Hey
First, apologies if this went out twice. I sent the original email from an odd
email configuration (essentially from an alias of what I signed up as). I
searched and noticed that my post did not appear and I did not get a bounce
back so I was confused. I waited a few days before resending. So apologies if
this goes out twice. I am not trying to spam.
I was hoping someone could help me with L2TP/IPSEC routing issues. I have a
fairly typical setup in which I have a server with eth0 (local traffic) and
eth1 (external/internet traffic). I also have a VPN with OpenSwan/xl2tpd/ppp. I
want users that log into the system to be able to use both eth0 and eth1. E.g.
local internal sites are available, as is the internet. Thus far, my success
has been either granting access to the local intranet, or the external
internet, but not actually both at the same time. Could someone help give me
some guidance. I have read the docs and previous mailing lists that I could
find on this first. Below is my configuration, and I have attached the
shorewall dump.
The below configuration allows users to access the local intranet. To enable
external internet access, I add a 'masq' file as seen below and two DNAT rules
(also shown below commented out), unfortunately this kills my local intranet
access when connected so its disabled for now. Can anyone point me in the right
direction for having both internal intranet and external internet working when
connected via my L2TP VPN?
Thanks for any hints or pointers (the dump is also attached)
# masq
#############################################################################################
#INTERFACE:DEST SOURCE ADDRESS PROTO PORT(S) IPSEC MARK USER/
# GROUP
#eth1 192.168.0.0/24 # uncomment for external network access
(kills internal local intranet access) - also uncomment rules for dnat
# HOSTS
###############################################################################
#ZONE HOST(S) OPTIONS
vpn eth1:0.0.0.0/0
# Interfaces
###############################################################################
#ZONE INTERFACE BROADCAST OPTIONS
loc eth0 detect tcpflags
net eth1 detect norfc1918,logmartians,nosmurfs,tcpflags
l2tp ppp+ detect routeback
# Policy
###############################################################################
#SOURCE DEST POLICY LOG LIMIT: CONNLIMIT:
# LEVEL BURST MASK
fw all ACCEPT
loc fw ACCEPT
loc net ACCEPT # policy for inbound L2TP Zone
# policy for inbound L2TP Zone
loc l2tp ACCEPT # allows local machines to connect (good for testing
purposes)
l2tp loc ACCEPT # allows for going back to local (yay for internet when VPN
connected)
l2tp net ACCEPT debug # allow connected people to get to internet
l2tp fw ACCEPT debug
net all DROP info
all all REJECT info
# Rules
####################################################################################################################################################################
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK
CONNLIMIT TIME HEADERS
# PORT PORT(S) DEST LIMIT GROUP
#SECTION ESTABLISHED
#SECTION RELATED
#SECTION NEW
ACCEPT net fw tcp ssh,ftp,sftp,www,https
ACCEPT loc fw tcp ssh,ftp,sftp,www,https
ACCEPT loc fw tcp 3000
ACCEPT loc fw udp 69
ACCEPT loc fw udp 514
# Prevent IPSEC bypass by hosts behind NAT Gateway
# and block 1701 to prevent tunnel from being open to internet
L2TP(REJECT) net $FW
REJECT $FW net udp - 1701
ACCEPT vpn fw udp 1701
ACCEPT l2tp fw tcp ssh,ftp,sftp,www,https
# uncomment below and masa file to enable external network access
#DNAT net vpn:206.214.243.203 udp 4500
#DNAT net vpn:206.214.243.203 udp 500
# Tunnels
###############################################################################
#TYPE ZONE GATEWAY GATEWAY
# ZONE
#ipsec net 0.0.0.0/0 vpn
ipsecnat net 0.0.0.0/0 vpn
# Zones
###############################################################################
#ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS
fw firewall
net ipv4
loc ipv4
l2tp ipv4
vpn ipsec
Here are some logs with the above configuration. Traffic appears to be going out
Oct 22 14:24:35 YYZUNIX kernel: [1832699.820268]
Shorewall:l2tp2net:ACCEPT:IN=ppp0 OUT=eth1 MAC= SRC=192.168.0.230
DST=74.125.142.108 LEN=64 TOS=0x00 PREC=0x00 TTL=63 ID=1218 DF PROTO=TCP
SPT=59275 DPT=993 WINDOW=65535 RES=0x00 SYN URGP=0
Oct 22 14:24:35 YYZUNIX kernel: [1832699.820280]
Shorewall:l2tp2net:ACCEPT:IN=ppp0 OUT=eth1 MAC= SRC=192.168.0.230
DST=74.125.142.108 LEN=64 TOS=0x00 PREC=0x00 TTL=63 ID=6067 DF PROTO=TCP
SPT=59277 DPT=993 WINDOW=65535 RES=0x00 SYN URGP=0
Oct 22 14:24:35 YYZUNIX kernel: [1832699.820292]
Shorewall:l2tp2net:ACCEPT:IN=ppp0 OUT=eth1 MAC= SRC=192.168.0.230
DST=74.125.142.108 LEN=64 TOS=0x00 PREC=0x00 TTL=63 ID=54514 DF PROTO=TCP
SPT=59276 DPT=993 WINDOW=65535 RES=0x00 SYN URGP=0
Oct 22 14:24:35 YYZUNIX kernel: [1832699.920148]
Shorewall:l2tp2net:ACCEPT:IN=ppp0 OUT=eth1 MAC= SRC=192.168.0.230
DST=17.172.34.90 LEN=64 TOS=0x00 PREC=0x00 TTL=63 ID=27607 DF PROTO=TCP
SPT=59282 DPT=993 WINDOW=65535 RES=0x00 SYN URGP=0
Oct 22 14:24:35 YYZUNIX kernel: [1832699.920162]
Shorewall:l2tp2net:ACCEPT:IN=ppp0 OUT=eth1 MAC= SRC=192.168.0.230
DST=17.172.232.114 LEN=64 TOS=0x00 PREC=0x00 TTL=63 ID=37034 DF PROTO=TCP
SPT=59281 DPT=5223 WINDOW=65535 RES=0x00 SYN URGP=0
Oct 22 14:24:35 YYZUNIX kernel: [1832700.122307]
Shorewall:l2tp2net:ACCEPT:IN=ppp0 OUT=eth1 MAC= SRC=192.168.0.230
DST=17.172.34.34 LEN=64 TOS=0x00 PREC=0x00 TTL=63 ID=55267 DF PROTO=TCP
SPT=59285 DPT=993 WINDOW=65535 RES=0x00 SYN URGP=0
Oct 22 14:24:35 YYZUNIX kernel: [1832700.122321]
Shorewall:l2tp2net:ACCEPT:IN=ppp0 OUT=eth1 MAC= SRC=192.168.0.230
DST=17.172.232.188 LEN=64 TOS=0x00 PREC=0x00 TTL=63 ID=28037 DF PROTO=TCP
SPT=59284 DPT=5223 WINDOW=65535 RES=0x00 SYN URGP=0
Oct 22 14:24:35 YYZUNIX xl2
Shorewall 4.4.26.1 Dump at YYZUNIX - Mon Oct 22 14:41:45 EDT 2012
Counters reset Mon Oct 22 14:21:59 EDT 2012
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
1574 180K dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW
3450 411K eth1_in all -- eth1 * 0.0.0.0/0 0.0.0.0/0
2452 272K loc2fw all -- eth0 * 0.0.0.0/0 0.0.0.0/0
policy match dir in pol none
137 18214 l2tp2fw all -- ppp+ * 0.0.0.0/0 0.0.0.0/0
policy match dir in pol none
206 42865 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix "Shorewall:INPUT:REJECT:"
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 eth1_fwd all -- eth1 * 0.0.0.0/0 0.0.0.0/0
150 20081 loc_frwd all -- eth0 * 0.0.0.0/0 0.0.0.0/0
policy match dir in pol none
1016 69455 l2tp_frwd all -- ppp+ * 0.0.0.0/0 0.0.0.0/0
policy match dir in pol none
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix "Shorewall:FORWARD:REJECT:"
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
1666 503K eth1_out all -- * eth1 0.0.0.0/0 0.0.0.0/0
1265 366K fw2loc all -- * eth0 0.0.0.0/0 0.0.0.0/0
policy match dir out pol none
72 22338 fw2l2tp all -- * ppp+ 0.0.0.0/0 0.0.0.0/0
policy match dir out pol none
206 42865 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain Broadcast (2 references)
pkts bytes target prot opt in out source destination
4 990 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type BROADCAST
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type MULTICAST
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type ANYCAST
0 0 DROP all -- * * 0.0.0.0/0 224.0.0.0/4
Chain Drop (4 references)
pkts bytes target prot opt in out source destination
6 1086 all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:113 /* Auth */
6 1086 Broadcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 3 code 4 /* Needed ICMP types */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 11 /* Needed ICMP types */
2 96 Invalid all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,445 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:137:139 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:137 dpts:1024:65535 /* SMB */
2 96 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,139,445 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1900 /* UPnP */
0 0 NotSyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:53 /* Late DNS Replies */
Chain Invalid (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID
Chain NotSyn (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcpflags:! 0x17/0x02
Chain Reject (8 references)
pkts bytes target prot opt in out source destination
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:113 /* Auth */
0 0 Broadcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 3 code 4 /* Needed ICMP types */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 11 /* Needed ICMP types */
0 0 Invalid all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,445 /* SMB */
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:137:139 /* SMB */
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:137 dpts:1024:65535 /* SMB */
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,139,445 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1900 /* UPnP */
0 0 NotSyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:53 /* Late DNS Replies */
Chain dynamic (7 references)
pkts bytes target prot opt in out source destination
Chain eth1_fwd (1 references)
pkts bytes target prot opt in out source destination
0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW
0 0 smurfs all -- * * 0.0.0.0/0 0.0.0.0/0
policy match dir in pol none ctstate INVALID,NEW
0 0 smurfs all -- * * 0.0.0.0/0 0.0.0.0/0
policy match dir in pol ipsec ctstate INVALID,NEW
0 0 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
policy match dir in pol none
0 0 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
policy match dir in pol ipsec
0 0 vpn_frwd all -- * * 0.0.0.0/0 0.0.0.0/0
[goto] policy match dir in pol ipsec
0 0 net_frwd all -- * * 0.0.0.0/0 0.0.0.0/0
policy match dir in pol none
Chain eth1_in (1 references)
pkts bytes target prot opt in out source destination
13 2262 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW
7 1614 smurfs all -- * * 0.0.0.0/0 0.0.0.0/0
policy match dir in pol none ctstate INVALID,NEW
6 648 smurfs all -- * * 0.0.0.0/0 0.0.0.0/0
policy match dir in pol ipsec ctstate INVALID,NEW
923 57594 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
policy match dir in pol none
0 0 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
policy match dir in pol ipsec
2227 275K net2fw all -- * * 0.0.0.0/0 0.0.0.0/0
policy match dir in pol none
1223 136K vpn2fw all -- * * 0.0.0.0/0 0.0.0.0/0
policy match dir in pol ipsec
Chain eth1_out (1 references)
pkts bytes target prot opt in out source destination
1379 449K fw2net all -- * * 0.0.0.0/0 0.0.0.0/0
policy match dir out pol none
287 54300 fw2vpn all -- * * 0.0.0.0/0 0.0.0.0/0
policy match dir out pol ipsec
Chain fw2l2tp (1 references)
pkts bytes target prot opt in out source destination
67 21288 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
5 1050 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain fw2loc (1 references)
pkts bytes target prot opt in out source destination
615 311K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
650 54905 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain fw2net (1 references)
pkts bytes target prot opt in out source destination
1315 444K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT esp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
ctstate NEW multiport dports 500,4500
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1701 /* L2TP */
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:1701
64 5196 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain fw2vpn (1 references)
pkts bytes target prot opt in out source destination
287 54300 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
ctstate NEW multiport dports 500,4500
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain l2tp2fw (1 references)
pkts bytes target prot opt in out source destination
105 13843 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW
32 4371 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
4 256 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 22,21,115,80,443
101 13587 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 7 prefix "Shorewall:l2tp2fw:ACCEPT:"
101 13587 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain l2tp2loc (1 references)
pkts bytes target prot opt in out source destination
26 1941 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
186 13892 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain l2tp2net (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
804 53622 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 7 prefix "Shorewall:l2tp2net:ACCEPT:"
804 53622 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain l2tp2vpn (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix "Shorewall:l2tp2vpn:REJECT:"
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain l2tp_frwd (1 references)
pkts bytes target prot opt in out source destination
990 67514 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW
804 53622 l2tp2net all -- * eth1 0.0.0.0/0 0.0.0.0/0
policy match dir out pol none
212 15833 l2tp2loc all -- * eth0 0.0.0.0/0 0.0.0.0/0
policy match dir out pol none
0 0 ACCEPT all -- * ppp+ 0.0.0.0/0 0.0.0.0/0
policy match dir out pol none
0 0 l2tp2vpn all -- * eth1 0.0.0.0/0 0.0.0.0/0
policy match dir out pol ipsec
Chain loc2fw (1 references)
pkts bytes target prot opt in out source destination
1451 164K dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW
435 58347 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
policy match dir in pol none
1001 108K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
17 956 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 22,21,115,80,443
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:3000
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:69
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:514
1434 163K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain loc2l2tp (1 references)
pkts bytes target prot opt in out source destination
150 20081 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain loc2net (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain loc2vpn (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix "Shorewall:loc2vpn:REJECT:"
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain loc_frwd (1 references)
pkts bytes target prot opt in out source destination
0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW
0 0 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
policy match dir in pol none
0 0 loc2net all -- * eth1 0.0.0.0/0 0.0.0.0/0
policy match dir out pol none
150 20081 loc2l2tp all -- * ppp+ 0.0.0.0/0 0.0.0.0/0
policy match dir out pol none
0 0 loc2vpn all -- * eth1 0.0.0.0/0 0.0.0.0/0
policy match dir out pol ipsec
Chain logdrop (0 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logflags (5 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 4 level 6 prefix "Shorewall:logflags:DROP:"
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logreject (0 references)
pkts bytes target prot opt in out source destination
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
Chain net2fw (1 references)
pkts bytes target prot opt in out source destination
2220 273K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT esp -- * * 0.0.0.0/0 0.0.0.0/0
1 528 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
ctstate NEW multiport dports 500,4500
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 22,21,115,80,443
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1701 /* L2TP */
6 1086 Drop all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix "Shorewall:net2fw:DROP:"
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain net2l2tp (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 22,21,80,443
0 0 Drop all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix "Shorewall:net2l2tp:DROP:"
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain net2loc (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 Drop all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix "Shorewall:net2loc:DROP:"
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain net2vpn (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 Drop all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix "Shorewall:net2vpn:DROP:"
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain net_frwd (1 references)
pkts bytes target prot opt in out source destination
0 0 net2loc all -- * eth0 0.0.0.0/0 0.0.0.0/0
policy match dir out pol none
0 0 net2l2tp all -- * ppp+ 0.0.0.0/0 0.0.0.0/0
policy match dir out pol none
0 0 net2vpn all -- * eth1 0.0.0.0/0 0.0.0.0/0
policy match dir out pol ipsec
Chain reject (18 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match src-type BROADCAST
0 0 DROP all -- * * 224.0.0.0/4 0.0.0.0/0
0 0 DROP 2 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with tcp-reset
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-port-unreachable
0 0 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-unreachable
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-prohibited
Chain shorewall (0 references)
pkts bytes target prot opt in out source destination
Chain smurflog (2 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix "Shorewall:smurfs:DROP:"
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain smurfs (4 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- * * 0.0.0.0 0.0.0.0/0
0 0 smurflog all -- * * 0.0.0.0/0 0.0.0.0/0
[goto] ADDRTYPE match src-type BROADCAST
0 0 smurflog all -- * * 224.0.0.0/4 0.0.0.0/0
[goto]
Chain tcpflags (6 references)
pkts bytes target prot opt in out source destination
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcpflags: 0x3F/0x29
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcpflags: 0x3F/0x00
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcpflags: 0x06/0x06
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcpflags: 0x03/0x03
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp spt:0flags: 0x17/0x02
Chain vpn2fw (1 references)
pkts bytes target prot opt in out source destination
1217 136K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
ctstate NEW multiport dports 500,4500
6 648 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1701
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix "Shorewall:vpn2fw:REJECT:"
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain vpn2l2tp (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix "Shorewall:vpn2l2tp:REJECT:"
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain vpn2loc (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix "Shorewall:vpn2loc:REJECT:"
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain vpn2net (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix "Shorewall:vpn2net:REJECT:"
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain vpn_frwd (1 references)
pkts bytes target prot opt in out source destination
0 0 vpn2net all -- * eth1 0.0.0.0/0 0.0.0.0/0
policy match dir out pol none
0 0 vpn2loc all -- * eth0 0.0.0.0/0 0.0.0.0/0
policy match dir out pol none
0 0 vpn2l2tp all -- * ppp+ 0.0.0.0/0 0.0.0.0/0
policy match dir out pol none
Log (/var/log/messages)
NAT Table
Chain PREROUTING (policy ACCEPT 901 packets, 83855 bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 301 packets, 44287 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 711 packets, 59037 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 1065 packets, 84228 bytes)
pkts bytes target prot opt in out source destination
Mangle Table
Chain PREROUTING (policy ACCEPT 7655 packets, 848K bytes)
pkts bytes target prot opt in out source destination
7655 848K tcpre all -- * * 0.0.0.0/0 0.0.0.0/0
Chain INPUT (policy ACCEPT 6245 packets, 744K bytes)
pkts bytes target prot opt in out source destination
6245 744K tcin all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT 1166 packets, 89536 bytes)
pkts bytes target prot opt in out source destination
1166 89536 MARK all -- * * 0.0.0.0/0 0.0.0.0/0
MARK and 0xffffff00
1166 89536 tcfor all -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 3217 packets, 940K bytes)
pkts bytes target prot opt in out source destination
3217 940K tcout all -- * * 0.0.0.0/0 0.0.0.0/0
Chain POSTROUTING (policy ACCEPT 4391 packets, 1032K bytes)
pkts bytes target prot opt in out source destination
4391 1032K tcpost all -- * * 0.0.0.0/0 0.0.0.0/0
Chain tcfor (1 references)
pkts bytes target prot opt in out source destination
Chain tcin (1 references)
pkts bytes target prot opt in out source destination
Chain tcout (1 references)
pkts bytes target prot opt in out source destination
Chain tcpost (1 references)
pkts bytes target prot opt in out source destination
Chain tcpre (1 references)
pkts bytes target prot opt in out source destination
Raw Table
Chain PREROUTING (policy ACCEPT 7655 packets, 848K bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 3217 packets, 940K bytes)
pkts bytes target prot opt in out source destination
Conntrack Table (18 out of 65536)
udp 17 19 src=192.168.0.7 dst=255.255.255.255 sport=68 dport=67
[UNREPLIED] src=255.255.255.255 dst=192.168.0.7 sport=67 dport=68 mark=0 use=2
udp 17 18 src=192.168.0.51 dst=192.168.0.255 sport=138 dport=138
[UNREPLIED] src=192.168.0.255 dst=192.168.0.51 sport=138 dport=138 mark=0 use=2
udp 17 28 src=192.168.0.31 dst=255.255.255.255 sport=17500 dport=17500
[UNREPLIED] src=255.255.255.255 dst=192.168.0.31 sport=17500 dport=17500 mark=0
use=2
tcp 6 430813 ESTABLISHED src=99.234.121.64 dst=206.214.243.203 sport=58101
dport=22 src=206.214.243.203 dst=99.234.121.64 sport=22 dport=58101 [ASSURED]
mark=0 use=2
udp 17 28 src=192.168.0.31 dst=192.168.0.255 sport=17500 dport=17500
[UNREPLIED] src=192.168.0.255 dst=192.168.0.31 sport=17500 dport=17500 mark=0
use=2
tcp 6 299 ESTABLISHED src=99.234.121.64 dst=206.214.243.203 sport=55197
dport=22 src=206.214.243.203 dst=99.234.121.64 sport=22 dport=55197 [ASSURED]
mark=0 use=2
udp 17 19 src=192.168.0.151 dst=255.255.255.255 sport=67 dport=68
[UNREPLIED] src=255.255.255.255 dst=192.168.0.151 sport=68 dport=67 mark=0 use=2
udp 17 29 src=192.168.0.17 dst=255.255.255.255 sport=6553 dport=6553
[UNREPLIED] src=255.255.255.255 dst=192.168.0.17 sport=6553 dport=6553 mark=0
use=2
udp 17 18 src=192.168.0.159 dst=192.168.0.51 sport=137 dport=137
[UNREPLIED] src=192.168.0.51 dst=192.168.0.159 sport=137 dport=137 mark=0 use=2
tcp 6 430841 ESTABLISHED src=99.234.121.64 dst=206.214.243.203 sport=53961
dport=22 src=206.214.243.203 dst=99.234.121.64 sport=22 dport=53961 [ASSURED]
mark=0 use=2
tcp 6 16 TIME_WAIT src=192.168.0.159 dst=192.168.0.1 sport=43138 dport=23
src=192.168.0.1 dst=192.168.0.159 sport=23 dport=43138 [ASSURED] mark=0 use=2
udp 17 164 src=127.0.0.1 dst=127.0.0.1 sport=36107 dport=36107
src=127.0.0.1 dst=127.0.0.1 sport=36107 dport=36107 [ASSURED] mark=0 use=2
udp 17 21 src=192.168.0.7 dst=192.168.0.255 sport=137 dport=137
[UNREPLIED] src=192.168.0.255 dst=192.168.0.7 sport=137 dport=137 mark=0 use=2
udp 17 18 src=192.168.0.51 dst=192.168.0.255 sport=137 dport=137
[UNREPLIED] src=192.168.0.255 dst=192.168.0.51 sport=137 dport=137 mark=0 use=2
udp 17 12 src=192.168.0.8 dst=192.168.0.255 sport=137 dport=137
[UNREPLIED] src=192.168.0.255 dst=192.168.0.8 sport=137 dport=137 mark=0 use=2
udp 17 19 src=192.168.0.20 dst=192.168.0.255 sport=137 dport=137
[UNREPLIED] src=192.168.0.255 dst=192.168.0.20 sport=137 dport=137 mark=0 use=2
tcp 6 429805 ESTABLISHED src=99.234.121.64 dst=206.214.243.203 sport=55180
dport=22 src=206.214.243.203 dst=99.234.121.64 sport=22 dport=55180 [ASSURED]
mark=0 use=2
udp 17 23 src=192.168.0.8 dst=192.168.0.255 sport=17500 dport=17500
[UNREPLIED] src=192.168.0.255 dst=192.168.0.8 sport=17500 dport=17500 mark=0
use=2
IP Configuration
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
qlen 1000
inet 192.168.0.159/24 brd 192.168.0.255 scope global eth0
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
qlen 1000
inet 206.214.243.203/29 brd 206.214.243.207 scope global eth1
IP Stats
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
RX: bytes packets errors dropped overrun mcast
61726333 256700 0 0 0 0
TX: bytes packets errors dropped carrier collsns
61726333 256700 0 0 0 0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
qlen 1000
link/ether 00:25:64:d7:42:d8 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
806886205 6577743 0 1100131 0 0
TX: bytes packets errors dropped carrier collsns
1620504922 2666422 0 0 0 0
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
qlen 1000
link/ether 00:1b:21:68:56:a8 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
434296138 918155 0 0 0 0
TX: bytes packets errors dropped carrier collsns
124492438 948361 0 0 0 0
Per-IP Counters
iptaccount is not installed
/proc
/proc/version = Linux version 3.2.0-31-generic (buildd@allspice) (gcc
version 4.6.3 (Ubuntu/Linaro 4.6.3-1ubuntu5) ) #50-Ubuntu SMP Fri Sep 7
16:16:45 UTC 2012
/proc/sys/net/ipv4/ip_forward = 1
/proc/sys/net/ipv4/icmp_echo_ignore_all = 0
/proc/sys/net/ipv4/conf/all/proxy_arp = 0
/proc/sys/net/ipv4/conf/all/arp_filter = 0
/proc/sys/net/ipv4/conf/all/arp_ignore = 0
/proc/sys/net/ipv4/conf/all/rp_filter = 1
/proc/sys/net/ipv4/conf/all/log_martians = 0
/proc/sys/net/ipv4/conf/default/proxy_arp = 0
/proc/sys/net/ipv4/conf/default/arp_filter = 0
/proc/sys/net/ipv4/conf/default/arp_ignore = 0
/proc/sys/net/ipv4/conf/default/rp_filter = 1
/proc/sys/net/ipv4/conf/default/log_martians = 1
/proc/sys/net/ipv4/conf/eth0/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth0/arp_filter = 0
/proc/sys/net/ipv4/conf/eth0/arp_ignore = 0
/proc/sys/net/ipv4/conf/eth0/rp_filter = 1
/proc/sys/net/ipv4/conf/eth0/log_martians = 1
/proc/sys/net/ipv4/conf/eth1/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth1/arp_filter = 0
/proc/sys/net/ipv4/conf/eth1/arp_ignore = 0
/proc/sys/net/ipv4/conf/eth1/rp_filter = 1
/proc/sys/net/ipv4/conf/eth1/log_martians = 1
/proc/sys/net/ipv4/conf/lo/proxy_arp = 0
/proc/sys/net/ipv4/conf/lo/arp_filter = 0
/proc/sys/net/ipv4/conf/lo/arp_ignore = 0
/proc/sys/net/ipv4/conf/lo/rp_filter = 1
/proc/sys/net/ipv4/conf/lo/log_martians = 1
Routing Rules
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
Table :
Command line is not complete. Try option "help"
ARP
? (206.214.243.201) at 00:04:28:6d:3c:08 [ether] on eth1
? (192.168.0.1) at 00:1b:c0:c7:b7:0b [ether] on eth0
? (192.168.0.23) at 70:5a:b6:e9:a7:f7 [ether] on eth0
? (192.168.0.35) at 00:15:5d:00:0d:03 [ether] on eth0
? (192.168.0.30) at 10:40:f3:a1:45:60 [ether] on eth0
? (192.168.0.202) at 00:15:c5:d2:ec:ad [ether] on eth0
? (192.168.0.51) at 70:aa:b2:7e:d8:03 [ether] on eth0
? (192.168.0.151) at 00:25:64:d7:75:08 [ether] on eth0
Modules
ip_set 30578 1 xt_set
iptable_filter 12810 1
iptable_mangle 12734 1
iptable_nat 13229 0
iptable_raw 12678 0
ip_tables 27473 4
iptable_raw,iptable_nat,iptable_mangle,iptable_filter
ipt_ah 12525 0
ipt_CLUSTERIP 13312 0
ipt_ECN 12529 0
ipt_ecn 12529 0
ipt_LOG 12919 16
ipt_MASQUERADE 12759 0
ipt_NETMAP 12541 0
ipt_REDIRECT 12549 0
ipt_REJECT 12576 4
ipt_ULOG 17439 0
nf_conntrack 81926 32
xt_connlimit,ipt_MASQUERADE,ipt_CLUSTERIP,nf_nat_tftp,nf_nat_snmp_basic,nf_conntrack_snmp,nf_nat_sip,nf_nat_pptp,nf_nat_irc,nf_nat_h323,nf_nat_ftp,nf_nat_amanda,nf_conntrack_amanda,nf_conntrack_sane,nf_conntrack_tftp,nf_conntrack_sip,nf_conntrack_proto_sctp,nf_conntrack_pptp,nf_conntrack_proto_gre,nf_conntrack_netlink,nf_conntrack_netbios_ns,nf_conntrack_broadcast,nf_conntrack_irc,nf_conntrack_h323,nf_conntrack_ftp,xt_helper,xt_conntrack,xt_connmark,xt_state,iptable_nat,nf_nat,nf_conntrack_ipv4
nf_conntrack_amanda 13084 1 nf_nat_amanda
nf_conntrack_broadcast 12589 2 nf_conntrack_snmp,nf_conntrack_netbios_ns
nf_conntrack_ftp 13452 1 nf_nat_ftp
nf_conntrack_h323 62913 1 nf_nat_h323
nf_conntrack_ipv4 19716 39 iptable_nat,nf_nat
nf_conntrack_irc 13383 1 nf_nat_irc
nf_conntrack_netbios_ns 12665 0
nf_conntrack_netlink 26609 0
nf_conntrack_pptp 13830 1 nf_nat_pptp
nf_conntrack_proto_gre 13656 1 nf_conntrack_pptp
nf_conntrack_proto_sctp 13295 0
nf_conntrack_sane 12856 0
nf_conntrack_sip 29730 1 nf_nat_sip
nf_conntrack_snmp 12857 1 nf_nat_snmp_basic
nf_conntrack_tftp 12953 1 nf_nat_tftp
nf_defrag_ipv4 12729 2 xt_TPROXY,nf_conntrack_ipv4
nf_defrag_ipv6 13368 1 xt_TPROXY
nf_nat 25891 12
ipt_REDIRECT,ipt_NETMAP,ipt_MASQUERADE,nf_nat_tftp,nf_nat_sip,nf_nat_pptp,nf_nat_proto_gre,nf_nat_irc,nf_nat_h323,nf_nat_ftp,nf_nat_amanda,iptable_nat
nf_nat_amanda 12491 0
nf_nat_ftp 12704 0
nf_nat_h323 17002 0
nf_nat_irc 12643 0
nf_nat_pptp 12629 0
nf_nat_proto_gre 12767 1 nf_nat_pptp
nf_nat_sip 17086 0
nf_nat_snmp_basic 17599 0
nf_nat_tftp 12489 0
nf_tproxy_core 12610 1 xt_TPROXY,[permanent]
xt_addrtype 12713 5
xt_AUDIT 12721 0
xt_CLASSIFY 12507 0
xt_comment 12504 20
xt_connlimit 12671 0
xt_connmark 12755 0
xt_conntrack 12760 36
xt_dccp 12606 0
xt_dscp 12597 0
xt_DSCP 12629 0
xt_hashlimit 17780 0
xt_helper 12583 0
xt_iprange 12541 0
xt_length 12536 0
xt_limit 12711 0
xt_mac 12492 0
xt_mark 12563 1
xt_multiport 12597 12
xt_NFLOG 12537 0
xt_NFQUEUE 12726 0
xt_owner 12498 0
xt_physdev 12587 0
xt_pkttype 12504 0
xt_policy 12670 35
xt_realm 12498 0
xt_recent 18437 0
xt_set 13099 0
xt_state 12578 0
xt_tcpmss 12501 0
xt_tcpudp 12603 23
xt_time 12704 0
xt_TPROXY 12853 0
Shorewall has detected the following iptables/netfilter capabilities:
NAT: Available
Packet Mangling: Available
Multi-port Match: Available
Extended Multi-port Match: Available
Connection Tracking Match: Available
Extended Connection Tracking Match Support: Available
Packet Type Match: Available
Policy Match: Available
Physdev Match: Available
Physdev-is-bridged Support: Available
Packet length Match: Available
IP range Match: Available
Recent Match: Available
Owner Match: Available
CONNMARK Target: Available
Extended CONNMARK Target: Available
Connmark Match: Available
Extended Connmark Match: Available
Raw Table: Available
Rawpost Table: Not available
IPP2P Match: Not available
CLASSIFY Target: Available
Extended REJECT: Available
Repeat match: Available
MARK Target: Available
Extended MARK Target: Available
Extended MARK Target 2: Available
Mangle FORWARD Chain: Available
Comments: Available
Address Type Match: Available
TCPMSS Match: Available
Hashlimit Match: Available
NFQUEUE Target: Available
Realm Match: Available
Helper Match: Available
Connlimit Match: Available
Time Match: Available
Goto Support: Available
LOGMARK Target: Not available
IPMARK Target: Not available
LOG Target: Available
ULOG Target: Available
NFLOG Target: Available
Persistent SNAT: Available
TPROXY Target: Available
FLOW Classifier: Available
fwmark route mask: Available
Mark in any table: Available
Header Match: Not available
ACCOUNT Target: Not available
AUDIT Target: Available
ipset V5: Not available
Condition Match: Not available
iptables -S: Available
Basic Filter: Available
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
PID/Program name
tcp 0 0 127.0.0.1:59530 0.0.0.0:* LISTEN
31464/gitlabhq
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN
1428/mysqld
tcp 0 0 0.0.0.0:9418 0.0.0.0:* LISTEN
1432/git-daemon
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN
26808/smbd
tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN
2066/redis-server
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
3098/apache2
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN
891/vsftpd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
957/sshd
tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN
4715/postgres
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN
4645/master
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN
26808/smbd
tcp 0 0 206.214.243.203:22 99.234.121.64:58101 ESTABLISHED
12256/sshd: bslack
tcp 0 0 206.214.243.203:22 99.234.121.64:53961 ESTABLISHED
7905/sshd: bslack [
tcp 0 2992 206.214.243.203:22 99.234.121.64:55197 ESTABLISHED
9611/sshd: bslack [
tcp 0 0 206.214.243.203:22 99.234.121.64:55180 ESTABLISHED
9572/sshd: bslack [
tcp 1 0 127.0.0.1:33159 127.0.0.1:6379 CLOSE_WAIT
31464/gitlabhq
tcp6 0 0 :::9418 :::* LISTEN
1432/git-daemon
tcp6 0 0 :::22 :::* LISTEN
957/sshd
tcp6 0 0 :::25 :::* LISTEN
4645/master
udp 0 0 192.168.0.255:137 0.0.0.0:*
26846/nmbd
udp 0 0 192.168.0.159:137 0.0.0.0:*
26846/nmbd
udp 0 0 206.214.243.207:137 0.0.0.0:*
26846/nmbd
udp 0 0 206.214.243.203:137 0.0.0.0:*
26846/nmbd
udp 0 0 0.0.0.0:137 0.0.0.0:*
26846/nmbd
udp 0 0 192.168.0.255:138 0.0.0.0:*
26846/nmbd
udp 0 0 192.168.0.159:138 0.0.0.0:*
26846/nmbd
udp 0 0 206.214.243.207:138 0.0.0.0:*
26846/nmbd
udp 0 0 206.214.243.203:138 0.0.0.0:*
26846/nmbd
udp 0 0 0.0.0.0:138 0.0.0.0:*
26846/nmbd
udp 0 0 127.0.0.1:4500 0.0.0.0:*
28463/pluto
udp 0 0 192.168.0.159:4500 0.0.0.0:*
28463/pluto
udp 0 0 206.214.243.203:4500 0.0.0.0:*
28463/pluto
udp 0 0 127.0.0.1:500 0.0.0.0:*
28463/pluto
udp 0 0 192.168.0.159:500 0.0.0.0:*
28463/pluto
udp 0 0 206.214.243.203:500 0.0.0.0:*
28463/pluto
udp 0 0 0.0.0.0:514 0.0.0.0:*
12440/rsyslogd
udp 0 0 127.0.0.1:36107 127.0.0.1:36107 ESTABLISHED
4715/postgres
udp 0 0 0.0.0.0:1701 0.0.0.0:*
11038/xl2tpd
udp6 0 0 ::1:500 :::*
28463/pluto
udp6 0 0 :::514 :::*
12440/rsyslogd
Traffic Control
Device eth0:
qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1
1 1
Sent 1620504922 bytes 2666422 pkt (dropped 0, overlimits 0 requeues 10543)
backlog 0b 0p requeues 10543
Device eth1:
qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1
1 1
Sent 120620578 bytes 948406 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
TC Filters
Device eth0:
Device eth1:------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_sfd2d_oct
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
