Hi guys,
I have a very simple setup
ADSL Mode (bridge mode) -- eth0-shorewall masq-eth1 -- internal lan
Using PPPOE on a leaf bering-uclibc machine
All seems to work I can surf the web from my machines on the lan no issues
at all, but I can't get my simple DNAT rule to work.
I just want to pass port 80 into my local machine on 10.0.10.40 (this was
working perfectly on my old setup, but I lost the config (dead floppy disk),
and of course stupid me no backup, it was a shorewall 2.x machine, bout time
I upgraded either way).
So I setup a new machine, new shorewall 3.4.5 version and can't get a simple
DNAT to work.
I don't get denies in shorewall.log and shorewall show nat shows the
counters on that rule incrementing, I did the read the FAQ about gateway on
machine etc, but it all worked perfectly on the old setup. The only thing
that has changed is the new shorewall box.
Notes:
My ISP does NOT block incoming ports.
My internal machine on 10.0.10.40 can ping 10.0.10.1 (eth1) I cleared the
arp table, rebooted the machine, and can surf the web fine from 10.0.10.40
External IP is 202.10.93.183 via pppoe.
I'm sure I've missed something very simple...
shorewall dump attached
Cheers
Ad
Shorewall 3.4.5 Dump at firewall - Fri Jul 20 10:56:18 UTC 2007
Counters reset Fri Jul 20 10:51:58 UTC 2007
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
108 50917 ppp0_in all -- ppp0 * 0.0.0.0/0 0.0.0.0/0
559 40928 eth1_in all -- eth1 * 0.0.0.0/0 0.0.0.0/0
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ULOG all -- * * 0.0.0.0/0 0.0.0.0/0
ULOG copy_range 0 nlgroup 1 prefix `Shorewall:INPUT:REJECT:'
queue_threshold 1
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
56 2864 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:0x06/0x02 TCPMSS clamp to PMTU
675 493K ppp0_fwd all -- ppp0 * 0.0.0.0/0 0.0.0.0/0
573 71540 eth1_fwd all -- eth1 * 0.0.0.0/0 0.0.0.0/0
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ULOG all -- * * 0.0.0.0/0 0.0.0.0/0
ULOG copy_range 0 nlgroup 1 prefix `Shorewall:FORWARD:REJECT:'
queue_threshold 1
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
8 506 ppp0_out all -- * ppp0 0.0.0.0/0 0.0.0.0/0
385 87856 eth1_out all -- * eth1 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain Drop (3 references)
pkts bytes target prot opt in out source destination
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:113
100 50411 dropBcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 3 code 4
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 11
100 50411 dropInvalid all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,445
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:137:139
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:137 dpts:1024:65535
1 48 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,139,445
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1900
8 404 dropNotSyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:53
Chain Reject (3 references)
pkts bytes target prot opt in out source destination
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:113
0 0 dropBcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 3 code 4
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 11
0 0 dropInvalid all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,445
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:137:139
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:137 dpts:1024:65535
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,139,445
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1900
0 0 dropNotSyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:53
Chain all2all (0 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ULOG all -- * * 0.0.0.0/0 0.0.0.0/0
ULOG copy_range 0 nlgroup 1 prefix `Shorewall:all2all:REJECT:'
queue_threshold 1
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
Chain dropBcast (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
PKTTYPE = broadcast
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
PKTTYPE = multicast
Chain dropInvalid (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID
Chain dropNotSyn (2 references)
pkts bytes target prot opt in out source destination
8 404 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:!0x17/0x02
Chain dynamic (4 references)
pkts bytes target prot opt in out source destination
Chain eth1_fwd (1 references)
pkts bytes target prot opt in out source destination
51 3266 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
573 71540 loc2net all -- * ppp0 0.0.0.0/0 0.0.0.0/0
Chain eth1_in (1 references)
pkts bytes target prot opt in out source destination
197 15656 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
559 40928 loc2fw all -- * * 0.0.0.0/0 0.0.0.0/0
Chain eth1_out (1 references)
pkts bytes target prot opt in out source destination
385 87856 fw2loc all -- * * 0.0.0.0/0 0.0.0.0/0
Chain fw2all (0 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain fw2loc (1 references)
pkts bytes target prot opt in out source destination
383 87688 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
2 168 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain fw2net (1 references)
pkts bytes target prot opt in out source destination
8 506 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:53
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:53
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT esp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT ah -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:500 state NEW
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain loc2all (0 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain loc2fw (1 references)
pkts bytes target prot opt in out source destination
362 25272 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:53
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:53
1 52 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:22
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 8
196 15604 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain loc2net (1 references)
pkts bytes target prot opt in out source destination
522 68274 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
51 3266 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logdrop (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:logdrop:DROP:'
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logreject (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:logreject:REJECT:'
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
Chain net2all (0 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 Drop all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ULOG all -- * * 0.0.0.0/0 0.0.0.0/0
ULOG copy_range 0 nlgroup 1 prefix `Shorewall:net2all:DROP:'
queue_threshold 1
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain net2fw (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
8 506 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 8
0 0 ACCEPT esp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT ah -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:500 state NEW
100 50411 Drop all -- * * 0.0.0.0/0 0.0.0.0/0
91 49959 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:net2fw:DROP:'
91 49959 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain net2loc (1 references)
pkts bytes target prot opt in out source destination
669 493K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
6 288 ACCEPT tcp -- * * 0.0.0.0/0 10.0.10.40
tcp dpt:80
0 0 Drop all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:net2loc:DROP:'
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ppp0_fwd (1 references)
pkts bytes target prot opt in out source destination
6 288 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
675 493K net2loc all -- * eth1 0.0.0.0/0 0.0.0.0/0
Chain ppp0_in (1 references)
pkts bytes target prot opt in out source destination
108 50917 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
108 50917 net2fw all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ppp0_out (1 references)
pkts bytes target prot opt in out source destination
8 506 fw2net all -- * * 0.0.0.0/0 0.0.0.0/0
Chain reject (10 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
PKTTYPE = broadcast
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
PKTTYPE = multicast
0 0 DROP all -- * * 255.255.255.255 0.0.0.0/0
0 0 DROP all -- * * 224.0.0.0/4 0.0.0.0/0
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with tcp-reset
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-port-unreachable
0 0 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-unreachable
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-prohibited
Chain shorewall (0 references)
pkts bytes target prot opt in out source destination
Chain smurfs (0 references)
pkts bytes target prot opt in out source destination
0 0 ULOG all -- * * 10.0.10.255 0.0.0.0/0
ULOG copy_range 0 nlgroup 1 prefix `Shorewall:smurfs:DROP:'
queue_threshold 1
0 0 DROP all -- * * 10.0.10.255 0.0.0.0/0
0 0 ULOG all -- * * 255.255.255.255 0.0.0.0/0
ULOG copy_range 0 nlgroup 1 prefix `Shorewall:smurfs:DROP:'
queue_threshold 1
0 0 DROP all -- * * 255.255.255.255 0.0.0.0/0
0 0 ULOG all -- * * 224.0.0.0/4 0.0.0.0/0
ULOG copy_range 0 nlgroup 1 prefix `Shorewall:smurfs:DROP:'
queue_threshold 1
0 0 DROP all -- * * 224.0.0.0/4 0.0.0.0/0
Log (/var/log/shorewall.log)
NAT Table
Chain PREROUTING (policy ACCEPT 145 packets, 53720 bytes)
pkts bytes target prot opt in out source destination
114 51205 net_dnat all -- ppp0 * 0.0.0.0/0 0.0.0.0/0
Chain POSTROUTING (policy ACCEPT 12 packets, 664 bytes)
pkts bytes target prot opt in out source destination
34 2362 ppp0_masq all -- * ppp0 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 2 packets, 168 bytes)
pkts bytes target prot opt in out source destination
Chain net_dnat (1 references)
pkts bytes target prot opt in out source destination
6 288 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:80 to:10.0.10.40
Chain ppp0_masq (1 references)
pkts bytes target prot opt in out source destination
30 2154 MASQUERADE all -- * * 10.0.10.0/24 0.0.0.0/0
Mangle Table
Chain PREROUTING (policy ACCEPT 1915 packets, 656K bytes)
pkts bytes target prot opt in out source destination
1915 656K tcpre all -- * * 0.0.0.0/0 0.0.0.0/0
Chain INPUT (policy ACCEPT 667 packets, 91845 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 1248 packets, 565K bytes)
pkts bytes target prot opt in out source destination
1248 565K tcfor all -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 393 packets, 88362 bytes)
pkts bytes target prot opt in out source destination
393 88362 tcout all -- * * 0.0.0.0/0 0.0.0.0/0
Chain POSTROUTING (policy ACCEPT 1641 packets, 653K bytes)
pkts bytes target prot opt in out source destination
1641 653K tcpost all -- * * 0.0.0.0/0 0.0.0.0/0
Chain tcfor (1 references)
pkts bytes target prot opt in out source destination
Chain tcout (1 references)
pkts bytes target prot opt in out source destination
Chain tcpost (1 references)
pkts bytes target prot opt in out source destination
Chain tcpre (1 references)
pkts bytes target prot opt in out source destination
Conntrack Table
tcp 6 21 TIME_WAIT src=10.0.10.30 dst=65.54.228.26 sport=1334 dport=1863
src=65.54.228.26 dst=202.10.93.183 sport=1863 dport=1334 [ASSURED] use=1 mark=0
udp 17 29 src=10.0.10.10 dst=10.0.10.255 sport=137 dport=137 [UNREPLIED]
src=10.0.10.255 dst=10.0.10.10 sport=137 dport=137 use=1 mark=0
tcp 6 110 SYN_SENT src=192.168.246.1 dst=202.92.250.100 sport=1348
dport=139 [UNREPLIED] src=202.92.250.100 dst=192.168.246.1 sport=139 dport=1348
use=1 mark=0
tcp 6 110 SYN_SENT src=10.0.10.30 dst=202.92.250.100 sport=1346 dport=139
[UNREPLIED] src=202.92.250.100 dst=202.10.93.183 sport=139 dport=1346 use=1
mark=0
tcp 6 110 SYN_SENT src=192.168.198.1 dst=10.0.100.68 sport=1343 dport=139
[UNREPLIED] src=10.0.100.68 dst=192.168.198.1 sport=139 dport=1343 use=1 mark=0
tcp 6 110 SYN_SENT src=192.168.198.1 dst=202.92.250.100 sport=1347
dport=139 [UNREPLIED] src=202.92.250.100 dst=192.168.198.1 sport=139 dport=1347
use=1 mark=0
tcp 6 431999 ESTABLISHED src=10.0.10.30 dst=10.0.10.1 sport=1336 dport=22
src=10.0.10.1 dst=10.0.10.30 sport=22 dport=1336 [ASSURED] use=1 mark=0
tcp 6 110 SYN_SENT src=10.0.10.30 dst=10.0.100.68 sport=1342 dport=139
[UNREPLIED] src=10.0.100.68 dst=202.10.93.183 sport=139 dport=1342 use=1 mark=0
tcp 6 431944 ESTABLISHED src=10.0.10.30 dst=72.14.253.93 sport=1339
dport=80 src=72.14.253.93 dst=202.10.93.183 sport=80 dport=1339 [ASSURED] use=1
mark=0
udp 17 29 src=10.0.10.50 dst=203.94.159.98 sport=5060 dport=5060
[UNREPLIED] src=203.94.159.98 dst=202.10.93.183 sport=5060 dport=5060 use=1
mark=0
tcp 6 431994 ESTABLISHED src=10.0.10.30 dst=207.46.107.17 sport=1324
dport=1863 src=207.46.107.17 dst=202.10.93.183 sport=1863 dport=1324 [ASSURED]
use=1 mark=0
tcp 6 110 SYN_SENT src=10.0.10.30 dst=202.92.250.100 sport=1345 dport=445
[UNREPLIED] src=202.92.250.100 dst=202.10.93.183 sport=445 dport=1345 use=1
mark=0
tcp 6 110 SYN_SENT src=192.168.246.1 dst=10.0.100.68 sport=1344 dport=139
[UNREPLIED] src=10.0.100.68 dst=192.168.246.1 sport=139 dport=1344 use=1 mark=0
tcp 6 431998 ESTABLISHED src=10.0.10.30 dst=202.92.250.100 sport=1349
dport=3389 src=202.92.250.100 dst=202.10.93.183 sport=3389 dport=1349 [ASSURED]
use=1 mark=0
tcp 6 110 SYN_SENT src=10.0.10.30 dst=10.0.100.68 sport=1341 dport=445
[UNREPLIED] src=10.0.100.68 dst=202.10.93.183 sport=445 dport=1341 use=1 mark=0
IP Configuration
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
2: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
3: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:02:b3:5f:cd:13 brd ff:ff:ff:ff:ff:ff
4: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:02:b3:61:64:6e brd ff:ff:ff:ff:ff:ff
inet 10.0.10.1/24 brd 10.0.10.255 scope global eth1
5: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP> mtu 1492 qdisc pfifo_fast qlen 3
link/ppp
inet 202.10.93.183 peer 202.10.81.1/32 scope global ppp0
IP Stats
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
0 0 0 0 0 0
2: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
0 0 0 0 0 0
3: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:02:b3:5f:cd:13 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
563172 805 0 0 0 0
TX: bytes packets errors dropped carrier collsns
85704 604 0 0 0 0
4: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:02:b3:61:64:6e brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
132562 1134 0 0 0 0
TX: bytes packets errors dropped carrier collsns
596133 1062 0 0 0 0
5: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP> mtu 1492 qdisc pfifo_fast qlen 3
link/ppp
RX: bytes packets errors dropped overrun mcast
544490 786 0 0 0 0
TX: bytes packets errors dropped carrier collsns
72100 584 0 0 0 0
/proc
/proc/version = Linux version 2.4.33 ([EMAIL PROTECTED]) (gcc version 3.3.3)
#1 Sun Jan 14 12:15:07 CET 2007
/proc/sys/net/ipv4/ip_forward = 1
/proc/sys/net/ipv4/icmp_echo_ignore_all = 0
/proc/sys/net/ipv4/conf/all/proxy_arp = 0
/proc/sys/net/ipv4/conf/all/arp_filter = 0
/proc/sys/net/ipv4/conf/all/arp_ignore = 0
/proc/sys/net/ipv4/conf/all/rp_filter = 1
/proc/sys/net/ipv4/conf/all/log_martians = 0
/proc/sys/net/ipv4/conf/default/proxy_arp = 0
/proc/sys/net/ipv4/conf/default/arp_filter = 0
/proc/sys/net/ipv4/conf/default/arp_ignore = 0
/proc/sys/net/ipv4/conf/default/rp_filter = 0
/proc/sys/net/ipv4/conf/default/log_martians = 0
/proc/sys/net/ipv4/conf/eth1/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth1/arp_filter = 0
/proc/sys/net/ipv4/conf/eth1/arp_ignore = 0
/proc/sys/net/ipv4/conf/eth1/rp_filter = 0
/proc/sys/net/ipv4/conf/eth1/log_martians = 0
/proc/sys/net/ipv4/conf/lo/proxy_arp = 0
/proc/sys/net/ipv4/conf/lo/arp_filter = 0
/proc/sys/net/ipv4/conf/lo/arp_ignore = 0
/proc/sys/net/ipv4/conf/lo/rp_filter = 0
/proc/sys/net/ipv4/conf/lo/log_martians = 0
/proc/sys/net/ipv4/conf/ppp0/proxy_arp = 0
/proc/sys/net/ipv4/conf/ppp0/arp_filter = 0
/proc/sys/net/ipv4/conf/ppp0/arp_ignore = 0
/proc/sys/net/ipv4/conf/ppp0/rp_filter = 1
/proc/sys/net/ipv4/conf/ppp0/log_martians = 0
Routing Rules
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
Table default:
Table local:
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
local 10.0.10.1 dev eth1 proto kernel scope host src 10.0.10.1
broadcast 10.0.10.0 dev eth1 proto kernel scope link src 10.0.10.1
broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
local 202.10.93.183 dev ppp0 proto kernel scope host src 202.10.93.183
broadcast 10.0.10.255 dev eth1 proto kernel scope link src 10.0.10.1
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1
Table main:
202.10.81.1 dev ppp0 proto kernel scope link src 202.10.93.183
10.0.10.0/24 dev eth1 proto kernel scope link src 10.0.10.1
default dev ppp0 scope link
ARP
? (10.0.10.40) at 00:E0:18:05:28:A4 [ether] on eth1
? (10.0.10.30) at 00:16:17:9B:69:B9 [ether] on eth1
? (10.0.10.10) at 00:E0:18:05:28:A4 [ether] on eth1
Modules
ip_conntrack 16548 2 [ipt_state ipt_helper ipt_conntrack
ipt_REDIRECT ipt_MASQUERADE ip_nat_irc ip_nat_ftp iptable_nat ip_conntrack_irc
ip_conntrack_ftp]
ip_conntrack_ftp 3132 1
ip_conntrack_irc 2484 1
ip_nat_ftp 2152 0 (unused)
ip_nat_irc 1704 0 (unused)
ipt_MASQUERADE 1024 1
ipt_REDIRECT 480 0 (unused)
ipt_conntrack 692 0
ipt_helper 400 0 (unused)
ipt_ipp2p 5908 0
ipt_state 272 17
iptable_nat 14452 3 [ipt_REDIRECT ipt_MASQUERADE ip_nat_irc
ip_nat_ftp]
Shorewall has detected the following iptables/netfilter capabilities:
NAT: Available
Packet Mangling: Available
Multi-port Match: Available
Extended Multi-port Match: Not available
Connection Tracking Match: Not available
Packet Type Match: Available
Policy Match: Not available
Physdev Match: Not available
Packet length Match: Available
IP range Match: Not available
Recent Match: Not available
Owner Match: Not available
Ipset Match: Not available
CONNMARK Target: Not available
Connmark Match: Not available
Raw Table: Not available
IPP2P Match: Available
CLASSIFY Target: Not available
Extended REJECT: Available
Repeat match: Not available
MARK Target: Available
Extended MARK Target: Not available
Mangle FORWARD Chain: Available
Comments: Not available
Address Type Match: Not available
TCPMSS Match: Available
Traffic Control
TC Filters
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
