Here is the dump with it started.
While I had it in the 'cleared' state, all this time since my last post,
email came in, but it was from an address already in the whitelist for spam
assasin, so still not sure whats going on. The other email I sent last night
that I was told today was delayed another 9 hours, has still not arrived, ,
odd...
==
Steve
----- Original Message -----
From: "Tom Eastep" <[email protected]>
To: <[email protected]>
Sent: Thursday, November 26, 2015 2:52 PM
Subject: Re: [Shorewall-users] Shorewall 4.5.21.6
On 11/26/2015 9:43 AM, Teknoskillz wrote:
Tom:
Thanks for that assistance.
Shorewall dump said the /var/log/messages file was not present. Had to
edit /etc/rsyslog.d/50-default.conf
and uncomment out 3 lines , and restart syslog, now the dump works.
Dumped it to a text file, attached here to this message.
We need to see a dump taken when Shorewall is in the 'started' state,
and when mail is being rejected.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
------------------------------------------------------------------------------
Go from Idea to Many App Stores Faster with Intel(R) XDK
Give your users amazing mobile app experiences with Intel(R) XDK.
Use one codebase in this all-in-one HTML5 development environment.
Design, debug & build mobile apps & 2D/3D high-impact games for multiple
OSs.
http://pubads.g.doubleclick.net/gampad/clk?id=254741551&iu=/4140
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
Shorewall is running
State:Started (Thu Nov 26 15:37:43 EST 2015) from /etc/shorewall/
/var/lib/shorewall/firewall was compiled by Shorewall version 4.5.21.6
Counters reset Thu Nov 26 15:37:43 EST 2015
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
272 39103 net2fw all -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix "Shorewall:INPUT:REJECT:"
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix "Shorewall:FORWARD:REJECT:"
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
201 109K fw2net all -- * eth0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain Broadcast (2 references)
pkts bytes target prot opt in out source destination
49 13765 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type BROADCAST
1 32 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type MULTICAST
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type ANYCAST
Chain Drop (1 references)
pkts bytes target prot opt in out source destination
52 13917 all -- * * 0.0.0.0/0 0.0.0.0/0
52 13917 Broadcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 3 code 4 /* Needed ICMP types */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 11 /* Needed ICMP types */
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,445 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:137:139 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:137 dpts:1024:65535 /* SMB */
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,139,445 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1900 /* UPnP */
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:!0x17/0x02
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:53 /* Late DNS Replies */
Chain Reject (2 references)
pkts bytes target prot opt in out source destination
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 Broadcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 3 code 4 /* Needed ICMP types */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 11 /* Needed ICMP types */
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,445 /* SMB */
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:137:139 /* SMB */
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:137 dpts:1024:65535 /* SMB */
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,139,445 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1900 /* UPnP */
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:!0x17/0x02
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:53 /* Late DNS Replies */
Chain dynamic (1 references)
pkts bytes target prot opt in out source destination
Chain fw2net (1 references)
pkts bytes target prot opt in out source destination
168 106K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
33 2674 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logdrop (0 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logflags (5 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 4 level 6 prefix "Shorewall:logflags:DROP:"
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logreject (0 references)
pkts bytes target prot opt in out source destination
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
Chain net2fw (1 references)
pkts bytes target prot opt in out source destination
82 15497 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
82 15497 smurfs all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
189 17414 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
190 23606 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 ~log0 all -- * * 108.59.0.0/16 0.0.0.0/0
[goto]
0 0 ~log0 all -- * * 173.95.0.0/16 0.0.0.0/0
[goto]
0 0 ACCEPT icmp -- * * 50.136.0.0/16 0.0.0.0/0
icmptype 8 /* Ping */
0 0 ACCEPT tcp -- * * 50.198.0.0/16 0.0.0.0/0
tcp dpt:22 /* SSH */
0 0 ACCEPT tcp -- * * 173.162.0.0/16 0.0.0.0/0
tcp dpt:22 /* SSH */
0 0 ACCEPT tcp -- * * 75.68.0.0/16 0.0.0.0/0
tcp dpt:22 /* SSH */
0 0 ACCEPT tcp -- * * 202.22.143.149 0.0.0.0/0
tcp dpt:22 /* SSH */
0 0 ACCEPT tcp -- * * 216.87.0.195 0.0.0.0/0
tcp dpt:22 /* SSH */
0 0 ACCEPT tcp -- * * 216.65.65.26 0.0.0.0/0
tcp dpt:22 /* SSH */
0 0 ACCEPT tcp -- * * 176.74.162.0/25 0.0.0.0/0
tcp dpt:22 /* SSH */
0 0 ACCEPT tcp -- * * 176.74.172.32/27 0.0.0.0/0
tcp dpt:22 /* SSH */
0 0 ACCEPT tcp -- * * 24.91.0.0/16 0.0.0.0/0
tcp dpt:22 /* SSH */
0 0 ACCEPT tcp -- * * 76.119.0.0/16 0.0.0.0/0
tcp dpt:22 /* SSH */
0 0 ACCEPT tcp -- * * 67.186.0.0/16 0.0.0.0/0
tcp dpt:22 /* SSH */
0 0 ACCEPT tcp -- * * 73.4.0.0/16 0.0.0.0/0
tcp dpt:22 /* SSH */
0 0 ACCEPT tcp -- * * 76.127.0.0/16 0.0.0.0/0
tcp dpt:22 /* SSH */
2 104 ACCEPT tcp -- * * 50.136.0.0/16 0.0.0.0/0
tcp dpt:22 /* SSH */
0 0 ACCEPT tcp -- * * 73.142.0.0/16 0.0.0.0/0
tcp dpt:22 /* SSH */
0 0 ACCEPT tcp -- * * 64.251.0.0/16 0.0.0.0/0
tcp dpt:22 /* SSH */
0 0 ACCEPT tcp -- * * 73.238.0.0/16 0.0.0.0/0
tcp dpt:22 /* SSH */
4 240 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:80 /* HTTP */
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:443 /* HTTPS */
0 0 ACCEPT tcp -- * * 50.136.0.0/16 0.0.0.0/0
tcp dpt:21 /* FTP */
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:53 /* DNS */
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:53 /* DNS */
24 1236 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:25 /* SMTP */
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:465 /* SMTPS */
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:143 /* IMAP */
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:993 /* IMAPS */
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:110 /* POP3 */
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:995 /* POP3S */
0 0 ACCEPT tcp -- * * 202.22.143.149 0.0.0.0/0
tcp dpt:4949
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:26111
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:26150
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:26050
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:26995
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:20000
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:10000
52 13917 Drop all -- * * 0.0.0.0/0 0.0.0.0/0
2 120 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix "Shorewall:net2fw:DROP:"
2 120 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain reject (7 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match src-type BROADCAST
0 0 DROP all -- * * 224.0.0.0/4 0.0.0.0/0
0 0 DROP 2 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with tcp-reset
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-port-unreachable
0 0 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-unreachable
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-prohibited
Chain shorewall (0 references)
pkts bytes target prot opt in out source destination
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0
recent: SET name: %CURRENTTIME side: source mask: 255.255.255.255
Chain smurflog (2 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix "Shorewall:smurfs:DROP:"
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain smurfs (1 references)
pkts bytes target prot opt in out source destination
11 3302 RETURN all -- * * 0.0.0.0 0.0.0.0/0
0 0 smurflog all -- * * 0.0.0.0/0 0.0.0.0/0
[goto] ADDRTYPE match src-type BROADCAST
0 0 smurflog all -- * * 224.0.0.0/4 0.0.0.0/0
[goto]
Chain tcpflags (1 references)
pkts bytes target prot opt in out source destination
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x3F/0x29
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x3F/0x00
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x06/0x06
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x03/0x03
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp spt:0 flags:0x17/0x02
Chain ~log0 (2 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 4 prefix "Shorewall:net2fw:DROP:"
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Log (/var/log/messages)
Nov 26 15:38:09 net2fw:DROP:IN=eth0 OUT= SRC=118.97.147.27 DST=65.111.162.249 LE
N=60 TOS=0x08 PREC=0x20 TTL=53 ID=38882 DF PROTO=TCP SPT=54451 DPT=22 WINDOW=584
0 RES=0x00 SYN URGP=0
Nov 26 15:38:12 net2fw:DROP:IN=eth0 OUT= SRC=118.97.147.27 DST=65.111.162.249 LE
N=60 TOS=0x08 PREC=0x20 TTL=53 ID=38883 DF PROTO=TCP SPT=54451 DPT=22 WINDOW=584
0 RES=0x00 SYN URGP=0
NAT Table
Chain PREROUTING (policy ACCEPT 724 packets, 59288 bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 6 packets, 344 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 19 packets, 1526 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 19 packets, 1526 bytes)
pkts bytes target prot opt in out source destination
Mangle Table
Chain PREROUTING (policy ACCEPT 858 packets, 83645 bytes)
pkts bytes target prot opt in out source destination
1108 102K tcpre all -- * * 0.0.0.0/0 0.0.0.0/0
Chain INPUT (policy ACCEPT 195 packets, 33681 bytes)
pkts bytes target prot opt in out source destination
272 39103 tcin all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0
MARK and 0xffffff00
0 0 tcfor all -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 123 packets, 23208 bytes)
pkts bytes target prot opt in out source destination
205 114K tcout all -- * * 0.0.0.0/0 0.0.0.0/0
Chain POSTROUTING (policy ACCEPT 123 packets, 23208 bytes)
pkts bytes target prot opt in out source destination
205 114K tcpost all -- * * 0.0.0.0/0 0.0.0.0/0
Chain tcfor (1 references)
pkts bytes target prot opt in out source destination
Chain tcin (1 references)
pkts bytes target prot opt in out source destination
Chain tcout (1 references)
pkts bytes target prot opt in out source destination
Chain tcpost (1 references)
pkts bytes target prot opt in out source destination
Chain tcpre (1 references)
pkts bytes target prot opt in out source destination
Raw Table
Chain PREROUTING (policy ACCEPT 857 packets, 83593 bytes)
pkts bytes target prot opt in out source destination
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:10080 CT helper amanda
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:21 CT helper ftp
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1719 CT helper RAS
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:1720 CT helper Q.931
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:6667 CT helper irc
401 31494 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:137 CT helper netbios-ns
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:1723 CT helper pptp
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:6566 CT helper sane
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:5060 CT helper sip
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:161 CT helper snmp
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:69 CT helper tftp
Chain OUTPUT (policy ACCEPT 123 packets, 23208 bytes)
pkts bytes target prot opt in out source destination
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:10080 CT helper amanda
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:21 CT helper ftp
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1719 CT helper RAS
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:1720 CT helper Q.931
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:6667 CT helper irc
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:137 CT helper netbios-ns
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:1723 CT helper pptp
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:6566 CT helper sane
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:5060 CT helper sip
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:161 CT helper snmp
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:69 CT helper tftp
Conntrack Table (60 out of 65536)
grep: /proc/net/nf_conntrack: No such file or directory
IP Configuration
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group defaul
t
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP gr
oup default qlen 1000
inet 65.111.162.249/25 brd 65.111.162.255 scope global eth0
valid_lft forever preferred_lft forever
IP Stats
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT
group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
RX: bytes packets errors dropped overrun mcast
5751576 40534 0 0 0 0
TX: bytes packets errors dropped carrier collsns
5751576 40534 0 0 0 0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mo
de DEFAULT group default qlen 1000
link/ether 00:ef:26:56:06:4f brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
1957097053 25973131 0 700 0 0
TX: bytes packets errors dropped carrier collsns
1351252732 1484893 0 0 0 0
Routing Rules
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
Table default:
Table local:
local 65.111.162.249 dev eth0 proto kernel scope host src 65.111.162.249
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
broadcast 65.111.162.255 dev eth0 proto kernel scope link src 65.111.162.249
broadcast 65.111.162.128 dev eth0 proto kernel scope link src 65.111.162.249
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1
Table main:
65.111.162.128/25 dev eth0 proto kernel scope link src 65.111.162.249
default via 65.111.162.129 dev eth0
Per-IP Counters
iptaccount is not installed
NF Accounting
No NF Accounting defined (nfacct not found)
Events
/proc
/proc/version = Linux version 3.13.0-68-generic (buildd@lgw01-46) (gcc versio
n 4.8.2 (Ubuntu 4.8.2-19ubuntu1) ) #111-Ubuntu SMP Fri Nov 6 18:17:06 UTC 2015
/proc/sys/net/ipv4/ip_forward = 1
/proc/sys/net/ipv4/icmp_echo_ignore_all = 0
/proc/sys/net/ipv4/conf/all/proxy_arp = 0
/proc/sys/net/ipv4/conf/all/arp_filter = 0
/proc/sys/net/ipv4/conf/all/arp_ignore = 0
/proc/sys/net/ipv4/conf/all/rp_filter = 1
/proc/sys/net/ipv4/conf/all/log_martians = 0
/proc/sys/net/ipv4/conf/default/proxy_arp = 0
/proc/sys/net/ipv4/conf/default/arp_filter = 0
/proc/sys/net/ipv4/conf/default/arp_ignore = 0
/proc/sys/net/ipv4/conf/default/rp_filter = 1
/proc/sys/net/ipv4/conf/default/log_martians = 1
/proc/sys/net/ipv4/conf/eth0/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth0/arp_filter = 0
/proc/sys/net/ipv4/conf/eth0/arp_ignore = 0
/proc/sys/net/ipv4/conf/eth0/rp_filter = 1
/proc/sys/net/ipv4/conf/eth0/log_martians = 1
/proc/sys/net/ipv4/conf/lo/proxy_arp = 0
/proc/sys/net/ipv4/conf/lo/arp_filter = 0
/proc/sys/net/ipv4/conf/lo/arp_ignore = 0
/proc/sys/net/ipv4/conf/lo/rp_filter = 1
/proc/sys/net/ipv4/conf/lo/log_martians = 1
ARP
? (65.111.162.129) at 00:15:f9:06:3f:42 [ether] on eth0
Modules
ip_set 41249 1 xt_set
iptable_filter 12810 1
iptable_mangle 12695 1
iptable_nat 13011 0
iptable_raw 12678 1
ip_tables 27239 4 iptable_filter,iptable_mangle,iptable_nat,iptabl
e_raw
ipt_ah 12806 0
ipt_CLUSTERIP 13633 0
ipt_ECN 12529 0
ipt_MASQUERADE 12880 0
ipt_REJECT 12541 4
ipt_rpfilter 12546 0
ipt_ULOG 14273 0
nf_conntrack 97202 35 nf_nat_ftp,nf_nat_irc,nf_nat_sip,nf_nat_amanda,
xt_CT,nf_nat_snmp_basic,nf_conntrack_netbios_ns,nf_conntrack_proto_gre,xt_helper
,ipt_MASQUERADE,nf_conntrack_proto_udplite,nf_nat,xt_state,xt_connlimit,nf_nat_h
323,nf_nat_ipv4,nf_nat_pptp,nf_nat_tftp,xt_conntrack,nf_conntrack_amanda,ipt_CLU
STERIP,nf_conntrack_proto_sctp,nf_conntrack_netlink,nf_conntrack_broadcast,xt_co
nnmark,nf_conntrack_ftp,nf_conntrack_irc,nf_conntrack_sip,iptable_nat,nf_conntra
ck_h323,nf_conntrack_ipv4,nf_conntrack_pptp,nf_conntrack_sane,nf_conntrack_snmp,
nf_conntrack_tftp
nf_conntrack_amanda 13041 3 nf_nat_amanda
nf_conntrack_broadcast 12589 2 nf_conntrack_netbios_ns,nf_conntrack_snmp
nf_conntrack_ftp 18638 3 nf_nat_ftp
nf_conntrack_h323 73895 5 nf_nat_h323
nf_conntrack_ipv4 15012 29
nf_conntrack_irc 13518 3 nf_nat_irc
nf_conntrack_netbios_ns 12665 2
nf_conntrack_netlink 36223 0
nf_conntrack_pptp 19258 3 nf_nat_pptp
nf_conntrack_proto_gre 14434 1 nf_conntrack_pptp
nf_conntrack_proto_sctp 18822 0
nf_conntrack_proto_udplite 13281 0
nf_conntrack_sane 13143 2
nf_conntrack_sip 28460 3 nf_nat_sip
nf_conntrack_snmp 12857 3 nf_nat_snmp_basic
nf_conntrack_tftp 13121 3 nf_nat_tftp
nf_defrag_ipv4 12758 2 xt_TPROXY,nf_conntrack_ipv4
nf_defrag_ipv6 34768 1 xt_TPROXY
nf_nat 21841 12 nf_nat_ftp,nf_nat_irc,nf_nat_sip,nf_nat_amanda,
ipt_MASQUERADE,nf_nat_proto_gre,nf_nat_h323,nf_nat_ipv4,nf_nat_pptp,nf_nat_tftp,
xt_nat,iptable_nat
nf_nat_amanda 12491 0
nf_nat_ftp 12770 0
nf_nat_h323 17720 0
nf_nat_ipv4 13263 1 iptable_nat
nf_nat_irc 12723 0
nf_nat_pptp 13115 0
nf_nat_proto_gre 13009 1 nf_nat_pptp
nf_nat_sip 17186 0
nf_nat_snmp_basic 17302 0
nf_nat_tftp 12489 0
xt_addrtype 12635 5
xt_AUDIT 12678 0
xt_CHECKSUM 12549 0
xt_CLASSIFY 12507 0
xt_comment 12504 45
xt_connlimit 12636 0
xt_connmark 12755 0
xt_conntrack 12760 6
xt_CT 12956 22
xt_dccp 12606 0
xt_dscp 12597 0
xt_DSCP 12629 0
xt_hashlimit 17618 0
xt_helper 12583 0
xt_iprange 12783 0
xt_length 12536 0
xt_limit 12711 0
xt_LOG 17717 6
xt_mac 12492 0
xt_mark 12563 1
xt_multiport 12798 4
xt_nat 12681 0
xt_NFLOG 12537 0
xt_NFQUEUE 12776 0
xt_owner 12534 0
xt_physdev 12587 0
xt_pkttype 12504 0
xt_policy 12582 0
xt_realm 12498 0
xt_recent 18498 1
xt_sctp 12853 0
xt_set 13181 0
xt_state 12578 0
xt_statistic 12601 0
xt_tcpmss 12501 0
xt_TCPMSS 12664 0
xt_tcpudp 12884 72
xt_time 12661 0
xt_TPROXY 17356 0
Shorewall has detected the following iptables/netfilter capabilities:
ACCOUNT Target (ACCOUNT_TARGET): Not available
Address Type Match (ADDRTYPE): Available
Amanda Helper: Available
Arptables JF: Not available
AUDIT Target (AUDIT_TARGET): Available
Basic Filter (BASIC_FILTER): Available
Capabilities Version (CAPVERSION): 40515
Checksum Target: Available
CLASSIFY Target (CLASSIFY_TARGET): Available
Comments (COMMENTS): Available
Condition Match (CONDITION_MATCH): Not available
Connection Tracking Match (CONNTRACK_MATCH): Available
Connlimit Match (CONNLIMIT_MATCH): Available
Connmark Match (CONNMARK_MATCH): Available
CONNMARK Target (CONNMARK): Available
CT Target (CT_TARGET): Available
DSCP Match (DSCP_MATCH): Available
DSCP Target (DSCP_TARGET): Available
Enhanced Multi-port Match (EMULIPORT): Available
Extended Connection Tracking Match Support (NEW_CONNTRACK_MATCH): Available
Extended Connmark Match (XCONNMARK_MATCH): Available
Extended CONNMARK Target (XCONNMARK): Available
Extended MARK Target 2 (EXMARK): Available
Extended MARK Target (XMARK): Available
Extended Multi-port Match (XMULIPORT): Available
Extended REJECT (ENHANCED_REJECT): Available
FLOW Classifier (FLOW_FILTER): Available
FTP-0 Helper: Not available
FTP Helper: Available
fwmark route mask (FWMARK_RT_MASK): Available
Geo IP match: Not available
Goto Support (GOTO_TARGET): Available
H323 Helper: Available
Hashlimit Match (HASHLIMIT_MATCH): Available
Header Match (HEADER_MATCH): Not available
Helper Match (HELPER_MATCH): Available
IMQ Target (IMQ_TARGET): Not available
IPMARK Target (IPMARK_TARGET): Not available
IPP2P Match (IPP2P_MATCH): Not available
IP range Match(IPRANGE_MATCH): Available
ipset V5 (IPSET_V5): Not available
iptables -S (IPTABLES_S): Available
IRC-0 Helper: Not available
IRC Helper: Available
Kernel Version (KERNELVERSION): 31300
LOGMARK Target (LOGMARK_TARGET): Not available
LOG Target (LOG_TARGET): Available
Mangle FORWARD Chain (MANGLE_FORWARD): Available
Mark in the filter table (MARK_ANYWHERE): Available
MARK Target (MARK): Available
MASQUERADE Target: Available
Multi-port Match (MULTIPORT): Available
NAT (NAT_ENABLED): Available
Netbios_ns Helper: Available
New tos Match: Available
NFAcct match: Not available
NFLOG Target (NFLOG_TARGET): Available
NFQUEUE Target (NFQUEUE_TARGET): Available
Owner Match (OWNER_MATCH): Available
Owner Name Match (OWNER_NAME_MATCH): Available
Packet length Match (LENGTH_MATCH): Available
Packet Mangling (MANGLE_ENABLED): Available
Packet Type Match (USEPKTTYPE): Available
Persistent SNAT (PERSISTENT_SNAT): Available
Physdev-is-bridged Support (PHYSDEV_BRIDGE): Available
Physdev Match (PHYSDEV_MATCH): Available
Policy Match (POLICY_MATCH): Available
PPTP Helper: Available
Rawpost Table (RAWPOST_TABLE): Not available
Raw Table (RAW_TABLE): Available
Realm Match (REALM_MATCH): Available
Recent Match "--reap" option (REAP_OPTION): Not available
Recent Match (RECENT_MATCH): Available
Repeat match (KLUDGEFREE): Available
RPFilter match: Available
SANE-0 Helper: Not available
SANE Helper: Available
SIP-0 Helper: Not available
SIP Helper: Available
SNMP Helper: Available
Statistic Match (STATISTIC_MATCH): Available
TCPMSS Match (TCPMSS_MATCH): Available
TFTP-0 Helper: Not available
TFTP Helper: Available
Time Match (TIME_MATCH): Available
TPROXY Target (TPROXY_TARGET): Available
UDPLITE Port Redirection: Not available
ULOG Target (ULOG_TARGET): Available
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
tcp UNCONN 0 0 *:20000 *:*
users:(("miniserv.pl",2296,6))
tcp UNCONN 0 0 *:26150 *:*
users:(("darkplaces64",24577,11))
tcp UNCONN 0 0 *:10000 *:*
users:(("miniserv.pl",3058,6))
tcp UNCONN 0 0 65.111.162.249:53 *:*
users:(("named",1284,535),("named",1284,534),("named",1284,533),("named",1284,5
32),("named",1284,531),("named",1284,530),("named",1284,529),("named",1284,528))
tcp UNCONN 0 0 127.0.0.1:53 *:*
users:(("named",1284,527),("named",1284,526),("named",1284,525),("named",1284,5
24),("named",1284,523),("named",1284,522),("named",1284,521),("named",1284,520))
tcp UNCONN 0 0 65.111.162.249:123 *:*
users:(("ntpd",3315,19))
tcp UNCONN 0 0 127.0.0.1:123 *:*
users:(("ntpd",3315,18))
tcp UNCONN 0 0 *:123 *:*
users:(("ntpd",3315,16))
tcp LISTEN 0 10 65.111.162.249:53 *:*
users:(("named",1284,22))
tcp LISTEN 0 10 127.0.0.1:53 *:*
users:(("named",1284,21))
tcp LISTEN 0 128 *:22 *:*
users:(("sshd",1237,3))
tcp LISTEN 0 128 127.0.0.1:11000 *:*
users:(("/usr/share/webm",3003,3))
tcp LISTEN 0 100 *:25 *:*
users:(("master",1568,12))
tcp LISTEN 0 128 127.0.0.1:953 *:*
users:(("named",1284,23))
tcp LISTEN 0 128 *:20000 *:*
users:(("miniserv.pl",2296,5))
tcp LISTEN 0 100 *:993 *:*
users:(("dovecot",1216,38))
tcp LISTEN 0 100 *:995 *:*
users:(("dovecot",1216,25))
tcp LISTEN 0 128 127.0.0.1:10023 *:*
users:(("/usr/sbin/postg",1333,6))
tcp LISTEN 0 50 127.0.0.1:3306 *:*
users:(("mysqld",1272,10))
tcp LISTEN 0 100 *:587 *:*
users:(("master",1568,106))
tcp LISTEN 0 100 *:110 *:*
users:(("dovecot",1216,23))
tcp LISTEN 0 128 127.0.0.1:783 *:*
users:(("spamd child",16647,5),("spamd child",16646,5),("/usr/sbin/spamd",16645
,5))
tcp LISTEN 0 100 *:143 *:*
users:(("dovecot",1216,36))
tcp LISTEN 0 128 *:10000 *:*
users:(("miniserv.pl",3058,5))
tcp CLOSE-WAIT 1 0 127.0.0.1:11000 127.0.0.1:36383
users:(("/usr/share/webm",3003,4))
tcp ESTAB 0 5108 65.111.162.249:22 50.136.116.163:51384
users:(("sshd",32628,3))
Traffic Control
Device eth0:
qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1
1
Sent 1351290828 bytes 1484933 pkt (dropped 0, overlimits 0 requeues 3)
backlog 0b 0p requeues 3
------------------------------------------------------------------------------
Go from Idea to Many App Stores Faster with Intel(R) XDK
Give your users amazing mobile app experiences with Intel(R) XDK.
Use one codebase in this all-in-one HTML5 development environment.
Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs.
http://pubads.g.doubleclick.net/gampad/clk?id=254741551&iu=/4140
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
