gravity paul # /etc/init.d/shorewall start
* Starting firewall ...
iptables v1.3.8: Unknown arg `--to-destination'
Try `iptables -h' or 'iptables --help' for more information.
ERROR: Command "/sbin/iptables -t nat -A common_in -d eth1 -j DNAT
--to-destination" Failed
/sbin/shorewall: line 375: 7474 Terminated ${VARDIR}/.start
$debugging start [ !! ]
AFAIK its a 2 -interface connection . eth1 get an address by DHCP and is
giving out on eth0 176.0.0.x to a few clients.
gravity paul # shorewall show
Shorewall 3.4.6 filter Table at gravity - Wed Nov 21 19:54:15 GMT 2007
Counters reset Fri Jan 12 08:51:25 UTC 2007
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
1 236 ACCEPT all -- eth1 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
gravity paul # shorewall dump
Shorewall 3.4.6 Dump at gravity - Wed Nov 21 19:54:55 GMT 2007
Counters reset Fri Jan 12 08:51:25 UTC 2007
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
1 236 ACCEPT all -- eth1 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
Log (/var/log/messages)
NAT Table
Chain PREROUTING (policy ACCEPT 1 packets, 236 bytes)
pkts bytes target prot opt in out source
destination
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
Mangle Table
Chain PREROUTING (policy ACCEPT 1 packets, 236 bytes)
pkts bytes target prot opt in out source
destination
Chain INPUT (policy ACCEPT 1 packets, 236 bytes)
pkts bytes target prot opt in out source
destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
Chain OUTPUT (policy ACCEPT 545 packets, 110K bytes)
pkts bytes target prot opt in out source
destination
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
Conntrack Table
tcp 6 431866 ESTABLISHED src=192.168.0.4 dst=216.113.188.37
sport=53326 dport=80 packets=1 bytes=40 [UNREPLIED] src=216.113.188.37
dst=192.168.0.4 sport=80 dport=53326 packets=0 bytes=0 mark=0 use=1
IP Configuration
1: lo: <LOOPBACK,UP,10000> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
2: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast
qlen 1000
link/ether 00:0e:a6:b4:47:65 brd ff:ff:ff:ff:ff:ff
inet 176.0.0.1/24 brd 176.0.0.255 scope global eth0
3: eth1: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:0c:f1:2f:d2:bb brd ff:ff:ff:ff:ff:ff
inet 192.168.0.4/24 brd 192.168.0.255 scope global eth1
IP Stats
1: lo: <LOOPBACK,UP,10000> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
RX: bytes packets errors dropped overrun mcast
10421 183 0 0 0 0
TX: bytes packets errors dropped carrier collsns
10421 183 0 0 0 0
2: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast
qlen 1000
link/ether 00:0e:a6:b4:47:65 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
0 0 0 0 0 0
3: eth1: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:0c:f1:2f:d2:bb brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
1474456 1307 0 0 0 0
TX: bytes packets errors dropped carrier collsns
164686 1093 0 0 0 0
/proc
/proc/version = Linux version 2.6.22-gentoo-r8 ([EMAIL PROTECTED]) (gcc
version 4.1.2 (Gentoo 4.1.2)) #5 PREEMPT Wed Nov 21 19:36:46 GMT 2007
/proc/sys/net/ipv4/ip_forward = 1
/proc/sys/net/ipv4/icmp_echo_ignore_all = 0
/proc/sys/net/ipv4/conf/all/proxy_arp = 0
/proc/sys/net/ipv4/conf/all/arp_filter = 0
/proc/sys/net/ipv4/conf/all/arp_ignore = 0
/proc/sys/net/ipv4/conf/all/rp_filter = 1
/proc/sys/net/ipv4/conf/all/log_martians = 0
/proc/sys/net/ipv4/conf/default/proxy_arp = 0
/proc/sys/net/ipv4/conf/default/arp_filter = 0
/proc/sys/net/ipv4/conf/default/arp_ignore = 0
/proc/sys/net/ipv4/conf/default/rp_filter = 1
/proc/sys/net/ipv4/conf/default/log_martians = 0
/proc/sys/net/ipv4/conf/eth0/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth0/arp_filter = 0
/proc/sys/net/ipv4/conf/eth0/arp_ignore = 0
/proc/sys/net/ipv4/conf/eth0/rp_filter = 1
/proc/sys/net/ipv4/conf/eth0/log_martians = 0
/proc/sys/net/ipv4/conf/eth1/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth1/arp_filter = 0
/proc/sys/net/ipv4/conf/eth1/arp_ignore = 0
/proc/sys/net/ipv4/conf/eth1/rp_filter = 1
/proc/sys/net/ipv4/conf/eth1/log_martians = 0
/proc/sys/net/ipv4/conf/lo/proxy_arp = 0
/proc/sys/net/ipv4/conf/lo/arp_filter = 0
/proc/sys/net/ipv4/conf/lo/arp_ignore = 0
/proc/sys/net/ipv4/conf/lo/rp_filter = 1
/proc/sys/net/ipv4/conf/lo/log_martians = 0
Routing Rules
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
Table default:
Table local:
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
broadcast 192.168.0.255 dev eth1 proto kernel scope link src 192.168.0.4
broadcast 176.0.0.255 dev eth0 proto kernel scope link src 176.0.0.1
broadcast 192.168.0.0 dev eth1 proto kernel scope link src 192.168.0.4
broadcast 176.0.0.0 dev eth0 proto kernel scope link src 176.0.0.1
local 176.0.0.1 dev eth0 proto kernel scope host src 176.0.0.1
local 192.168.0.4 dev eth1 proto kernel scope host src 192.168.0.4
broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1
Table main:
192.168.0.0/24 dev eth1 scope link metric 2000
176.0.0.0/24 dev eth0 proto kernel scope link src 176.0.0.1
169.254.0.0/16 dev eth1 scope link metric 2000
127.0.0.0/8 dev lo scope link
default via 192.168.0.1 dev eth1 metric 2000
ARP
? (192.168.0.1) at 00:1B:2F:A1:9B:62 [ether] on eth1
Modules
ip_tables 9032 4
iptable_raw,iptable_mangle,iptable_nat,iptable_filter
ipt_ECN 2432 0
ipt_LOG 5248 0
ipt_MASQUERADE 2560 0
ipt_NETMAP 1792 0
ipt_REDIRECT 1792 0
ipt_REJECT 3328 0
ipt_SAME 1920 0
ipt_TOS 1792 0
ipt_TTL 1920 0
ipt_ULOG 6148 0
ipt_addrtype 1664 0
ipt_ah 1664 0
ipt_ecn 1920 0
ipt_iprange 1664 0
ipt_owner 1792 0
ipt_recent 7064 0
ipt_tos 1408 0
ipt_ttl 1664 0
iptable_filter 2304 1
iptable_mangle 2176 0
iptable_nat 5636 0
iptable_raw 1920 0
nf_conntrack 47832 8
xt_state,xt_CONNMARK,xt_connmark,xt_conntrack,ipt_MASQUERADE,iptable_nat,nf_nat,nf_conntrack_ipv4
nf_conntrack_ipv4 12556 4 iptable_nat
nf_nat 13996 5
ipt_SAME,ipt_REDIRECT,ipt_NETMAP,ipt_MASQUERADE,iptable_nat
xt_CLASSIFY 1664 0
xt_CONNMARK 2304 0
xt_MARK 2048 0
xt_comment 1664 0
xt_connmark 1920 0
xt_conntrack 2304 0
xt_length 1792 0
xt_multiport 2816 0
xt_physdev 2320 0
xt_pkttype 1664 0
xt_policy 3200 0
xt_state 2048 2
xt_tcpmss 1920 0
xt_tcpudp 2816 0
Shorewall has detected the following iptables/netfilter capabilities:
NAT: Available
Packet Mangling: Available
Multi-port Match: Available
Extended Multi-port Match: Available
Connection Tracking Match: Available
Packet Type Match: Available
Policy Match: Available
Physdev Match: Available
Packet length Match: Available
IP range Match: Available
Recent Match: Not available
Owner Match: Available
Ipset Match: Not available
CONNMARK Target: Available
Extended CONNMARK Target: Available
Connmark Match: Available
Extended Connmark Match: Available
Raw Table: Available
IPP2P Match: Not available
CLASSIFY Target: Available
Extended REJECT: Available
Repeat match: Available
MARK Target: Available
Extended MARK Target: Available
Mangle FORWARD Chain: Available
Comments: Available
Address Type Match: Available
TCPMSS Match: Available
Hashlimit Match: Not available
Traffic Control
Device eth0:
qdisc pfifo_fast 0: root bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
Device eth1:
qdisc pfifo_fast 0: root bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
Sent 171244 bytes 1093 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
TC Filters
Device eth0:
Device eth1:
gravity paul #
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
