Tom Eastep wrote:
On Tue, 16 Sep 2003, Matt Schalit wrote:
Thanks for the reply, Tom. I probably shouldn't have called this Bizzare Shorewall Drops, because I don't think Shorewall is acting odd. It's more like I don't understand how I was getting DST=10.2.3.4, which violates my intuition on routing.
Hmmm - you are running Shorewall 1.3.
Sorry. I'm was out huntin' wabbit and forgot to update this thing.
What does "shorewall show mangle" tell us?
-Tom
Here you go. I don't think it will word wrap, because I set my margin at 150.
Thanks, Matt
========================================================================= # shorewall show mangle Shorewall-1.3.11a TOS at hub - Tue Sep 16 18:55:19 PDT 2003
Counters reset Fri Sep 5 18:29:15 PDT 2003
Chain PREROUTING (policy ACCEPT 146M packets, 75G bytes) pkts bytes target prot opt in out source destination 17M 18G man1918 ah -- eth0 * 0.0.0.0/0 0.0.0.0/0 31M 21G pretos ah -- * * 0.0.0.0/0 0.0.0.0/0
Chain INPUT (policy ACCEPT 703K packets, 159M bytes) pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 145M packets, 75G bytes) pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 379K packets, 41M bytes) pkts bytes target prot opt in out source destination 43586 3866K outtos ah -- * * 0.0.0.0/0 0.0.0.0/0
Chain POSTROUTING (policy ACCEPT 146M packets, 75G bytes) pkts bytes target prot opt in out source destination
Chain logdrop (27 references)
pkts bytes target prot opt in out source destination
0 0 LOG ah -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:man1918:DROP:'
0 0 DROP ah -- * * 0.0.0.0/0 0.0.0.0/0Chain man1918 (1 references)
pkts bytes target prot opt in out source destination
0 0 RETURN ah -- * * 0.0.0.0/0 255.255.255.255
0 0 DROP ah -- * * 0.0.0.0/0 169.254.0.0/16
0 0 logdrop ah -- * * 0.0.0.0/0 172.16.0.0/12
0 0 logdrop ah -- * * 0.0.0.0/0 192.0.2.0/24
0 0 logdrop ah -- * * 0.0.0.0/0 192.168.0.0/16
0 0 logdrop ah -- * * 0.0.0.0/0 0.0.0.0/7
0 0 logdrop ah -- * * 0.0.0.0/0 2.0.0.0/8
0 0 logdrop ah -- * * 0.0.0.0/0 5.0.0.0/8
0 0 logdrop ah -- * * 0.0.0.0/0 7.0.0.0/8
0 0 logdrop ah -- * * 0.0.0.0/0 10.0.0.0/8
0 0 logdrop ah -- * * 0.0.0.0/0 23.0.0.0/8
0 0 logdrop ah -- * * 0.0.0.0/0 27.0.0.0/8
0 0 logdrop ah -- * * 0.0.0.0/0 31.0.0.0/8
0 0 logdrop ah -- * * 0.0.0.0/0 36.0.0.0/7
0 0 logdrop ah -- * * 0.0.0.0/0 39.0.0.0/8
0 0 logdrop ah -- * * 0.0.0.0/0 41.0.0.0/8
0 0 logdrop ah -- * * 0.0.0.0/0 42.0.0.0/8
0 0 logdrop ah -- * * 0.0.0.0/0 58.0.0.0/7
0 0 logdrop ah -- * * 0.0.0.0/0 60.0.0.0/8
0 0 logdrop ah -- * * 0.0.0.0/0 70.0.0.0/7
0 0 logdrop ah -- * * 0.0.0.0/0 72.0.0.0/5
0 0 logdrop ah -- * * 0.0.0.0/0 82.0.0.0/7
0 0 logdrop ah -- * * 0.0.0.0/0 84.0.0.0/6
0 0 logdrop ah -- * * 0.0.0.0/0 88.0.0.0/5
0 0 logdrop ah -- * * 0.0.0.0/0 96.0.0.0/3
0 0 logdrop ah -- * * 0.0.0.0/0 127.0.0.0/8
0 0 logdrop ah -- * * 0.0.0.0/0 197.0.0.0/8
0 0 logdrop ah -- * * 0.0.0.0/0 222.0.0.0/7
0 0 logdrop ah -- * * 0.0.0.0/0 240.0.0.0/4Chain outtos (1 references)
pkts bytes target prot opt in out source destination
0 0 TOS tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:22 TOS set 0x10
733 114K TOS tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp spt:22 TOS set 0x10
0 0 TOS tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:21 TOS set 0x10
0 0 TOS tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp spt:21 TOS set 0x10
0 0 TOS tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp spt:20 TOS set 0x08
0 0 TOS tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:20 TOS set 0x08Chain pretos (1 references)
pkts bytes target prot opt in out source destination
1065 75664 TOS tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:22 TOS set 0x10
0 0 TOS tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp spt:22 TOS set 0x10
337 17203 TOS tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:21 TOS set 0x10
31 3080 TOS tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp spt:21 TOS set 0x10
0 0 TOS tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp spt:20 TOS set 0x08
0 0 TOS tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:20 TOS set 0x08===============================================================================
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
