Here's the latest post from Florian. I can't spend any more time on this
today but hopefully someone else on the list can help.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ [EMAIL PROTECTED]
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
--- Begin Message ---
| No. Is that the missing file? |
TERM environment variable not set.
Shorewall-1.4.8 Status at servroute.ifuma.intern - Thu Oct 18 17:28:27 UTC 2007
Counters reset Thu Oct 18 17:28:21 UTC 2007
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 DROP !icmp -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID
45 4372 ppp_in all -- ppp+ * 0.0.0.0/0 0.0.0.0/0
1 72 eth1_in all -- eth1 * 0.0.0.0/0 0.0.0.0/0
1 72 eth0_in all -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 common all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 7 prefix `Shorewall:INPUT:REJECT:'
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP !icmp -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID
0 0 ppp_fwd all -- ppp+ * 0.0.0.0/0 0.0.0.0/0
0 0 eth1_fwd all -- eth1 * 0.0.0.0/0 0.0.0.0/0
0 0 eth0_fwd all -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 common all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 7 prefix `Shorewall:FORWARD:REJECT:'
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 DROP !icmp -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID
41 22260 fw2all all -- * ppp+ 0.0.0.0/0 0.0.0.0/0
1 72 fw2masq all -- * eth1 0.0.0.0/0 0.0.0.0/0
1 72 fw2loc all -- * eth0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain all2all (0 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
state NEW tcp flags:!0x16/0x02
0 0 common all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 7 prefix `Shorewall:all2all:REJECT:'
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
Chain common (4 references)
pkts bytes target prot opt in out source destination
0 0 icmpdef icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:135
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:137:139
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:445
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:139
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:445
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:135
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1900
0 0 DROP all -- * * 0.0.0.0/0
255.255.255.255
0 0 DROP all -- * * 0.0.0.0/0 224.0.0.0/4
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:113
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:53 state NEW
0 0 DROP all -- * * 0.0.0.0/0
192.168.0.255
0 0 DROP all -- * * 0.0.0.0/0
192.168.10.255
Chain dynamic (6 references)
pkts bytes target prot opt in out source destination
Chain eth0_fwd (1 references)
pkts bytes target prot opt in out source destination
0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
state NEW
0 0 loc2all all -- * ppp+ 0.0.0.0/0 0.0.0.0/0
0 0 loc2all all -- * eth1 0.0.0.0/0 0.0.0.0/0
Chain eth0_in (1 references)
pkts bytes target prot opt in out source destination
1 72 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
state NEW
1 72 loc2fw all -- * * 0.0.0.0/0 0.0.0.0/0
Chain eth1_fwd (1 references)
pkts bytes target prot opt in out source destination
0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
state NEW
0 0 masq2all all -- * ppp+ 0.0.0.0/0 0.0.0.0/0
0 0 masq2all all -- * eth0 0.0.0.0/0 0.0.0.0/0
Chain eth1_in (1 references)
pkts bytes target prot opt in out source destination
1 72 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
state NEW
1 72 masq2fw all -- * * 0.0.0.0/0 0.0.0.0/0
Chain fw2all (3 references)
pkts bytes target prot opt in out source destination
40 22188 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
state NEW tcp flags:!0x16/0x02
3 216 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain fw2loc (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
state NEW tcp flags:!0x16/0x02
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 137,139,445 state NEW
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
state NEW udp dpts:137:139
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
state NEW tcp dpt:68
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
state NEW udp dpt:68
1 72 fw2all all -- * * 0.0.0.0/0 0.0.0.0/0
Chain fw2masq (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
state NEW tcp flags:!0x16/0x02
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 631,515,137,138,139 state NEW
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 631,515,137,138,139 state NEW
1 72 fw2all all -- * * 0.0.0.0/0 0.0.0.0/0
Chain icmpdef (1 references)
pkts bytes target prot opt in out source destination
Chain loc2all (3 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
state NEW tcp flags:!0x16/0x02
1 72 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:loc2all:ACCEPT:'
1 72 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain loc2fw (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
state NEW tcp flags:!0x16/0x02
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
state NEW tcp dpt:5901
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 3128,67 state NEW
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
state NEW udp dpt:67
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 137,139,445 state NEW
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
state NEW udp dpts:137:139
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 10000,443 state NEW
1 72 loc2all all -- * * 0.0.0.0/0 0.0.0.0/0
Chain masq2all (3 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
state NEW tcp flags:!0x16/0x02
1 72 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:masq2all:ACCEPT:'
1 72 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain masq2fw (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
state NEW tcp flags:!0x16/0x02
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 53,67,80,443,631,143,119,123,110,25 state NEW
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 53,67,80,443,631,143,119,123,110,25 state NEW
1 72 masq2all all -- * * 0.0.0.0/0 0.0.0.0/0
Chain net2all (3 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
state NEW tcp flags:!0x16/0x02
3 144 common all -- * * 0.0.0.0/0 0.0.0.0/0
3 144 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 7 prefix `Shorewall:net2all:DROP:'
3 144 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain net2fw (1 references)
pkts bytes target prot opt in out source destination
40 4100 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
state NEW tcp flags:!0x16/0x02
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
state NEW tcp dpt:5901
2 128 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 10000,443 state NEW
3 144 net2all all -- * * 0.0.0.0/0 0.0.0.0/0
Chain newnotsyn (10 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:newnotsyn:DROP:'
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ppp_fwd (1 references)
pkts bytes target prot opt in out source destination
0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
state NEW
0 0 net2all all -- * eth1 0.0.0.0/0 0.0.0.0/0
0 0 net2all all -- * eth0 0.0.0.0/0 0.0.0.0/0
Chain ppp_in (1 references)
pkts bytes target prot opt in out source destination
5 272 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
state NEW
45 4372 net2fw all -- * * 0.0.0.0/0 0.0.0.0/0
Chain reject (10 references)
pkts bytes target prot opt in out source destination
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with tcp-reset
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-port-unreachable
0 0 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-unreachable
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-prohibited
Chain shorewall (0 references)
pkts bytes target prot opt in out source destination
Oct 18 17:26:17 loc2all:ACCEPT:IN=eth0 OUT=ppp0 SRC=192.168.10.71
DST=88.73.22.144 LEN=78 TOS=0x00 PREC=0x00 TTL=127 ID=46408 PROTO=UDP SPT=137
DPT=137 LEN=58
Oct 18 17:26:23 loc2all:ACCEPT:IN=eth0 OUT=ppp0 SRC=192.168.10.71
DST=217.237.150.97 LEN=74 TOS=0x00 PREC=0x00 TTL=127 ID=46423 PROTO=UDP
SPT=2417 DPT=53 LEN=54
Oct 18 17:26:23 loc2all:ACCEPT:IN=eth0 OUT=ppp0 SRC=192.168.10.71
DST=217.237.150.97 LEN=71 TOS=0x00 PREC=0x00 TTL=127 ID=46425 PROTO=UDP
SPT=2418 DPT=53 LEN=51
Oct 18 17:26:23 loc2all:ACCEPT:IN=eth0 OUT= SRC=192.168.10.1 DST=192.168.10.255
LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=520 DPT=520 LEN=52
Oct 18 17:26:23 masq2all:ACCEPT:IN=eth1 OUT= SRC=192.168.0.1 DST=192.168.0.255
LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=520 DPT=520 LEN=52
Oct 18 17:26:29 loc2all:ACCEPT:IN=eth0 OUT=ppp0 SRC=192.168.10.71
DST=217.237.150.97 LEN=66 TOS=0x00 PREC=0x00 TTL=127 ID=46552 PROTO=UDP
SPT=2421 DPT=53 LEN=46
Oct 18 17:26:30 loc2all:ACCEPT:IN=eth0 OUT=ppp0 SRC=192.168.10.71
DST=217.237.150.97 LEN=69 TOS=0x00 PREC=0x00 TTL=127 ID=46553 PROTO=UDP
SPT=2422 DPT=53 LEN=49
Oct 18 17:26:39 loc2all:ACCEPT:IN=eth0 OUT= SRC=192.168.10.1 DST=192.168.10.255
LEN=152 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=631 DPT=631 LEN=132
Oct 18 17:26:46 newnotsyn:DROP:IN=ppp0 OUT= SRC=88.73.22.144 DST=80.135.181.177
LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=15064 DF PROTO=TCP SPT=50147 DPT=5901
WINDOW=65535 RES=0x00 ACK RST URGP=0
Oct 18 17:26:53 loc2all:ACCEPT:IN=eth0 OUT= SRC=192.168.10.1 DST=192.168.10.255
LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=520 DPT=520 LEN=52
Oct 18 17:26:53 masq2all:ACCEPT:IN=eth1 OUT= SRC=192.168.0.1 DST=192.168.0.255
LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=520 DPT=520 LEN=52
Oct 18 17:27:10 loc2all:ACCEPT:IN=eth0 OUT= SRC=192.168.10.1 DST=192.168.10.255
LEN=152 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=631 DPT=631 LEN=132
Oct 18 17:27:23 loc2all:ACCEPT:IN=eth0 OUT= SRC=192.168.10.1 DST=192.168.10.255
LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=520 DPT=520 LEN=52
Oct 18 17:27:23 masq2all:ACCEPT:IN=eth1 OUT= SRC=192.168.0.1 DST=192.168.0.255
LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=520 DPT=520 LEN=52
Oct 18 17:27:41 loc2all:ACCEPT:IN=eth0 OUT= SRC=192.168.10.1 DST=192.168.10.255
LEN=152 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=631 DPT=631 LEN=132
Oct 18 17:27:53 loc2all:ACCEPT:IN=eth0 OUT= SRC=192.168.10.1 DST=192.168.10.255
LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=520 DPT=520 LEN=52
Oct 18 17:27:53 masq2all:ACCEPT:IN=eth1 OUT= SRC=192.168.0.1 DST=192.168.0.255
LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=520 DPT=520 LEN=52
Oct 18 17:28:12 loc2all:ACCEPT:IN=eth0 OUT= SRC=192.168.10.1 DST=192.168.10.255
LEN=152 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=631 DPT=631 LEN=132
Oct 18 17:28:23 loc2all:ACCEPT:IN=eth0 OUT= SRC=192.168.10.1 DST=192.168.10.255
LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=520 DPT=520 LEN=52
Oct 18 17:28:23 masq2all:ACCEPT:IN=eth1 OUT= SRC=192.168.0.1 DST=192.168.0.255
LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=520 DPT=520 LEN=52
NAT Table
Chain PREROUTING (policy ACCEPT 8667 packets, 493K bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 6843 packets, 541K bytes)
pkts bytes target prot opt in out source destination
1 72 ppp_masq all -- * ppp+ 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 6766 packets, 538K bytes)
pkts bytes target prot opt in out source destination
Chain ppp_masq (1 references)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE all -- * * 192.168.10.0/24 0.0.0.0/0
Mangle Table
Chain PREROUTING (policy ACCEPT 287K packets, 65M bytes)
pkts bytes target prot opt in out source destination
78 6180 pretos all -- * * 0.0.0.0/0 0.0.0.0/0
Chain INPUT (policy ACCEPT 287K packets, 65M bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 630 packets, 55008 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 330K packets, 96M bytes)
pkts bytes target prot opt in out source destination
77 57443 outtos all -- * * 0.0.0.0/0 0.0.0.0/0
Chain POSTROUTING (policy ACCEPT 333K packets, 97M bytes)
pkts bytes target prot opt in out source destination
Chain outtos (1 references)
pkts bytes target prot opt in out source destination
Chain pretos (1 references)
pkts bytes target prot opt in out source destination
tcp 6 431875 ESTABLISHED src=80.135.181.177 dst=77.242.193.129 sport=36240
dport=443 src=77.242.193.129 dst=80.135.181.177 sport=443 dport=36240 [ASSURED]
use=1
udp 17 7 src=192.168.10.1 dst=192.168.10.255 sport=631 dport=631
[UNREPLIED] src=192.168.10.255 dst=192.168.10.1 sport=631 dport=631 use=1
udp 17 19 src=192.168.10.1 dst=192.168.10.255 sport=520 dport=520
[UNREPLIED] src=192.168.10.255 dst=192.168.10.1 sport=520 dport=520 use=1
udp 17 173 src=80.135.181.177 dst=217.237.150.115 sport=32865 dport=53
src=217.237.150.115 dst=80.135.181.177 sport=53 dport=32865 [ASSURED] use=1
tcp 6 431981 ESTABLISHED src=192.168.10.71 dst=192.168.10.1 sport=1185
dport=3128 src=192.168.10.1 dst=192.168.10.71 sport=3128 dport=1185 [ASSURED]
use=1
udp 17 19 src=192.168.0.1 dst=192.168.0.255 sport=520 dport=520
[UNREPLIED] src=192.168.0.255 dst=192.168.0.1 sport=520 dport=520 use=1
tcp 6 431676 ESTABLISHED src=192.168.10.71 dst=192.168.10.1 sport=1191
dport=139 src=192.168.10.1 dst=192.168.10.71 sport=139 dport=1191 [ASSURED]
use=1
tcp 6 431875 ESTABLISHED src=80.135.181.177 dst=77.242.193.129 sport=36238
dport=443 src=77.242.193.129 dst=80.135.181.177 sport=443 dport=36238 [ASSURED]
use=1
tcp 6 431817 ESTABLISHED src=80.135.181.177 dst=77.242.193.129 sport=36237
dport=443 src=77.242.193.129 dst=80.135.181.177 sport=443 dport=36237 [ASSURED]
use=1
tcp 6 431874 ESTABLISHED src=192.168.10.71 dst=192.168.10.1 sport=2419
dport=3128 src=192.168.10.1 dst=192.168.10.71 sport=3128 dport=2419 [ASSURED]
use=1
tcp 6 431875 ESTABLISHED src=192.168.10.71 dst=192.168.10.1 sport=2414
dport=3128 src=192.168.10.1 dst=192.168.10.71 sport=3128 dport=2414 [ASSURED]
use=1
tcp 6 431903 ESTABLISHED src=80.135.181.177 dst=77.242.193.129 sport=36241
dport=443 src=77.242.193.129 dst=80.135.181.177 sport=443 dport=36241 [ASSURED]
use=1
tcp 6 431817 ESTABLISHED src=192.168.10.71 dst=192.168.10.1 sport=2413
dport=3128 src=192.168.10.1 dst=192.168.10.71 sport=3128 dport=2413 [ASSURED]
use=1
tcp 6 431981 ESTABLISHED src=80.135.181.177 dst=77.242.193.129 sport=32769
dport=443 src=77.242.193.129 dst=80.135.181.177 sport=443 dport=32769 [ASSURED]
use=1
tcp 6 431904 ESTABLISHED src=192.168.10.75 dst=192.168.10.1 sport=1201
dport=139 src=192.168.10.1 dst=192.168.10.75 sport=139 dport=1201 [ASSURED]
use=1
udp 17 19 src=80.135.181.177 dst=217.0.116.150 sport=520 dport=520
[UNREPLIED] src=217.0.116.150 dst=80.135.181.177 sport=520 dport=520 use=1
tcp 6 431903 ESTABLISHED src=192.168.10.71 dst=192.168.10.1 sport=2420
dport=3128 src=192.168.10.1 dst=192.168.10.71 sport=3128 dport=2420 [ASSURED]
use=1
tcp 6 431999 ESTABLISHED src=88.73.22.144 dst=80.135.181.177 sport=50163
dport=10000 src=80.135.181.177 dst=88.73.22.144 sport=10000 dport=50163
[ASSURED] use=1
udp 17 7 src=192.168.0.1 dst=192.168.0.255 sport=631 dport=631 [UNREPLIED]
src=192.168.0.255 dst=192.168.0.1 sport=631 dport=631 use=1
Am 18.10.2007 um 17:58 schrieb Tom Eastep: Florian Zschocke wrote: Thank you for your fast response Sorry for sending you empty files. In /etc/shorewall/shorewall.conf i have only two lines:
MACLIST_DISPOSITION=REJECT TCP_FLAGS_DISPOSITION=DROP
are these correct? And I add a line IP_FORWARDING=ON
Did that solve the problem (after "shorewall restart")?
-Tom
sending large files that can't be sent to the mailing list. Please keep this discussion on the mailing list.
-Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
|
--- End Message ---
signature.asc
Description: OpenPGP digital signature
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
