Thanks. Here is the dump. -------------------------------------------------- From: "Tom Eastep" <teas...@shorewall.net> Sent: Sunday, August 01, 2010 7:28 AM To: <shorewall-users@lists.sourceforge.net> Subject: Re: [Shorewall-users] multiple external ip's not passing thru
------------------------------------------------------------------------------ The Palm PDK Hot Apps Program offers developers who use the Plug-In Development Kit to bring their C/C++ apps to Palm for a share of $1 Million in cash or HP Products. Visit us here for more details: http://p.sf.net/sfu/dev2dev-palm
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System.For more information please visit http://www.messagelabs.com/email ______________________________________________________________________
Shorewall 4.4.8.4 Dump at TempeFW - Sun Aug 1 08:02:34 MST 2010 Counters reset Sun Aug 1 01:17:18 MST 2010 Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 9931 1022K dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID,NEW 35965 54M net2fw all -- eth0 * 0.0.0.0/0 0.0.0.0/0 9518 940K loc2fw all -- eth2 * 0.0.0.0/0 0.0.0.0/0 385 87063 dmz2fw all -- eth1 * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:INPUT:REJECT:' 0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 [goto] Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 24665 1899K dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID,NEW 50464 30M net_frwd all -- eth0 * 0.0.0.0/0 0.0.0.0/0 36974 3976K loc_frwd all -- eth2 * 0.0.0.0/0 0.0.0.0/0 15197 1886K dmz_frwd all -- eth1 * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:FORWARD:REJECT:' 0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 [goto] Chain OUTPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 18425 983K fw2net all -- * eth0 0.0.0.0/0 0.0.0.0/0 204 19640 fw2loc all -- * eth2 0.0.0.0/0 0.0.0.0/0 0 0 fw2dmz all -- * eth1 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:OUTPUT:REJECT:' 0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 [goto] Chain Drop (3 references) pkts bytes target prot opt in out source destination 2408 132K all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:113 /* Auth */ 2408 132K dropBcast all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 code 4 /* Needed ICMP types */ 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 11 /* Needed ICMP types */ 2408 132K dropInvalid all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 135,445 /* SMB */ 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:137:139 /* SMB */ 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:137 dpts:1024:65535 /* SMB */ 216 10672 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 135,139,445 /* SMB */ 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1900 /* UPnP */ 2151 118K dropNotSyn tcp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:53 /* Late DNS Replies */ Chain Reject (7 references) pkts bytes target prot opt in out source destination 0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:113 /* Auth */ 0 0 dropBcast all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 code 4 /* Needed ICMP types */ 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 11 /* Needed ICMP types */ 0 0 dropInvalid all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 135,445 /* SMB */ 0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:137:139 /* SMB */ 0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:137 dpts:1024:65535 /* SMB */ 0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 135,139,445 /* SMB */ 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1900 /* UPnP */ 0 0 dropNotSyn tcp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:53 /* Late DNS Replies */ Chain dmz2fw (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 385 87063 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:dmz2fw:REJECT:' 0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 [goto] Chain dmz2loc (1 references) pkts bytes target prot opt in out source destination 628 48366 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 46 12374 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:dmz2loc:REJECT:' 0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 [goto] Chain dmz2net (1 references) pkts bytes target prot opt in out source destination 12000 1663K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 2523 163K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain dmz_frwd (1 references) pkts bytes target prot opt in out source destination 14523 1825K dmz2net all -- * eth0 0.0.0.0/0 0.0.0.0/0 674 60740 dmz2loc all -- * eth2 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- * eth1 0.0.0.0/0 0.0.0.0/0 Chain dropBcast (2 references) pkts bytes target prot opt in out source destination 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST 0 0 DROP all -- * * 0.0.0.0/0 224.0.0.0/4 Chain dropInvalid (2 references) pkts bytes target prot opt in out source destination 30 1228 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID Chain dropNotSyn (2 references) pkts bytes target prot opt in out source destination 22 880 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02 Chain dynamic (2 references) pkts bytes target prot opt in out source destination Chain fw2dmz (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:fw2dmz:REJECT:' 0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 [goto] Chain fw2loc (1 references) pkts bytes target prot opt in out source destination 204 19640 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain fw2net (1 references) pkts bytes target prot opt in out source destination 18417 982K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 8 503 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain loc2dmz (1 references) pkts bytes target prot opt in out source destination 660 68792 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 91 4372 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:loc2dmz:REJECT:' 0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 [goto] Chain loc2fw (1 references) pkts bytes target prot opt in out source destination 155 14040 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 9363 926K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain loc2net (1 references) pkts bytes target prot opt in out source destination 16944 2330K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 19279 1573K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain loc_frwd (1 references) pkts bytes target prot opt in out source destination 36223 3903K loc2net all -- * eth0 0.0.0.0/0 0.0.0.0/0 751 73164 loc2dmz all -- * eth1 0.0.0.0/0 0.0.0.0/0 Chain logdrop (0 references) pkts bytes target prot opt in out source destination 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain logreject (0 references) pkts bytes target prot opt in out source destination 0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 Chain net2dmz (1 references) pkts bytes target prot opt in out source destination 17597 19M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 501 24716 ACCEPT tcp -- * * 0.0.0.0/0 204.74.77.82 tcp dpt:25 /* SMTP */ 0 0 ACCEPT tcp -- * * 0.0.0.0/0 204.74.77.93 tcp dpt:80 /* Web */ 0 0 ACCEPT tcp -- * * 0.0.0.0/0 204.74.77.93 tcp dpt:443 /* Web */ 0 0 ACCEPT tcp -- * * 0.0.0.0/0 204.74.77.94 tcp dpt:80 /* Web */ 0 0 ACCEPT tcp -- * * 0.0.0.0/0 204.74.77.94 tcp dpt:443 /* Web */ 0 0 ACCEPT tcp -- * * 0.0.0.0/0 204.74.77.72 tcp dpt:80 /* Web */ 0 0 ACCEPT tcp -- * * 0.0.0.0/0 204.74.77.72 tcp dpt:443 /* Web */ 0 0 ACCEPT tcp -- * * 0.0.0.0/0 204.74.77.160 tcp dpt:80 /* Web */ 0 0 ACCEPT tcp -- * * 0.0.0.0/0 204.74.77.160 tcp dpt:443 /* Web */ 2225 123K Drop all -- * * 0.0.0.0/0 0.0.0.0/0 2095 116K LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:net2dmz:DROP:' 2095 116K DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain net2fw (1 references) pkts bytes target prot opt in out source destination 35782 54M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 183 9516 Drop all -- * * 0.0.0.0/0 0.0.0.0/0 45 3128 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:net2fw:DROP:' 45 3128 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain net2loc (1 references) pkts bytes target prot opt in out source destination 30141 11M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 Drop all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:net2loc:DROP:' 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain net_frwd (1 references) pkts bytes target prot opt in out source destination 30141 11M net2loc all -- * eth2 0.0.0.0/0 0.0.0.0/0 20323 19M net2dmz all -- * eth1 0.0.0.0/0 0.0.0.0/0 Chain reject (14 references) pkts bytes target prot opt in out source destination 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match src-type BROADCAST 0 0 DROP all -- * * 224.0.0.0/4 0.0.0.0/0 0 0 DROP 2 -- * * 0.0.0.0/0 0.0.0.0/0 0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset 0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable 0 0 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-unreachable 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain shorewall (0 references) pkts bytes target prot opt in out source destination Log (/var/log/messages) Aug 1 06:39:16 net2fw:DROP:IN=eth0 OUT= SRC=58.53.128.61 DST=204.74.77.2 LEN=40 TOS=0x00 PREC=0x20 TTL=115 ID=256 DF PROTO=TCP SPT=12200 DPT=6588 WINDOW=8192 RES=0x00 SYN URGP=0 Aug 1 06:39:17 net2fw:DROP:IN=eth0 OUT= SRC=58.53.128.61 DST=204.74.77.2 LEN=40 TOS=0x00 PREC=0x00 TTL=115 ID=256 DF PROTO=TCP SPT=12200 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 Aug 1 06:39:27 net2fw:DROP:IN=eth0 OUT= SRC=222.43.70.238 DST=204.74.77.2 LEN=40 TOS=0x00 PREC=0x00 TTL=105 ID=256 PROTO=TCP SPT=6000 DPT=1521 WINDOW=16384 RES=0x00 SYN URGP=0 Aug 1 07:05:23 net2fw:DROP:IN=eth0 OUT= SRC=61.160.212.10 DST=174.77.64.139 LEN=40 TOS=0x00 PREC=0x00 TTL=104 ID=45577 PROTO=TCP SPT=6000 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0 Aug 1 07:05:42 net2fw:DROP:IN=eth0 OUT= SRC=114.80.200.116 DST=204.74.77.2 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=2566 DF PROTO=TCP SPT=34835 DPT=25 WINDOW=5840 RES=0x00 SYN URGP=0 Aug 1 07:40:43 net2fw:DROP:IN=eth0 OUT= SRC=61.129.67.50 DST=204.74.77.2 LEN=40 TOS=0x00 PREC=0x00 TTL=109 ID=256 PROTO=TCP SPT=6000 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0 Aug 1 07:41:18 net2fw:DROP:IN=eth0 OUT= SRC=216.245.223.222 DST=204.74.77.2 LEN=40 TOS=0x00 PREC=0x00 TTL=111 ID=19744 PROTO=TCP SPT=6000 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0 Aug 1 07:47:30 net2fw:DROP:IN=eth0 OUT= SRC=219.142.86.76 DST=204.74.77.2 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=41419 DF PROTO=TCP SPT=3608 DPT=21 WINDOW=65535 RES=0x00 SYN URGP=0 Aug 1 07:47:33 net2fw:DROP:IN=eth0 OUT= SRC=219.142.86.76 DST=204.74.77.2 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=41682 DF PROTO=TCP SPT=3608 DPT=21 WINDOW=65535 RES=0x00 SYN URGP=0 Aug 1 07:50:43 net2fw:DROP:IN=eth0 OUT= SRC=125.65.165.184 DST=204.74.77.2 LEN=40 TOS=0x00 PREC=0x20 TTL=116 ID=27800 DF PROTO=TCP SPT=12200 DPT=8000 WINDOW=8192 RES=0x00 SYN URGP=0 Aug 1 07:50:44 net2fw:DROP:IN=eth0 OUT= SRC=125.65.165.184 DST=204.74.77.2 LEN=40 TOS=0x00 PREC=0x00 TTL=116 ID=44210 DF PROTO=TCP SPT=12200 DPT=1080 WINDOW=8192 RES=0x00 SYN URGP=0 NAT Table Chain PREROUTING (policy ACCEPT 10570 packets, 1008K bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 1497 packets, 103K bytes) pkts bytes target prot opt in out source destination 5177 416K eth0_masq all -- * eth0 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 8 packets, 503 bytes) pkts bytes target prot opt in out source destination Chain eth0_masq (1 references) pkts bytes target prot opt in out source destination 3992 340K MASQUERADE all -- * * 10.10.1.0/24 0.0.0.0/0 Mangle Table Chain PREROUTING (policy ACCEPT 150K packets, 91M bytes) pkts bytes target prot opt in out source destination 150K 91M tcpre all -- * * 0.0.0.0/0 0.0.0.0/0 Chain INPUT (policy ACCEPT 45868 packets, 55M bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 103K packets, 36M bytes) pkts bytes target prot opt in out source destination 103K 36M MARK all -- * * 0.0.0.0/0 0.0.0.0/0 MARK and 0x0 103K 36M tcfor all -- * * 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 18629 packets, 1002K bytes) pkts bytes target prot opt in out source destination 18629 1002K tcout all -- * * 0.0.0.0/0 0.0.0.0/0 Chain POSTROUTING (policy ACCEPT 119K packets, 37M bytes) pkts bytes target prot opt in out source destination 119K 37M tcpost all -- * * 0.0.0.0/0 0.0.0.0/0 Chain tcfor (1 references) pkts bytes target prot opt in out source destination Chain tcout (1 references) pkts bytes target prot opt in out source destination Chain tcpost (1 references) pkts bytes target prot opt in out source destination Chain tcpre (1 references) pkts bytes target prot opt in out source destination Raw Table Chain PREROUTING (policy ACCEPT 150K packets, 91M bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 18629 packets, 1002K bytes) pkts bytes target prot opt in out source destination Conntrack Table (22 out of 65536) udp 17 27 src=10.10.1.52 dst=10.10.1.255 sport=137 dport=137 packets=7969 bytes=621582 [UNREPLIED] src=10.10.1.255 dst=10.10.1.52 sport=137 dport=137 packets=0 bytes=0 mark=0 secmark=0 use=2 tcp 6 86 SYN_SENT src=10.10.1.26 dst=204.74.76.105 sport=2087 dport=10051 packets=3 bytes=144 [UNREPLIED] src=204.74.76.105 dst=174.77.64.139 sport=10051 dport=2087 packets=0 bytes=0 mark=0 secmark=0 use=2 tcp 6 5 SYN_SENT src=10.10.1.26 dst=204.74.76.105 sport=2084 dport=10051 packets=3 bytes=144 [UNREPLIED] src=204.74.76.105 dst=174.77.64.139 sport=10051 dport=2084 packets=0 bytes=0 mark=0 secmark=0 use=2 tcp 6 400416 ESTABLISHED src=10.10.1.53 dst=205.188.248.161 sport=4223 dport=443 packets=1 bytes=50 [UNREPLIED] src=205.188.248.161 dst=174.77.64.139 sport=443 dport=4223 packets=0 bytes=0 mark=0 secmark=0 use=2 tcp 6 77 SYN_SENT src=204.74.77.82 dst=204.74.76.248 sport=41844 dport=6101 packets=6 bytes=360 [UNREPLIED] src=204.74.76.248 dst=204.74.77.82 sport=6101 dport=41844 packets=0 bytes=0 mark=0 secmark=0 use=2 udp 17 28 src=10.10.1.52 dst=206.117.26.11 sport=137 dport=137 packets=7969 bytes=621582 [UNREPLIED] src=206.117.26.11 dst=174.77.64.139 sport=137 dport=137 packets=0 bytes=0 mark=0 secmark=0 use=2 tcp 6 431994 ESTABLISHED src=10.10.1.52 dst=72.223.83.188 sport=50932 dport=3301 packets=561 bytes=45191 src=72.223.83.188 dst=174.77.64.139 sport=3301 dport=50932 packets=613 bytes=340270 [ASSURED] mark=0 secmark=0 use=2 tcp 6 59 SYN_SENT src=204.74.77.82 dst=204.74.76.105 sport=41855 dport=10051 packets=2 bytes=120 [UNREPLIED] src=204.74.76.105 dst=204.74.77.82 sport=10051 dport=41855 packets=0 bytes=0 mark=0 secmark=0 use=2 tcp 6 299 ESTABLISHED src=10.10.1.52 dst=10.10.1.1 sport=50776 dport=22 packets=1166 bytes=111524 src=10.10.1.1 dst=10.10.1.52 sport=22 dport=50776 packets=952 bytes=121907 [ASSURED] mark=0 secmark=0 use=2 tcp 6 119 SYN_SENT src=204.74.77.82 dst=204.74.76.105 sport=41874 dport=10051 packets=1 bytes=60 [UNREPLIED] src=204.74.76.105 dst=204.74.77.82 sport=10051 dport=41874 packets=0 bytes=0 mark=0 secmark=0 use=2 udp 17 12 src=10.10.1.52 dst=4.2.2.2 sport=57939 dport=53 packets=1 bytes=62 src=4.2.2.2 dst=174.77.64.139 sport=53 dport=57939 packets=1 bytes=127 mark=0 secmark=0 use=2 tcp 6 429290 ESTABLISHED src=10.10.1.52 dst=204.74.77.82 sport=50777 dport=22 packets=141 bytes=15896 src=204.74.77.82 dst=10.10.1.52 sport=22 dport=50777 packets=118 bytes=12143 [ASSURED] mark=0 secmark=0 use=2 tcp 6 61 SYN_SENT src=10.10.1.22 dst=204.74.76.105 sport=2322 dport=10051 packets=3 bytes=144 [UNREPLIED] src=204.74.76.105 dst=174.77.64.139 sport=10051 dport=2322 packets=0 bytes=0 mark=0 secmark=0 use=2 tcp 6 104 SYN_SENT src=10.10.1.21 dst=204.74.76.101 sport=721 dport=515 packets=1995 bytes=87780 [UNREPLIED] src=204.74.76.101 dst=174.77.64.139 sport=515 dport=721 packets=0 bytes=0 mark=0 secmark=0 use=2 udp 17 20 src=10.10.1.52 dst=204.74.76.101 sport=54345 dport=161 packets=3 bytes=318 [UNREPLIED] src=204.74.76.101 dst=174.77.64.139 sport=161 dport=54345 packets=0 bytes=0 mark=0 secmark=0 use=2 udp 17 20 src=10.10.1.52 dst=204.74.76.198 sport=54345 dport=161 packets=3 bytes=318 [UNREPLIED] src=204.74.76.198 dst=174.77.64.139 sport=161 dport=54345 packets=0 bytes=0 mark=0 secmark=0 use=2 udp 17 178 src=204.74.77.93 dst=10.10.1.21 sport=137 dport=137 packets=691 bytes=54024 src=10.10.1.21 dst=204.74.77.93 sport=137 dport=137 packets=679 bytes=61482 [ASSURED] mark=0 secmark=0 use=2 udp 17 12 src=10.10.1.52 dst=4.2.2.2 sport=60196 dport=53 packets=1 bytes=62 src=4.2.2.2 dst=174.77.64.139 sport=53 dport=60196 packets=1 bytes=78 mark=0 secmark=0 use=2 udp 17 3584 src=10.10.1.54 dst=204.74.78.80 sport=5060 dport=5060 packets=518 bytes=265272 src=204.74.78.80 dst=174.77.64.139 sport=5060 dport=1024 packets=569 bytes=294225 [ASSURED] mark=0 secmark=0 use=2 udp 17 1 src=10.10.1.21 dst=10.10.1.255 sport=138 dport=138 packets=1 bytes=326 [UNREPLIED] src=10.10.1.255 dst=10.10.1.21 sport=138 dport=138 packets=0 bytes=0 mark=0 secmark=0 use=2 tcp 6 431962 ESTABLISHED src=10.10.1.52 dst=65.200.212.211 sport=51581 dport=80 packets=8 bytes=930 src=65.200.212.211 dst=174.77.64.139 sport=80 dport=51581 packets=7 bytes=1238 [ASSURED] mark=0 secmark=0 use=2 udp 17 29 src=10.10.1.21 dst=204.74.76.65 sport=137 dport=137 packets=3 bytes=234 [UNREPLIED] src=204.74.76.65 dst=174.77.64.139 sport=137 dport=137 packets=0 bytes=0 mark=0 secmark=0 use=2 IP Configuration 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN inet 127.0.0.1/8 scope host lo 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 100 inet 174.77.64.139/29 brd 174.77.64.143 scope global eth0 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 inet 204.74.77.2/24 brd 204.74.77.255 scope global eth1 4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 inet 10.10.1.1/24 brd 10.10.1.255 scope global eth2 IP Stats 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 RX: bytes packets errors dropped overrun mcast 340244 3047 0 0 0 0 TX: bytes packets errors dropped carrier collsns 340244 3047 0 0 0 0 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 100 link/ether 00:14:22:0f:7a:25 brd ff:ff:ff:ff:ff:ff RX: bytes packets errors dropped overrun mcast 95174999 182615 0 0 0 0 TX: bytes packets errors dropped carrier collsns 9953393 82551 0 0 0 0 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:14:22:0f:7a:26 brd ff:ff:ff:ff:ff:ff RX: bytes packets errors dropped overrun mcast 3551654 32645 0 0 0 0 TX: bytes packets errors dropped carrier collsns 20067866 21639 0 0 0 0 4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0a:5e:59:ec:00 brd ff:ff:ff:ff:ff:ff RX: bytes packets errors dropped overrun mcast 8003383 69965 0 0 0 0 TX: bytes packets errors dropped carrier collsns 13865146 39531 0 0 0 0 /proc /proc/version = Linux version 2.6.31-14-server (bui...@crested) (gcc version 4.4.1 (Ubuntu 4.4.1-4ubuntu8) ) #48-Ubuntu SMP Fri Oct 16 15:07:34 UTC 2009 /proc/sys/net/ipv4/ip_forward = 1 /proc/sys/net/ipv4/icmp_echo_ignore_all = 0 /proc/sys/net/ipv4/conf/all/proxy_arp = 0 /proc/sys/net/ipv4/conf/all/arp_filter = 0 /proc/sys/net/ipv4/conf/all/arp_ignore = 0 /proc/sys/net/ipv4/conf/all/rp_filter = 0 /proc/sys/net/ipv4/conf/all/log_martians = 0 /proc/sys/net/ipv4/conf/default/proxy_arp = 0 /proc/sys/net/ipv4/conf/default/arp_filter = 0 /proc/sys/net/ipv4/conf/default/arp_ignore = 0 /proc/sys/net/ipv4/conf/default/rp_filter = 0 /proc/sys/net/ipv4/conf/default/log_martians = 1 /proc/sys/net/ipv4/conf/eth0/proxy_arp = 0 /proc/sys/net/ipv4/conf/eth0/arp_filter = 0 /proc/sys/net/ipv4/conf/eth0/arp_ignore = 0 /proc/sys/net/ipv4/conf/eth0/rp_filter = 0 /proc/sys/net/ipv4/conf/eth0/log_martians = 1 /proc/sys/net/ipv4/conf/eth1/proxy_arp = 0 /proc/sys/net/ipv4/conf/eth1/arp_filter = 0 /proc/sys/net/ipv4/conf/eth1/arp_ignore = 0 /proc/sys/net/ipv4/conf/eth1/rp_filter = 0 /proc/sys/net/ipv4/conf/eth1/log_martians = 1 /proc/sys/net/ipv4/conf/eth2/proxy_arp = 0 /proc/sys/net/ipv4/conf/eth2/arp_filter = 0 /proc/sys/net/ipv4/conf/eth2/arp_ignore = 0 /proc/sys/net/ipv4/conf/eth2/rp_filter = 0 /proc/sys/net/ipv4/conf/eth2/log_martians = 1 /proc/sys/net/ipv4/conf/lo/proxy_arp = 0 /proc/sys/net/ipv4/conf/lo/arp_filter = 0 /proc/sys/net/ipv4/conf/lo/arp_ignore = 0 /proc/sys/net/ipv4/conf/lo/rp_filter = 0 /proc/sys/net/ipv4/conf/lo/log_martians = 1 Routing Rules 0: from all lookup local 32766: from all lookup main 32767: from all lookup default Table default: Table local: broadcast 174.77.64.143 dev eth0 proto kernel scope link src 174.77.64.139 broadcast 10.10.1.255 dev eth2 proto kernel scope link src 10.10.1.1 broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1 local 174.77.64.139 dev eth0 proto kernel scope host src 174.77.64.139 broadcast 204.74.77.255 dev eth1 proto kernel scope link src 204.74.77.2 broadcast 174.77.64.136 dev eth0 proto kernel scope link src 174.77.64.139 local 10.10.1.1 dev eth2 proto kernel scope host src 10.10.1.1 broadcast 10.10.1.0 dev eth2 proto kernel scope link src 10.10.1.1 local 204.74.77.2 dev eth1 proto kernel scope host src 204.74.77.2 broadcast 204.74.77.0 dev eth1 proto kernel scope link src 204.74.77.2 broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1 local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1 local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1 Table main: 204.74.77.93 dev eth1 scope link 204.74.77.82 dev eth1 scope link 174.77.64.136/29 dev eth0 proto kernel scope link src 174.77.64.139 10.10.1.0/24 dev eth2 proto kernel scope link src 10.10.1.1 204.74.77.0/24 dev eth1 proto kernel scope link src 204.74.77.2 default via 174.77.64.138 dev eth0 metric 100 ARP ? (10.10.1.52) at 00:23:8b:b4:8a:7d [ether] on eth2 ? (204.74.77.93) at 00:18:8b:4c:3f:d1 [ether] on eth1 ? (204.74.77.82) at 00:14:22:32:df:87 [ether] on eth1 ? (10.10.1.54) at 00:04:f2:02:71:3d [ether] on eth2 ? (10.10.1.25) at 00:04:5a:4e:57:dc [ether] on eth2 ? (174.77.64.138) at 00:08:a3:ed:21:81 [ether] on eth0 ? (10.10.1.21) at 00:90:27:1d:34:bb [ether] on eth2 ? (10.10.1.22) at 00:30:48:53:98:a4 [ether] on eth2 ? (10.10.1.53) at 00:19:d1:22:84:bf [ether] on eth2 ? (10.10.1.26) at 00:30:48:34:51:6e [ether] on eth2 Modules iptable_filter 3872 1 iptable_mangle 4192 1 iptable_nat 6656 1 iptable_raw 3008 0 ip_tables 21168 4 iptable_raw,iptable_nat,iptable_mangle,iptable_filter ipt_addrtype 2912 2 ipt_ah 1984 0 ipt_CLUSTERIP 8040 0 ipt_ecn 2272 0 ipt_ECN 2880 0 ipt_LOG 6404 10 ipt_MASQUERADE 2944 1 ipt_NETMAP 2048 0 ipt_REDIRECT 2016 0 ipt_REJECT 3584 4 ipt_ULOG 10312 0 nf_conntrack 80832 31 xt_connlimit,ipt_MASQUERADE,ipt_CLUSTERIP,nf_nat_tftp,nf_nat_snmp_basic,nf_n at_sip,nf_nat_pptp,nf_nat_irc,nf_nat_h323,nf_nat_ftp,nf_nat_amanda,nf_conntr ack_amanda,nf_conntrack_sane,nf_conntrack_tftp,nf_conntrack_sip,nf_conntrack _proto_sctp,nf_conntrack_pptp,nf_conntrack_proto_gre,nf_conntrack_netlink,nf _conntrack_netbios_ns,nf_conntrack_irc,nf_conntrack_h323,nf_conntrack_ftp,xt _helper,xt_conntrack,xt_CONNMARK,xt_connmark,xt_state,iptable_nat,nf_nat,nf_ conntrack_ipv4 nf_conntrack_amanda 4832 1 nf_nat_amanda nf_conntrack_ftp 9016 1 nf_nat_ftp nf_conntrack_h323 57744 1 nf_nat_h323 nf_conntrack_ipv4 16376 21 iptable_nat,nf_nat nf_conntrack_irc 6552 1 nf_nat_irc nf_conntrack_netbios_ns 2912 0 nf_conntrack_netlink 19840 0 nf_conntrack_pptp 7524 1 nf_nat_pptp nf_conntrack_proto_gre 6468 1 nf_conntrack_pptp nf_conntrack_proto_sctp 9484 0 nf_conntrack_sane 5796 0 nf_conntrack_sip 22068 1 nf_nat_sip nf_conntrack_tftp 5492 1 nf_nat_tftp nf_defrag_ipv4 2400 2 xt_TPROXY,nf_conntrack_ipv4 nf_nat 22164 12 ipt_REDIRECT,ipt_NETMAP,ipt_MASQUERADE,nf_nat_tftp,nf_nat_sip,nf_nat_pptp,nf _nat_proto_gre,nf_nat_irc,nf_nat_h323,nf_nat_ftp,nf_nat_amanda,iptable_nat nf_nat_amanda 2272 0 nf_nat_ftp 3584 0 nf_nat_h323 7456 0 nf_nat_irc 2688 0 nf_nat_pptp 3424 0 nf_nat_proto_gre 2788 1 nf_nat_pptp nf_nat_sip 7616 0 nf_nat_snmp_basic 10120 0 nf_nat_tftp 1888 0 nf_tproxy_core 3104 1 xt_TPROXY,[permanent] xt_CLASSIFY 1856 0 xt_comment 1824 27 xt_connlimit 4840 0 xt_connmark 2944 0 xt_CONNMARK 3488 0 xt_conntrack 5536 0 xt_dccp 3248 0 xt_dscp 2912 0 xt_DSCP 3744 0 xt_hashlimit 12032 0 xt_helper 2432 0 xt_iprange 2720 0 xt_length 2080 0 xt_limit 3236 0 xt_mac 1888 0 xt_mark 2464 0 xt_MARK 3072 1 xt_multiport 3552 4 xt_NFLOG 1984 0 xt_NFQUEUE 3232 0 xt_owner 3008 0 xt_physdev 2576 0 xt_pkttype 1952 0 xt_policy 3456 0 xt_realm 1792 0 xt_recent 10784 0 xt_state 2432 18 xt_tcpmss 2464 0 xt_tcpudp 3616 20 xt_time 3104 0 xt_TPROXY 2528 0 Shorewall has detected the following iptables/netfilter capabilities: NAT: Available Packet Mangling: Available Multi-port Match: Available Extended Multi-port Match: Available Connection Tracking Match: Available Extended Connection Tracking Match Support: Available Packet Type Match: Available Policy Match: Available Physdev Match: Available Physdev-is-bridged Support: Available Packet length Match: Available IP range Match: Available Recent Match: Available Owner Match: Available Ipset Match: Not available CONNMARK Target: Available Extended CONNMARK Target: Available Connmark Match: Available Extended Connmark Match: Available Raw Table: Available IPP2P Match: Not available CLASSIFY Target: Available Extended REJECT: Available Repeat match: Available MARK Target: Available Extended MARK Target: Available Extended MARK Target 2: Available Mangle FORWARD Chain: Available Comments: Available Address Type Match: Available TCPMSS Match: Available Hashlimit Match: Available NFQUEUE Target: Available Realm Match: Available Helper Match: Available Connlimit Match: Available Time Match: Available Goto Support: Available LOGMARK Target: Not available IPMARK Target: Not available LOG Target: Available Persistent SNAT: Available TPROXY Target: Available FLOW Classifier: Available Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 5977/sshd tcp 0 0 10.10.1.1:22 10.10.1.52:50776 ESTABLISHED 6219/1 tcp6 0 0 :::22 :::* LISTEN 5977/sshd Traffic Control Device eth0: qdisc pfifo_fast 0: root bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1 Sent 9953485 bytes 82552 pkt (dropped 0, overlimits 0 requeues 0) rate 0bit 0pps backlog 0b 0p requeues 0 Device eth1: qdisc pfifo_fast 0: root bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1 Sent 20067866 bytes 21639 pkt (dropped 0, overlimits 0 requeues 0) rate 0bit 0pps backlog 0b 0p requeues 0 Device eth2: qdisc pfifo_fast 0: root bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1 Sent 16489283 bytes 48489 pkt (dropped 0, overlimits 0 requeues 0) rate 0bit 0pps backlog 0b 0p requeues 0 TC Filters Device eth0: Device eth1: Device eth2:
------------------------------------------------------------------------------ The Palm PDK Hot Apps Program offers developers who use the Plug-In Development Kit to bring their C/C++ apps to Palm for a share of $1 Million in cash or HP Products. Visit us here for more details: http://p.sf.net/sfu/dev2dev-palm
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
