Hi,
I am trying to make connections that go to the firewall (10.10.10.100
internal) on port TCP/5900 be redirected to an internal host (10.10.10.2)
but cannot get it to work, the firewall starts ok and shows no errors when
starting up and there are no log entries in the syslog to suggest that the
packets are being dropped, could you please advise? I have attached a copy
of the 'shorewall dump' command.
thanks,
--
David Rothera
Shorewall 4.0.15 Dump at Mickey - Mon May 11 11:25:09 BST 2009
Shorewall-shell 4.0.15
Counters reset Mon May 11 11:08:10 BST 2009
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
26 2464 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
3500 382K eth0_in all -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:INPUT:REJECT:'
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 eth0_fwd all -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:FORWARD:REJECT:'
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
26 2464 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
3135 1941K eth0_out all -- * eth0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:OUTPUT:REJECT:'
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
Chain Drop (2 references)
pkts bytes target prot opt in out source destination
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:113
16 916 dropBcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 3 code 4
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 11
16 916 dropInvalid all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,445
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:137:139
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:137 dpts:1024:65535
6 352 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,139,445
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1900
4 180 dropNotSyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:53
Chain Reject (4 references)
pkts bytes target prot opt in out source destination
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:113
0 0 dropBcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 3 code 4
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 11
0 0 dropInvalid all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,445
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:137:139
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:137 dpts:1024:65535
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,139,445
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1900
0 0 dropNotSyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:53
Chain all2all (3 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:all2all:REJECT:'
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
Chain dropBcast (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
PKTTYPE = broadcast
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
PKTTYPE = multicast
Chain dropInvalid (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID
Chain dropNotSyn (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:!0x17/0x02
Chain dynamic (2 references)
pkts bytes target prot opt in out source destination
Chain eth0_fwd (1 references)
pkts bytes target prot opt in out source destination
0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
0 0 smurfs all -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
0 0 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 net2loc all -- * eth0 0.0.0.0/0
10.10.10.0/24
0 0 loc2net all -- * eth0 10.10.10.0/24 0.0.0.0/0
Chain eth0_in (1 references)
pkts bytes target prot opt in out source destination
601 97847 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
601 97847 smurfs all -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
1 328 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:67:68
3102 295K tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
3499 381K net2fw all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 loc2fw all -- * * 10.10.10.0/24 0.0.0.0/0
Chain eth0_out (1 references)
pkts bytes target prot opt in out source destination
1 328 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:67:68
3134 1940K fw2net all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 fw2loc all -- * * 0.0.0.0/0
10.10.10.0/24
Chain fw2loc (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:10000
0 0 all2all all -- * * 0.0.0.0/0 0.0.0.0/0
Chain fw2net (1 references)
pkts bytes target prot opt in out source destination
3086 1934K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:10000
0 0 LOG 47 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:fw2net:ACCEPT:'
0 0 ACCEPT 47 -- * * 0.0.0.0/0 0.0.0.0/0
48 6212 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain loc2fw (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:10000
0 0 all2all all -- * * 0.0.0.0/0 0.0.0.0/0
Chain loc2net (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:10000
0 0 all2all all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logdrop (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:logdrop:DROP:'
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logflags (5 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:logflags:DROP:'
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logreject (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:logreject:REJECT:'
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
Chain net2all (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 Drop all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:net2all:DROP:'
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain net2fw (1 references)
pkts bytes target prot opt in out source destination
2899 284K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:22
16 768 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:80
1 48 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:10000
207 13200 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:8081
359 82547 ACCEPT all -- * * 10.10.10.0/24 0.0.0.0/0
0 0 LOG 47 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:net2fw:ACCEPT:'
0 0 ACCEPT 47 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:1723 LOG flags 0 level 5 prefix `Shorewall:net2fw:ACCEPT:'
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:1723
0 0 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:53 LOG flags 0 level 6 prefix `Shorewall:net2fw:ACCEPT:'
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:53
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:53 LOG flags 0 level 6 prefix `Shorewall:net2fw:ACCEPT:'
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:53
1 40 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:8000
16 916 Drop all -- * * 0.0.0.0/0 0.0.0.0/0
10 564 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:net2fw:DROP:'
10 564 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain net2loc (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 10.10.10.2
tcp dpt:5900
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:10000
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:8081
0 0 ACCEPT all -- * * 10.10.10.0/24 0.0.0.0/0
0 0 net2all all -- * * 0.0.0.0/0 0.0.0.0/0
Chain reject (11 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
PKTTYPE = broadcast
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
PKTTYPE = multicast
0 0 DROP all -- * * 255.255.255.255 0.0.0.0/0
0 0 DROP all -- * * 224.0.0.0/4 0.0.0.0/0
0 0 DROP 2 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with tcp-reset
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-port-unreachable
0 0 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-unreachable
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-prohibited
Chain shorewall (0 references)
pkts bytes target prot opt in out source destination
Chain smurfs (2 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 10.10.10.255 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'
0 0 DROP all -- * * 10.10.10.255 0.0.0.0/0
0 0 LOG all -- * * 255.255.255.255 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'
0 0 DROP all -- * * 255.255.255.255 0.0.0.0/0
0 0 LOG all -- * * 224.0.0.0/4 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'
0 0 DROP all -- * * 224.0.0.0/4 0.0.0.0/0
Chain tcpflags (2 references)
pkts bytes target prot opt in out source destination
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:0x3F/0x29
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:0x3F/0x00
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:0x06/0x06
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:0x03/0x03
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp spt:0 flags:0x17/0x02
Log (/var/log/messages)
May 11 10:48:04 net2fw:DROP:IN=eth0 OUT= SRC=93.100.125.120 DST=10.10.10.100
LEN=60 TOS=0x00 PREC=0x00 TTL=116 ID=14980 DF PROTO=TCP SPT=55891 DPT=63139
WINDOW=5840 RES=0x00 SYN URGP=0
May 11 10:48:15 net2fw:DROP:IN=eth0 OUT= SRC=82.39.140.240 DST=10.10.10.100
LEN=64 TOS=0x00 PREC=0x00 TTL=54 ID=4269 PROTO=UDP SPT=18325 DPT=59012 LEN=44
May 11 10:48:17 net2fw:DROP:IN=eth0 OUT= SRC=82.39.140.240 DST=10.10.10.100
LEN=64 TOS=0x00 PREC=0x00 TTL=54 ID=29164 PROTO=UDP SPT=18325 DPT=59012 LEN=44
May 11 10:48:21 net2fw:DROP:IN=eth0 OUT= SRC=82.39.140.240 DST=10.10.10.100
LEN=64 TOS=0x00 PREC=0x00 TTL=54 ID=8337 PROTO=UDP SPT=18325 DPT=59012 LEN=44
May 11 10:53:06 net2fw:DROP:IN=eth0 OUT= SRC=83.228.42.91 DST=10.10.10.100
LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=24398 DF PROTO=TCP SPT=63360 DPT=8131
WINDOW=65535 RES=0x00 SYN URGP=0
May 11 10:53:09 net2fw:DROP:IN=eth0 OUT= SRC=83.228.42.91 DST=10.10.10.100
LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=24401 DF PROTO=TCP SPT=63360 DPT=8131
WINDOW=65535 RES=0x00 SYN URGP=0
May 11 10:58:14 net2fw:DROP:IN=eth0 OUT= SRC=82.39.140.240 DST=10.10.10.100
LEN=64 TOS=0x00 PREC=0x00 TTL=54 ID=31262 PROTO=UDP SPT=18325 DPT=59012 LEN=44
May 11 10:58:16 net2fw:DROP:IN=eth0 OUT= SRC=82.39.140.240 DST=10.10.10.100
LEN=64 TOS=0x00 PREC=0x00 TTL=54 ID=57862 PROTO=UDP SPT=18325 DPT=59012 LEN=44
May 11 10:58:20 net2fw:DROP:IN=eth0 OUT= SRC=82.39.140.240 DST=10.10.10.100
LEN=64 TOS=0x00 PREC=0x00 TTL=54 ID=6718 PROTO=UDP SPT=18325 DPT=59012 LEN=44
May 11 11:05:46 net2fw:DROP:IN=eth0 OUT= SRC=125.65.165.139 DST=10.10.10.100
LEN=40 TOS=0x00 PREC=0x00 TTL=113 ID=256 DF PROTO=TCP SPT=12200 DPT=3128
WINDOW=8192 RES=0x00 SYN URGP=0
May 11 11:08:12 net2fw:DROP:IN=eth0 OUT= SRC=125.65.165.139 DST=10.10.10.100
LEN=40 TOS=0x00 PREC=0x00 TTL=113 ID=256 DF PROTO=TCP SPT=12200 DPT=8080
WINDOW=8192 RES=0x00 SYN URGP=0
May 11 11:11:36 net2fw:DROP:IN=eth0 OUT= SRC=82.39.140.240 DST=10.10.10.100
LEN=64 TOS=0x00 PREC=0x00 TTL=54 ID=33192 PROTO=UDP SPT=18325 DPT=59012 LEN=44
May 11 11:11:38 net2fw:DROP:IN=eth0 OUT= SRC=82.39.140.240 DST=10.10.10.100
LEN=64 TOS=0x00 PREC=0x00 TTL=54 ID=28089 PROTO=UDP SPT=18325 DPT=59012 LEN=44
May 11 11:11:42 net2fw:DROP:IN=eth0 OUT= SRC=82.39.140.240 DST=10.10.10.100
LEN=64 TOS=0x00 PREC=0x00 TTL=54 ID=26600 PROTO=UDP SPT=18325 DPT=59012 LEN=44
May 11 11:11:44 net2fw:DROP:IN=eth0 OUT= SRC=219.94.98.213 DST=10.10.10.100
LEN=60 TOS=0x00 PREC=0x00 TTL=44 ID=9771 DF PROTO=TCP SPT=3114 DPT=23
WINDOW=5840 RES=0x00 SYN URGP=0
May 11 11:13:27 net2fw:DROP:IN=eth0 OUT= SRC=222.208.183.218 DST=10.10.10.100
LEN=40 TOS=0x00 PREC=0x00 TTL=113 ID=256 DF PROTO=TCP SPT=12200 DPT=3128
WINDOW=8192 RES=0x00 SYN URGP=0
May 11 11:14:31 net2fw:DROP:IN=eth0 OUT= SRC=222.208.183.218 DST=10.10.10.100
LEN=40 TOS=0x00 PREC=0x00 TTL=113 ID=256 DF PROTO=TCP SPT=12200 DPT=1080
WINDOW=8192 RES=0x00 SYN URGP=0
May 11 11:21:30 net2fw:DROP:IN=eth0 OUT= SRC=82.39.140.240 DST=10.10.10.100
LEN=64 TOS=0x00 PREC=0x00 TTL=54 ID=45831 PROTO=UDP SPT=18325 DPT=59012 LEN=44
May 11 11:21:32 net2fw:DROP:IN=eth0 OUT= SRC=82.39.140.240 DST=10.10.10.100
LEN=64 TOS=0x00 PREC=0x00 TTL=54 ID=20262 PROTO=UDP SPT=18325 DPT=59012 LEN=44
May 11 11:21:36 net2fw:DROP:IN=eth0 OUT= SRC=82.39.140.240 DST=10.10.10.100
LEN=64 TOS=0x00 PREC=0x00 TTL=54 ID=15374 PROTO=UDP SPT=18325 DPT=59012 LEN=44
NAT Table
Chain PREROUTING (policy ACCEPT 379 packets, 30900 bytes)
pkts bytes target prot opt in out source destination
382 31044 net_dnat all -- eth0 * 0.0.0.0/0 0.0.0.0/0
Chain POSTROUTING (policy ACCEPT 50 packets, 5753 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 50 packets, 5753 bytes)
pkts bytes target prot opt in out source destination
Chain net_dnat (1 references)
pkts bytes target prot opt in out source destination
3 144 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:5900 to:10.10.10.2
Mangle Table
Chain PREROUTING (policy ACCEPT 3540 packets, 385K bytes)
pkts bytes target prot opt in out source destination
3531 384K tcpre all -- * * 0.0.0.0/0 0.0.0.0/0
Chain INPUT (policy ACCEPT 3537 packets, 385K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 tcfor all -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 6564K packets, 5116M bytes)
pkts bytes target prot opt in out source destination
3162 1943K tcout all -- * * 0.0.0.0/0 0.0.0.0/0
Chain POSTROUTING (policy ACCEPT 3187 packets, 1948K bytes)
pkts bytes target prot opt in out source destination
3170 1946K tcpost all -- * * 0.0.0.0/0 0.0.0.0/0
Chain tcfor (1 references)
pkts bytes target prot opt in out source destination
Chain tcout (1 references)
pkts bytes target prot opt in out source destination
Chain tcpost (1 references)
pkts bytes target prot opt in out source destination
Chain tcpre (1 references)
pkts bytes target prot opt in out source destination
Conntrack Table
tcp 6 112 TIME_WAIT src=10.10.10.2 dst=10.10.10.100 sport=57351 dport=8081
packets=6 bytes=741 src=10.10.10.100 dst=10.10.10.2 sport=8081 dport=57351
packets=5 bytes=709 [ASSURED] mark=0 secmark=0 use=1
tcp 6 67 TIME_WAIT src=10.10.10.2 dst=10.10.10.100 sport=57315 dport=8081
packets=6 bytes=741 src=10.10.10.100 dst=10.10.10.2 sport=8081 dport=57315
packets=5 bytes=709 [ASSURED] mark=0 secmark=0 use=1
tcp 6 37 TIME_WAIT src=10.10.10.2 dst=10.10.10.100 sport=57287 dport=8081
packets=7 bytes=793 src=10.10.10.100 dst=10.10.10.2 sport=8081 dport=57287
packets=6 bytes=761 [ASSURED] mark=0 secmark=0 use=1
tcp 6 47 TIME_WAIT src=10.10.10.2 dst=10.10.10.100 sport=57295 dport=8081
packets=7 bytes=793 src=10.10.10.100 dst=10.10.10.2 sport=8081 dport=57295
packets=6 bytes=761 [ASSURED] mark=0 secmark=0 use=1
tcp 6 17 TIME_WAIT src=10.10.10.2 dst=10.10.10.100 sport=57271 dport=8081
packets=7 bytes=793 src=10.10.10.100 dst=10.10.10.2 sport=8081 dport=57271
packets=6 bytes=761 [ASSURED] mark=0 secmark=0 use=1
tcp 6 299 ESTABLISHED src=10.10.10.2 dst=10.10.10.100 sport=24800
dport=34941 packets=266449 bytes=15251034 src=10.10.10.100 dst=10.10.10.2
sport=34941 dport=24800 packets=134308 bytes=8487159 [ASSURED] mark=0 secmark=0
use=1
tcp 6 431976 ESTABLISHED src=10.10.10.2 dst=10.10.10.100 sport=59100
dport=548 packets=42528 bytes=2512757 src=10.10.10.100 dst=10.10.10.2 sport=548
dport=59100 packets=97182 bytes=120769495 [ASSURED] mark=0 secmark=0 use=1
udp 17 8 src=10.10.10.2 dst=224.0.0.251 sport=5353 dport=5353 packets=3895
bytes=261846 [UNREPLIED] src=224.0.0.251 dst=10.10.10.2 sport=5353 dport=5353
packets=0 bytes=0 mark=0 secmark=0 use=1
tcp 6 2 TIME_WAIT src=10.10.10.2 dst=10.10.10.100 sport=57259 dport=8081
packets=7 bytes=793 src=10.10.10.100 dst=10.10.10.2 sport=8081 dport=57259
packets=6 bytes=761 [ASSURED] mark=0 secmark=0 use=1
tcp 6 102 TIME_WAIT src=10.10.10.2 dst=10.10.10.100 sport=57343 dport=8081
packets=7 bytes=793 src=10.10.10.100 dst=10.10.10.2 sport=8081 dport=57343
packets=6 bytes=761 [ASSURED] mark=0 secmark=0 use=1
tcp 6 431905 ESTABLISHED src=10.10.10.4 dst=10.10.10.100 sport=61685
dport=445 packets=101100 bytes=6736906 src=10.10.10.100 dst=10.10.10.4
sport=445 dport=61685 packets=394994 bytes=554542595 [ASSURED] mark=0 secmark=0
use=1
tcp 6 62 TIME_WAIT src=10.10.10.2 dst=10.10.10.100 sport=57311 dport=8081
packets=6 bytes=741 src=10.10.10.100 dst=10.10.10.2 sport=8081 dport=57311
packets=5 bytes=709 [ASSURED] mark=0 secmark=0 use=1
tcp 6 77 TIME_WAIT src=10.10.10.2 dst=10.10.10.100 sport=57323 dport=8081
packets=7 bytes=793 src=10.10.10.100 dst=10.10.10.2 sport=8081 dport=57323
packets=6 bytes=761 [ASSURED] mark=0 secmark=0 use=1
tcp 6 82 TIME_WAIT src=10.10.10.2 dst=10.10.10.100 sport=57327 dport=8081
packets=7 bytes=793 src=10.10.10.100 dst=10.10.10.2 sport=8081 dport=57327
packets=6 bytes=761 [ASSURED] mark=0 secmark=0 use=1
tcp 6 32 TIME_WAIT src=10.10.10.2 dst=10.10.10.100 sport=57283 dport=8081
packets=7 bytes=793 src=10.10.10.100 dst=10.10.10.2 sport=8081 dport=57283
packets=6 bytes=761 [ASSURED] mark=0 secmark=0 use=1
tcp 6 431940 ESTABLISHED src=10.10.10.100 dst=174.36.30.19 sport=33948
dport=80 packets=2270 bytes=669507 src=174.36.30.19 dst=10.10.10.100 sport=80
dport=33948 packets=4391 bytes=535496 [ASSURED] mark=0 secmark=0 use=1
tcp 6 117 TIME_WAIT src=10.10.10.2 dst=10.10.10.100 sport=57355 dport=8081
packets=7 bytes=793 src=10.10.10.100 dst=10.10.10.2 sport=8081 dport=57355
packets=6 bytes=761 [ASSURED] mark=0 secmark=0 use=1
tcp 6 42 TIME_WAIT src=10.10.10.2 dst=10.10.10.100 sport=57291 dport=8081
packets=6 bytes=741 src=10.10.10.100 dst=10.10.10.2 sport=8081 dport=57291
packets=5 bytes=709 [ASSURED] mark=0 secmark=0 use=1
udp 17 8 src=10.10.10.2 dst=10.10.10.255 sport=631 dport=631 packets=2
bytes=342 [UNREPLIED] src=10.10.10.255 dst=10.10.10.2 sport=631 dport=631
packets=0 bytes=0 mark=0 secmark=0 use=1
tcp 6 57 TIME_WAIT src=10.10.10.2 dst=10.10.10.100 sport=57303 dport=8081
packets=6 bytes=741 src=10.10.10.100 dst=10.10.10.2 sport=8081 dport=57303
packets=5 bytes=709 [ASSURED] mark=0 secmark=0 use=1
tcp 6 22 TIME_WAIT src=10.10.10.2 dst=10.10.10.100 sport=57275 dport=8081
packets=7 bytes=793 src=10.10.10.100 dst=10.10.10.2 sport=8081 dport=57275
packets=6 bytes=761 [ASSURED] mark=0 secmark=0 use=1
tcp 6 107 TIME_WAIT src=10.10.10.2 dst=10.10.10.100 sport=57347 dport=8081
packets=7 bytes=793 src=10.10.10.100 dst=10.10.10.2 sport=8081 dport=57347
packets=6 bytes=761 [ASSURED] mark=0 secmark=0 use=1
tcp 6 52 TIME_WAIT src=10.10.10.2 dst=10.10.10.100 sport=57299 dport=8081
packets=7 bytes=793 src=10.10.10.100 dst=10.10.10.2 sport=8081 dport=57299
packets=6 bytes=761 [ASSURED] mark=0 secmark=0 use=1
tcp 6 7 TIME_WAIT src=10.10.10.2 dst=10.10.10.100 sport=57263 dport=8081
packets=6 bytes=741 src=10.10.10.100 dst=10.10.10.2 sport=8081 dport=57263
packets=5 bytes=709 [ASSURED] mark=0 secmark=0 use=1
tcp 6 97 TIME_WAIT src=10.10.10.2 dst=10.10.10.100 sport=57339 dport=8081
packets=6 bytes=741 src=10.10.10.100 dst=10.10.10.2 sport=8081 dport=57339
packets=5 bytes=709 [ASSURED] mark=0 secmark=0 use=1
udp 17 9 src=10.10.10.2 dst=10.10.10.100 sport=55595 dport=53 packets=1
bytes=58 src=10.10.10.100 dst=10.10.10.2 sport=53 dport=55595 packets=1
bytes=133 mark=0 secmark=0 use=1
tcp 6 92 TIME_WAIT src=10.10.10.2 dst=10.10.10.100 sport=57335 dport=8081
packets=7 bytes=793 src=10.10.10.100 dst=10.10.10.2 sport=8081 dport=57335
packets=6 bytes=761 [ASSURED] mark=0 secmark=0 use=1
tcp 6 27 TIME_WAIT src=10.10.10.2 dst=10.10.10.100 sport=57279 dport=8081
packets=7 bytes=793 src=10.10.10.100 dst=10.10.10.2 sport=8081 dport=57279
packets=6 bytes=761 [ASSURED] mark=0 secmark=0 use=1
tcp 6 87 TIME_WAIT src=10.10.10.2 dst=10.10.10.100 sport=57331 dport=8081
packets=7 bytes=793 src=10.10.10.100 dst=10.10.10.2 sport=8081 dport=57331
packets=6 bytes=761 [ASSURED] mark=0 secmark=0 use=1
tcp 6 12 TIME_WAIT src=10.10.10.2 dst=10.10.10.100 sport=57267 dport=8081
packets=7 bytes=793 src=10.10.10.100 dst=10.10.10.2 sport=8081 dport=57267
packets=6 bytes=761 [ASSURED] mark=0 secmark=0 use=1
udp 17 166 src=10.10.10.1 dst=10.10.10.100 sport=2048 dport=137
packets=3075 bytes=239850 src=10.10.10.100 dst=10.10.10.1 sport=137 dport=2048
packets=3075 bytes=1089597 [ASSURED] mark=0 secmark=0 use=1
tcp 6 431999 ESTABLISHED src=213.146.130.30 dst=10.10.10.100 sport=13801
dport=22 packets=2293 bytes=128720 src=10.10.10.100 dst=213.146.130.30 sport=22
dport=13801 packets=2288 bytes=643983 [ASSURED] mark=0 secmark=0 use=1
tcp 6 72 TIME_WAIT src=10.10.10.2 dst=10.10.10.100 sport=57319 dport=8081
packets=6 bytes=741 src=10.10.10.100 dst=10.10.10.2 sport=8081 dport=57319
packets=5 bytes=709 [ASSURED] mark=0 secmark=0 use=1
IP Configuration
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
UNKNOWN qlen 1000
link/ether 00:1d:92:fc:38:f9 brd ff:ff:ff:ff:ff:ff
inet 10.10.10.100/24 brd 10.10.10.255 scope global eth0
inet6 fe80::21d:92ff:fefc:38f9/64 scope link
valid_lft forever preferred_lft forever
3: pan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN
link/ether ea:38:5d:f9:02:a5 brd ff:ff:ff:ff:ff:ff
IP Stats
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
RX: bytes packets errors dropped overrun mcast
8971654 34859 0 0 0 0
TX: bytes packets errors dropped carrier collsns
8971654 34859 0 0 0 0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
UNKNOWN qlen 1000
link/ether 00:1d:92:fc:38:f9 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
3668343245 15253328 0 0 0 0
TX: bytes packets errors dropped carrier collsns
2053702832 12665866 0 0 0 0
3: pan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN
link/ether ea:38:5d:f9:02:a5 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
0 0 0 0 0 0
/proc
/proc/version = Linux version 2.6.28-11-generic (bui...@palmer) (gcc version
4.3.3 (Ubuntu 4.3.3-5ubuntu4) ) #42-Ubuntu SMP Fri Apr 17 01:57:59 UTC 2009
/proc/sys/net/ipv4/ip_forward = 0
/proc/sys/net/ipv4/icmp_echo_ignore_all = 0
/proc/sys/net/ipv4/conf/all/proxy_arp = 0
/proc/sys/net/ipv4/conf/all/arp_filter = 0
/proc/sys/net/ipv4/conf/all/arp_ignore = 0
/proc/sys/net/ipv4/conf/all/rp_filter = 1
/proc/sys/net/ipv4/conf/all/log_martians = 0
/proc/sys/net/ipv4/conf/default/proxy_arp = 0
/proc/sys/net/ipv4/conf/default/arp_filter = 0
/proc/sys/net/ipv4/conf/default/arp_ignore = 0
/proc/sys/net/ipv4/conf/default/rp_filter = 1
/proc/sys/net/ipv4/conf/default/log_martians = 0
/proc/sys/net/ipv4/conf/eth0/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth0/arp_filter = 0
/proc/sys/net/ipv4/conf/eth0/arp_ignore = 0
/proc/sys/net/ipv4/conf/eth0/rp_filter = 1
/proc/sys/net/ipv4/conf/eth0/log_martians = 1
/proc/sys/net/ipv4/conf/lo/proxy_arp = 0
/proc/sys/net/ipv4/conf/lo/arp_filter = 0
/proc/sys/net/ipv4/conf/lo/arp_ignore = 0
/proc/sys/net/ipv4/conf/lo/rp_filter = 0
/proc/sys/net/ipv4/conf/lo/log_martians = 0
/proc/sys/net/ipv4/conf/pan0/proxy_arp = 0
/proc/sys/net/ipv4/conf/pan0/arp_filter = 0
/proc/sys/net/ipv4/conf/pan0/arp_ignore = 0
/proc/sys/net/ipv4/conf/pan0/rp_filter = 1
/proc/sys/net/ipv4/conf/pan0/log_martians = 0
Routing Rules
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
Table default:
Table local:
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
broadcast 10.10.10.0 dev eth0 proto kernel scope link src 10.10.10.100
local 10.10.10.100 dev eth0 proto kernel scope host src 10.10.10.100
broadcast 10.10.10.255 dev eth0 proto kernel scope link src 10.10.10.100
broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1
Table main:
10.10.10.0/24 dev eth0 proto kernel scope link src 10.10.10.100
169.254.0.0/16 dev eth0 scope link metric 1000
default via 10.10.10.1 dev eth0 metric 100
ARP
? (10.10.10.139) at 00:12:f0:a2:1e:89 [ether] on eth0
? (10.10.10.1) at 00:1f:33:f3:16:53 [ether] on eth0
? (10.10.10.4) at 00:1e:8c:54:53:8c [ether] on eth0
? (10.10.10.2) at 00:1e:c2:03:3e:eb [ether] on eth0
Modules
iptable_filter 10752 1
iptable_mangle 10880 1
iptable_nat 13700 1
iptable_raw 10240 0
ip_tables 19472 4
iptable_raw,iptable_nat,iptable_mangle,iptable_filter
ipt_addrtype 10496 0
ipt_ah 9728 0
ipt_CLUSTERIP 14852 0
ipt_ECN 10496 0
ipt_ecn 9984 0
ipt_LOG 13700 17
ipt_MASQUERADE 10752 0
ipt_NETMAP 9728 0
ipt_REDIRECT 9728 0
ipt_REJECT 11136 4
ipt_ttl 9728 0
ipt_TTL 9984 0
ipt_ULOG 15140 0
nf_conntrack 72008 29
ipt_MASQUERADE,ipt_CLUSTERIP,nf_nat_tftp,nf_nat_snmp_basic,nf_nat_sip,nf_nat_pptp,nf_nat_irc,nf_nat_h323,nf_nat_ftp,nf_nat_amanda,nf_conntrack_amanda,nf_conntrack_tftp,nf_conntrack_sip,nf_conntrack_proto_sctp,nf_conntrack_pptp,nf_conntrack_proto_gre,nf_conntrack_netlink,nf_conntrack_netbios_ns,nf_conntrack_irc,nf_conntrack_h323,nf_conntrack_ftp,xt_helper,xt_conntrack,xt_CONNMARK,xt_connmark,xt_state,iptable_nat,nf_nat,nf_conntrack_ipv4
nf_conntrack_amanda 11904 1 nf_nat_amanda
nf_conntrack_ftp 15652 1 nf_nat_ftp
nf_conntrack_h323 56648 1 nf_nat_h323
nf_conntrack_ipv4 21388 19 iptable_nat,nf_nat
nf_conntrack_irc 13220 1 nf_nat_irc
nf_conntrack_netbios_ns 10496 0
nf_conntrack_netlink 23936 0
nf_conntrack_pptp 14212 1 nf_nat_pptp
nf_conntrack_proto_gre 13572 1 nf_conntrack_pptp
nf_conntrack_proto_sctp 16264 0
nf_conntrack_sip 26260 1 nf_nat_sip
nf_conntrack_tftp 12308 1 nf_nat_tftp
nf_defrag_ipv4 9984 1 nf_conntrack_ipv4
nf_nat 25876 12
ipt_REDIRECT,ipt_NETMAP,ipt_MASQUERADE,nf_nat_tftp,nf_nat_sip,nf_nat_pptp,nf_nat_proto_gre,nf_nat_irc,nf_nat_h323,nf_nat_ftp,nf_nat_amanda,iptable_nat
nf_nat_amanda 9984 0
nf_nat_ftp 10752 0
nf_nat_h323 14336 0
nf_nat_irc 10240 0
nf_nat_pptp 11136 0
nf_nat_proto_gre 10372 1 nf_nat_pptp
nf_nat_sip 14976 0
nf_nat_snmp_basic 16904 0
nf_nat_tftp 9600 0
xt_CLASSIFY 9600 0
xt_comment 9600 0
xt_connmark 10240 0
xt_CONNMARK 10880 0
xt_conntrack 11648 0
xt_dccp 11016 0
xt_dscp 10496 0
xt_DSCP 11264 0
xt_hashlimit 18448 0
xt_helper 10112 0
xt_iprange 10496 0
xt_length 9856 0
xt_limit 10116 0
xt_mac 9600 0
xt_MARK 10112 0
xt_mark 9856 0
xt_multiport 11264 4
xt_NFLOG 9728 0
xt_NFQUEUE 9856 0
xt_owner 10624 0
xt_physdev 10384 0
xt_pkttype 9728 4
xt_policy 11008 0
xt_recent 17308 0
xt_state 10112 16
xt_tcpmss 10112 0
xt_tcpudp 11008 37
Shorewall has detected the following iptables/netfilter capabilities:
NAT: Available
Packet Mangling: Available
Multi-port Match: Available
Extended Multi-port Match: Available
Connection Tracking Match: Available
New Connection Tracking Match Syntax: Available
Packet Type Match: Available
Policy Match: Available
Physdev Match: Available
Physdev-is-bridged Support: Available
Packet length Match: Available
IP range Match: Available
Recent Match: Available
Owner Match: Available
Ipset Match: Not available
CONNMARK Target: Available
Extended CONNMARK Target: Available
Connmark Match: Available
Extended Connmark Match: Available
Raw Table: Available
IPP2P Match: Not available
CLASSIFY Target: Available
Extended REJECT: Available
Repeat match: Available
MARK Target: Available
Extended MARK Target: Available
Mangle FORWARD Chain: Available
Comments: Available
Address Type Match: Available
TCPMSS Match: Available
Hashlimit Match: Available
NFQUEUE Target: Available
Traffic Control
Device eth0:
qdisc pfifo_fast 0: root bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
Sent 10592021300 bytes 12665866 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
TC Filters
Device eth0:
------------------------------------------------------------------------------
The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your
production scanning environment may not be a perfect world - but thanks to
Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700
Series Scanner you'll get full speed at 300 dpi even with all image
processing features enabled. http://p.sf.net/sfu/kodak-com
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
