I have a remote location and acces via vpn without problems
even i can conect a localmachine using dnat, for conect her
but i wanna connect to router for acces to him but it dont work
rules
?SECTION ALL
?SECTION ESTABLISHED
?SECTION RELATED
?SECTION INVALID
?SECTION UNTRACKED
?SECTION NEW
Invalid(DROP) net all tcp
DNS(ACCEPT) $FW net
SSH(ACCEPT) loc $FW
SSH(ACCEPT) vpn $FW
Ping(ACCEPT) loc $FW
Ping(DROP) net $FW
ACCEPT $FW loc icmp
ACCEPT $FW net icmp
ACCEPT vpn all all
DNS(ACCEPT) loc $FW
SSH(ACCEPT) net $FW TCP
DNAT vpn loc:10.1.3.2 tcp 6000 #this work
DNAT vpn net:192.168.1.1 tcp 80 - &tun0 # this not
work
(end of rules)
from a remote localtion i get this
nmap 10.0.8.4 # (vpn adress)
Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-21 10:18 CEST
Nmap scan report for 10.0.8.4
Host is up (0.17s latency).
Not shown: 996 closed ports
PORT STATE SERVICE
22/tcp open ssh
53/tcp open domain
80/tcp filtered http
6000/tcp open X11
Nmap done: 1 IP address (1 host up) scanned in 13.33 seconds
this is my shorewall dump
Shorewall 5.0.4 Dump at figueres - Thu Apr 21 08:38:17 UTC 2016
Shorewall is running
State:Started (Thu Apr 21 08:16:32 UTC 2016) from /etc/shorewall/
(/var/lib/shorewall/firewall compiled by Shorewall version 5.0.4)
Counters reset Thu Apr 21 08:16:32 UTC 2016
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
35155 45M net-fw all -- wlan0 * 0.0.0.0/0
0.0.0.0/0
0 0 ~comb0 all -- eth0 * 0.0.0.0/0
0.0.0.0/0
4422 265K ~comb0 all -- tun0 * 0.0.0.0/0
0.0.0.0/0
1654 148K ACCEPT all -- lo * 0.0.0.0/0
0.0.0.0/0
0 0 Reject all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 6 prefix "Shorewall:INPUT:REJECT:"
0 0 reject all -- * * 0.0.0.0/0
0.0.0.0/0 [goto]
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
23 1316 TCPMSS tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU
0 0 net_frwd all -- wlan0 * 0.0.0.0/0
0.0.0.0/0
4 176 loc_frwd all -- eth0 * 0.0.0.0/0
0.0.0.0/0
25 1380 vpn_frwd all -- tun0 * 0.0.0.0/0
0.0.0.0/0
0 0 Reject all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 6 prefix "Shorewall:FORWARD:REJECT:"
0 0 reject all -- * * 0.0.0.0/0
0.0.0.0/0 [goto]
Chain OUTPUT (policy ACCEPT 13731 packets, 1423K bytes)
pkts bytes target prot opt in out source
destination
Chain Broadcast (2 references)
pkts bytes target prot opt in out source
destination
4 974 DROP all -- * * 0.0.0.0/0
0.0.0.0/0 ADDRTYPE match dst-type BROADCAST
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0 ADDRTYPE match dst-type MULTICAST
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0 ADDRTYPE match dst-type ANYCAST
Chain Drop (2 references)
pkts bytes target prot opt in out source
destination
4 974 all -- * * 0.0.0.0/0
0.0.0.0/0
4 974 Broadcast all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmptype 3 code 4 /* Needed ICMP types */
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmptype 11 /* Needed ICMP types */
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate INVALID
0 0 DROP udp -- * * 0.0.0.0/0
0.0.0.0/0 multiport dports 135,445 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpts:137:139 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0
0.0.0.0/0 udp spt:137 dpts:1024:65535 /* SMB */
0 0 DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0 multiport dports 135,139,445 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:1900 /* UPnP */
0 0 DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:!0x17/0x02
0 0 DROP udp -- * * 0.0.0.0/0
0.0.0.0/0 udp spt:53 /* Late DNS Replies */
Chain Reject (2 references)
pkts bytes target prot opt in out source
destination
0 0 all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 Broadcast all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmptype 3 code 4 /* Needed ICMP types */
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmptype 11 /* Needed ICMP types */
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate INVALID
0 0 reject udp -- * * 0.0.0.0/0
0.0.0.0/0 multiport dports 135,445 /* SMB */
0 0 reject udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpts:137:139 /* SMB */
0 0 reject udp -- * * 0.0.0.0/0
0.0.0.0/0 udp spt:137 dpts:1024:65535 /* SMB */
0 0 reject tcp -- * * 0.0.0.0/0
0.0.0.0/0 multiport dports 135,139,445 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:1900 /* UPnP */
0 0 DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:!0x17/0x02
0 0 DROP udp -- * * 0.0.0.0/0
0.0.0.0/0 udp spt:53 /* Late DNS Replies */
Chain dynamic (5 references)
pkts bytes target prot opt in out source
destination
Chain loc_frwd (1 references)
pkts bytes target prot opt in out source
destination
0 0 dynamic all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate INVALID,NEW,UNTRACKED
0 0 smurfs all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate INVALID,NEW,UNTRACKED
4 176 tcpflags tcp -- * * 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT all -- * wlan0 0.0.0.0/0
0.0.0.0/0
4 176 ACCEPT all -- * tun0 0.0.0.0/0
0.0.0.0/0
Chain logdrop (0 references)
pkts bytes target prot opt in out source
destination
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0
Chain logflags (7 references)
pkts bytes target prot opt in out source
destination
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 4 level 6 prefix "Shorewall:logflags:DROP:"
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0
Chain logreject (0 references)
pkts bytes target prot opt in out source
destination
0 0 reject all -- * * 0.0.0.0/0
0.0.0.0/0
Chain net-fw (1 references)
pkts bytes target prot opt in out source
destination
16 1454 dynamic all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate INVALID,NEW,UNTRACKED
16 1454 smurfs all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate INVALID,NEW,UNTRACKED
0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpts:67:68
30582 45M tcpflags tcp -- * * 0.0.0.0/0
0.0.0.0/0
35139 45M ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate RELATED,ESTABLISHED
12 480 DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0 ctstate INVALID
0 0 DROP icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmptype 8 /* Ping */
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:22 /* SSH */
4 974 Drop all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 6 prefix "Shorewall:net-fw:DROP:"
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0
Chain net-loc (1 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0 ctstate INVALID
0 0 Drop all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 6 prefix "Shorewall:net-loc:DROP:"
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0
Chain net-vpn (1 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0 ctstate INVALID
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0
Chain net_frwd (1 references)
pkts bytes target prot opt in out source
destination
0 0 dynamic all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate INVALID,NEW,UNTRACKED
0 0 smurfs all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate INVALID,NEW,UNTRACKED
0 0 tcpflags tcp -- * * 0.0.0.0/0
0.0.0.0/0
0 0 net-loc all -- * eth0 0.0.0.0/0
0.0.0.0/0
0 0 net-vpn all -- * tun0 0.0.0.0/0
0.0.0.0/0
Chain reject (7 references)
pkts bytes target prot opt in out source
destination
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0 ADDRTYPE match src-type BROADCAST
0 0 DROP all -- * * 224.0.0.0/4
0.0.0.0/0
0 0 DROP 2 -- * * 0.0.0.0/0
0.0.0.0/0
0 0 REJECT tcp -- * * 0.0.0.0/0
0.0.0.0/0 reject-with tcp-reset
0 0 REJECT udp -- * * 0.0.0.0/0
0.0.0.0/0 reject-with icmp-port-unreachable
0 0 REJECT icmp -- * * 0.0.0.0/0
0.0.0.0/0 reject-with icmp-host-unreachable
0 0 REJECT all -- * * 0.0.0.0/0
0.0.0.0/0 reject-with icmp-host-prohibited
Chain sha-lh-5228655fddc23881908d (0 references)
pkts bytes target prot opt in out source
destination
Chain sha-rh-1b095798417d2c7f6fc5 (0 references)
pkts bytes target prot opt in out source
destination
Chain shorewall (0 references)
pkts bytes target prot opt in out source
destination
0 0 all -- * * 0.0.0.0/0
0.0.0.0/0 recent: SET name: %CURRENTTIME side: source mask:
255.255.255.255
Chain smurflog (2 references)
pkts bytes target prot opt in out source
destination
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 6 prefix "Shorewall:smurfs:DROP:"
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0
Chain smurfs (5 references)
pkts bytes target prot opt in out source
destination
0 0 RETURN all -- * * 0.0.0.0
0.0.0.0/0
0 0 smurflog all -- * * 0.0.0.0/0
0.0.0.0/0 [goto] ADDRTYPE match src-type BROADCAST
0 0 smurflog all -- * * 224.0.0.0/4
0.0.0.0/0 [goto]
Chain tcpflags (5 references)
pkts bytes target prot opt in out source
destination
0 0 logflags tcp -- * * 0.0.0.0/0
0.0.0.0/0 [goto] tcp flags:0x3F/0x29
0 0 logflags tcp -- * * 0.0.0.0/0
0.0.0.0/0 [goto] tcp flags:0x3F/0x00
0 0 logflags tcp -- * * 0.0.0.0/0
0.0.0.0/0 [goto] tcp flags:0x06/0x06
0 0 logflags tcp -- * * 0.0.0.0/0
0.0.0.0/0 [goto] tcp flags:0x05/0x05
0 0 logflags tcp -- * * 0.0.0.0/0
0.0.0.0/0 [goto] tcp flags:0x03/0x03
0 0 logflags tcp -- * * 0.0.0.0/0
0.0.0.0/0 [goto] tcp flags:0x19/0x09
0 0 logflags tcp -- * * 0.0.0.0/0
0.0.0.0/0 [goto] tcp spt:0 flags:0x17/0x02
Chain vpn_frwd (1 references)
pkts bytes target prot opt in out source
destination
19 1140 dynamic all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate INVALID,NEW,UNTRACKED
19 1140 smurfs all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate INVALID,NEW,UNTRACKED
25 1380 tcpflags tcp -- * * 0.0.0.0/0
0.0.0.0/0
15 900 ACCEPT all -- * wlan0 0.0.0.0/0
0.0.0.0/0
10 480 ACCEPT all -- * eth0 0.0.0.0/0
0.0.0.0/0
Chain ~comb0 (2 references)
pkts bytes target prot opt in out source
destination
2198 132K dynamic all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate INVALID,NEW,UNTRACKED
2198 132K smurfs all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate INVALID,NEW,UNTRACKED
0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpts:67:68
4422 265K tcpflags tcp -- * * 0.0.0.0/0
0.0.0.0/0
4422 265K ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0
Log (/var/log/shorewall)
NAT Table
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
2214 133K vpn_dnat all -- tun0 * 0.0.0.0/0
0.0.0.0/0
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
Chain OUTPUT (policy ACCEPT 60 packets, 3853 bytes)
pkts bytes target prot opt in out source
destination
Chain POSTROUTING (policy ACCEPT 60 packets, 3853 bytes)
pkts bytes target prot opt in out source
destination
0 0 MASQUERADE all -- * wlan0 10.1.3.0/24
0.0.0.0/0
Chain vpn_dnat (1 references)
pkts bytes target prot opt in out source
destination
4 240 DNAT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:6000 to:10.1.3.2
12 720 DNAT tcp -- * * 0.0.0.0/0
10.0.8.4 tcp dpt:80 to:192.168.1.1
Mangle Table
Chain PREROUTING (policy ACCEPT 17398 packets, 21M bytes)
pkts bytes target prot opt in out source
destination
Chain INPUT (policy ACCEPT 17398 packets, 21M bytes)
pkts bytes target prot opt in out source
destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
29 1556 MARK all -- * * 0.0.0.0/0
0.0.0.0/0 MARK and 0xffffff00
Chain OUTPUT (policy ACCEPT 13787 packets, 1455K bytes)
pkts bytes target prot opt in out source
destination
Chain POSTROUTING (policy ACCEPT 13787 packets, 1455K bytes)
pkts bytes target prot opt in out source
destination
Raw Table
Chain PREROUTING (policy ACCEPT 17380 packets, 21M bytes)
pkts bytes target prot opt in out source
destination
0 0 CT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:10080 CT helper amanda
2 120 CT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:21 CT helper ftp
0 0 CT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:1719 CT helper RAS
2 120 CT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:1720 CT helper Q.931
2 120 CT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:6667 CT helper irc
0 0 CT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:137 CT helper netbios-ns
2 120 CT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:1723 CT helper pptp
2 120 CT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:6566 CT helper sane
0 0 CT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:5060 CT helper sip
0 0 CT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:161 CT helper snmp
0 0 CT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:69 CT helper tftp
Chain OUTPUT (policy ACCEPT 13775 packets, 1451K bytes)
pkts bytes target prot opt in out source
destination
0 0 CT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:10080 CT helper amanda
0 0 CT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:21 CT helper ftp
0 0 CT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:1719 CT helper RAS
0 0 CT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:1720 CT helper Q.931
0 0 CT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:6667 CT helper irc
0 0 CT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:137 CT helper netbios-ns
0 0 CT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:1723 CT helper pptp
0 0 CT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:6566 CT helper sane
0 0 CT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:5060 CT helper sip
0 0 CT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:161 CT helper snmp
0 0 CT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:69 CT helper tftp
Conntrack Table (42 out of 59048)
udp 17 34 src=192.168.1.128 dst=8.8.4.4 sport=51096 dport=53
src=8.8.4.4 dst=192.168.1.128 sport=53 dport=51096 [ASSURED] mark=0 use=2
tcp 6 82115 ESTABLISHED src=10.0.8.5 dst=10.0.8.2 sport=53600 dport=22
src=10.0.8.2 dst=10.0.8.5 sport=22 dport=53600 [ASSURED] mark=0 use=2
udp 17 35 src=192.168.1.128 dst=8.8.4.4 sport=46085 dport=53
src=8.8.4.4 dst=192.168.1.128 sport=53 dport=46085 [ASSURED] mark=0 use=2
udp 17 34 src=192.168.1.128 dst=8.8.8.8 sport=52008 dport=53
src=8.8.8.8 dst=192.168.1.128 sport=53 dport=52008 [ASSURED] mark=0 use=2
tcp 6 96 TIME_WAIT src=192.168.1.128 dst=107.6.170.212 sport=46058
dport=80 src=107.6.170.212 dst=192.168.1.128 sport=80 dport=46058 [ASSURED]
mark=0 use=2
tcp 6 431976 ESTABLISHED src=10.0.8.2 dst=10.0.8.4 sport=50492
dport=22 src=10.0.8.4 dst=10.0.8.2 sport=22 dport=50492 [ASSURED] mark=0
use=2
udp 17 35 src=192.168.1.128 dst=8.8.8.8 sport=50537 dport=53
src=8.8.8.8 dst=192.168.1.128 sport=53 dport=50537 [ASSURED] mark=0 use=2
udp 17 34 src=192.168.1.128 dst=8.8.8.8 sport=57981 dport=53
src=8.8.8.8 dst=192.168.1.128 sport=53 dport=57981 [ASSURED] mark=0 use=2
udp 17 56 src=192.168.1.128 dst=8.8.8.8 sport=39412 dport=53
src=8.8.8.8 dst=192.168.1.128 sport=53 dport=39412 [ASSURED] mark=0 use=2
udp 17 34 src=192.168.1.128 dst=8.8.4.4 sport=57759 dport=53
src=8.8.4.4 dst=192.168.1.128 sport=53 dport=57759 [ASSURED] mark=0 use=2
udp 17 156 src=192.168.1.128 dst=8.8.8.8 sport=45573 dport=53
src=8.8.8.8 dst=192.168.1.128 sport=53 dport=45573 [ASSURED] mark=0 use=2
tcp 6 299 ESTABLISHED src=10.0.8.2 dst=10.0.8.4 sport=42786 dport=22
src=10.0.8.4 dst=10.0.8.2 sport=22 dport=42786 [ASSURED] mark=0 use=2
udp 17 34 src=192.168.1.128 dst=8.8.8.8 sport=50023 dport=53
src=8.8.8.8 dst=192.168.1.128 sport=53 dport=50023 [ASSURED] mark=0 use=2
udp 17 179 src=192.168.1.128 dst=83.58.186.174 sport=35976 dport=1194
src=83.58.186.174 dst=192.168.1.128 sport=1194 dport=35976 [ASSURED] mark=0
use=2
udp 17 34 src=192.168.1.128 dst=8.8.4.4 sport=58363 dport=53
src=8.8.4.4 dst=192.168.1.128 sport=53 dport=58363 [ASSURED] mark=0 use=2
udp 17 47 src=192.168.1.128 dst=8.8.8.8 sport=49717 dport=53
src=8.8.8.8 dst=192.168.1.128 sport=53 dport=49717 [ASSURED] mark=0 use=2
udp 17 60 src=192.168.1.128 dst=8.8.8.8 sport=40745 dport=53
src=8.8.8.8 dst=192.168.1.128 sport=53 dport=40745 [ASSURED] mark=0 use=2
udp 17 35 src=192.168.1.128 dst=8.8.8.8 sport=56320 dport=53
src=8.8.8.8 dst=192.168.1.128 sport=53 dport=56320 [ASSURED] mark=0 use=2
udp 17 34 src=192.168.1.128 dst=8.8.8.8 sport=57200 dport=53
src=8.8.8.8 dst=192.168.1.128 sport=53 dport=57200 [ASSURED] mark=0 use=2
udp 17 34 src=192.168.1.128 dst=8.8.8.8 sport=38250 dport=53
src=8.8.8.8 dst=192.168.1.128 sport=53 dport=38250 [ASSURED] mark=0 use=2
IP Configuration
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
default
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP
group default qlen 1000
inet 10.1.3.1/24 brd 10.1.3.255 scope global eth0
valid_lft forever preferred_lft forever
3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP
group default qlen 1000
inet 192.168.1.128/24 brd 192.168.1.255 scope global wlan0
valid_lft forever preferred_lft forever
14: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel
state UNKNOWN group default qlen 100
inet 10.0.8.4/24 brd 10.0.8.255 scope global tun0
valid_lft forever preferred_lft forever
IP Stats
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode
DEFAULT group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
RX: bytes packets errors dropped overrun mcast
2088685 23936 0 0 0 0
TX: bytes packets errors dropped carrier collsns
2088685 23936 0 0 0 0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP
mode DEFAULT group default qlen 1000
link/ether b8:27:eb:85:6d:c7 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
1347876 17666 0 17533 0 0
TX: bytes packets errors dropped carrier collsns
16669 238 0 0 0 0
3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode
DORMANT group default qlen 1000
link/ether 40:a5:ef:03:0c:09 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
500782585 632015 0 1728480 0 0
TX: bytes packets errors dropped carrier collsns
63799000 475756 0 1 0 0
14: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel
state UNKNOWN mode DEFAULT group default qlen 100
link/none
RX: bytes packets errors dropped overrun mcast
2373469 37288 0 0 0 0
TX: bytes packets errors dropped carrier collsns
3120873 33949 0 180 0 0
Routing Rules
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
Table default:
Table local:
local 192.168.1.128 dev wlan0 proto kernel scope host src 192.168.1.128
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
local 10.1.3.1 dev eth0 proto kernel scope host src 10.1.3.1
local 10.0.8.4 dev tun0 proto kernel scope host src 10.0.8.4
broadcast 192.168.1.255 dev wlan0 proto kernel scope link src 192.168.1.128
broadcast 192.168.1.0 dev wlan0 proto kernel scope link src 192.168.1.128
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1
broadcast 10.1.3.255 dev eth0 proto kernel scope link src 10.1.3.1
broadcast 10.1.3.0 dev eth0 proto kernel scope link src 10.1.3.1
broadcast 10.0.8.255 dev tun0 proto kernel scope link src 10.0.8.4
broadcast 10.0.8.0 dev tun0 proto kernel scope link src 10.0.8.4
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1
Table main:
192.168.1.0/24 dev wlan0 proto kernel scope link src 192.168.1.128 metric
303
10.1.3.0/24 dev eth0 proto kernel scope link src 10.1.3.1
10.1.1.0/24 via 10.0.8.1 dev tun0
10.0.8.0/24 dev tun0 proto kernel scope link src 10.0.8.4
default via 192.168.1.1 dev wlan0 src 192.168.1.128 metric 303
Per-IP Counters
iptaccount is not installed
NF Accounting
No NF Accounting defined (nfacct not found)
Events
/proc
/proc/version = Linux version 4.1.19-5-ARCH (builduser@leming) (gcc
version 5.3.0 (GCC) ) #1 SMP Tue Mar 15 19:59:28 MDT 2016
/proc/sys/net/ipv4/ip_forward = 1
/proc/sys/net/ipv4/icmp_echo_ignore_all = 0
/proc/sys/net/ipv4/conf/all/proxy_arp = 0
/proc/sys/net/ipv4/conf/all/arp_filter = 0
/proc/sys/net/ipv4/conf/all/arp_ignore = 0
/proc/sys/net/ipv4/conf/all/rp_filter = 0
/proc/sys/net/ipv4/conf/all/log_martians = 0
/proc/sys/net/ipv4/conf/default/proxy_arp = 0
/proc/sys/net/ipv4/conf/default/arp_filter = 0
/proc/sys/net/ipv4/conf/default/arp_ignore = 0
/proc/sys/net/ipv4/conf/default/rp_filter = 0
/proc/sys/net/ipv4/conf/default/log_martians = 1
/proc/sys/net/ipv4/conf/eth0/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth0/arp_filter = 0
/proc/sys/net/ipv4/conf/eth0/arp_ignore = 0
/proc/sys/net/ipv4/conf/eth0/rp_filter = 1
/proc/sys/net/ipv4/conf/eth0/log_martians = 1
/proc/sys/net/ipv4/conf/lo/proxy_arp = 0
/proc/sys/net/ipv4/conf/lo/arp_filter = 0
/proc/sys/net/ipv4/conf/lo/arp_ignore = 0
/proc/sys/net/ipv4/conf/lo/rp_filter = 0
/proc/sys/net/ipv4/conf/lo/log_martians = 1
/proc/sys/net/ipv4/conf/tun0/proxy_arp = 0
/proc/sys/net/ipv4/conf/tun0/arp_filter = 0
/proc/sys/net/ipv4/conf/tun0/arp_ignore = 0
/proc/sys/net/ipv4/conf/tun0/rp_filter = 1
/proc/sys/net/ipv4/conf/tun0/log_martians = 1
/proc/sys/net/ipv4/conf/wlan0/proxy_arp = 0
/proc/sys/net/ipv4/conf/wlan0/arp_filter = 0
/proc/sys/net/ipv4/conf/wlan0/arp_ignore = 0
/proc/sys/net/ipv4/conf/wlan0/rp_filter = 1
/proc/sys/net/ipv4/conf/wlan0/log_martians = 1
ARP
? (192.168.1.131) at cc:3a:61:69:75:4b [ether] on wlan0
? (192.168.1.1) at d8:b6:b7:02:90:aa [ether] on wlan0
? (10.1.3.2) at 00:50:c2:09:2f:19 [ether] on eth0
Modules
ip_tables 12167 4
iptable_filter,iptable_mangle,iptable_nat,iptable_raw
ipt_MASQUERADE 1047 1
ipt_REJECT 1395 4
ipt_rpfilter 1776 0
iptable_filter 1541 1
iptable_mangle 1548 1
iptable_nat 1632 1
iptable_raw 1339 1
nf_conntrack 99551 21
xt_CT,nf_conntrack_netbios_ns,nf_conntrack_proto_gre,xt_helper,nf_nat,xt_connlimit,nf_nat_ipv4,xt_conntrack,nf_conntrack_amanda,nf_nat_masquerade_ipv4,nf_conntrack_broadcast,xt_connmark,nf_conntrack_ftp,nf_conntrack_irc,nf_conntrack_sip,nf_conntrack_h323,nf_conntrack_ipv4,nf_conntrack_pptp,nf_conntrack_sane,nf_conntrack_snmp,nf_conntrack_tftp
nf_conntrack_amanda 2736 2
nf_conntrack_broadcast 1243 2 nf_conntrack_netbios_ns,nf_conntrack_snmp
nf_conntrack_ftp 6757 2
nf_conntrack_h323 45920 4
nf_conntrack_ipv4 13517 41
nf_conntrack_irc 4273 2
nf_conntrack_netbios_ns 1206 2
nf_conntrack_pptp 5153 2
nf_conntrack_proto_gre 4393 1 nf_conntrack_pptp
nf_conntrack_sane 3866 2
nf_conntrack_sip 21331 2
nf_conntrack_snmp 1588 2
nf_conntrack_tftp 3732 2
nf_defrag_ipv4 1597 2 xt_TPROXY,nf_conntrack_ipv4
nf_defrag_ipv6 14975 1 xt_TPROXY
nf_log_common 4109 1 nf_log_ipv4
nf_log_ipv4 4566 6
nf_nat 15211 3 nf_nat_ipv4,xt_nat,nf_nat_masquerade_ipv4
nf_nat_ipv4 5473 1 iptable_nat
nf_nat_masquerade_ipv4 2733 1 ipt_MASQUERADE
nf_reject_ipv4 3031 1 ipt_REJECT
xt_CHECKSUM 1177 0
xt_CLASSIFY 954 0
xt_CT 4047 22
xt_DSCP 1872 0
xt_LOG 1240 6
xt_NFLOG 1052 0
xt_NFQUEUE 2484 0
xt_TCPMSS 3106 1
xt_TPROXY 4709 0
xt_addrtype 2691 5
xt_comment 863 18
xt_connlimit 5311 0
xt_connmark 1670 0
xt_conntrack 2947 18
xt_dscp 1536 0
xt_hashlimit 8186 0
xt_helper 1270 0
xt_iprange 1496 0
xt_length 1119 0
xt_mark 1082 1
xt_multiport 1676 4
xt_nat 1636 2
xt_owner 1285 0
xt_physdev 1752 0
xt_pkttype 1003 0
xt_policy 2540 0
xt_realm 905 0
xt_recent 8646 1
xt_statistic 1274 0
xt_tcpmss 1328 0
xt_tcpudp 2130 45
xt_time 2277 0
Shorewall has detected the following iptables/netfilter capabilities:
ACCOUNT Target (ACCOUNT_TARGET): Not available
AUDIT Target (AUDIT_TARGET): Not available
Address Type Match (ADDRTYPE): Available
Amanda Helper: Available
Arptables JF (ARPTABLESJF): Not available
Basic Ematch (BASIC_EMATCH): Available
Basic Filter (BASIC_FILTER): Available
CLASSIFY Target (CLASSIFY_TARGET): Available
CONNMARK Target (CONNMARK): Available
CT Target (CT_TARGET): Available
Capabilities Version (CAPVERSION): 50004
Checksum Target (CHECKSUM_TARGET): Available
Comments (COMMENTS): Available
Condition Match (CONDITION_MATCH): Not available
Connection Tracking Match (CONNTRACK_MATCH): Available
Connlimit Match (CONNLIMIT_MATCH): Available
Connmark Match (CONNMARK_MATCH): Available
DSCP Match (DSCP_MATCH): Available
DSCP Target (DSCP_TARGET): Available
Enhanced Multi-port Match (EMULIPORT): Available
Extended CONNMARK Target (XCONNMARK): Available
Extended Connection Tracking Match Support (NEW_CONNTRACK_MATCH):
Available
Extended Connmark Match (XCONNMARK_MATCH): Available
Extended MARK Target (XMARK): Available
Extended MARK Target 2 (EXMARK): Available
Extended Multi-port Match (XMULIPORT): Available
Extended REJECT (ENHANCED_REJECT): Available
FLOW Classifier (FLOW_FILTER): Available
FTP Helper: Available
FTP-0 Helper: Not available
Geo IP Match (GEOIP_MATCH): Not available
Goto Support (GOTO_TARGET): Available
H323 Helper: Available
Hashlimit Match (HASHLIMIT_MATCH): Available
Header Match (HEADER_MATCH): Not available
Helper Match (HELPER_MATCH): Available
IMQ Target (IMQ_TARGET): Not available
IP range Match(IPRANGE_MATCH): Available
IPMARK Target (IPMARK_TARGET): Not available
IPP2P Match (IPP2P_MATCH): Not available
IRC Helper: Available
IRC-0 Helper: Not available
Iface Match (IFACE_MATCH): Not available
Kernel Version (KERNELVERSION): 40119
LOG Target (LOG_TARGET): Available
LOGMARK Target (LOGMARK_TARGET): Not available
MARK Target (MARK): Available
MASQUERADE Target (MASQUERADE_TGT): Available
Mangle FORWARD Chain (MANGLE_FORWARD): Available
Mark in the filter table (MARK_ANYWHERE): Available
Multi-port Match (MULTIPORT): Available
NAT (NAT_ENABLED): Available
NFAcct Match: Not available
NFLOG Target (NFLOG_TARGET): Available
NFQUEUE Target (NFQUEUE_TARGET): Available
Netbios_ns Helper: Available
New tos Match (NEW_TOS_MATCH): Available
Owner Match (OWNER_MATCH): Available
Owner Name Match (OWNER_NAME_MATCH): Available
PPTP Helper: Available
Packet Mangling (MANGLE_ENABLED): Available
Packet Type Match (USEPKTTYPE): Available
Packet length Match (LENGTH_MATCH): Available
Persistent SNAT (PERSISTENT_SNAT): Available
Physdev Match (PHYSDEV_MATCH): Available
Physdev-is-bridged Support (PHYSDEV_BRIDGE): Available
Policy Match (POLICY_MATCH): Available
RPFilter Match (RPFILTER_MATCH): Available
Raw Table (RAW_TABLE): Available
Rawpost Table (RAWPOST_TABLE): Not available
Realm Match (REALM_MATCH): Available
Recent Match "--reap" option (REAP_OPTION): Available
Recent Match (RECENT_MATCH): Available
Repeat match (KLUDGEFREE): Available
SANE Helper: Available
SANE-0 Helper: Not available
SIP Helper: Available
SIP-0 Helper: Not available
SNMP Helper: Available
Statistic Match (STATISTIC_MATCH): Available
TARPIT Target (TARPIT_TARGET): Not available
TCPMSS Match (TCPMSS_MATCH): Available
TCPMSS Target (TCPMSS_TARGET): Available
TFTP Helper: Available
TFTP-0 Helper: Not available
TPROXY Target (TPROXY_TARGET): Available
Time Match (TIME_MATCH): Available
UDPLITE Port Redirection (UDPLITEREDIRECT): Not available
ULOG Target (ULOG_TARGET): Not available
fwmark route mask (FWMARK_RT_MASK): Available
ipset V5 (IPSET_V5): Not available
iptables --wait option (WAIT_OPTION): Available
iptables -S (IPTABLES_S): Available
Netid State Recv-Q Send-Q Local Address:Port Peer
Address:Port
tcp LISTEN 0 128 *:5355
*:* users:(("systemd-resolve",pid=320,fd=15))
tcp LISTEN 0 5 *:53
*:* users:(("dnsmasq",pid=326,fd=7))
tcp LISTEN 0 128 *:22
*:* users:(("sshd",pid=321,fd=3))
tcp ESTAB 0 5748 10.0.8.4:22
10.0.8.2:42786
users:(("sshd",pid=9688,fd=3))
tcp TIME-WAIT 0 0 192.168.1.128:46058
107.6.170.212:80
tcp ESTAB 0 0 10.0.8.4:22
10.0.8.2:50492
users:(("sshd",pid=10821,fd=3))
Traffic Control
Device eth0:
qdisc fq_codel 0: root refcnt 2 limit 10240p flows 1024 quantum 1526 target
5.0ms interval 100.0ms ecn
Sent 14693 bytes 238 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
maxpacket 0 drop_overlimit 0 new_flow_count 0 ecn_mark 0
new_flows_len 0 old_flows_len 0
Device wlan0:
qdisc mq 0: root
Sent 50503698 bytes 475803 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
qdisc fq_codel 0: parent :1 limit 10240p flows 1024 quantum 1514 target
5.0ms interval 100.0ms ecn
Sent 23934 bytes 176 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
maxpacket 0 drop_overlimit 0 new_flow_count 0 ecn_mark 0
new_flows_len 0 old_flows_len 0
qdisc fq_codel 0: parent :2 limit 10240p flows 1024 quantum 1514 target
5.0ms interval 100.0ms ecn
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
maxpacket 0 drop_overlimit 0 new_flow_count 0 ecn_mark 0
new_flows_len 0 old_flows_len 0
qdisc fq_codel 0: parent :3 limit 10240p flows 1024 quantum 1514 target
5.0ms interval 100.0ms ecn
Sent 50479764 bytes 475627 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
maxpacket 319 drop_overlimit 0 new_flow_count 7 ecn_mark 0
new_flows_len 1 old_flows_len 0
qdisc fq_codel 0: parent :4 limit 10240p flows 1024 quantum 1514 target
5.0ms interval 100.0ms ecn
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
maxpacket 0 drop_overlimit 0 new_flow_count 0 ecn_mark 0
new_flows_len 0 old_flows_len 0
class mq :1 root
Sent 23934 bytes 176 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
class mq :2 root
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
class mq :3 root
Sent 50479764 bytes 475627 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
class mq :4 root
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
class fq_codel :3cc parent none
(dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
deficit 1387 count 0 lastcount 0 ldelay 5us
Device tun0:
qdisc fq_codel 0: root refcnt 2 limit 10240p flows 1024 quantum 1500 target
5.0ms interval 100.0ms ecn
Sent 3164781 bytes 34175 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
maxpacket 0 drop_overlimit 0 new_flow_count 0 ecn_mark 0
new_flows_len 0 old_flows_len 0
TC Filters
Device eth0:
Device wlan0:
Device tun0:
--
Eduard Vidal i Tulsà <http://www.facebook.com/festuc> +34615629775
*Te mando este correo por que estas en mis contactos especiales, te
mantengo informado por que alguna vez tu me diste tu correo electrónico, si
no deseas recibir más información solo házmelo saber y no te enviaré
ninguno más*
------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
