I've attached the dump as a text file.
Best Wishes
Linda
> We certainly would need a shorewall dump to figure this out.
>
> Prasanna.
>
> On Fri, Nov 7, 2008 at 12:33 PM, <[EMAIL PROTECTED]> wrote:
>> I've blocked an IP-range in my blacklist-file. The row in the file looks
>> like this:
>> 88.191.0.0/16
>>
>> This should block any and all traffic from addresses in the range
>> 88.191.0.0-88.191.255.255 but they still get through to perform brute
>> force attacks on my SSH server.
>>
>> Here's an example from my auth.log for yesterday:
>> Nov 4 20:14:39 dolly sshd[3532]: Invalid user ttf from 88.191.99.69
>> Nov 4 20:14:41 dolly sshd[3532]: Failed password for invalid user ttf
>> from 88.191.99.69 port 37898 ssh2
>>
>> Why is this, and how can I fix it?
>>
>> Best Wishes
>>
>> Linda
>>
>>
>> shorewall version: 4.2.1
>>
>> ip addr show:
>> 1: lo: <LOOPBACK,UP,10000> mtu 16436 qdisc noqueue
>> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>> inet 127.0.0.1/8 scope host lo
>> inet6 ::1/128 scope host
>> valid_lft forever preferred_lft forever
>> 2: eth1: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen
>> 1000
>> link/ether 00:08:a1:3c:12:f3 brd ff:ff:ff:ff:ff:ff
>> inet 192.168.0.102/24 brd 192.168.0.255 scope global eth1
>> inet6 fe80::208:a1ff:fe3c:12f3/64 scope link
>> valid_lft forever preferred_lft forever
>> 3: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast
>> qlen 1000
>> link/ether 00:0e:a6:b0:fc:42 brd ff:ff:ff:ff:ff:ff
>> 4: sit0: <NOARP> mtu 1480 qdisc noop
>> link/sit 0.0.0.0 brd 0.0.0.0
>>
>> ip route show:
>> 192.168.0.0/24 dev eth1 proto kernel scope link src 192.168.0.102
>> default via 192.168.0.1 dev eth1
>>
>>
>>
>> -------------------------------------------------------------------------
>> This SF.Net email is sponsored by the Moblin Your Move Developer's
>> challenge
>> Build the coolest Linux based applications with Moblin SDK & win great
>> prizes
>> Grand prize is a trip for two to an Open Source event anywhere in the
>> world
>> http://moblin-contest.org/redirect.php?banner_id=100&url=/
>> _______________________________________________
>> Shorewall-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>>
>
>
>
> --
> Want to manage multiple office networks?
> Want to securely connect all your locations?
> Want to do it in a budget?
> www.elinanetworks.com
>
> -------------------------------------------------------------------------
> This SF.Net email is sponsored by the Moblin Your Move Developer's
> challenge
> Build the coolest Linux based applications with Moblin SDK & win great
> prizes
> Grand prize is a trip for two to an Open Source event anywhere in the
> world
> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> _______________________________________________
> Shorewall-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
Shorewall 4.2.1 Dump at dolly.heksebua.com - Fri Nov 7 09:28:49 CET 2008
Shorewall-perl 4.2.1
Counters reset Thu Nov 6 11:20:52 CET 2008
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
75296 4141K dynamic 0 -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
5728K 3212M net2fw 0 -- eth1 * 0.0.0.0/0 0.0.0.0/0
20088 8888K ACCEPT 0 -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 Drop 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:INPUT:DROP:'
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 dynamic 0 -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
0 0 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 Reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:FORWARD:REJECT:'
0 0 reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
3470K 3538M fw2net 0 -- * eth1 0.0.0.0/0 0.0.0.0/0
20088 8888K ACCEPT 0 -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 Reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:OUTPUT:REJECT:'
0 0 reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain Drop (2 references)
pkts bytes target prot opt in out source destination
3 144 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:113 /* Auth */
9584 841K dropBcast 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 3 code 4 /* Needed ICMP types */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 11 /* Needed ICMP types */
2440 173K dropInvalid 0 -- * * 0.0.0.0/0 0.0.0.0/0
2 64 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,445 /* SMB */
8 532 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:137:139 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:137 dpts:1024:65535 /* SMB */
233 11320 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,139,445 /* SMB */
1 32 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1900 /* UPnP */
1642 79124 dropNotSyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:53 /* Late DNS Replies */
Chain Reject (2 references)
pkts bytes target prot opt in out source destination
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:113 /* Auth */
0 0 dropBcast 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 3 code 4 /* Needed ICMP types */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 11 /* Needed ICMP types */
0 0 dropInvalid 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,445 /* SMB */
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:137:139 /* SMB */
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:137 dpts:1024:65535 /* SMB */
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,139,445 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1900 /* UPnP */
0 0 dropNotSyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:53 /* Late DNS Replies */
Chain dropBcast (2 references)
pkts bytes target prot opt in out source destination
2841 533K DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type BROADCAST
4303 136K DROP 0 -- * * 0.0.0.0/0 224.0.0.0/4
Chain dropInvalid (2 references)
pkts bytes target prot opt in out source destination
1 40 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID
Chain dropNotSyn (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:!0x17/0x02
Chain dynamic (2 references)
pkts bytes target prot opt in out source destination
Chain fw2net (1 references)
pkts bytes target prot opt in out source destination
3469K 3538M ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
1040 91457 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain logdrop (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:logdrop:DROP:'
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain logreject (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:logreject:REJECT:'
0 0 reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain net2fw (1 references)
pkts bytes target prot opt in out source destination
5655K 3208M ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 3 code 4 /* Needed ICMP types */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 11 /* Needed ICMP types */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 8 /* Ping */
1 32 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:161:162 /* SNMP */
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:161 /* SNMP */
56054 2735K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:80 /* HTTP */
3 156 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:443 /* HTTPS */
1 48 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:143 /* IMAP */ LOG flags 0 level 6 prefix
`Shorewall:net2fw:ACCEPT:'
1 48 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:143 /* IMAP */
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:993 /* IMAPS */ LOG flags 0 level 6 prefix
`Shorewall:net2fw:ACCEPT:'
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:993 /* IMAPS */
2 96 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:3306 /* MySQL */ LOG flags 0 level 6 prefix
`Shorewall:net2fw:ACCEPT:'
2 96 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:3306 /* MySQL */
3 144 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:110 /* POP3 */ LOG flags 0 level 6 prefix
`Shorewall:net2fw:ACCEPT:'
3 144 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:110 /* POP3 */
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:995 /* POP3S */ LOG flags 0 level 6 prefix
`Shorewall:net2fw:ACCEPT:'
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:995 /* POP3S */
16 792 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:25 /* SMTP */ LOG flags 0 level 6 prefix
`Shorewall:net2fw:ACCEPT:'
16 792 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:25 /* SMTP */
3 144 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:465 /* SMTPS */ LOG flags 0 level 6 prefix
`Shorewall:net2fw:ACCEPT:'
3 144 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:465 /* SMTPS */
7511 450K LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:22 /* SSH */ LOG flags 0 level 6 prefix
`Shorewall:net2fw:ACCEPT:'
7511 450K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:22 /* SSH */
80 4024 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:10000 /* Webmin */ LOG flags 0 level 6 prefix
`Shorewall:net2fw:ACCEPT:'
80 4024 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:10000 /* Webmin */
26 1548 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:587 /* Submission */ LOG flags 0 level 6 prefix
`Shorewall:net2fw:ACCEPT:'
26 1548 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:587 /* Submission */
42 2220 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpts:5900:5909 /* VNC */
9587 841K Drop 0 -- * * 0.0.0.0/0 0.0.0.0/0
2195 161K LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:net2fw:DROP:'
2195 161K DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain reject (9 references)
pkts bytes target prot opt in out source destination
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match src-type BROADCAST
0 0 DROP 0 -- * * 224.0.0.0/4 0.0.0.0/0
0 0 DROP 2 -- * * 0.0.0.0/0 0.0.0.0/0
3 144 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with tcp-reset
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-port-unreachable
0 0 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-unreachable
0 0 REJECT 0 -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-prohibited
Chain shorewall (0 references)
pkts bytes target prot opt in out source destination
Chain smurfs (0 references)
pkts bytes target prot opt in out source destination
0 0 RETURN 0 -- * * 0.0.0.0 0.0.0.0/0
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match src-type BROADCAST LOG flags 0 level 6 prefix
`Shorewall:smurfs:DROP:'
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match src-type BROADCAST
0 0 LOG 0 -- * * 224.0.0.0/4 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'
0 0 DROP 0 -- * * 224.0.0.0/4 0.0.0.0/0
Log (/var/log/messages)
Nov 7 01:01:42 net2fw:DROP:IN=eth1 OUT= SRC=219.138.39.9 DST=192.168.0.102
LEN=404 TOS=0x00 PREC=0x00 TTL=51 ID=48276 PROTO=UDP SPT=4220 DPT=1434 LEN=384
Nov 7 01:03:56 net2fw:ACCEPT:IN=eth1 OUT= SRC=204.16.252.100 DST=192.168.0.102
LEN=60 TOS=0x00 PREC=0x00 TTL=38 ID=39181 PROTO=TCP SPT=46067 DPT=587
WINDOW=5840 RES=0x00 SYN URGP=0
Nov 7 01:37:05 net2fw:ACCEPT:IN=eth1 OUT= SRC=204.16.252.100 DST=192.168.0.102
LEN=60 TOS=0x00 PREC=0x00 TTL=33 ID=56359 PROTO=TCP SPT=46968 DPT=587
WINDOW=5840 RES=0x00 SYN URGP=0
Nov 7 02:04:37 net2fw:DROP:IN=eth1 OUT= SRC=218.22.244.45 DST=192.168.0.102
LEN=404 TOS=0x00 PREC=0x00 TTL=117 ID=40676 PROTO=UDP SPT=1481 DPT=1434 LEN=384
Nov 7 04:25:06 net2fw:DROP:IN=eth1 OUT= SRC=202.96.61.149 DST=192.168.0.102
LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=60840 PROTO=TCP SPT=111 DPT=111 WINDOW=40
RES=0x00 SYN URGP=0
Nov 7 04:33:36 net2fw:ACCEPT:IN=eth1 OUT= SRC=204.16.252.100 DST=192.168.0.102
LEN=60 TOS=0x00 PREC=0x00 TTL=41 ID=56393 PROTO=TCP SPT=37025 DPT=587
WINDOW=5840 RES=0x00 SYN URGP=0
Nov 7 05:57:54 net2fw:DROP:IN=eth1 OUT= SRC=204.228.149.113 DST=192.168.0.102
LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=19155 DF PROTO=TCP SPT=4057 DPT=23
WINDOW=18276 RES=0x00 SYN URGP=0
Nov 7 07:13:36 net2fw:DROP:IN=eth1 OUT= SRC=218.0.1.90 DST=192.168.0.102
LEN=404 TOS=0x00 PREC=0x00 TTL=110 ID=13594 PROTO=UDP SPT=2441 DPT=1434 LEN=384
Nov 7 08:04:04 net2fw:ACCEPT:IN=eth1 OUT= SRC=158.38.34.55 DST=192.168.0.102
LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=16925 DF PROTO=TCP SPT=1299 DPT=22
WINDOW=64512 RES=0x00 SYN URGP=0
Nov 7 08:07:37 net2fw:ACCEPT:IN=eth1 OUT= SRC=204.16.252.100 DST=192.168.0.102
LEN=60 TOS=0x00 PREC=0x00 TTL=36 ID=60327 PROTO=TCP SPT=37132 DPT=587
WINDOW=5840 RES=0x00 SYN URGP=0
Nov 7 08:16:59 net2fw:ACCEPT:IN=eth1 OUT= SRC=93.123.102.2 DST=192.168.0.102
LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=25300 PROTO=TCP SPT=55562 DPT=10000
WINDOW=65535 RES=0x00 SYN URGP=0
Nov 7 08:17:39 net2fw:ACCEPT:IN=eth1 OUT= SRC=93.123.102.2 DST=192.168.0.102
LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=28727 DF PROTO=TCP SPT=45369 DPT=10000
WINDOW=5840 RES=0x00 SYN URGP=0
Nov 7 08:18:55 net2fw:DROP:IN=eth1 OUT= SRC=218.61.126.254 DST=192.168.0.102
LEN=40 TOS=0x00 PREC=0x00 TTL=100 ID=256 PROTO=TCP SPT=6000 DPT=2967
WINDOW=16384 RES=0x00 SYN URGP=0
Nov 7 08:26:31 net2fw:DROP:IN=eth1 OUT= SRC=158.38.31.42 DST=192.168.0.102
LEN=69 TOS=0x00 PREC=0x00 TTL=114 ID=49342 PROTO=UDP SPT=3657 DPT=53 LEN=49
Nov 7 08:26:33 net2fw:DROP:IN=eth1 OUT= SRC=158.38.31.42 DST=192.168.0.102
LEN=58 TOS=0x00 PREC=0x00 TTL=114 ID=49349 PROTO=UDP SPT=3658 DPT=53 LEN=38
Nov 7 08:26:58 net2fw:DROP:IN=eth1 OUT= SRC=159.226.47.213 DST=192.168.0.102
LEN=40 TOS=0x00 PREC=0x00 TTL=108 ID=256 PROTO=TCP SPT=6000 DPT=1433
WINDOW=16384 RES=0x00 SYN URGP=0
Nov 7 08:28:27 net2fw:ACCEPT:IN=eth1 OUT= SRC=158.38.31.42 DST=192.168.0.102
LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=2967 DF PROTO=TCP SPT=3667 DPT=22
WINDOW=64512 RES=0x00 SYN URGP=0
Nov 7 09:15:21 net2fw:ACCEPT:IN=eth1 OUT= SRC=204.16.252.100 DST=192.168.0.102
LEN=60 TOS=0x00 PREC=0x00 TTL=42 ID=22110 PROTO=TCP SPT=39385 DPT=587
WINDOW=5840 RES=0x00 SYN URGP=0
Nov 7 09:16:33 net2fw:ACCEPT:IN=eth1 OUT= SRC=204.16.252.100 DST=192.168.0.102
LEN=60 TOS=0x00 PREC=0x00 TTL=42 ID=25387 PROTO=TCP SPT=45450 DPT=587
WINDOW=5840 RES=0x00 SYN URGP=0
Nov 7 09:28:08 net2fw:ACCEPT:IN=eth1 OUT= SRC=158.38.31.42 DST=192.168.0.102
LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=17473 DF PROTO=TCP SPT=4179 DPT=22
WINDOW=64512 RES=0x00 SYN URGP=0
NAT Table
Chain PREROUTING (policy ACCEPT 72874 packets, 4006K bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 2492 packets, 152K bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 2489 packets, 152K bytes)
pkts bytes target prot opt in out source destination
Mangle Table
Chain PREROUTING (policy ACCEPT 5748K packets, 3221M bytes)
pkts bytes target prot opt in out source destination
5748K 3221M tcpre 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain INPUT (policy ACCEPT 5748K packets, 3221M bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 tcfor 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 3490K packets, 3547M bytes)
pkts bytes target prot opt in out source destination
3490K 3547M tcout 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain POSTROUTING (policy ACCEPT 3490K packets, 3547M bytes)
pkts bytes target prot opt in out source destination
3490K 3547M tcpost 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain tcfor (1 references)
pkts bytes target prot opt in out source destination
Chain tcout (1 references)
pkts bytes target prot opt in out source destination
Chain tcpost (1 references)
pkts bytes target prot opt in out source destination
Chain tcpre (1 references)
pkts bytes target prot opt in out source destination
Conntrack Table
tcp 6 18 TIME_WAIT src=127.0.0.1 dst=127.0.0.1 sport=40317 dport=143
packets=20 bytes=1402 src=127.0.0.1 dst=127.0.0.1 sport=143 dport=40317
packets=19 bytes=6325 [ASSURED] mark=0 use=1
tcp 6 16 TIME_WAIT src=127.0.0.1 dst=127.0.0.1 sport=40316 dport=143
packets=12 bytes=812 src=127.0.0.1 dst=127.0.0.1 sport=143 dport=40316
packets=13 bytes=1335 [ASSURED] mark=0 use=1
tcp 6 167115 ESTABLISHED src=192.168.0.102 dst=125.95.96.57 sport=80
dport=23561 packets=1 bytes=1464 [UNREPLIED] src=125.95.96.57 dst=192.168.0.102
sport=23561 dport=80 packets=0 bytes=0 mark=0 use=1
tcp 6 22 TIME_WAIT src=127.0.0.1 dst=127.0.0.1 sport=40318 dport=143
packets=18 bytes=1126 src=127.0.0.1 dst=127.0.0.1 sport=143 dport=40318
packets=16 bytes=11097 [ASSURED] mark=0 use=1
tcp 6 34 TIME_WAIT src=127.0.0.1 dst=127.0.0.1 sport=40319 dport=143
packets=18 bytes=1126 src=127.0.0.1 dst=127.0.0.1 sport=143 dport=40319
packets=16 bytes=11056 [ASSURED] mark=0 use=1
tcp 6 111 TIME_WAIT src=217.212.224.186 dst=192.168.0.102 sport=37142
dport=80 packets=5 bytes=506 src=192.168.0.102 dst=217.212.224.186 sport=80
dport=37142 packets=5 bytes=1110 [ASSURED] mark=0 use=1
tcp 6 431999 ESTABLISHED src=158.38.31.42 dst=192.168.0.102 sport=4179
dport=22 packets=209 bytes=19884 src=192.168.0.102 dst=158.38.31.42 sport=22
dport=4179 packets=221 bytes=58740 [ASSURED] mark=0 use=1
tcp 6 128246 ESTABLISHED src=192.168.0.102 dst=136.163.203.3 sport=80
dport=39212 packets=3 bytes=4392 [UNREPLIED] src=136.163.203.3
dst=192.168.0.102 sport=39212 dport=80 packets=0 bytes=0 mark=0 use=1
udp 17 140 src=192.168.0.102 dst=192.168.0.1 sport=32908 dport=53
packets=2 bytes=136 src=192.168.0.1 dst=192.168.0.102 sport=53 dport=32908
packets=2 bytes=185 [ASSURED] mark=0 use=1
tcp 6 128277 ESTABLISHED src=192.168.0.102 dst=136.163.203.3 sport=80
dport=40593 packets=3 bytes=4392 [UNREPLIED] src=136.163.203.3
dst=192.168.0.102 sport=40593 dport=80 packets=0 bytes=0 mark=0 use=1
tcp 6 111 TIME_WAIT src=217.212.224.183 dst=192.168.0.102 sport=47770
dport=80 packets=6 bytes=471 src=192.168.0.102 dst=217.212.224.183 sport=80
dport=47770 packets=5 bytes=702 [ASSURED] mark=0 use=1
tcp 6 55 TIME_WAIT src=158.38.31.42 dst=192.168.0.102 sport=4175 dport=80
packets=32 bytes=4981 src=192.168.0.102 dst=158.38.31.42 sport=80 dport=4175
packets=54 bytes=62263 [ASSURED] mark=0 use=1
tcp 6 8 TIME_WAIT src=127.0.0.1 dst=127.0.0.1 sport=40315 dport=143
packets=20 bytes=1402 src=127.0.0.1 dst=127.0.0.1 sport=143 dport=40315
packets=19 bytes=6774 [ASSURED] mark=0 use=1
tcp 6 431998 ESTABLISHED src=158.38.31.42 dst=192.168.0.102 sport=4033
dport=22 packets=36051 bytes=4013967 src=192.168.0.102 dst=158.38.31.42
sport=22 dport=4033 packets=36056 bytes=1553324 [ASSURED] mark=0 use=1
tcp 6 140888 ESTABLISHED src=82.194.195.149 dst=192.168.0.102 sport=23055
dport=80 packets=7 bytes=288 src=192.168.0.102 dst=82.194.195.149 sport=80
dport=23055 packets=1 bytes=48 [ASSURED] mark=0 use=1
tcp 6 215661 ESTABLISHED src=192.168.0.102 dst=85.93.237.161 sport=80
dport=24692 packets=1 bytes=1464 [UNREPLIED] src=85.93.237.161
dst=192.168.0.102 sport=24692 dport=80 packets=0 bytes=0 mark=0 use=1
tcp 6 30758 ESTABLISHED src=192.168.0.102 dst=81.236.212.179 sport=80
dport=54689 packets=1 bytes=1464 [UNREPLIED] src=81.236.212.179
dst=192.168.0.102 sport=54689 dport=80 packets=0 bytes=0 mark=0 use=1
IP Configuration
1: lo: <LOOPBACK,UP,10000> mtu 16436 qdisc noqueue
inet 127.0.0.1/8 scope host lo
2: eth1: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
inet 192.168.0.102/24 brd 192.168.0.255 scope global eth1
IP Stats
1: lo: <LOOPBACK,UP,10000> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
RX: bytes packets errors dropped overrun mcast
15911710 25263 0 0 0 0
TX: bytes packets errors dropped carrier collsns
15911710 25263 0 0 0 0
2: eth1: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:08:a1:3c:12:f3 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
3301347276 5742223 0 0 0 0
TX: bytes packets errors dropped carrier collsns
3591106163 3478579 0 0 0 0
3: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:0e:a6:b0:fc:42 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
0 0 0 0 0 0
4: sit0: <NOARP> mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
0 0 0 0 0 0
/proc
/proc/version = Linux version 2.6.18-6-686 (Debian 2.6.18.dfsg.1-23) ([EMAIL
PROTECTED]) (gcc version 4.1.2 20061115 (prerelease) (Debian 4.1.1-21)) #1 SMP
Mon Oct 13 16:13:09 UTC 2008
/proc/sys/net/ipv4/ip_forward = 1
/proc/sys/net/ipv4/icmp_echo_ignore_all = 0
/proc/sys/net/ipv4/conf/all/proxy_arp = 0
/proc/sys/net/ipv4/conf/all/arp_filter = 0
/proc/sys/net/ipv4/conf/all/arp_ignore = 0
/proc/sys/net/ipv4/conf/all/rp_filter = 1
/proc/sys/net/ipv4/conf/all/log_martians = 1
/proc/sys/net/ipv4/conf/default/proxy_arp = 0
/proc/sys/net/ipv4/conf/default/arp_filter = 0
/proc/sys/net/ipv4/conf/default/arp_ignore = 0
/proc/sys/net/ipv4/conf/default/rp_filter = 0
/proc/sys/net/ipv4/conf/default/log_martians = 1
/proc/sys/net/ipv4/conf/eth1/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth1/arp_filter = 0
/proc/sys/net/ipv4/conf/eth1/arp_ignore = 0
/proc/sys/net/ipv4/conf/eth1/rp_filter = 0
/proc/sys/net/ipv4/conf/eth1/log_martians = 1
/proc/sys/net/ipv4/conf/lo/proxy_arp = 0
/proc/sys/net/ipv4/conf/lo/arp_filter = 0
/proc/sys/net/ipv4/conf/lo/arp_ignore = 0
/proc/sys/net/ipv4/conf/lo/rp_filter = 0
/proc/sys/net/ipv4/conf/lo/log_martians = 1
Routing Rules
0: from all lookup 255
32766: from all lookup main
32767: from all lookup default
Table 255:
broadcast 192.168.0.255 dev eth1 proto kernel scope link src 192.168.0.102
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
broadcast 192.168.0.0 dev eth1 proto kernel scope link src 192.168.0.102
local 192.168.0.102 dev eth1 proto kernel scope host src 192.168.0.102
broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1
Table default:
Table main:
192.168.0.0/24 dev eth1 proto kernel scope link src 192.168.0.102
default via 192.168.0.1 dev eth1
ARP
? (192.168.0.1) at 00:13:46:85:61:D5 [ether] on eth1
Modules
ip_conntrack 49088 24
ipt_MASQUERADE,ip_nat_tftp,ip_nat_snmp_basic,ip_nat_sip,ip_nat_pptp,ip_nat_irc,ip_nat_h323,ip_nat_ftp,ip_nat_amanda,ip_conntrack_tftp,ip_conntrack_sip,ip_conntrack_pptp,ip_conntrack_netbios_ns,ip_conntrack_irc,ip_conntrack_h323,ip_conntrack_ftp,ip_conntrack_amanda,xt_helper,xt_conntrack,xt_CONNMARK,xt_connmark,xt_state,iptable_nat,ip_nat
ip_conntrack_amanda 4932 1 ip_nat_amanda
ip_conntrack_ftp 7760 1 ip_nat_ftp
ip_conntrack_h323 47676 1 ip_nat_h323
ip_conntrack_irc 6800 1 ip_nat_irc
ip_conntrack_netbios_ns 3040 0
ip_conntrack_pptp 11504 1 ip_nat_pptp
ip_conntrack_sip 7376 1 ip_nat_sip
ip_conntrack_tftp 4344 1 ip_nat_tftp
ip_nat 16876 12
ipt_SAME,ipt_REDIRECT,ipt_NETMAP,ipt_MASQUERADE,ip_nat_tftp,ip_nat_sip,ip_nat_pptp,ip_nat_irc,ip_nat_h323,ip_nat_ftp,ip_nat_amanda,iptable_nat
ip_nat_amanda 2400 0
ip_nat_ftp 3328 0
ip_nat_h323 7104 0
ip_nat_irc 2720 0
ip_nat_pptp 5988 0
ip_nat_sip 4096 0
ip_nat_snmp_basic 9380 0
ip_nat_tftp 1920 0
iptable_filter 3104 1
iptable_mangle 2880 1
iptable_nat 7044 0
iptable_raw 2144 0
ip_tables 13028 4
iptable_raw,iptable_nat,iptable_mangle,iptable_filter
ipt_addrtype 1952 4
ipt_ah 2016 0
ipt_CLUSTERIP 8196 0
ipt_dscp 1792 0
ipt_DSCP 2336 0
ipt_ecn 2304 0
ipt_ECN 3072 0
ipt_hashlimit 8744 0
ipt_iprange 1888 0
ipt_LOG 6112 18
ipt_MASQUERADE 3712 0
ipt_NETMAP 2176 0
ipt_owner 2080 0
ipt_recent 8432 0
ipt_REDIRECT 2176 0
ipt_REJECT 5248 4
ipt_SAME 2496 0
ipt_TCPMSS 4096 0
ipt_tos 1760 0
ipt_TOS 2304 0
ipt_ttl 1984 0
ipt_TTL 2400 0
ipt_ULOG 7780 0
xt_CLASSIFY 1984 0
xt_comment 1952 46
xt_connmark 2144 0
xt_CONNMARK 2464 0
xt_conntrack 2624 0
xt_dccp 3396 0
xt_helper 2560 0
xt_length 2048 0
xt_limit 2752 0
xt_mac 2016 0
xt_mark 1984 0
xt_MARK 2464 0
xt_multiport 3264 4
xt_NFQUEUE 2144 0
xt_physdev 3024 0
xt_pkttype 2016 0
xt_policy 3648 0
xt_realm 1824 0
xt_state 2272 8
xt_tcpmss 2336 0
xt_tcpudp 3136 36
Shorewall has detected the following iptables/netfilter capabilities:
NAT: Available
Packet Mangling: Available
Multi-port Match: Available
Extended Multi-port Match: Available
Connection Tracking Match: Available
Extended Connection Tracking Match Support: Not available
Packet Type Match: Available
Policy Match: Available
Physdev Match: Available
Physdev-is-bridged Support: Available
Packet length Match: Available
IP range Match: Available
Recent Match: Available
Owner Match: Available
Ipset Match: Not available
CONNMARK Target: Available
Extended CONNMARK Target: Available
Connmark Match: Available
Extended Connmark Match: Available
Raw Table: Available
IPP2P Match: Not available
CLASSIFY Target: Available
Extended REJECT: Available
Repeat match: Available
MARK Target: Available
Extended MARK Target: Available
Mangle FORWARD Chain: Available
Comments: Available
Address Type Match: Available
TCPMSS Match: Available
Hashlimit Match: Available
NFQUEUE Target: Available
Realm Match: Available
Helper Match: Available
Connlimit Match: Not available
Time Match: Not available
Traffic Control
Device eth1:
qdisc pfifo_fast 0: bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
Sent 3586809135 bytes 3478579 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
Device eth0:
qdisc pfifo_fast 0: bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
TC Filters
Device eth1:
Device eth0:
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
