Hi,
I have been having some issues configuring Shorewall to work with the
CoovaChilli access controller software, and I'm hoping there is a simple
solution to it. :)
So, I have a server, eth0 WAN, eth1 LAN, tun10 is the tun interface that
CoovaChilli puts onto eth1 to capture all user traffic, then authenticates it
against a RADIUS server, and routes authenticated traffic to eth0 to access the
internet.
The problem I am having is that Shorewall intermittently has issues with the
NATing of packets, so I see lots of SFILTER messages showing return traffic
coming into eth0 to the IP address of PCs on tun10(192.168.200.0/24). So at
times the clients can access the internet and at other times they can't. So
why the SFILTER messages, if the masq file is configured correctly why is
Shorewall not translating the packets, or keeping track of the translation?
I hope that makes sense, I've attached the Shorewall dump file, thanks in
advance for any help.
Thanks,
Nigel
NSSLGlobal Ltd
Switchboard: +44 (0) 1737 648 800
Support: +44 (0) 1737 648 864
Fax: +44 (0) 1737 648 888
Email: [email protected]
Company Reg: England, 3879526
NSSLGlobal GmbH
Switchboard: +49 4068 277-0
Support: +49 4068 277-260
Fax: +49 4068 277-135
Email: [email protected]
Company Reg: Lubeck, HRB 9134 HL
Shorewall 4.5.16.1 Dump at aquamekong.cruisecontrolmail.com - Wed Dec 23
16:56:52 GMT 2015
Shorewall is running
State:Started (Wed Dec 23 16:55:46 GMT 2015) from /etc/shorewall/
Counters reset Wed Dec 23 16:55:46 GMT 2015
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
1 68 lan2fw all -- eth1 * 0.0.0.0/0 0.0.0.0/0
344 58053 vsat2fw all -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 chill2fw all -- tun10 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 Drop all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
7 672 lan_frwd all -- eth1 * 0.0.0.0/0 0.0.0.0/0
8 672 vsat_frwd all -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 chill_frwd all -- tun10 * 0.0.0.0/0 0.0.0.0/0
0 0 Drop all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 fw2lan all -- * eth1 0.0.0.0/0 0.0.0.0/0
4 304 fw2vsat all -- * eth0 0.0.0.0/0 0.0.0.0/0
0 0 fw2chill all -- * tun10 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 Drop all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain Broadcast (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type BROADCAST
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type MULTICAST
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type ANYCAST
0 0 DROP all -- * * 0.0.0.0/0 224.0.0.0/4
Chain Drop (3 references)
pkts bytes target prot opt in out source destination
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:113 /* Auth */
0 0 Broadcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 3 code 4 /* Needed ICMP types */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 11 /* Needed ICMP types */
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,445 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:137:139 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:137 dpts:1024:65535 /* SMB */
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,139,445 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1900 /* UPnP */
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:!0x17/0x02
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:53 /* Late DNS Replies */
Chain chill2fw (1 references)
pkts bytes target prot opt in out source destination
0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 22,80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:22
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain chill2lan (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain chill2vsat (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain chill_frwd (1 references)
pkts bytes target prot opt in out source destination
0 0 sfilter all -- * tun10 0.0.0.0/0 0.0.0.0/0
[goto]
0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
0 0 chill2lan all -- * eth1 0.0.0.0/0 0.0.0.0/0
0 0 chill2vsat all -- * eth0 0.0.0.0/0 0.0.0.0/0
Chain dynamic (6 references)
pkts bytes target prot opt in out source destination
Chain fw2chill (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:3306
0 0 ACCEPT icmp -- * * 0.0.0.0/0
192.168.200.1
0 0 ACCEPT udp -- * * 0.0.0.0/0
192.168.200.1 multiport dports 53,67:68
0 0 ACCEPT tcp -- * * 0.0.0.0/0
192.168.200.1 multiport dports 80,443,3990,4990
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 3990,4990
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain fw2lan (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:3306
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 3990,4990
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain fw2vsat (1 references)
pkts bytes target prot opt in out source destination
2 152 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:3306
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 3990,4990
2 152 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain lan2chill (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0
192.168.200.1
0 0 ACCEPT udp -- * * 0.0.0.0/0
192.168.200.1 multiport dports 53,67:68
0 0 ACCEPT tcp -- * * 0.0.0.0/0
192.168.200.1 multiport dports 80,443,3990,4990
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain lan2fw (1 references)
pkts bytes target prot opt in out source destination
1 68 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 22,80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:22
1 68 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain lan2vsat (1 references)
pkts bytes target prot opt in out source destination
7 672 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain lan_frwd (1 references)
pkts bytes target prot opt in out source destination
0 0 sfilter all -- * eth1 0.0.0.0/0 0.0.0.0/0
[goto]
0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
7 672 lan2vsat all -- * eth0 0.0.0.0/0 0.0.0.0/0
0 0 lan2chill all -- * tun10 0.0.0.0/0 0.0.0.0/0
Chain logdrop (0 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logreject (0 references)
pkts bytes target prot opt in out source destination
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
Chain reject (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match src-type BROADCAST
0 0 DROP all -- * * 224.0.0.0/4 0.0.0.0/0
0 0 DROP 2 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with tcp-reset
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-port-unreachable
0 0 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-unreachable
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-prohibited
Chain sfilter (3 references)
pkts bytes target prot opt in out source destination
8 672 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:sfilter:DROP:'
8 672 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain shorewall (0 references)
pkts bytes target prot opt in out source destination
Chain vsat2chill (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0
192.168.200.1
0 0 ACCEPT udp -- * * 0.0.0.0/0
192.168.200.1 multiport dports 53,67:68
0 0 ACCEPT tcp -- * * 0.0.0.0/0
192.168.200.1 multiport dports 80,443,3990,4990
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain vsat2fw (1 references)
pkts bytes target prot opt in out source destination
342 57901 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
2 152 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 22,80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:22
342 57901 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain vsat2lan (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain vsat_frwd (1 references)
pkts bytes target prot opt in out source destination
8 672 sfilter all -- * eth0 0.0.0.0/0 0.0.0.0/0
[goto]
0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
0 0 vsat2lan all -- * eth1 0.0.0.0/0 0.0.0.0/0
0 0 vsat2chill all -- * tun10 0.0.0.0/0 0.0.0.0/0
Log (/var/log/messages)
Dec 15 10:57:53 sfilter:DROP:IN=eth0 OUT=eth0 SRC=192.168.200.1
DST=192.168.200.10 LEN=48 TOS=0x00 PREC=0x00 TTL=63 ID=0 PROTO=TCP SPT=22
DPT=1137 WINDOW=32768 RES=0x00 ACK SYN URGP=0
Dec 15 10:57:59 sfilter:DROP:IN=eth0 OUT=eth0 SRC=192.168.200.1
DST=192.168.200.10 LEN=48 TOS=0x00 PREC=0x00 TTL=63 ID=0 PROTO=TCP SPT=22
DPT=1137 WINDOW=32768 RES=0x00 ACK SYN URGP=0
Dec 15 10:58:10 sfilter:DROP:IN=eth0 OUT=eth0 SRC=192.168.200.1
DST=192.168.200.10 LEN=48 TOS=0x00 PREC=0x00 TTL=63 ID=0 PROTO=TCP SPT=22
DPT=1137 WINDOW=32768 RES=0x00 ACK SYN URGP=0
Dec 15 10:58:17 sfilter:DROP:IN=eth0 OUT=eth0 SRC=199.27.105.111
DST=192.168.200.10 LEN=84 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=UDP SPT=6000
DPT=6010 LEN=64
Dec 15 10:58:17 sfilter:DROP:IN=eth0 OUT=eth0 SRC=199.27.105.111
DST=192.168.200.10 LEN=84 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=UDP SPT=6000
DPT=6010 LEN=64
Dec 15 10:58:18 sfilter:DROP:IN=eth0 OUT=eth0 SRC=199.27.105.111
DST=192.168.200.10 LEN=84 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=UDP SPT=6000
DPT=6010 LEN=64
Dec 15 10:58:18 sfilter:DROP:IN=eth0 OUT=eth0 SRC=199.27.105.111
DST=192.168.200.10 LEN=84 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=UDP SPT=6000
DPT=6010 LEN=64
Dec 15 10:58:19 sfilter:DROP:IN=eth0 OUT=eth0 SRC=199.27.105.111
DST=192.168.200.10 LEN=84 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=UDP SPT=6000
DPT=6010 LEN=64
Dec 15 10:58:20 sfilter:DROP:IN=eth0 OUT=eth0 SRC=199.27.105.111
DST=192.168.200.10 LEN=84 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=UDP SPT=6000
DPT=6010 LEN=64
Dec 15 10:58:24 sfilter:DROP:IN=eth0 OUT=eth0 SRC=199.27.105.111
DST=192.168.200.10 LEN=84 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=UDP SPT=6000
DPT=6010 LEN=64
Dec 15 10:58:33 sfilter:DROP:IN=eth0 OUT=eth0 SRC=192.168.200.1
DST=192.168.200.10 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=0 PROTO=TCP SPT=22
DPT=1137 WINDOW=0 RES=0x00 ACK RST URGP=0
Dec 15 12:30:57 sfilter:DROP:IN=eth0 OUT=eth0 SRC=74.125.226.174
DST=192.168.200.10 LEN=48 TOS=0x00 PREC=0x00 TTL=63 ID=0 PROTO=TCP SPT=443
DPT=1335 WINDOW=32768 RES=0x00 ACK SYN URGP=0
Dec 23 16:56:10 sfilter:DROP:IN=eth0 OUT=eth0 SRC=199.27.105.111
DST=192.168.200.10 LEN=84 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=UDP SPT=6000
DPT=6010 LEN=64
Dec 23 16:56:10 sfilter:DROP:IN=eth0 OUT=eth0 SRC=199.27.105.111
DST=192.168.200.10 LEN=84 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=UDP SPT=6000
DPT=6010 LEN=64
Dec 23 16:56:10 sfilter:DROP:IN=eth0 OUT=eth0 SRC=199.27.105.111
DST=192.168.200.10 LEN=84 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=UDP SPT=6000
DPT=6010 LEN=64
Dec 23 16:56:11 sfilter:DROP:IN=eth0 OUT=eth0 SRC=199.27.105.111
DST=192.168.200.10 LEN=84 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=UDP SPT=6000
DPT=6010 LEN=64
Dec 23 16:56:12 sfilter:DROP:IN=eth0 OUT=eth0 SRC=199.27.105.111
DST=192.168.200.10 LEN=84 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=UDP SPT=6000
DPT=6010 LEN=64
Dec 23 16:56:13 sfilter:DROP:IN=eth0 OUT=eth0 SRC=199.27.105.111
DST=192.168.200.10 LEN=84 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=UDP SPT=6000
DPT=6010 LEN=64
Dec 23 16:56:13 sfilter:DROP:IN=eth0 OUT=eth0 SRC=199.27.105.111
DST=192.168.200.10 LEN=84 TOS=0x00 PREC=0x00 TTL=46 ID=0 DF PROTO=UDP SPT=6000
DPT=6010 LEN=64
Dec 23 16:56:16 sfilter:DROP:IN=eth0 OUT=eth0 SRC=199.27.105.111
DST=192.168.200.10 LEN=84 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=UDP SPT=6000
DPT=6010 LEN=64
NAT Table
Chain PREROUTING (policy ACCEPT 20 packets, 2893 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
2 152 eth0_masq all -- * eth0 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain eth0_masq (1 references)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE all -- * * 192.168.100.0/24 0.0.0.0/0
0 0 MASQUERADE all -- * * 192.168.200.0/24 0.0.0.0/0
Mangle Table
Chain PREROUTING (policy ACCEPT 55 packets, 10199 bytes)
pkts bytes target prot opt in out source destination
598 83713 tcpre all -- * * 0.0.0.0/0 0.0.0.0/0
Chain INPUT (policy ACCEPT 39 packets, 7658 bytes)
pkts bytes target prot opt in out source destination
345 58121 tcin all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
15 1344 MARK all -- * * 0.0.0.0/0 0.0.0.0/0
MARK and 0xffffff00
15 1344 tcfor all -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
4 304 tcout all -- * * 0.0.0.0/0 0.0.0.0/0
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
11 976 tcpost all -- * * 0.0.0.0/0 0.0.0.0/0
Chain tcfor (1 references)
pkts bytes target prot opt in out source destination
7 672 MARK all -- eth1 * 0.0.0.0/0 0.0.0.0/0
MARK xset 0x3/0xff
Chain tcin (1 references)
pkts bytes target prot opt in out source destination
Chain tcout (1 references)
pkts bytes target prot opt in out source destination
Chain tcpost (1 references)
pkts bytes target prot opt in out source destination
0 0 MARK udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:53 MARK xset 0x1/0xff
0 0 MARK udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:53 MARK xset 0x1/0xff
0 0 MARK tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 50002,540,1526 MARK xset 0x1/0xff
0 0 MARK tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport sports 50002,540,1526 MARK xset 0x1/0xff
0 0 MARK tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:80 MARK xset 0x2/0xff
0 0 MARK tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp spt:80 MARK xset 0x2/0xff
Chain tcpre (1 references)
pkts bytes target prot opt in out source destination
Raw Table
Chain PREROUTING (policy ACCEPT 55 packets, 10199 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Conntrack Table (52 out of 65536)
ipv4 2 udp 17 165 src=10.110.0.227 dst=173.255.246.13 sport=123
dport=123 src=173.255.246.13 dst=10.110.0.227 sport=123 dport=123 [ASSURED]
mark=0 secmark=0 use=2
ipv4 2 unknown 2 583 src=192.168.1.254 dst=224.0.0.251 [UNREPLIED]
src=224.0.0.251 dst=192.168.1.254 mark=0 secmark=0 use=2
ipv4 2 udp 17 27 src=192.168.128.100 dst=255.255.255.255 sport=67
dport=68 [UNREPLIED] src=255.255.255.255 dst=192.168.128.100 sport=68 dport=67
mark=0 secmark=0 use=2
ipv4 2 udp 17 17 src=192.168.1.63 dst=255.255.255.255 sport=137
dport=137 [UNREPLIED] src=255.255.255.255 dst=192.168.1.63 sport=137 dport=137
mark=0 secmark=0 use=2
ipv4 2 unknown 2 583 src=192.168.128.17 dst=224.0.0.251 [UNREPLIED]
src=224.0.0.251 dst=192.168.128.17 mark=0 secmark=0 use=2
ipv4 2 unknown 2 583 src=192.168.128.35 dst=224.0.0.251 [UNREPLIED]
src=224.0.0.251 dst=192.168.128.35 mark=0 secmark=0 use=2
ipv4 2 unknown 2 495 src=10.110.1.185 dst=224.0.0.1 [UNREPLIED]
src=224.0.0.1 dst=10.110.1.185 mark=0 secmark=0 use=2
ipv4 2 unknown 2 583 src=192.168.128.44 dst=224.0.0.251 [UNREPLIED]
src=224.0.0.251 dst=192.168.128.44 mark=0 secmark=0 use=2
ipv4 2 udp 17 28 src=192.168.1.40 dst=255.255.255.255 sport=137
dport=137 [UNREPLIED] src=255.255.255.255 dst=192.168.1.40 sport=137 dport=137
mark=0 secmark=0 use=2
ipv4 2 unknown 2 584 src=192.168.1.13 dst=224.0.0.251 [UNREPLIED]
src=224.0.0.251 dst=192.168.1.13 mark=0 secmark=0 use=2
ipv4 2 udp 17 5 src=192.168.1.32 dst=255.255.255.255 sport=137
dport=137 [UNREPLIED] src=255.255.255.255 dst=192.168.1.32 sport=137 dport=137
mark=0 secmark=0 use=2
ipv4 2 udp 17 28 src=192.168.1.29 dst=224.0.0.251 sport=5353
dport=5353 [UNREPLIED] src=224.0.0.251 dst=192.168.1.29 sport=5353 dport=5353
mark=0 secmark=0 use=2
ipv4 2 unknown 2 584 src=192.168.128.18 dst=224.0.0.251 [UNREPLIED]
src=224.0.0.251 dst=192.168.128.18 mark=0 secmark=0 use=2
ipv4 2 unknown 2 583 src=10.6.0.73 dst=224.0.0.251 [UNREPLIED]
src=224.0.0.251 dst=10.6.0.73 mark=0 secmark=0 use=2
ipv4 2 udp 17 16 src=10.10.9.95 dst=255.255.255.255 sport=1026
dport=1947 [UNREPLIED] src=255.255.255.255 dst=10.10.9.95 sport=1947 dport=1026
mark=0 secmark=0 use=2
ipv4 2 udp 17 25 src=169.254.99.57 dst=224.0.0.251 sport=5353
dport=5353 [UNREPLIED] src=224.0.0.251 dst=169.254.99.57 sport=5353 dport=5353
mark=0 secmark=0 use=2
ipv4 2 udp 17 29 src=192.168.1.30 dst=255.255.255.255 sport=137
dport=137 [UNREPLIED] src=255.255.255.255 dst=192.168.1.30 sport=137 dport=137
mark=0 secmark=0 use=2
ipv4 2 udp 17 47 src=192.168.200.10 dst=199.27.105.109 sport=6010
dport=3478 src=199.27.105.109 dst=10.110.0.227 sport=3478 dport=6010 [ASSURED]
mark=0 secmark=0 use=2
ipv4 2 udp 17 143 src=192.168.200.10 dst=199.27.105.111 sport=6010
dport=6000 src=199.27.105.111 dst=10.110.0.227 sport=6000 dport=6010 [ASSURED]
mark=0 secmark=0 use=2
ipv4 2 udp 17 11 src=192.168.1.65 dst=224.0.0.251 sport=5353
dport=5353 [UNREPLIED] src=224.0.0.251 dst=192.168.1.65 sport=5353 dport=5353
mark=0 secmark=0 use=2
ipv4 2 udp 17 25 src=192.168.1.28 dst=255.255.255.255 sport=137
dport=137 [UNREPLIED] src=255.255.255.255 dst=192.168.1.28 sport=137 dport=137
mark=0 secmark=0 use=2
ipv4 2 unknown 2 495 src=213.52.50.198 dst=224.0.0.1 [UNREPLIED]
src=224.0.0.1 dst=213.52.50.198 mark=0 secmark=0 use=2
ipv4 2 unknown 2 496 src=10.6.0.73 dst=224.0.0.1 [UNREPLIED] src=224.0.0.1
dst=10.6.0.73 mark=0 secmark=0 use=2
ipv4 2 unknown 2 264 src=192.168.100.254 dst=224.0.0.22 [UNREPLIED]
src=224.0.0.22 dst=192.168.100.254 mark=0 secmark=0 use=2
ipv4 2 udp 17 79 src=192.168.200.10 dst=199.27.105.109 sport=6010
dport=6000 src=199.27.105.109 dst=10.110.0.227 sport=6000 dport=6010 [ASSURED]
mark=0 secmark=0 use=2
ipv4 2 unknown 2 583 src=192.168.128.39 dst=224.0.0.251 [UNREPLIED]
src=224.0.0.251 dst=192.168.128.39 mark=0 secmark=0 use=2
ipv4 2 udp 17 27 src=192.168.1.1 dst=255.255.255.255 sport=67 dport=68
[UNREPLIED] src=255.255.255.255 dst=192.168.1.1 sport=68 dport=67 mark=0
secmark=0 use=2
ipv4 2 udp 17 111 src=192.168.200.10 dst=199.27.105.111 sport=6010
dport=3478 src=199.27.105.111 dst=10.110.0.227 sport=3478 dport=6010 [ASSURED]
mark=0 secmark=0 use=2
ipv4 2 unknown 2 370 src=192.168.128.235 dst=224.0.0.251 [UNREPLIED]
src=224.0.0.251 dst=192.168.128.235 mark=0 secmark=0 use=2
ipv4 2 unknown 2 279 src=10.110.0.227 dst=224.0.0.22 [UNREPLIED]
src=224.0.0.22 dst=10.110.0.227 mark=0 secmark=0 use=2
ipv4 2 unknown 2 543 src=192.168.1.15 dst=224.0.0.251 [UNREPLIED]
src=224.0.0.251 dst=192.168.1.15 mark=0 secmark=0 use=2
ipv4 2 udp 17 28 src=192.168.1.76 dst=224.0.0.251 sport=5353
dport=5353 [UNREPLIED] src=224.0.0.251 dst=192.168.1.76 sport=5353 dport=5353
mark=0 secmark=0 use=2
ipv4 2 udp 17 11 src=192.168.1.84 dst=255.255.255.255 sport=17500
dport=17500 [UNREPLIED] src=255.255.255.255 dst=192.168.1.84 sport=17500
dport=17500 mark=0 secmark=0 use=2
ipv4 2 unknown 2 495 src=82.133.60.112 dst=224.0.0.251 [UNREPLIED]
src=224.0.0.251 dst=82.133.60.112 mark=0 secmark=0 use=2
ipv4 2 udp 17 27 src=192.168.1.4 dst=255.255.255.255 sport=137
dport=137 [UNREPLIED] src=255.255.255.255 dst=192.168.1.4 sport=137 dport=137
mark=0 secmark=0 use=2
ipv4 2 udp 17 26 src=192.168.1.14 dst=255.255.255.255 sport=137
dport=137 [UNREPLIED] src=255.255.255.255 dst=192.168.1.14 sport=137 dport=137
mark=0 secmark=0 use=2
ipv4 2 unknown 2 515 src=134.159.223.210 dst=224.0.0.1 [UNREPLIED]
src=224.0.0.1 dst=134.159.223.210 mark=0 secmark=0 use=2
ipv4 2 udp 17 26 src=192.168.128.44 dst=224.0.0.251 sport=5353
dport=5353 [UNREPLIED] src=224.0.0.251 dst=192.168.128.44 sport=5353 dport=5353
mark=0 secmark=0 use=2
ipv4 2 udp 17 28 src=192.168.1.21 dst=255.255.255.255 sport=137
dport=137 [UNREPLIED] src=255.255.255.255 dst=192.168.1.21 sport=137 dport=137
mark=0 secmark=0 use=2
ipv4 2 udp 17 28 src=192.168.1.66 dst=255.255.255.255 sport=137
dport=137 [UNREPLIED] src=255.255.255.255 dst=192.168.1.66 sport=137 dport=137
mark=0 secmark=0 use=2
ipv4 2 udp 17 27 src=0.0.0.0 dst=255.255.255.255 sport=68 dport=67
[UNREPLIED] src=255.255.255.255 dst=0.0.0.0 sport=67 dport=68 mark=0 secmark=0
use=2
ipv4 2 unknown 2 515 src=192.168.1.69 dst=224.0.0.251 [UNREPLIED]
src=224.0.0.251 dst=192.168.1.69 mark=0 secmark=0 use=2
ipv4 2 udp 17 2 src=192.168.1.69 dst=255.255.255.255 sport=137
dport=137 [UNREPLIED] src=255.255.255.255 dst=192.168.1.69 sport=137 dport=137
mark=0 secmark=0 use=2
ipv4 2 unknown 2 515 src=81.4.133.247 dst=224.0.0.1 [UNREPLIED]
src=224.0.0.1 dst=81.4.133.247 mark=0 secmark=0 use=2
ipv4 2 unknown 2 515 src=104.129.91.216 dst=224.0.0.1 [UNREPLIED]
src=224.0.0.1 dst=104.129.91.216 mark=0 secmark=0 use=2
ipv4 2 unknown 2 583 src=192.168.128.251 dst=224.0.0.251 [UNREPLIED]
src=224.0.0.251 dst=192.168.128.251 mark=0 secmark=0 use=2
ipv4 2 unknown 2 282 src=192.168.1.68 dst=224.0.0.251 [UNREPLIED]
src=224.0.0.251 dst=192.168.1.68 mark=0 secmark=0 use=2
ipv4 2 udp 17 164 src=10.110.0.227 dst=129.250.35.250 sport=123
dport=123 src=129.250.35.250 dst=10.110.0.227 sport=123 dport=123 [ASSURED]
mark=0 secmark=0 use=2
ipv4 2 unknown 2 294 src=82.133.60.70 dst=224.0.0.251 [UNREPLIED]
src=224.0.0.251 dst=82.133.60.70 mark=0 secmark=0 use=2
ipv4 2 unknown 2 543 src=10.110.24.185 dst=224.0.0.1 [UNREPLIED]
src=224.0.0.1 dst=10.110.24.185 mark=0 secmark=0 use=2
ipv4 2 unknown 2 495 src=213.52.47.65 dst=224.0.0.1 [UNREPLIED]
src=224.0.0.1 dst=213.52.47.65 mark=0 secmark=0 use=2
ipv4 2 udp 17 12 src=192.168.1.41 dst=255.255.255.255 sport=137
dport=137 [UNREPLIED] src=255.255.255.255 dst=192.168.1.41 sport=137 dport=137
mark=0 secmark=0 use=2
IP Configuration
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
inet 127.0.0.1/8 scope host lo
6: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc prio state UP qlen
1000
inet 10.110.0.227/28 brd 10.110.0.239 scope global eth0
IP Stats
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
RX: bytes packets errors dropped overrun mcast
1973 20 0 0 0 0
TX: bytes packets errors dropped carrier collsns
1973 20 0 0 0 0
2: eth5: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 00:25:90:61:eb:40 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
0 0 0 0 0 0
3: eth4: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 00:25:90:61:eb:41 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
0 0 0 0 0 0
4: eth3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 00:25:90:61:eb:42 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
0 0 0 0 0 0
5: eth2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 00:25:90:61:eb:43 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
0 0 0 0 0 0
6: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc prio state UP qlen
1000
link/ether 00:25:90:6c:38:06 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
954052 5828 0 0 0 2075
TX: bytes packets errors dropped carrier collsns
99679 885 0 0 0 0
7: eth1: <NO-CARRIER,BROADCAST,UP> mtu 1500 qdisc pfifo_fast state DOWN qlen
1000
link/ether 00:25:90:6c:38:07 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
96823 670 0 0 0 22
TX: bytes packets errors dropped carrier collsns
125190 757 0 0 0 0
Bridges
bridge name bridge id STP enabled interfaces
Routing Rules
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
Table default:
Table local:
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
local 10.110.0.227 dev eth0 proto kernel scope host src 10.110.0.227
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1
broadcast 10.110.0.239 dev eth0 proto kernel scope link src 10.110.0.227
broadcast 10.110.0.224 dev eth0 proto kernel scope link src 10.110.0.227
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1
Table main:
10.110.0.224/28 dev eth0 proto kernel scope link src 10.110.0.227
169.254.0.0/16 dev eth0 scope link metric 1006
default via 10.110.0.225 dev eth0
Per-IP Counters
iptaccount is not installed
NF Accounting
No NF Accounting defined (nfacct not found)
/proc
/proc/version = Linux version 2.6.32-220.17.1.el6.x86_64
([email protected]) (gcc version 4.4.6 20110731 (Red Hat
4.4.6-3) (GCC) ) #1 SMP Wed May 16 00:01:37 BST 2012
/proc/sys/net/ipv4/ip_forward = 1
/proc/sys/net/ipv4/icmp_echo_ignore_all = 0
/proc/sys/net/ipv4/conf/all/proxy_arp = 0
/proc/sys/net/ipv4/conf/all/arp_filter = 0
/proc/sys/net/ipv4/conf/all/arp_ignore = 0
/proc/sys/net/ipv4/conf/all/rp_filter = 0
/proc/sys/net/ipv4/conf/all/log_martians = 0
/proc/sys/net/ipv4/conf/default/proxy_arp = 0
/proc/sys/net/ipv4/conf/default/arp_filter = 0
/proc/sys/net/ipv4/conf/default/arp_ignore = 0
/proc/sys/net/ipv4/conf/default/rp_filter = 0
/proc/sys/net/ipv4/conf/default/log_martians = 1
/proc/sys/net/ipv4/conf/eth0/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth0/arp_filter = 0
/proc/sys/net/ipv4/conf/eth0/arp_ignore = 0
/proc/sys/net/ipv4/conf/eth0/rp_filter = 0
/proc/sys/net/ipv4/conf/eth0/log_martians = 1
/proc/sys/net/ipv4/conf/eth1/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth1/arp_filter = 0
/proc/sys/net/ipv4/conf/eth1/arp_ignore = 0
/proc/sys/net/ipv4/conf/eth1/rp_filter = 0
/proc/sys/net/ipv4/conf/eth1/log_martians = 1
/proc/sys/net/ipv4/conf/eth2/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth2/arp_filter = 0
/proc/sys/net/ipv4/conf/eth2/arp_ignore = 0
/proc/sys/net/ipv4/conf/eth2/rp_filter = 0
/proc/sys/net/ipv4/conf/eth2/log_martians = 1
/proc/sys/net/ipv4/conf/eth3/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth3/arp_filter = 0
/proc/sys/net/ipv4/conf/eth3/arp_ignore = 0
/proc/sys/net/ipv4/conf/eth3/rp_filter = 0
/proc/sys/net/ipv4/conf/eth3/log_martians = 1
/proc/sys/net/ipv4/conf/eth4/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth4/arp_filter = 0
/proc/sys/net/ipv4/conf/eth4/arp_ignore = 0
/proc/sys/net/ipv4/conf/eth4/rp_filter = 0
/proc/sys/net/ipv4/conf/eth4/log_martians = 1
/proc/sys/net/ipv4/conf/eth5/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth5/arp_filter = 0
/proc/sys/net/ipv4/conf/eth5/arp_ignore = 0
/proc/sys/net/ipv4/conf/eth5/rp_filter = 0
/proc/sys/net/ipv4/conf/eth5/log_martians = 1
/proc/sys/net/ipv4/conf/lo/proxy_arp = 0
/proc/sys/net/ipv4/conf/lo/arp_filter = 0
/proc/sys/net/ipv4/conf/lo/arp_ignore = 0
/proc/sys/net/ipv4/conf/lo/rp_filter = 0
/proc/sys/net/ipv4/conf/lo/log_martians = 1
ARP
? (10.110.0.225) at 00:20:0e:10:47:9a [ether] on eth0
Modules
ip_set 31069 1 xt_set
iptable_filter 2793 1
iptable_mangle 3349 1
iptable_nat 6158 1
iptable_raw 2264 0
ip_tables 17831 4
iptable_raw,iptable_nat,iptable_mangle,iptable_filter
ipt_addrtype 2153 4
ipt_ah 1247 0
ipt_CLUSTERIP 6988 0
ipt_ecn 1507 0
ipt_ECN 1955 0
ipt_LOG 5845 1
ipt_MASQUERADE 2466 2
ipt_NETMAP 1832 0
ipt_REDIRECT 1840 0
ipt_REJECT 2383 4
ipt_ULOG 10765 0
nf_conntrack 79453 35
xt_connlimit,ipt_MASQUERADE,ipt_CLUSTERIP,nf_nat_tftp,nf_nat_snmp_basic,nf_conntrack_snmp,nf_nat_sip,nf_nat_pptp,nf_nat_irc,nf_nat_h323,nf_nat_ftp,nf_nat_amanda,nf_conntrack_amanda,nf_conntrack_sane,nf_conntrack_tftp,nf_conntrack_sip,nf_conntrack_proto_udplite,nf_conntrack_proto_sctp,nf_conntrack_pptp,nf_conntrack_proto_gre,nf_conntrack_netlink,nf_conntrack_netbios_ns,nf_conntrack_broadcast,nf_conntrack_irc,nf_conntrack_h323,nf_conntrack_ftp,xt_helper,xt_conntrack,xt_CONNMARK,xt_connmark,iptable_nat,nf_nat,nf_conntrack_ipv4,nf_conntrack_ipv6,xt_state
nf_conntrack_amanda 2979 1 nf_nat_amanda
nf_conntrack_broadcast 1471 2 nf_conntrack_snmp,nf_conntrack_netbios_ns
nf_conntrack_ftp 12913 1 nf_nat_ftp
nf_conntrack_h323 67696 1 nf_nat_h323
nf_conntrack_ipv4 9506 22 iptable_nat,nf_nat
nf_conntrack_ipv6 8748 2
nf_conntrack_irc 5530 1 nf_nat_irc
nf_conntrack_netbios_ns 1323 0
nf_conntrack_netlink 17264 0
nf_conntrack_pptp 12166 1 nf_nat_pptp
nf_conntrack_proto_gre 7195 1 nf_conntrack_pptp
nf_conntrack_proto_sctp 12482 0
nf_conntrack_proto_udplite 3348 0
nf_conntrack_sane 5716 0
nf_conntrack_sip 19359 1 nf_nat_sip
nf_conntrack_snmp 1651 1 nf_nat_snmp_basic
nf_conntrack_tftp 4878 1 nf_nat_tftp
nf_defrag_ipv4 1483 2 xt_TPROXY,nf_conntrack_ipv4
nf_defrag_ipv6 12182 2 xt_TPROXY,nf_conntrack_ipv6
nf_nat 22726 12
ipt_REDIRECT,ipt_NETMAP,ipt_MASQUERADE,nf_nat_tftp,nf_nat_sip,nf_nat_pptp,nf_nat_proto_gre,nf_nat_irc,nf_nat_h323,nf_nat_ftp,nf_nat_amanda,iptable_nat
nf_nat_amanda 1277 0
nf_nat_ftp 3507 0
nf_nat_h323 8830 0
nf_nat_irc 1883 0
nf_nat_pptp 4653 0
nf_nat_proto_gre 3028 1 nf_nat_pptp
nf_nat_sip 6171 0
nf_nat_snmp_basic 8822 0
nf_nat_tftp 987 0
nf_tproxy_core 1460 1 xt_TPROXY,[permanent]
xt_AUDIT 3064 0
xt_CHECKSUM 1303 0
xt_CLASSIFY 1069 0
xt_comment 1034 9
xt_connlimit 3430 0
xt_connmark 1347 0
xt_CONNMARK 1507 0
xt_conntrack 2776 19
xt_dccp 2215 0
xt_dscp 1831 0
xt_DSCP 2279 0
xt_hashlimit 9781 0
xt_helper 1497 0
xt_iprange 2312 0
xt_length 1322 0
xt_limit 2182 0
xt_mac 1118 0
xt_mark 1057 0
xt_MARK 1057 8
xt_multiport 2700 16
xt_NFLOG 1195 0
xt_NFQUEUE 2186 0
xt_owner 1252 0
xt_physdev 1741 0
xt_pkttype 1194 0
xt_policy 2616 0
xt_realm 1060 0
xt_recent 7932 0
xt_sctp 2508 0
xt_set 4032 0
xt_state 1492 2
xt_statistic 1652 0
xt_tcpmss 1607 0
xt_TCPMSS 3445 0
xt_time 2183 0
xt_TPROXY 8976 0
Shorewall has detected the following iptables/netfilter capabilities:
ACCOUNT Target (ACCOUNT_TARGET): Not available
Address Type Match (ADDRTYPE): Available
Amanda Helper: Available
Arptables JF: Not available
AUDIT Target (AUDIT_TARGET): Available
Basic Filter (BASIC_FILTER): Available
Capabilities Version (CAPVERSION): 40515
Checksum Target: Available
CLASSIFY Target (CLASSIFY_TARGET): Available
Comments (COMMENTS): Available
Condition Match (CONDITION_MATCH): Not available
Connection Tracking Match (CONNTRACK_MATCH): Available
Connlimit Match (CONNLIMIT_MATCH): Available
Connmark Match (CONNMARK_MATCH): Available
CONNMARK Target (CONNMARK): Available
CT Target (CT_TARGET): Not available
DSCP Match (DSCP_MATCH): Available
DSCP Target (DSCP_TARGET): Available
Enhanced Multi-port Match (EMULIPORT): Available
Extended Connection Tracking Match Support (NEW_CONNTRACK_MATCH): Available
Extended Connmark Match (XCONNMARK_MATCH): Available
Extended CONNMARK Target (XCONNMARK): Available
Extended MARK Target 2 (EXMARK): Available
Extended MARK Target (XMARK): Available
Extended Multi-port Match (XMULIPORT): Available
Extended REJECT (ENHANCED_REJECT): Available
FLOW Classifier (FLOW_FILTER): Available
FTP-0 Helper: Not available
FTP Helper: Available
fwmark route mask (FWMARK_RT_MASK): Available
Geo IP match: Not available
Goto Support (GOTO_TARGET): Available
H323 Helper: Available
Hashlimit Match (HASHLIMIT_MATCH): Available
Header Match (HEADER_MATCH): Not available
Helper Match (HELPER_MATCH): Available
IMQ Target (IMQ_TARGET): Not available
IPMARK Target (IPMARK_TARGET): Not available
IPP2P Match (IPP2P_MATCH): Not available
IP range Match(IPRANGE_MATCH): Available
ipset V5 (IPSET_V5): Not available
iptables -S (IPTABLES_S): Available
IRC-0 Helper: Not available
IRC Helper: Available
Kernel Version (KERNELVERSION): 20632
LOGMARK Target (LOGMARK_TARGET): Not available
LOG Target (LOG_TARGET): Available
Mangle FORWARD Chain (MANGLE_FORWARD): Available
Mark in any table (MARK_ANYWHERE): Available
MARK Target (MARK): Available
MASQUERADE Target: Available
Multi-port Match (MULTIPORT): Available
NAT (NAT_ENABLED): Available
Netbios_ns Helper: Not available
New tos Match: Available
NFAcct match: Not available
NFLOG Target (NFLOG_TARGET): Available
NFQUEUE Target (NFQUEUE_TARGET): Available
Owner Match (OWNER_MATCH): Available
Owner Name Match (OWNER_NAME_MATCH): Available
Packet length Match (LENGTH_MATCH): Available
Packet Mangling (MANGLE_ENABLED): Available
Packet Type Match (USEPKTTYPE): Available
Persistent SNAT (PERSISTENT_SNAT): Available
Physdev-is-bridged Support (PHYSDEV_BRIDGE): Available
Physdev Match (PHYSDEV_MATCH): Available
Policy Match (POLICY_MATCH): Available
PPTP Helper: Available
Rawpost Table (RAWPOST_TABLE): Not available
Raw Table (RAW_TABLE): Available
Realm Match (REALM_MATCH): Available
Recent Match (RECENT_MATCH): Available
Repeat match (KLUDGEFREE): Available
RPFilter match: Not available
SANE-0 Helper: Not available
SANE Helper: Available
SIP-0 Helper: Not available
SIP Helper: Available
SNMP Helper: Available
Statistic Match (STATISTIC_MATCH): Available
TCPMSS Match (TCPMSS_MATCH): Available
TFTP-0 Helper: Not available
TFTP Helper: Available
Time Match (TIME_MATCH): Available
TPROXY Target (TPROXY_TARGET): Available
UDPLITE Port Redirection: Not available
ULOG Target (ULOG_TARGET): Available
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address
State PID/Program name
tcp 0 0 0.0.0.0:3306 0.0.0.0:*
LISTEN 2295/mysqld
tcp 0 0 0.0.0.0:52394 0.0.0.0:*
LISTEN 1472/rpc.statd
tcp 0 0 0.0.0.0:111 0.0.0.0:*
LISTEN 1454/rpcbind
tcp 0 0 0.0.0.0:21 0.0.0.0:*
LISTEN 2170/vsftpd
tcp 0 0 192.168.100.254:53 0.0.0.0:*
LISTEN 1431/named
tcp 0 0 10.110.0.227:53 0.0.0.0:*
LISTEN 1431/named
tcp 0 0 127.0.0.1:53 0.0.0.0:*
LISTEN 1431/named
tcp 0 0 0.0.0.0:22 0.0.0.0:*
LISTEN 2143/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:*
LISTEN 2465/master
tcp 0 0 127.0.0.1:953 0.0.0.0:*
LISTEN 1431/named
tcp 0 0 :::111 :::*
LISTEN 1454/rpcbind
tcp 0 0 :::80 :::*
LISTEN 2505/httpd
tcp 0 0 :::42645 :::*
LISTEN 1472/rpc.statd
tcp 0 0 :::22 :::*
LISTEN 2143/sshd
tcp 0 0 ::1:953 :::*
LISTEN 1431/named
tcp 0 0 :::443 :::*
LISTEN 2505/httpd
tcp 0 0 :::540 :::*
LISTEN 2151/xinetd
udp 0 0 0.0.0.0:781 0.0.0.0:*
1454/rpcbind
udp 0 0 0.0.0.0:783 0.0.0.0:*
1365/portreserve
udp 0 0 0.0.0.0:800 0.0.0.0:*
1472/rpc.statd
udp 0 0 192.168.100.254:53 0.0.0.0:*
1431/named
udp 0 0 10.110.0.227:53 0.0.0.0:*
1431/named
udp 0 0 127.0.0.1:53 0.0.0.0:*
1431/named
udp 0 0 0.0.0.0:58168 0.0.0.0:*
1539/avahi-daemon
udp 0 0 0.0.0.0:69 0.0.0.0:*
2151/xinetd
udp 0 0 0.0.0.0:5353 0.0.0.0:*
1539/avahi-daemon
udp 0 0 0.0.0.0:111 0.0.0.0:*
1454/rpcbind
udp 0 0 0.0.0.0:54261 0.0.0.0:*
1472/rpc.statd
udp 0 0 0.0.0.0:631 0.0.0.0:*
1365/portreserve
udp 0 0 10.110.0.227:123 0.0.0.0:*
2159/ntpd
udp 0 0 127.0.0.1:123 0.0.0.0:*
2159/ntpd
udp 0 0 0.0.0.0:123 0.0.0.0:*
2159/ntpd
udp 0 0 :::781 :::*
1454/rpcbind
udp 0 0 :::111 :::*
1454/rpcbind
udp 0 0 :::34800 :::*
1472/rpc.statd
udp 0 0 fe80::225:90ff:fe6c:3807:123 :::*
2159/ntpd
udp 0 0 fe80::225:90ff:fe6c:3806:123 :::*
2159/ntpd
udp 0 0 ::1:123 :::*
2159/ntpd
udp 0 0 :::123 :::*
2159/ntpd
Traffic Control
Device eth0:
qdisc prio 1: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
Sent 1214 bytes 13 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
qdisc sfq 11: parent 1:1 limit 127p quantum 1875b flows 127/1024 perturb 10sec
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
qdisc sfq 12: parent 1:2 limit 127p quantum 1875b flows 127/1024 perturb 10sec
Sent 444 bytes 6 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
qdisc sfq 13: parent 1:3 limit 127p quantum 1875b flows 127/1024 perturb 10sec
Sent 770 bytes 7 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
class prio 1:1 parent 1: leaf 11:
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
class prio 1:2 parent 1: leaf 12:
Sent 444 bytes 6 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
class prio 1:3 parent 1: leaf 13:
Sent 770 bytes 7 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
Device eth1:
qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1
1 1
Sent 125190 bytes 757 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
TC Filters
Device eth0:
filter parent 1: protocol all pref 1 u32
filter parent 1: protocol all pref 1 u32 fh 800: ht divisor 1
filter parent 1: protocol all pref 1 u32 fh 800::800 order 2048 key ht 800 bkt
0 flowid 1:1 (rule hit 13 success 0)
match 00060000/00ff0000 at 8 (success 0 )
match 05000000/0f00ffc0 at 0 (success 0 )
match 00100000/00ff0000 at 32 (success 0 )
filter parent 1: protocol all pref 1 u32 fh 800::801 order 2049 key ht 800 bkt
0 flowid 1:1 (rule hit 13 success 0)
match 00000600/0000ff00 at 4 (success 0 )
match 05000000/0f00ffc0 at 0 (success 0 )
match 00100000/00ff0000 at 32 (success 0 )
filter parent 1: protocol all pref 17 fw
filter parent 1: protocol all pref 17 fw handle 0x1 classid 1:1
filter parent 1: protocol all pref 18 fw
filter parent 1: protocol all pref 18 fw handle 0x2 classid 1:2
filter parent 1: protocol all pref 19 fw
filter parent 1: protocol all pref 19 fw handle 0x3 classid 1:3
Device eth1:
------------------------------------------------------------------------------
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
