to Tom:
you mix up the reply, see my first posting :)
it's the default example (192.168.1.x)
and RH FAQ info to Ray Olszewski
Linux firewall 2.4.20 #1 Sun May 11 18:53:34 CEST 2003
i586 unknown
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd
00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
2: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
3: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc
pfifo_fast qlen 100
link/ether 00:0b:2b:02:0d:6d brd ff:ff:ff:ff:ff:ff
inet 128.142.121.254/20 brd 129.142.127.255 scope
global eth0
4: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc
pfifo_fast qlen 100
link/ether 00:0b:2b:02:2a:43 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.254/24 brd 192.168.1.255 scope
global eth1
5: eth2: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc
pfifo_fast qlen 100
link/ether 00:0b:2b:02:2a:4d brd ff:ff:ff:ff:ff:ff
inet 192.168.10.100/24 brd 192.168.10.255 scope
global eth2
192.168.1.0/24 dev eth1 proto kernel scope link src
192.168.1.254
192.168.10.0/24 dev eth2 proto kernel scope link
src 192.168.10.100
129.142.112.0/20 dev eth0 proto kernel scope link
src 128.142.121.254
default via 129.142.112.1 dev eth0
Shorewall-1.4.8 Status at firewall - Wed Dec 17
19:17:28 UTC 2003
Counters reset Wed Dec 17 17:33:30 UTC 2003
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- lo *
0.0.0.0/0 0.0.0.0/0
0 0 DROP !icmp -- * *
0.0.0.0/0 0.0.0.0/0 state INVALID
159 22494 eth0_in all -- eth0 *
0.0.0.0/0 0.0.0.0/0
139 11414 eth1_in all -- eth1 *
0.0.0.0/0 0.0.0.0/0
0 0 eth2_in all -- eth2 *
0.0.0.0/0 0.0.0.0/0
0 0 common all -- * *
0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * *
0.0.0.0/0 0.0.0.0/0 LOG flags 0
level 6 prefix `Shorewall:INPUT:REJECT:'
0 0 reject all -- * *
0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 DROP !icmp -- * *
0.0.0.0/0 0.0.0.0/0 state INVALID
1671 862K eth0_fwd all -- eth0 *
0.0.0.0/0 0.0.0.0/0
1942 322K eth1_fwd all -- eth1 *
0.0.0.0/0 0.0.0.0/0
0 0 eth2_fwd all -- eth2 *
0.0.0.0/0 0.0.0.0/0
0 0 common all -- * *
0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * *
0.0.0.0/0 0.0.0.0/0 LOG flags 0
level 6 prefix `Shorewall:FORWARD:REJECT:'
0 0 reject all -- * *
0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * lo
0.0.0.0/0 0.0.0.0/0
0 0 DROP !icmp -- * *
0.0.0.0/0 0.0.0.0/0 state INVALID
0 0 ACCEPT udp -- * eth0
0.0.0.0/0 0.0.0.0/0 udp dpts:67:68
146 9944 fw2net all -- * eth0
0.0.0.0/0 0.0.0.0/0
129 18328 fw2loc all -- * eth1
0.0.0.0/0 0.0.0.0/0
0 0 fw2dmz all -- * eth2
0.0.0.0/0 0.0.0.0/0
0 0 common all -- * *
0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * *
0.0.0.0/0 0.0.0.0/0 LOG flags 0
level 6 prefix `Shorewall:OUTPUT:REJECT:'
0 0 reject all -- * *
0.0.0.0/0 0.0.0.0/0
Chain all2all (7 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * *
0.0.0.0/0 0.0.0.0/0 state NEW tcp
flags:!0x16/0x02
0 0 common all -- * *
0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * *
0.0.0.0/0 0.0.0.0/0 LOG flags 0
level 6 prefix `Shorewall:all2all:REJECT:'
0 0 reject all -- * *
0.0.0.0/0 0.0.0.0/0
Chain common (5 references)
pkts bytes target prot opt in out source
destination
0 0 icmpdef icmp -- * *
0.0.0.0/0 0.0.0.0/0
0 0 reject udp -- * *
0.0.0.0/0 0.0.0.0/0 udp dpt:135
18 1404 reject udp -- * *
0.0.0.0/0 0.0.0.0/0 udp
dpts:137:139
0 0 reject udp -- * *
0.0.0.0/0 0.0.0.0/0 udp dpt:445
0 0 reject tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp dpt:139
6 288 reject tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp dpt:445
93 4464 reject tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp dpt:135
0 0 DROP udp -- * *
0.0.0.0/0 0.0.0.0/0 udp dpt:1900
0 0 DROP all -- * *
0.0.0.0/0 255.255.255.255
0 0 DROP all -- * *
0.0.0.0/0 224.0.0.0/4
0 0 reject tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp dpt:113
0 0 DROP udp -- * *
0.0.0.0/0 0.0.0.0/0 udp spt:53
state NEW
0 0 DROP all -- * *
0.0.0.0/0 129.142.127.255
0 0 DROP all -- * *
0.0.0.0/0 192.168.1.255
0 0 DROP all -- * *
0.0.0.0/0 192.168.10.255
Chain dmz2fw (1 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * *
0.0.0.0/0 0.0.0.0/0 state NEW tcp
flags:!0x16/0x02
0 0 ACCEPT icmp -- * *
0.0.0.0/0 0.0.0.0/0 icmp type 8
0 0 all2all all -- * *
0.0.0.0/0 0.0.0.0/0
Chain dmz2loc (1 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * *
0.0.0.0/0 0.0.0.0/0 state NEW tcp
flags:!0x16/0x02
0 0 ACCEPT icmp -- * *
0.0.0.0/0 0.0.0.0/0 icmp type 8
0 0 all2all all -- * *
0.0.0.0/0 0.0.0.0/0
Chain dmz2net (1 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * *
0.0.0.0/0 0.0.0.0/0 state NEW tcp
flags:!0x16/0x02
0 0 ACCEPT tcp -- * *
0.0.0.0/0 0.0.0.0/0 state NEW tcp
dpt:53
0 0 ACCEPT udp -- * *
0.0.0.0/0 0.0.0.0/0 state NEW udp
dpt:53
0 0 ACCEPT icmp -- * *
0.0.0.0/0 0.0.0.0/0 icmp type 8
0 0 ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0
Chain dynamic (6 references)
pkts bytes target prot opt in out source
destination
Chain eth0_fwd (1 references)
pkts bytes target prot opt in out source
destination
0 0 dynamic all -- * *
0.0.0.0/0 0.0.0.0/0 state NEW
0 0 rfc1918 all -- * *
0.0.0.0/0 0.0.0.0/0 state NEW
1671 862K net2loc all -- * eth1
0.0.0.0/0 0.0.0.0/0
0 0 net2dmz all -- * eth2
0.0.0.0/0 0.0.0.0/0
Chain eth0_in (1 references)
pkts bytes target prot opt in out source
destination
159 22494 dynamic all -- * *
0.0.0.0/0 0.0.0.0/0 state NEW
0 0 ACCEPT udp -- * *
0.0.0.0/0 0.0.0.0/0 udp dpts:67:68
159 22494 rfc1918 all -- * *
0.0.0.0/0 0.0.0.0/0 state NEW
158 22416 net2fw all -- * *
0.0.0.0/0 0.0.0.0/0
Chain eth1_fwd (1 references)
pkts bytes target prot opt in out source
destination
371 23842 dynamic all -- * *
0.0.0.0/0 0.0.0.0/0 state NEW
1942 322K loc2net all -- * eth0
0.0.0.0/0 0.0.0.0/0
0 0 loc2dmz all -- * eth2
0.0.0.0/0 0.0.0.0/0
Chain eth1_in (1 references)
pkts bytes target prot opt in out source
destination
12 720 dynamic all -- * *
0.0.0.0/0 0.0.0.0/0 state NEW
139 11414 loc2fw all -- * *
0.0.0.0/0 0.0.0.0/0
Chain eth2_fwd (1 references)
pkts bytes target prot opt in out source
destination
0 0 dynamic all -- * *
0.0.0.0/0 0.0.0.0/0 state NEW
0 0 dmz2net all -- * eth0
0.0.0.0/0 0.0.0.0/0
0 0 dmz2loc all -- * eth1
0.0.0.0/0 0.0.0.0/0
Chain eth2_in (1 references)
pkts bytes target prot opt in out source
destination
0 0 dynamic all -- * *
0.0.0.0/0 0.0.0.0/0 state NEW
0 0 dmz2fw all -- * *
0.0.0.0/0 0.0.0.0/0
Chain fw2dmz (1 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * *
0.0.0.0/0 0.0.0.0/0 state NEW tcp
flags:!0x16/0x02
0 0 ACCEPT icmp -- * *
0.0.0.0/0 0.0.0.0/0 icmp type 8
0 0 all2all all -- * *
0.0.0.0/0 0.0.0.0/0
Chain fw2loc (1 references)
pkts bytes target prot opt in out source
destination
129 18328 ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * *
0.0.0.0/0 0.0.0.0/0 state NEW tcp
flags:!0x16/0x02
0 0 ACCEPT icmp -- * *
0.0.0.0/0 0.0.0.0/0 icmp type 8
0 0 all2all all -- * *
0.0.0.0/0 0.0.0.0/0
Chain fw2net (1 references)
pkts bytes target prot opt in out source
destination
146 9944 ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * *
0.0.0.0/0 0.0.0.0/0 state NEW tcp
flags:!0x16/0x02
0 0 ACCEPT tcp -- * *
0.0.0.0/0 0.0.0.0/0 state NEW tcp
dpt:53
0 0 ACCEPT udp -- * *
0.0.0.0/0 0.0.0.0/0 state NEW udp
dpt:53
0 0 all2all all -- * *
0.0.0.0/0 0.0.0.0/0
Chain icmpdef (1 references)
pkts bytes target prot opt in out source
destination
Chain loc2dmz (1 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * *
0.0.0.0/0 0.0.0.0/0 state NEW tcp
flags:!0x16/0x02
0 0 ACCEPT tcp -- * *
0.0.0.0/0 0.0.0.0/0 state NEW tcp
dpt:22
0 0 ACCEPT icmp -- * *
0.0.0.0/0 0.0.0.0/0 icmp type 8
0 0 all2all all -- * *
0.0.0.0/0 0.0.0.0/0
Chain loc2fw (1 references)
pkts bytes target prot opt in out source
destination
127 10694 ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * *
0.0.0.0/0 0.0.0.0/0 state NEW tcp
flags:!0x16/0x02
0 0 ACCEPT tcp -- * *
0.0.0.0/0 0.0.0.0/0 state NEW tcp
dpt:22
0 0 ACCEPT udp -- * *
0.0.0.0/0 0.0.0.0/0 state NEW udp
dpt:53
12 720 ACCEPT tcp -- * *
0.0.0.0/0 0.0.0.0/0 state NEW tcp
dpt:80
0 0 ACCEPT icmp -- * *
0.0.0.0/0 0.0.0.0/0 icmp type 8
0 0 all2all all -- * *
0.0.0.0/0 0.0.0.0/0
Chain loc2net (1 references)
pkts bytes target prot opt in out source
destination
1571 298K ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * *
0.0.0.0/0 0.0.0.0/0 state NEW tcp
flags:!0x16/0x02
371 23842 ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0
Chain logdrop (60 references)
pkts bytes target prot opt in out source
destination
1 78 LOG all -- * *
0.0.0.0/0 0.0.0.0/0 LOG flags 0
level 6 prefix `Shorewall:logdrop:DROP:'
1 78 DROP all -- * *
0.0.0.0/0 0.0.0.0/0
Chain net2all (3 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * *
0.0.0.0/0 0.0.0.0/0 state NEW tcp
flags:!0x16/0x02
120 6300 common all -- * *
0.0.0.0/0 0.0.0.0/0
3 144 LOG all -- * *
0.0.0.0/0 0.0.0.0/0 LOG flags 0
level 6 prefix `Shorewall:net2all:DROP:'
3 144 DROP all -- * *
0.0.0.0/0 0.0.0.0/0
Chain net2dmz (1 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * *
0.0.0.0/0 0.0.0.0/0 state NEW tcp
flags:!0x16/0x02
0 0 ACCEPT icmp -- * *
0.0.0.0/0 0.0.0.0/0 icmp type 8
0 0 net2all all -- * *
0.0.0.0/0 0.0.0.0/0
Chain net2fw (1 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
9 12040 newnotsyn tcp -- * *
0.0.0.0/0 0.0.0.0/0 state NEW tcp
flags:!0x16/0x02
29 4076 ACCEPT icmp -- * *
0.0.0.0/0 0.0.0.0/0 icmp type 8
120 6300 net2all all -- * *
0.0.0.0/0 0.0.0.0/0
Chain net2loc (1 references)
pkts bytes target prot opt in out source
destination
1671 862K ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * *
0.0.0.0/0 0.0.0.0/0 state NEW tcp
flags:!0x16/0x02
0 0 ACCEPT icmp -- * *
0.0.0.0/0 0.0.0.0/0 icmp type 8
0 0 net2all all -- * *
0.0.0.0/0 0.0.0.0/0
Chain newnotsyn (14 references)
pkts bytes target prot opt in out source
destination
9 12040 LOG all -- * *
0.0.0.0/0 0.0.0.0/0 LOG flags 0
level 6 prefix `Shorewall:newnotsyn:DROP:'
9 12040 DROP all -- * *
0.0.0.0/0 0.0.0.0/0
Chain reject (11 references)
pkts bytes target prot opt in out source
destination
99 4752 REJECT tcp -- * *
0.0.0.0/0 0.0.0.0/0 reject-with
tcp-reset
18 1404 REJECT udp -- * *
0.0.0.0/0 0.0.0.0/0 reject-with
icmp-port-unreachable
0 0 REJECT icmp -- * *
0.0.0.0/0 0.0.0.0/0 reject-with
icmp-host-unreachable
0 0 REJECT all -- * *
0.0.0.0/0 0.0.0.0/0 reject-with
icmp-host-prohibited
Chain rfc1918 (2 references)
pkts bytes target prot opt in out source
destination
0 0 RETURN all -- * *
255.255.255.255 0.0.0.0/0
0 0 RETURN all -- * *
0.0.0.0/0 0.0.0.0/0 ctorigdst
255.255.255.255
0 0 DROP all -- * *
169.254.0.0/16 0.0.0.0/0
0 0 DROP all -- * *
0.0.0.0/0 0.0.0.0/0 ctorigdst
169.254.0.0/16
0 0 logdrop all -- * *
172.16.0.0/12 0.0.0.0/0
0 0 logdrop all -- * *
0.0.0.0/0 0.0.0.0/0 ctorigdst
172.16.0.0/12
0 0 logdrop all -- * *
192.0.2.0/24 0.0.0.0/0
0 0 logdrop all -- * *
0.0.0.0/0 0.0.0.0/0 ctorigdst
192.0.2.0/24
0 0 logdrop all -- * *
192.168.0.0/16 0.0.0.0/0
0 0 logdrop all -- * *
0.0.0.0/0 0.0.0.0/0 ctorigdst
192.168.0.0/16
0 0 logdrop all -- * *
0.0.0.0/7 0.0.0.0/0
0 0 logdrop all -- * *
0.0.0.0/0 0.0.0.0/0 ctorigdst
0.0.0.0/7
0 0 logdrop all -- * *
2.0.0.0/8 0.0.0.0/0
0 0 logdrop all -- * *
0.0.0.0/0 0.0.0.0/0 ctorigdst
2.0.0.0/8
0 0 logdrop all -- * *
5.0.0.0/8 0.0.0.0/0
0 0 logdrop all -- * *
0.0.0.0/0 0.0.0.0/0 ctorigdst
5.0.0.0/8
0 0 logdrop all -- * *
7.0.0.0/8 0.0.0.0/0
0 0 logdrop all -- * *
0.0.0.0/0 0.0.0.0/0 ctorigdst
7.0.0.0/8
0 0 logdrop all -- * *
10.0.0.0/8 0.0.0.0/0
0 0 logdrop all -- * *
0.0.0.0/0 0.0.0.0/0 ctorigdst
10.0.0.0/8
0 0 logdrop all -- * *
23.0.0.0/8 0.0.0.0/0
0 0 logdrop all -- * *
0.0.0.0/0 0.0.0.0/0 ctorigdst
23.0.0.0/8
0 0 logdrop all -- * *
27.0.0.0/8 0.0.0.0/0
0 0 logdrop all -- * *
0.0.0.0/0 0.0.0.0/0 ctorigdst
27.0.0.0/8
0 0 logdrop all -- * *
31.0.0.0/8 0.0.0.0/0
0 0 logdrop all -- * *
0.0.0.0/0 0.0.0.0/0 ctorigdst
31.0.0.0/8
0 0 logdrop all -- * *
36.0.0.0/7 0.0.0.0/0
0 0 logdrop all -- * *
0.0.0.0/0 0.0.0.0/0 ctorigdst
36.0.0.0/7
0 0 logdrop all -- * *
39.0.0.0/8 0.0.0.0/0
0 0 logdrop all -- * *
0.0.0.0/0 0.0.0.0/0 ctorigdst
39.0.0.0/8
0 0 logdrop all -- * *
41.0.0.0/8 0.0.0.0/0
0 0 logdrop all -- * *
0.0.0.0/0 0.0.0.0/0 ctorigdst
41.0.0.0/8
0 0 logdrop all -- * *
42.0.0.0/8 0.0.0.0/0
0 0 logdrop all -- * *
0.0.0.0/0 0.0.0.0/0 ctorigdst
42.0.0.0/8
0 0 logdrop all -- * *
49.0.0.0/8 0.0.0.0/0
0 0 logdrop all -- * *
0.0.0.0/0 0.0.0.0/0 ctorigdst
49.0.0.0/8
0 0 logdrop all -- * *
50.0.0.0/8 0.0.0.0/0
0 0 logdrop all -- * *
0.0.0.0/0 0.0.0.0/0 ctorigdst
50.0.0.0/8
0 0 logdrop all -- * *
58.0.0.0/7 0.0.0.0/0
0 0 logdrop all -- * *
0.0.0.0/0 0.0.0.0/0 ctorigdst
58.0.0.0/7
0 0 logdrop all -- * *
70.0.0.0/7 0.0.0.0/0
0 0 logdrop all -- * *
0.0.0.0/0 0.0.0.0/0 ctorigdst
70.0.0.0/7
0 0 logdrop all -- * *
72.0.0.0/5 0.0.0.0/0
0 0 logdrop all -- * *
0.0.0.0/0 0.0.0.0/0 ctorigdst
72.0.0.0/5
0 0 logdrop all -- * *
83.0.0.0/8 0.0.0.0/0
0 0 logdrop all -- * *
0.0.0.0/0 0.0.0.0/0 ctorigdst
83.0.0.0/8
0 0 logdrop all -- * *
84.0.0.0/6 0.0.0.0/0
0 0 logdrop all -- * *
0.0.0.0/0 0.0.0.0/0 ctorigdst
84.0.0.0/6
0 0 logdrop all -- * *
88.0.0.0/5 0.0.0.0/0
0 0 logdrop all -- * *
0.0.0.0/0 0.0.0.0/0 ctorigdst
88.0.0.0/5
0 0 logdrop all -- * *
96.0.0.0/3 0.0.0.0/0
0 0 logdrop all -- * *
0.0.0.0/0 0.0.0.0/0 ctorigdst
96.0.0.0/3
0 0 logdrop all -- * *
127.0.0.0/8 0.0.0.0/0
0 0 logdrop all -- * *
0.0.0.0/0 0.0.0.0/0 ctorigdst
127.0.0.0/8
0 0 logdrop all -- * *
197.0.0.0/8 0.0.0.0/0
0 0 logdrop all -- * *
0.0.0.0/0 0.0.0.0/0 ctorigdst
197.0.0.0/8
0 0 logdrop all -- * *
198.18.0.0/15 0.0.0.0/0
0 0 logdrop all -- * *
0.0.0.0/0 0.0.0.0/0 ctorigdst
198.18.0.0/15
1 78 logdrop all -- * *
201.0.0.0/8 0.0.0.0/0
0 0 logdrop all -- * *
0.0.0.0/0 0.0.0.0/0 ctorigdst
201.0.0.0/8
0 0 logdrop all -- * *
223.0.0.0/8 0.0.0.0/0
0 0 logdrop all -- * *
0.0.0.0/0 0.0.0.0/0 ctorigdst
223.0.0.0/8
0 0 logdrop all -- * *
240.0.0.0/4 0.0.0.0/0
0 0 logdrop all -- * *
0.0.0.0/0 0.0.0.0/0 ctorigdst
240.0.0.0/4
Chain shorewall (0 references)
pkts bytes target prot opt in out source
destination
Dec 17 17:52:05 logdrop:DROP:IN=eth0 OUT=
SRC=201.128.9.200 DST=128.142.121.254 LEN=78 TOS=0x00
PREC=0x00 TTL=105 ID=42782 PROTO=UDP SPT=1029 DPT=137
LEN=58
Dec 17 18:06:16 net2all:DROP:IN=eth0 OUT=
SRC=82.45.233.187 DST=128.142.121.254 LEN=48 TOS=0x10
PREC=0x00 TTL=55 ID=55745 DF PROTO=TCP SPT=3914 DPT=21
WINDOW=65535 RES=0x00 SYN URGP=0
Dec 17 18:06:19 net2all:DROP:IN=eth0 OUT=
SRC=82.45.233.187 DST=128.142.121.254 LEN=48 TOS=0x10
PREC=0x00 TTL=55 ID=56060 DF PROTO=TCP SPT=3914 DPT=21
WINDOW=65535 RES=0x00 SYN URGP=0
Dec 17 18:06:25 net2all:DROP:IN=eth0 OUT=
SRC=82.45.233.187 DST=128.142.121.254 LEN=48 TOS=0x10
PREC=0x00 TTL=55 ID=56287 DF PROTO=TCP SPT=3914 DPT=21
WINDOW=65535 RES=0x00 SYN URGP=0
Dec 17 18:58:55 newnotsyn:DROP:IN=eth0 OUT=
SRC=66.163.175.154 DST=128.142.121.254 LEN=1500
TOS=0x00 PREC=0x00 TTL=49 ID=36372 DF PROTO=TCP SPT=80
DPT=33017 WINDOW=33304 RES=0x00 ACK URGP=0
Dec 17 18:59:27 newnotsyn:DROP:IN=eth0 OUT=
SRC=66.163.175.154 DST=128.142.121.254 LEN=1500
TOS=0x00 PREC=0x00 TTL=49 ID=17973 DF PROTO=TCP SPT=80
DPT=33017 WINDOW=33304 RES=0x00 ACK URGP=0
Dec 17 19:00:31 newnotsyn:DROP:IN=eth0 OUT=
SRC=66.163.175.154 DST=128.142.121.254 LEN=1500
TOS=0x00 PREC=0x00 TTL=49 ID=54704 DF PROTO=TCP SPT=80
DPT=33017 WINDOW=33304 RES=0x00 ACK URGP=0
Dec 17 19:01:35 newnotsyn:DROP:IN=eth0 OUT=
SRC=66.163.175.154 DST=128.142.121.254 LEN=1500
TOS=0x00 PREC=0x00 TTL=49 ID=16799 DF PROTO=TCP SPT=80
DPT=33017 WINDOW=33304 RES=0x00 ACK URGP=0
Dec 17 19:02:39 newnotsyn:DROP:IN=eth0 OUT=
SRC=66.163.175.154 DST=128.142.121.254 LEN=1500
TOS=0x00 PREC=0x00 TTL=49 ID=47958 DF PROTO=TCP SPT=80
DPT=33017 WINDOW=33304 RES=0x00 ACK URGP=0
Dec 17 19:03:43 newnotsyn:DROP:IN=eth0 OUT=
SRC=66.163.175.154 DST=128.142.121.254 LEN=1500
TOS=0x00 PREC=0x00 TTL=49 ID=17367 DF PROTO=TCP SPT=80
DPT=33017 WINDOW=33304 RES=0x00 ACK URGP=0
Dec 17 19:04:47 newnotsyn:DROP:IN=eth0 OUT=
SRC=66.163.175.154 DST=128.142.121.254 LEN=1500
TOS=0x00 PREC=0x00 TTL=49 ID=43276 DF PROTO=TCP SPT=80
DPT=33017 WINDOW=33304 RES=0x00 ACK URGP=0
Dec 17 19:05:51 newnotsyn:DROP:IN=eth0 OUT=
SRC=66.163.175.154 DST=128.142.121.254 LEN=1500
TOS=0x00 PREC=0x00 TTL=49 ID=1164 DF PROTO=TCP SPT=80
DPT=33017 WINDOW=33304 RES=0x00 ACK URGP=0
Dec 17 19:06:55 newnotsyn:DROP:IN=eth0 OUT=
SRC=66.163.175.154 DST=128.142.121.254 LEN=40 TOS=0x00
PREC=0x00 TTL=49 ID=34370 DF PROTO=TCP SPT=80
DPT=33017 WINDOW=33304 RES=0x00 ACK RST URGP=0
NAT Table
Chain PREROUTING (policy ACCEPT 500 packets, 44785
bytes)
pkts bytes target prot opt in out source
destination
Chain POSTROUTING (policy ACCEPT 100 packets, 4020
bytes)
pkts bytes target prot opt in out source
destination
425 24543 eth0_masq all -- * eth0
0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 1 packets, 60 bytes)
pkts bytes target prot opt in out source
destination
Chain eth0_masq (1 references)
pkts bytes target prot opt in out source
destination
326 20583 MASQUERADE all -- * *
192.168.1.0/24 0.0.0.0/0
0 0 MASQUERADE all -- * *
192.168.10.0/24 0.0.0.0/0
Mangle Table
Chain PREROUTING (policy ACCEPT 3916 packets, 1219K
bytes)
pkts bytes target prot opt in out source
destination
3911 1218K pretos all -- * *
0.0.0.0/0 0.0.0.0/0
Chain INPUT (policy ACCEPT 300 packets, 34008 bytes)
pkts bytes target prot opt in out source
destination
Chain FORWARD (policy ACCEPT 3613 packets, 1184K
bytes)
pkts bytes target prot opt in out source
destination
Chain OUTPUT (policy ACCEPT 277 packets, 28372 bytes)
pkts bytes target prot opt in out source
destination
275 28272 outtos all -- * *
0.0.0.0/0 0.0.0.0/0
Chain POSTROUTING (policy ACCEPT 3890 packets, 1212K
bytes)
pkts bytes target prot opt in out source
destination
Chain outtos (1 references)
pkts bytes target prot opt in out source
destination
0 0 TOS tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp dpt:22 TOS
set 0x10
0 0 TOS tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp spt:22 TOS
set 0x10
0 0 TOS tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp dpt:21 TOS
set 0x10
0 0 TOS tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp spt:21 TOS
set 0x10
0 0 TOS tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp spt:20 TOS
set 0x08
0 0 TOS tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp dpt:20 TOS
set 0x08
Chain pretos (1 references)
pkts bytes target prot opt in out source
destination
0 0 TOS tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp dpt:22 TOS
set 0x10
0 0 TOS tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp spt:22 TOS
set 0x10
3 144 TOS tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp dpt:21 TOS
set 0x10
0 0 TOS tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp spt:21 TOS
set 0x10
0 0 TOS tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp spt:20 TOS
set 0x08
0 0 TOS tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp dpt:20 TOS
set 0x08
Chain PREROUTING (policy ACCEPT 501 packets, 44863
bytes)
pkts bytes target prot opt in out source
destination
Chain POSTROUTING (policy ACCEPT 100 packets, 4020
bytes)
pkts bytes target prot opt in out source
destination
425 24543 eth0_masq all -- * eth0
0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 1 packets, 60 bytes)
pkts bytes target prot opt in out source
destination
Chain eth0_masq (1 references)
pkts bytes target prot opt in out source
destination
326 20583 MASQUERADE all -- * *
192.168.1.0/24 0.0.0.0/0
0 0 MASQUERADE all -- * *
192.168.10.0/24 0.0.0.0/0
Dec 17 17:33:18 firewall syslogd 1.3-3#31.slink1:
restart.
Dec 17 17:33:18 firewall kernel: klogd
1.3-3#31.slink1, log source = /proc/kmsg started.
Dec 17 17:33:18 firewall kernel: No module symbols
loaded.
Dec 17 17:33:18 firewall kernel: BIOS-provided
physical RAM map:
Dec 17 17:33:18 firewall kernel: 32MB LOWMEM
available.
Dec 17 17:33:18 firewall kernel: Initializing CPU#0
Dec 17 17:33:18 firewall kernel: Memory: 30128k/32768k
available (948k kernel code, 2252k reserved, -1176k
data, 64k init, 0k highmem)
Dec 17 17:33:18 firewall kernel: Dentry cache hash
table entries: 4096 (order: 3, 32768 bytes)
Dec 17 17:33:18 firewall kernel: Inode cache hash
table entries: 2048 (order: 2, 16384 bytes)
Dec 17 17:33:18 firewall kernel: Intel Pentium with F0
0F bug - workaround enabled.
Dec 17 17:33:18 firewall kernel: Checking 'hlt'
instruction... OK.
Dec 17 17:33:18 firewall kernel: PCI: PCI BIOS
revision 2.10 entry at 0xfd83e, last bus=0
Dec 17 17:33:18 firewall kernel: PCI: Using
configuration type 1
Dec 17 17:33:18 firewall kernel: PCI: Probing PCI
hardware
Dec 17 17:33:18 firewall kernel: Limiting direct
PCI/PCI transfers.
Dec 17 17:33:18 firewall kernel: Activating ISA DMA
hang workarounds.
Dec 17 17:33:18 firewall kernel: Linux NET4.0 for
Linux 2.4
Dec 17 17:33:18 firewall kernel: Based upon Swansea
University Computer Society NET3.039
Dec 17 17:33:18 firewall kernel: Serial driver version
5.05c (2001-07-08) with MANY_PORTS SHARE_IRQ
DETECT_IRQ SERIAL_PCI enabled
Dec 17 17:33:18 firewall kernel: ttyS00 at 0x03f8 (irq
= 4) is a 16550A
Dec 17 17:33:18 firewall kernel: ttyS01 at 0x02f8 (irq
= 3) is a 16550A
Dec 17 17:33:18 firewall kernel: Real Time Clock
Driver v1.10e
Dec 17 17:33:18 firewall kernel: Software Watchdog
Timer: 0.05, timer margin: 60 sec
Dec 17 17:33:18 firewall kernel: Floppy drive(s): fd0
is 1.44M
Dec 17 17:33:18 firewall kernel: FDC 0 is a National
Semiconductor PC87306
Dec 17 17:33:18 firewall kernel: NET4: Linux TCP/IP
1.0 for NET4.0
Dec 17 17:33:18 firewall kernel: IP Protocols: ICMP,
UDP, TCP, IGMP
Dec 17 17:33:18 firewall kernel: IP: routing cache
hash table of 512 buckets, 4Kbytes
Dec 17 17:33:18 firewall kernel: TCP: Hash tables
configured (established 2048 bind 2048)
Dec 17 17:33:18 firewall kernel: NET4: Unix domain
sockets 1.0/SMP for Linux NET4.0.
Dec 17 17:33:18 firewall kernel: RAMDISK: Compressed
image found at block 0
Dec 17 17:33:18 firewall kernel: Freeing initrd
memory: 401k freed
Dec 17 17:33:18 firewall kernel: Freeing unused kernel
memory: 64k freed
Dec 17 17:33:19 firewall kernel: 8139too Fast Ethernet
driver 0.9.26
Dec 17 17:33:19 firewall kernel: eth0: RealTek RTL8139
Fast Ethernet at 0xc2813000, 00:0b:2b:02:0d:6d, IRQ 12
Dec 17 17:33:19 firewall kernel: eth1: RealTek RTL8139
Fast Ethernet at 0xc2815100, 00:0b:2b:02:2a:43, IRQ 11
Dec 17 17:33:19 firewall kernel: eth2: RealTek RTL8139
Fast Ethernet at 0xc2817200, 00:0b:2b:02:2a:4d, IRQ 14
Dec 17 17:33:20 firewall kernel: eth0: Setting 100mbps
full-duplex based on auto-negotiated partner ability
41e1.
Dec 17 17:33:21 firewall kernel: eth0: Setting 100mbps
full-duplex based on auto-negotiated partner ability
41e1.
Dec 17 17:33:21 firewall kernel: eth1: Setting 100mbps
full-duplex based on auto-negotiated partner ability
45e1.
Dec 17 17:33:21 firewall root: The /etc/shorewall/pump
script is called with arg up eth0 128.142.121.254
Dec 17 17:33:21 firewall kernel: eth2: Setting
half-duplex based on auto-negotiated partner ability
0000.
Dec 17 17:33:30 firewall root: Shorewall Started
Dec 17 17:52:05 firewall kernel:
Shorewall:logdrop:DROP:IN=eth0 OUT=
MAC=00:0b:2b:02:0d:6d:00:02:3b:02:69:f4:08:00
SRC=201.128.9.200 DST=128.142.121.254 LEN=78 TOS=0x00
PREC=0x00 TTL=105 ID=42782 PROTO=UDP SPT=1029 DPT=137
LEN=58
Dec 17 18:06:16 firewall kernel:
Shorewall:net2all:DROP:IN=eth0 OUT=
MAC=00:0b:2b:02:0d:6d:00:02:3b:02:69:f4:08:00
SRC=82.45.233.187 DST=128.142.121.254 LEN=48 TOS=0x10
PREC=0x00 TTL=55 ID=55745 DF PROTO=TCP SPT=3914 DPT=21
WINDOW=65535 RES=0x00 SYN URGP=0
Dec 17 18:06:19 firewall kernel:
Shorewall:net2all:DROP:IN=eth0 OUT=
MAC=00:0b:2b:02:0d:6d:00:02:3b:02:69:f4:08:00
SRC=82.45.233.187 DST=128.142.121.254 LEN=48 TOS=0x10
PREC=0x00 TTL=55 ID=56060 DF PROTO=TCP SPT=3914 DPT=21
WINDOW=65535 RES=0x00 SYN URGP=0
Dec 17 18:06:25 firewall kernel:
Shorewall:net2all:DROP:IN=eth0 OUT=
MAC=00:0b:2b:02:0d:6d:00:02:3b:02:69:f4:08:00
SRC=82.45.233.187 DST=128.142.121.254 LEN=48 TOS=0x10
PREC=0x00 TTL=55 ID=56287 DF PROTO=TCP SPT=3914 DPT=21
WINDOW=65535 RES=0x00 SYN URGP=0
Dec 17 18:58:55 firewall kernel:
Shorewall:newnotsyn:DROP:IN=eth0 OUT=
MAC=00:0b:2b:02:0d:6d:00:02:3b:02:69:f4:08:00
SRC=66.163.175.154 DST=128.142.121.254 LEN=1500
TOS=0x00 PREC=0x00 TTL=49 ID=36372 DF PROTO=TCP SPT=80
DPT=33017 WINDOW=33304 RES=0x00 ACK URGP=0
Dec 17 18:59:27 firewall kernel:
Shorewall:newnotsyn:DROP:IN=eth0 OUT=
MAC=00:0b:2b:02:0d:6d:00:02:3b:02:69:f4:08:00
SRC=66.163.175.154 DST=128.142.121.254 LEN=1500
TOS=0x00 PREC=0x00 TTL=49 ID=17973 DF PROTO=TCP SPT=80
DPT=33017 WINDOW=33304 RES=0x00 ACK URGP=0
Dec 17 19:00:31 firewall kernel:
Shorewall:newnotsyn:DROP:IN=eth0 OUT=
MAC=00:0b:2b:02:0d:6d:00:02:3b:02:69:f4:08:00
SRC=66.163.175.154 DST=128.142.121.254 LEN=1500
TOS=0x00 PREC=0x00 TTL=49 ID=54704 DF PROTO=TCP SPT=80
DPT=33017 WINDOW=33304 RES=0x00 ACK URGP=0
Dec 17 19:01:35 firewall kernel:
Shorewall:newnotsyn:DROP:IN=eth0 OUT=
MAC=00:0b:2b:02:0d:6d:00:02:3b:02:69:f4:08:00
SRC=66.163.175.154 DST=128.142.121.254 LEN=1500
TOS=0x00 PREC=0x00 TTL=49 ID=16799 DF PROTO=TCP SPT=80
DPT=33017 WINDOW=33304 RES=0x00 ACK URGP=0
Dec 17 19:02:39 firewall kernel:
Shorewall:newnotsyn:DROP:IN=eth0 OUT=
MAC=00:0b:2b:02:0d:6d:00:02:3b:02:69:f4:08:00
SRC=66.163.175.154 DST=128.142.121.254 LEN=1500
TOS=0x00 PREC=0x00 TTL=49 ID=47958 DF PROTO=TCP SPT=80
DPT=33017 WINDOW=33304 RES=0x00 ACK URGP=0
Dec 17 19:03:43 firewall kernel:
Shorewall:newnotsyn:DROP:IN=eth0 OUT=
MAC=00:0b:2b:02:0d:6d:00:02:3b:02:69:f4:08:00
SRC=66.163.175.154 DST=128.142.121.254 LEN=1500
TOS=0x00 PREC=0x00 TTL=49 ID=17367 DF PROTO=TCP SPT=80
DPT=33017 WINDOW=33304 RES=0x00 ACK URGP=0
Dec 17 19:04:47 firewall kernel:
Shorewall:newnotsyn:DROP:IN=eth0 OUT=
MAC=00:0b:2b:02:0d:6d:00:02:3b:02:69:f4:08:00
SRC=66.163.175.154 DST=128.142.121.254 LEN=1500
TOS=0x00 PREC=0x00 TTL=49 ID=43276 DF PROTO=TCP SPT=80
DPT=33017 WINDOW=33304 RES=0x00 ACK URGP=0
Dec 17 19:05:51 firewall kernel:
Shorewall:newnotsyn:DROP:IN=eth0 OUT=
MAC=00:0b:2b:02:0d:6d:00:02:3b:02:69:f4:08:00
SRC=66.163.175.154 DST=128.142.121.254 LEN=1500
TOS=0x00 PREC=0x00 TTL=49 ID=1164 DF PROTO=TCP SPT=80
DPT=33017 WINDOW=33304 RES=0x00 ACK URGP=0
Dec 17 19:06:55 firewall kernel:
Shorewall:newnotsyn:DROP:IN=eth0 OUT=
MAC=00:0b:2b:02:0d:6d:00:02:3b:02:69:f4:08:00
SRC=66.163.175.154 DST=128.142.121.254 LEN=40 TOS=0x00
PREC=0x00 TTL=49 ID=34370 DF PROTO=TCP SPT=80
DPT=33017 WINDOW=33304 RES=0x00 ACK RST URGP=0
# /etc/network/interfaces -- configuration file for
LEAF network
# J. Nilo, April 2002
#
# Loopback interface.
auto lo
iface lo inet loopback
# Step 1: configure external interface
# uncomment/adjust one of the following 4
options
# Option 1.1 (default): eth0 / dynamic IP from
pump/dhclient
auto eth0
iface eth0 inet dhcp
# Step 2: configure internal interface
# Default: eth1 / fixed IP = 192.168.1.254
auto eth1
iface eth1 inet static
address 192.168.1.254
masklen 24
broadcast 192.168.1.255
# Step 3 (optionnal): configure DMZ
# Default: eth2 / fixed IP = 192.168.1.100
auto eth2
iface eth2 inet static
address 192.168.10.100
masklen 24
broadcast 192.168.10.255
Yahoo! Mail (http://dk.mail.yahoo.com) - Gratis: 6 MB lagerplads, spamfilter og
virusscan
-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills. Sign up for IBM's
Free Linux Tutorials. Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
