Tom: thanks for the answer.
I attach what you asked..
Regards
From: Tom Eastep <[email protected]>
On Mon, 2011-10-10 at 19:41 +0000, Carina V. Barca wrote:
> Hi all, install a shorewall 4 on a debian squeeze, configure the
> interfaces and the files, but I can not have internet on the local
> network.
Have you checked Shorewall FAQ 15? If that doesn't solve your problem,
please forward the output of 'shorewall dump' collected as described at
http://www.shorewall.net/support.htm#Guidelines.
-Tom
>=20
--=20
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
Shorewall 4.4.11.6 Dump at debian - mar oct 11 15:39:33 ART 2011
Counters reset Tue Oct 11 14:58:54 ART 2011
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
12721 1165K dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW
15319 1409K net2fw all -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 loc2fw all -- eth1 * 0.0.0.0/0 0.0.0.0/0
8 560 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:INPUT:REJECT:'
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW
0 0 net2loc all -- eth0 eth1 0.0.0.0/0 0.0.0.0/0
0 0 loc_frwd all -- eth1 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:FORWARD:REJECT:'
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
2171 1728K fw2net all -- * eth0 0.0.0.0/0 0.0.0.0/0
0 0 fw2loc all -- * eth1 0.0.0.0/0 0.0.0.0/0
8 560 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain Drop (0 references)
pkts bytes target prot opt in out source destination
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:113 /* Auth */
0 0 dropBcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 3 code 4 /* Needed ICMP types */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 11 /* Needed ICMP types */
0 0 dropInvalid all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,445 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:137:139 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:137 dpts:1024:65535 /* SMB */
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,139,445 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1900 /* UPnP */
0 0 dropNotSyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:53 /* Late DNS Replies */
Chain Reject (6 references)
pkts bytes target prot opt in out source destination
12341 1041K all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:113 /* Auth */
12341 1041K dropBcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 3 code 4 /* Needed ICMP types */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 11 /* Needed ICMP types */
11 516 dropInvalid all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,445 /* SMB */
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:137:139 /* SMB */
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:137 dpts:1024:65535 /* SMB */
6 288 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,139,445 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1900 /* UPnP */
2 96 dropNotSyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:53 /* Late DNS Replies */
Chain dropBcast (2 references)
pkts bytes target prot opt in out source destination
12306 1034K DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type BROADCAST
24 6748 DROP all -- * * 0.0.0.0/0 224.0.0.0/4
Chain dropInvalid (2 references)
pkts bytes target prot opt in out source destination
3 132 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID
Chain dropNotSyn (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:!0x17/0x02
Chain dynamic (2 references)
pkts bytes target prot opt in out source destination
Chain fw2loc (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain fw2net (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:67:68
2165 1728K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
6 333 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain loc2fw (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:8080
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 20,21,22,53,67,68,80,10000
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 53,67,68
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 8 /* Ping */
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:loc2fw:REJECT:'
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain loc2net (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 20,21,22,25,43,53,63
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 110,123,143,443,465
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 587,993,995
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 43,53,63,123
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 8 /* Ping */
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:loc2net:REJECT:'
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain loc_frwd (1 references)
pkts bytes target prot opt in out source destination
0 0 loc2net all -- * eth0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * eth1 0.0.0.0/0 0.0.0.0/0
Chain logdrop (0 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logreject (0 references)
pkts bytes target prot opt in out source destination
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
Chain net2fw (1 references)
pkts bytes target prot opt in out source destination
378 124K ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:67:68
2599 244K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
1 60 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:22
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 8 /* Ping */
12341 1041K Reject all -- * * 0.0.0.0/0 0.0.0.0/0
2 96 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:net2fw:REJECT:'
2 96 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain net2loc (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:net2loc:REJECT:'
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain reject (13 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match src-type BROADCAST
0 0 DROP all -- * * 224.0.0.0/4 0.0.0.0/0
0 0 DROP 2 -- * * 0.0.0.0/0 0.0.0.0/0
8 384 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with tcp-reset
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-port-unreachable
0 0 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-unreachable
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-prohibited
Chain shorewall (0 references)
pkts bytes target prot opt in out source destination
Log (/var/log/messages)
Oct 10 16:02:51 net2fw:REJECT:IN=eth0 OUT= SRC=206.225.83.77
DST=xxx.xxx.100.200 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=57643 PROTO=TCP
SPT=15549 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0
Oct 10 16:11:10 net2fw:REJECT:IN=eth0 OUT= SRC=xxx.xxx.29.100
DST=xxx.xxx.100.200 LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=43279 DF PROTO=TCP
SPT=4235 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0
Oct 10 16:11:10 net2fw:REJECT:IN=eth0 OUT= SRC=xxx.xxx.29.100
DST=xxx.xxx.100.200 LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=43408 DF PROTO=TCP
SPT=4235 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0
Oct 10 16:17:44 net2fw:REJECT:IN=eth0 OUT= SRC=213.229.125.121
DST=xxx.xxx.100.200 LEN=435 TOS=0x00 PREC=0x00 TTL=53 ID=0 DF PROTO=UDP
SPT=5062 DPT=5060 LEN=415
Oct 10 16:43:22 net2fw:REJECT:IN=eth0 OUT= SRC=xxx.xxx.29.100
DST=xxx.xxx.100.200 LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=57820 DF PROTO=TCP
SPT=2093 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0
Oct 10 16:43:23 net2fw:REJECT:IN=eth0 OUT= SRC=xxx.xxx.29.100
DST=xxx.xxx.100.200 LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=57956 DF PROTO=TCP
SPT=2093 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0
Oct 10 17:10:42 net2fw:REJECT:IN=eth0 OUT= SRC=xxx.xxx.29.100
DST=xxx.xxx.100.200 LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=23506 DF PROTO=TCP
SPT=4177 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0
Oct 10 17:10:43 net2fw:REJECT:IN=eth0 OUT= SRC=xxx.xxx.29.100
DST=xxx.xxx.100.200 LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=23631 DF PROTO=TCP
SPT=4177 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0
Oct 10 17:16:40 net2fw:REJECT:IN=eth0 OUT= SRC=94.178.121.18
DST=xxx.xxx.100.200 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=25421 DF PROTO=TCP
SPT=56750 DPT=8080 WINDOW=512 RES=0x00 SYN URGP=0
Oct 10 17:18:46 net2fw:REJECT:IN=eth0 OUT= SRC=94.178.121.18
DST=xxx.xxx.100.200 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=15645 DF PROTO=TCP
SPT=56750 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0
Oct 10 17:20:53 net2fw:REJECT:IN=eth0 OUT= SRC=94.178.121.18
DST=xxx.xxx.100.200 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=6250 DF PROTO=TCP
SPT=56750 DPT=27977 WINDOW=512 RES=0x00 SYN URGP=0
Oct 11 14:18:45 net2fw:REJECT:IN=eth0 OUT= SRC=xxx.xxx.29.100
DST=xxx.xxx.100.200 LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=40140 DF PROTO=TCP
SPT=3169 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0
Oct 11 14:18:46 net2fw:REJECT:IN=eth0 OUT= SRC=xxx.xxx.29.100
DST=xxx.xxx.100.200 LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=40269 DF PROTO=TCP
SPT=3169 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0
Oct 11 14:44:27 net2fw:REJECT:IN=eth0 OUT= SRC=64.179.162.132
DST=xxx.xxx.100.200 LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=29065 DF PROTO=TCP
SPT=4874 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0
Oct 11 14:44:27 net2fw:REJECT:IN=eth0 OUT= SRC=64.179.162.132
DST=xxx.xxx.100.200 LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=29124 DF PROTO=TCP
SPT=4874 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0
Oct 11 14:44:28 net2fw:REJECT:IN=eth0 OUT= SRC=64.179.162.132
DST=xxx.xxx.100.200 LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=29175 DF PROTO=TCP
SPT=4874 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0
Oct 11 14:53:11 net2fw:REJECT:IN=eth0 OUT= SRC=xxx.xxx.29.100
DST=xxx.xxx.100.200 LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=49859 DF PROTO=TCP
SPT=4143 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0
Oct 11 14:53:12 net2fw:REJECT:IN=eth0 OUT= SRC=xxx.xxx.29.100
DST=xxx.xxx.100.200 LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=49938 DF PROTO=TCP
SPT=4143 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0
Oct 11 15:22:26 net2fw:REJECT:IN=eth0 OUT= SRC=xxx.xxx.29.100
DST=xxx.xxx.100.200 LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=46424 DF PROTO=TCP
SPT=1100 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0
Oct 11 15:22:26 net2fw:REJECT:IN=eth0 OUT= SRC=xxx.xxx.29.100
DST=xxx.xxx.100.200 LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=46547 DF PROTO=TCP
SPT=1100 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0
NAT Table
Chain PREROUTING (policy ACCEPT 20436 packets, 2159K bytes)
pkts bytes target prot opt in out source destination
20436 2159K dnat all -- * * 0.0.0.0/0 0.0.0.0/0
Chain POSTROUTING (policy ACCEPT 15 packets, 737 bytes)
pkts bytes target prot opt in out source destination
14 653 eth0_masq all -- * eth0 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 7 packets, 417 bytes)
pkts bytes target prot opt in out source destination
Chain dnat (1 references)
pkts bytes target prot opt in out source destination
0 0 loc_dnat all -- eth1 * 0.0.0.0/0 0.0.0.0/0
Chain eth0_masq (1 references)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE all -- * * 192.168.2.0/24 0.0.0.0/0
Chain loc_dnat (1 references)
pkts bytes target prot opt in out source destination
0 0 REDIRECT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 80,8080 redir ports 8080
Mangle Table
Chain PREROUTING (policy ACCEPT 23423 packets, 2532K bytes)
pkts bytes target prot opt in out source destination
23423 2532K tcpre all -- * * 0.0.0.0/0 0.0.0.0/0
Chain INPUT (policy ACCEPT 15327 packets, 1410K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0
MARK and 0xffffff00
0 0 tcfor all -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 2179 packets, 1729K bytes)
pkts bytes target prot opt in out source destination
2179 1729K tcout all -- * * 0.0.0.0/0 0.0.0.0/0
Chain POSTROUTING (policy ACCEPT 2179 packets, 1729K bytes)
pkts bytes target prot opt in out source destination
2179 1729K tcpost all -- * * 0.0.0.0/0 0.0.0.0/0
Chain tcfor (1 references)
pkts bytes target prot opt in out source destination
Chain tcout (1 references)
pkts bytes target prot opt in out source destination
Chain tcpost (1 references)
pkts bytes target prot opt in out source destination
Chain tcpre (1 references)
pkts bytes target prot opt in out source destination
Raw Table
Chain PREROUTING (policy ACCEPT 23423 packets, 2532K bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 2179 packets, 1729K bytes)
pkts bytes target prot opt in out source destination
Conntrack Table (3 out of 32768)
tcp 6 431999 ESTABLISHED src=xxx.xxx.100.138 dst=xxx.xxx.100.200
sport=48727 dport=22 packets=2594 bytes=243400 src=xxx.xxx.100.200
dst=xxx.xxx.100.138 sport=22 dport=48727 packets=2157 bytes=1727317 [ASSURED]
mark=0 secmark=0 use=2
udp 17 23 src=0.0.0.0 dst=255.255.255.255 sport=68 dport=67 packets=372
bytes=122044 [UNREPLIED] src=255.255.255.255 dst=0.0.0.0 sport=67 dport=68
packets=0 bytes=0 mark=0 secmark=0 use=1
IP Configuration
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
UNKNOWN qlen 1000
inet xxx.xxx.100.200/24 brd xxx.xxx.100.255 scope global eth0
3: eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state
DOWN qlen 1000
inet 192.168.2.1/24 brd 192.168.2.255 scope global eth1
IP Stats
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
RX: bytes packets errors dropped overrun mcast
560 8 0 0 0 0
TX: bytes packets errors dropped carrier collsns
560 8 0 0 0 0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
UNKNOWN qlen 1000
link/ether 00:19:d1:dd:af:d1 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
3670098 36390 0 0 0 24
TX: bytes packets errors dropped carrier collsns
1759558 2196 0 0 0 0
3: eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state
DOWN qlen 1000
link/ether 00:27:19:b1:6b:69 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
0 0 0 0 0 0
/proc
/proc/version = Linux version 2.6.26-2-686 (Debian 2.6.26-19)
([email protected]) (gcc version 4.1.3 20080704 (prerelease) (Debian 4.1.2-25))
#1 SMP Wed Aug 19 06:06:52 UTC 2009
/proc/sys/net/ipv4/ip_forward = 0
/proc/sys/net/ipv4/icmp_echo_ignore_all = 0
/proc/sys/net/ipv4/conf/all/proxy_arp = 0
/proc/sys/net/ipv4/conf/all/arp_filter = 0
/proc/sys/net/ipv4/conf/all/arp_ignore = 0
/proc/sys/net/ipv4/conf/all/rp_filter = 1
/proc/sys/net/ipv4/conf/all/log_martians = 0
/proc/sys/net/ipv4/conf/default/proxy_arp = 0
/proc/sys/net/ipv4/conf/default/arp_filter = 0
/proc/sys/net/ipv4/conf/default/arp_ignore = 0
/proc/sys/net/ipv4/conf/default/rp_filter = 1
/proc/sys/net/ipv4/conf/default/log_martians = 1
/proc/sys/net/ipv4/conf/eth0/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth0/arp_filter = 0
/proc/sys/net/ipv4/conf/eth0/arp_ignore = 0
/proc/sys/net/ipv4/conf/eth0/rp_filter = 1
/proc/sys/net/ipv4/conf/eth0/log_martians = 1
/proc/sys/net/ipv4/conf/eth1/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth1/arp_filter = 0
/proc/sys/net/ipv4/conf/eth1/arp_ignore = 0
/proc/sys/net/ipv4/conf/eth1/rp_filter = 1
/proc/sys/net/ipv4/conf/eth1/log_martians = 1
/proc/sys/net/ipv4/conf/lo/proxy_arp = 0
/proc/sys/net/ipv4/conf/lo/arp_filter = 0
/proc/sys/net/ipv4/conf/lo/arp_ignore = 0
/proc/sys/net/ipv4/conf/lo/rp_filter = 1
/proc/sys/net/ipv4/conf/lo/log_martians = 1
Routing Rules
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
Table default:
Table local:
broadcast 192.168.2.255 dev eth1 proto kernel scope link src 192.168.2.1
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
broadcast xxx.xxx.100.255 dev eth0 proto kernel scope link src
xxx.xxx.100.200
local xxx.xxx.100.200 dev eth0 proto kernel scope host src xxx.xxx.100.200
local 192.168.2.1 dev eth1 proto kernel scope host src 192.168.2.1
broadcast 192.168.2.0 dev eth1 proto kernel scope link src 192.168.2.1
broadcast xxx.xxx.100.0 dev eth0 proto kernel scope link src xxx.xxx.100.200
broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1
Table main:
192.168.2.0/24 dev eth1 proto kernel scope link src 192.168.2.1
xxx.xxx.100.0/24 dev eth0 proto kernel scope link src xxx.xxx.100.200
default via xxx.xxx.100.1 dev eth0
ARP
? (xxx.xxx.100.138) at 00:09:0f:79:e7:04 [ether] on eth0
Modules
iptable_filter 2624 1
iptable_mangle 2688 1
iptable_nat 4680 1
iptable_raw 2176 0
ip_tables 10160 4
iptable_raw,iptable_nat,iptable_mangle,iptable_filter
ipt_addrtype 2304 2
ipt_ah 1664 0
ipt_CLUSTERIP 5956 0
ipt_ecn 1888 0
ipt_ECN 2336 0
ipt_LOG 5028 6
ipt_MASQUERADE 2592 1
ipt_NETMAP 1760 0
ipt_recent 6908 0
ipt_REDIRECT 1760 1
ipt_REJECT 2784 4
ipt_ttl 1600 0
ipt_TTL 1856 0
ipt_ULOG 6820 0
nf_conntrack 55540 31
xt_connlimit,ipt_MASQUERADE,ipt_CLUSTERIP,nf_nat_tftp,nf_nat_snmp_basic,nf_nat_sip,nf_nat_pptp,nf_nat_irc,nf_nat_h323,nf_nat_ftp,nf_nat_amanda,nf_conntrack_amanda,nf_conntrack_sane,nf_conntrack_tftp,nf_conntrack_sip,nf_conntrack_proto_sctp,nf_conntrack_pptp,nf_conntrack_proto_gre,nf_conntrack_netlink,nf_conntrack_netbios_ns,nf_conntrack_irc,nf_conntrack_h323,nf_conntrack_ftp,xt_helper,xt_conntrack,xt_CONNMARK,xt_connmark,xt_state,iptable_nat,nf_nat,nf_conntrack_ipv4
nf_conntrack_amanda 3808 1 nf_nat_amanda
nf_conntrack_ftp 6852 1 nf_nat_ftp
nf_conntrack_h323 44712 1 nf_nat_h323
nf_conntrack_ipv4 12268 15 iptable_nat,nf_nat
nf_conntrack_irc 5124 1 nf_nat_irc
nf_conntrack_netbios_ns 2368 0
nf_conntrack_netlink 14176 0
nf_conntrack_pptp 5476 1 nf_nat_pptp
nf_conntrack_proto_gre 4416 1 nf_conntrack_pptp
nf_conntrack_proto_sctp 6600 0
nf_conntrack_sane 4348 0
nf_conntrack_sip 16124 1 nf_nat_sip
nf_conntrack_tftp 4180 1 nf_nat_tftp
nf_nat 15576 13
ipt_REDIRECT,ipt_NETMAP,ipt_MASQUERADE,nf_nat_tftp,nf_nat_sip,nf_nat_pptp,nf_nat_proto_gre,nf_nat_irc,nf_nat_h323,nf_nat_ftp,nf_nat_amanda,nf_conntrack_netlink,iptable_nat
nf_nat_amanda 1824 0
nf_nat_ftp 2528 0
nf_nat_h323 5728 0
nf_nat_irc 2080 0
nf_nat_pptp 2880 0
nf_nat_proto_gre 2212 1 nf_nat_pptp
nf_nat_sip 5440 0
nf_nat_snmp_basic 8296 0
nf_nat_tftp 1568 0
xt_CLASSIFY 1696 0
xt_comment 1664 21
xt_connlimit 3720 0
xt_connmark 2368 0
xt_CONNMARK 2944 0
xt_conntrack 3488 12
xt_dccp 2696 0
xt_dscp 2368 0
xt_DSCP 2944 0
xt_hashlimit 9360 0
xt_helper 2112 0
xt_iprange 2272 0
xt_length 1760 0
xt_limit 2180 0
xt_mac 1728 0
xt_mark 1952 0
xt_MARK 2304 1
xt_multiport 2816 11
xt_NFLOG 1824 0
xt_NFQUEUE 1792 0
xt_owner 2560 0
xt_physdev 2352 0
xt_pkttype 1728 0
xt_policy 2848 0
xt_realm 1536 0
xt_state 2016 0
xt_tcpmss 1984 0
xt_tcpudp 2816 15
xt_time 2528 0
Shorewall has detected the following iptables/netfilter capabilities:
NAT: Available
Packet Mangling: Available
Multi-port Match: Available
Extended Multi-port Match: Available
Connection Tracking Match: Available
Extended Connection Tracking Match Support: Available
Packet Type Match: Available
Policy Match: Available
Physdev Match: Available
Physdev-is-bridged Support: Available
Packet length Match: Available
IP range Match: Available
Recent Match: Available
Owner Match: Available
Ipset Match: Not available
CONNMARK Target: Available
Extended CONNMARK Target: Available
Connmark Match: Available
Extended Connmark Match: Available
Raw Table: Available
IPP2P Match: Not available
CLASSIFY Target: Available
Extended REJECT: Available
Repeat match: Available
MARK Target: Available
Extended MARK Target: Available
Extended MARK Target 2: Available
Mangle FORWARD Chain: Available
Comments: Available
Address Type Match: Available
TCPMSS Match: Available
Hashlimit Match: Available
NFQUEUE Target: Available
Realm Match: Available
Helper Match: Available
Connlimit Match: Available
Time Match: Available
Goto Support: Available
LOGMARK Target: Not available
IPMARK Target: Not available
LOG Target: Available
Persistent SNAT: Not available
TPROXY Target: Not available
FLOW Classifier: Available
fwmark route mask: Available
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
PID/Program name
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
2064/portmap
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
2229/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
2252/cupsd
tcp 0 0 0.0.0.0:54360 0.0.0.0:* LISTEN
2075/rpc.statd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
2519/exim4
tcp 0 0 xxx.xxx.100.200:22 xxx.xxx.100.138:48727
ESTABLISHED 2728/sshd: cmateos
tcp6 0 0 :::22 :::* LISTEN
2229/sshd
tcp6 0 0 ::1:631 :::* LISTEN
2252/cupsd
udp 0 0 0.0.0.0:56274 0.0.0.0:*
2075/rpc.statd
udp 0 0 0.0.0.0:979 0.0.0.0:*
2075/rpc.statd
udp 0 0 0.0.0.0:111 0.0.0.0:*
2064/portmap
udp 0 0 0.0.0.0:631 0.0.0.0:*
2252/cupsd
Traffic Control
Device eth0:
qdisc pfifo_fast 0: root bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
Sent 1759672 bytes 2197 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
Device eth1:
qdisc pfifo_fast 0: root bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
TC Filters
Device eth0:
Device eth1:
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2d-oct
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
