none

Chain eth2_fwd (1 references)
 pkts bytes target     prot opt in     out     source               destination
 3353  170K dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        state INVALID,NEW
    0     0 loc72vpn1  all  --  *      ipsec0  0.0.0.0/0            10.0.0.0/24 
        policy match dir out pol ipsec mode tunnel
    0     0 loc72vpn21  all  --  *      ipsec0  0.0.0.0/0            
192.168.21.0/24     policy match dir out pol ipsec mode tunnel
   10  1608 loc72inet  all  --  *      eth0    0.0.0.0/0            0.0.0.0/0   
        policy match dir out pol none
 509K  215M loc72loc6  all  --  *      eth1    0.0.0.0/0            0.0.0.0/0   
        policy match dir out pol none

Chain eth2_in (1 references)
 pkts bytes target     prot opt in     out     source               destination
13538 1351K dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        state INVALID,NEW
15664 1537K loc72fw    all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        policy match dir in pol none

Chain eth2_out (1 references)
 pkts bytes target     prot opt in     out     source               destination
 2496 1037K all2all    all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        policy match dir out pol none

Chain fw2inet (1 references)
 pkts bytes target     prot opt in     out     source               destination
 2429  442K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        state RELATED,ESTABLISHED
  120  7200 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
        tcp dpt:80
    0     0 ACCEPT     esp  --  *      *       0.0.0.0/0            
86.82.197.197
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            
86.82.197.197       udp dpt:500 state NEW
    0     0 ACCEPT     esp  --  *      *       0.0.0.0/0            92.64.158.73
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            
92.64.158.73        udp dpt:500 state NEW
    0     0 ACCEPT     esp  --  *      *       0.0.0.0/0            
82.176.160.188
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            
82.176.160.188      udp dpt:500 state NEW
  111 11252 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain fw2vpn1 (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        state RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain inet2all (5 references)
 pkts bytes target     prot opt in     out     source               destination
    7  5676 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        state RELATED,ESTABLISHED
   89 10678 Drop       all  --  *      *       0.0.0.0/0            0.0.0.0/0
   37  2842 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        LOG flags 0 level 6 prefix `Shorewall:inet2all:DROP:'
   37  2842 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain inet2fw (1 references)
 pkts bytes target     prot opt in     out     source               destination
 2968 3012K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        state RELATED,ESTABLISHED
    0     0 ACCEPT     esp  --  *      *       86.82.197.197        0.0.0.0/0
    0     0 ACCEPT     udp  --  *      *       86.82.197.197        0.0.0.0/0   
        udp dpt:500 state NEW
   15  1880 ACCEPT     esp  --  *      *       92.64.158.73         0.0.0.0/0
   43  9804 ACCEPT     udp  --  *      *       92.64.158.73         0.0.0.0/0   
        udp dpt:500 state NEW
    0     0 ACCEPT     esp  --  *      *       82.176.160.188       0.0.0.0/0
    0     0 ACCEPT     udp  --  *      *       82.176.160.188       0.0.0.0/0   
        udp dpt:500 state NEW
   89 10678 inet2all   all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain inet2loc6 (1 references)
 pkts bytes target     prot opt in     out     source               destination
78869   40M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        state RELATED,ESTABLISHED
  784 41968 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.6.1 
        tcp dpt:25
  614 29712 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.6.1 
        tcp dpt:143
  412 22800 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.6.1 
        tcp dpt:110
    0     0 inet2all   all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain ipsec0_fwd (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        state INVALID,NEW
    0     0 vpn1_frwd  all  --  *      *       10.0.0.0/24          0.0.0.0/0   
        policy match dir in pol ipsec mode tunnel
    0     0 vpn21_frwd  all  --  *      *       192.168.21.0/24      0.0.0.0/0  
         policy match dir in pol ipsec mode tunnel

Chain ipsec0_in (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        state INVALID,NEW
    0     0 vpn12fw    all  --  *      *       10.0.0.0/24          0.0.0.0/0   
        policy match dir in pol ipsec mode tunnel
    0     0 vpn212fw   all  --  *      *       192.168.21.0/24      0.0.0.0/0   
        policy match dir in pol ipsec mode tunnel

Chain ipsec0_out (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 fw2vpn1    all  --  *      *       0.0.0.0/0            10.0.0.0/24 
        policy match dir out pol ipsec mode tunnel
    0     0 all2all    all  --  *      *       0.0.0.0/0            
192.168.21.0/24     policy match dir out pol ipsec mode tunnel

Chain loc62fw (1 references)
 pkts bytes target     prot opt in     out     source               destination
 1756  360K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        state RELATED,ESTABLISHED
  103  5428 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
        tcp dpt:3128
   27  4932 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain loc62inet (1 references)
 pkts bytes target     prot opt in     out     source               destination
93861   72M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        state RELATED,ESTABLISHED
  850 55764 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain loc62loc7 (1 references)
 pkts bytes target     prot opt in     out     source               destination
 678K  604M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        state RELATED,ESTABLISHED
 3028  206K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain loc62vpn1 (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        state RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain loc62vpn21 (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        state RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain loc72fw (1 references)
 pkts bytes target     prot opt in     out     source               destination
 2126  187K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        state RELATED,ESTABLISHED
   31  1500 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
        tcp dpt:3128
13507 1349K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain loc72inet (1 references)
 pkts bytes target     prot opt in     out     source               destination
    9  1560 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        state RELATED,ESTABLISHED
    1    48 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain loc72loc6 (1 references)
 pkts bytes target     prot opt in     out     source               destination
 506K  215M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        state RELATED,ESTABLISHED
 3352  170K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain loc72vpn1 (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        state RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain loc72vpn21 (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        state RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain logdrop (0 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        LOG flags 0 level 6 prefix `Shorewall:logdrop:DROP:'
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain logreject (0 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        LOG flags 0 level 6 prefix `Shorewall:logreject:REJECT:'
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain reject (7 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        PKTTYPE = broadcast
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        PKTTYPE = multicast
    0     0 DROP       all  --  *      *       212.115.197.247      0.0.0.0/0
    0     0 DROP       all  --  *      *       192.168.6.255        0.0.0.0/0
    0     0 DROP       all  --  *      *       192.168.0.255        0.0.0.0/0
    0     0 DROP       all  --  *      *       255.255.255.255      0.0.0.0/0
    0     0 DROP       all  --  *      *       224.0.0.0/4          0.0.0.0/0
    9   540 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
        reject-with tcp-reset
  144 15754 REJECT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0   
        reject-with icmp-port-unreachable
    0     0 REJECT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0   
        reject-with icmp-host-unreachable
    7   248 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        reject-with icmp-host-prohibited

Chain shorewall (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain smurfs (0 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 LOG        all  --  *      *       212.115.197.247      0.0.0.0/0   
        LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'
    0     0 DROP       all  --  *      *       212.115.197.247      0.0.0.0/0
    0     0 LOG        all  --  *      *       192.168.6.255        0.0.0.0/0   
        LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'
    0     0 DROP       all  --  *      *       192.168.6.255        0.0.0.0/0
    0     0 LOG        all  --  *      *       192.168.0.255        0.0.0.0/0   
        LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'
    0     0 DROP       all  --  *      *       192.168.0.255        0.0.0.0/0
    0     0 LOG        all  --  *      *       255.255.255.255      0.0.0.0/0   
        LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'
    0     0 DROP       all  --  *      *       255.255.255.255      0.0.0.0/0
    0     0 LOG        all  --  *      *       224.0.0.0/4          0.0.0.0/0   
        LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'
    0     0 DROP       all  --  *      *       224.0.0.0/4          0.0.0.0/0

Chain vpn12fw (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 TCPMSS     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
        tcp flags:0x06/0x02 tcpmss match 1440:65535 TCPMSS set 1440
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        state RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain vpn12inet (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 TCPMSS     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
        tcp flags:0x06/0x02 tcpmss match 1440:65535 TCPMSS set 1440
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        state RELATED,ESTABLISHED
    0     0 all2all    all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain vpn12loc6 (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 TCPMSS     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
        tcp flags:0x06/0x02 tcpmss match 1440:65535 TCPMSS set 1440
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        state RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain vpn12loc7 (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 TCPMSS     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
        tcp flags:0x06/0x02 tcpmss match 1440:65535 TCPMSS set 1440
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        state RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain vpn12vpn1 (0 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 TCPMSS     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
        tcp flags:0x06/0x02 tcpmss match 1440:65535 TCPMSS set 1440
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        state RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain vpn12vpn21 (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 TCPMSS     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
        tcp flags:0x06/0x02 tcpmss match 1440:65535 TCPMSS set 1440
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        state RELATED,ESTABLISHED
    0     0 all2all    all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain vpn1_frwd (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 vpn12vpn21  all  --  *      ipsec0  0.0.0.0/0            
192.168.21.0/24     policy match dir out pol ipsec mode tunnel
    0     0 vpn12inet  all  --  *      eth0    0.0.0.0/0            0.0.0.0/0   
        policy match dir out pol none
    0     0 vpn12loc6  all  --  *      eth1    0.0.0.0/0            0.0.0.0/0   
        policy match dir out pol none
    0     0 vpn12loc7  all  --  *      eth2    0.0.0.0/0            0.0.0.0/0   
        policy match dir out pol none

Chain vpn212fw (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 TCPMSS     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
        tcp flags:0x06/0x02 tcpmss match 1440:65535 TCPMSS set 1440
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        state RELATED,ESTABLISHED
    0     0 all2all    all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain vpn212inet (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 TCPMSS     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
        tcp flags:0x06/0x02 tcpmss match 1440:65535 TCPMSS set 1440
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        state RELATED,ESTABLISHED
    0     0 all2all    all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain vpn212loc6 (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 TCPMSS     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
        tcp flags:0x06/0x02 tcpmss match 1440:65535 TCPMSS set 1440
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        state RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain vpn212loc7 (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 TCPMSS     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
        tcp flags:0x06/0x02 tcpmss match 1440:65535 TCPMSS set 1440
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        state RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain vpn212vpn1 (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 TCPMSS     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
        tcp flags:0x06/0x02 tcpmss match 1440:65535 TCPMSS set 1440
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        state RELATED,ESTABLISHED
    0     0 all2all    all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain vpn212vpn21 (0 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 TCPMSS     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
        tcp flags:0x06/0x02 tcpmss match 1440:65535 TCPMSS set 1440
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        state RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain vpn21_frwd (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 vpn212vpn1  all  --  *      ipsec0  0.0.0.0/0            
10.0.0.0/24         policy match dir out pol ipsec mode tunnel
    0     0 vpn212inet  all  --  *      eth0    0.0.0.0/0            0.0.0.0/0  
         policy match dir out pol none
    0     0 vpn212loc6  all  --  *      eth1    0.0.0.0/0            0.0.0.0/0  
         policy match dir out pol none
    0     0 vpn212loc7  all  --  *      eth2    0.0.0.0/0            0.0.0.0/0  
         policy match dir out pol none



-------------------------------------------------------------------------
Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW!
Studies have shown that voting for your favorite open source project,
along with a healthy diet, reduces your potential for chronic lameness
and boredom. Vote Now at http://www.sourceforge.net/community/cca08
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to