Tom Eastep wrote:
>
>
> Please post your diagram again -- this time, use a text editor to draw
> it and attach it as a text attachment. We couldn't make any sense out
> of your last diagram because it was turned into nonsense by your mailer.
>
> mess-mate wrote:
>
>>>
>> Hi,
>> attached the statux.txt.
>> a) it is
>> b)the machine is located in the dmz zone and is running very well
>> without any entry in /etc/shorewall/masq, for now
>
> You have chosen the name 'dmz' for the _only_ zone that this system
> interfaces to. But from the point of view of Netfilter (and
> Shorewall), this is just a standalone system with two IP addresses on
> its network interface. The fact that one of those addresses belongs to
> a Vserver guest is immaterial in so far as Shorewall is concerned.
>
>> c) no nat rules. The DNAT rule is given in the router machine and
>> redirect to my website actually on the host .
>
> So in other words, you have TWO systems running Shorewall?
>
>> DNAT $FW dmz:192.168.20.1 tcp 80 - $ETH0_IP
>> And i want my website in the vservers guest, so dmz:192.168.20.1 shall
>> become dmz:192.168.30.1 in the future when my problem is solved.
>
> So, if you "shorewall clear" on the Vserver host, does everything
> start working perfectly?
>
>>
>> Hope i clarify a little bit more :(
>
> Not really.
>
> If you have two Shorewall configurations, please collect a dump from
> both and describe exactly what doesn't work.
>
> -Tom
> ------------------------------------------------------------------------
>
>
Here is:
- a shorewall dump from the router: status-router.txt
- a diagram : diagram-lan.txt
The answer for your last question (So, if you "shorewall clear" on the
Vserver host, does everything start working perfectly? ) is no. This is
why i add a shorewall dump of the router machine.
I can't access the internet from my vserver-guest
I can ping from the router to the vserver-guest and vice-versa.
mess-mate
Shorewall-3.2.6 Dump at router - mercredi 16 avril 2008, 19:02:32 (UTC+0200)
Counters reset mercredi 16 avril 2008, 18:36:13 (UTC+0200)
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT 0 -- lo * 0.0.0.0/0 0.0.0.0/0
66 47817 ppp0_in 0 -- ppp0 * 0.0.0.0/0 0.0.0.0/0
308 23470 eth1_in 0 -- eth1 * 0.0.0.0/0 0.0.0.0/0
5 420 eth2_in 0 -- eth2 * 0.0.0.0/0 0.0.0.0/0
0 0 eth0_in 0 -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 Drop 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 4 prefix `Shorewall:INPUT:DROP:'
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
292 17568 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:0x06/0x02 TCPMSS clamp to PMTU
847 142K ppp0_fwd 0 -- ppp0 * 0.0.0.0/0 0.0.0.0/0
1745 124K eth1_fwd 0 -- eth1 * 0.0.0.0/0 0.0.0.0/0
1004 196K eth2_fwd 0 -- eth2 * 0.0.0.0/0 0.0.0.0/0
0 0 eth0_fwd 0 -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 Drop 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 4 prefix `Shorewall:FORWARD:DROP:'
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT 0 -- * lo 0.0.0.0/0 0.0.0.0/0
71 7132 fw2net 0 -- * ppp0 0.0.0.0/0 0.0.0.0/0
policy match dir out pol none
232 86301 fw2loc 0 -- * eth1 0.0.0.0/0 0.0.0.0/0
policy match dir out pol none
5 420 fw2dmz 0 -- * eth2 0.0.0.0/0 0.0.0.0/0
policy match dir out pol none
0 0 fw2rtr 0 -- * eth0 0.0.0.0/0 0.0.0.0/0
policy match dir out pol none
0 0 Drop 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:OUTPUT:DROP:'
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain Drop (10 references)
pkts bytes target prot opt in out source destination
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:113
0 0 dropBcast 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 3 code 4
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 11
0 0 dropInvalid 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,445
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:137:139
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:137 dpts:1024:65535
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,139,445
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1900
0 0 dropNotSyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:53
Chain Reject (0 references)
pkts bytes target prot opt in out source destination
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:113
0 0 dropBcast 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 3 code 4
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 11
0 0 dropInvalid 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,445
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:137:139
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:137 dpts:1024:65535
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,139,445
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1900
0 0 dropNotSyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:53
Chain all2all (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 Drop 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 4 prefix `Shorewall:all2all:DROP:'
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain dmz2all (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 Drop 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:dmz2all:DROP:'
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain dmz2fw (1 references)
pkts bytes target prot opt in out source destination
3 252 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
2 168 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 8
0 0 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain dmz2loc (1 references)
pkts bytes target prot opt in out source destination
781 184K ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 8
0 0 Drop 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:dmz2loc:DROP:'
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain dmz2net (1 references)
pkts bytes target prot opt in out source destination
194 11009 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
13 916 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:53
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:53
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 8
16 992 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain dropBcast (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
PKTTYPE = broadcast
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
PKTTYPE = multicast
Chain dropInvalid (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID
Chain dropNotSyn (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:!0x17/0x02
Chain dynamic (8 references)
pkts bytes target prot opt in out source destination
Chain eth0_fwd (1 references)
pkts bytes target prot opt in out source destination
0 0 dynamic 0 -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
0 0 all2all 0 -- * ppp0 0.0.0.0/0 0.0.0.0/0
policy match dir out pol none
0 0 rtr2loc 0 -- * eth1 0.0.0.0/0 0.0.0.0/0
policy match dir out pol none
0 0 rtr2dmz 0 -- * eth2 0.0.0.0/0 0.0.0.0/0
policy match dir out pol none
Chain eth0_in (1 references)
pkts bytes target prot opt in out source destination
0 0 dynamic 0 -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
0 0 all2all 0 -- * * 0.0.0.0/0 0.0.0.0/0
policy match dir in pol none
Chain eth1_fwd (1 references)
pkts bytes target prot opt in out source destination
259 16598 dynamic 0 -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
783 49211 loc2net 0 -- * ppp0 0.0.0.0/0 0.0.0.0/0
policy match dir out pol none
959 74303 loc2dmz 0 -- * eth2 0.0.0.0/0 0.0.0.0/0
policy match dir out pol none
3 186 loc2rtr 0 -- * eth0 0.0.0.0/0 0.0.0.0/0
policy match dir out pol none
Chain eth1_in (1 references)
pkts bytes target prot opt in out source destination
9 546 dynamic 0 -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
308 23470 loc2fw 0 -- * * 0.0.0.0/0 0.0.0.0/0
policy match dir in pol none
Chain eth2_fwd (1 references)
pkts bytes target prot opt in out source destination
29 1908 dynamic 0 -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
223 12917 dmz2net 0 -- * ppp0 0.0.0.0/0 0.0.0.0/0
policy match dir out pol none
781 184K dmz2loc 0 -- * eth1 0.0.0.0/0 0.0.0.0/0
policy match dir out pol none
0 0 dmz2all 0 -- * eth0 0.0.0.0/0 0.0.0.0/0
policy match dir out pol none
Chain eth2_in (1 references)
pkts bytes target prot opt in out source destination
2 168 dynamic 0 -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
5 420 dmz2fw 0 -- * * 0.0.0.0/0 0.0.0.0/0
policy match dir in pol none
Chain fw2all (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 Drop 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:fw2all:DROP:'
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain fw2dmz (1 references)
pkts bytes target prot opt in out source destination
2 168 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
3 252 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- * * 0.0.0.0/0
192.168.20.1 tcp dpt:80 ctorigdst 86.192.36.220
0 0 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain fw2loc (1 references)
pkts bytes target prot opt in out source destination
232 86301 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain fw2net (1 references)
pkts bytes target prot opt in out source destination
59 6401 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
6 371 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:53
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:53
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
6 360 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:80
0 0 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain fw2rtr (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:80
0 0 fw2all 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain loc2all (0 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 Drop 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:loc2all:DROP:'
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain loc2dmz (1 references)
pkts bytes target prot opt in out source destination
942 73283 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:22
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 8
17 1020 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain loc2fw (1 references)
pkts bytes target prot opt in out source destination
299 22924 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:22
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 8
6 360 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:3128
3 186 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain loc2net (1 references)
pkts bytes target prot opt in out source destination
544 33819 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
239 15392 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain loc2rtr (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:80
3 186 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain logdrop (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:logdrop:DROP:'
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain logreject (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:logreject:REJECT:'
0 0 reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain net2all (3 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 Drop 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 4 prefix `Shorewall:net2all:DROP:'
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain net2dmz (1 references)
pkts bytes target prot opt in out source destination
266 71805 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0
192.168.20.1 tcp dpt:80 ctorigdst 86.192.36.220
0 0 ACCEPT tcp -- * * 0.0.0.0/0
192.168.20.1 tcp dpt:443 ctorigdst 86.192.36.220
0 0 ACCEPT tcp -- * * 0.0.0.0/0
192.168.20.1 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0
192.168.20.1 tcp dpt:110
0 0 ACCEPT tcp -- * * 0.0.0.0/0
192.168.20.1 tcp dpt:25
0 0 net2all 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain net2fw (1 references)
pkts bytes target prot opt in out source destination
66 47817 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:443
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:443
0 0 DROP icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 8
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:22
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:113
0 0 net2all 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain net2loc (1 references)
pkts bytes target prot opt in out source destination
581 70546 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 Drop 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:net2loc:DROP:'
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain ppp0_fwd (1 references)
pkts bytes target prot opt in out source destination
0 0 dynamic 0 -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
581 70546 net2loc 0 -- * eth1 0.0.0.0/0 0.0.0.0/0
policy match dir out pol none
266 71805 net2dmz 0 -- * eth2 0.0.0.0/0 0.0.0.0/0
policy match dir out pol none
0 0 net2all 0 -- * eth0 0.0.0.0/0 0.0.0.0/0
policy match dir out pol none
Chain ppp0_in (1 references)
pkts bytes target prot opt in out source destination
0 0 dynamic 0 -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
66 47817 net2fw 0 -- * * 0.0.0.0/0 0.0.0.0/0
policy match dir in pol none
Chain reject (7 references)
pkts bytes target prot opt in out source destination
0 0 DROP 0 -- * * 192.168.20.255 0.0.0.0/0
0 0 DROP 0 -- * * 192.168.30.255 0.0.0.0/0
0 0 DROP 0 -- * * 255.255.255.255 0.0.0.0/0
0 0 DROP 0 -- * * 224.0.0.0/4 0.0.0.0/0
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
PKTTYPE = broadcast
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
PKTTYPE = multicast
0 0 DROP 0 -- * * 192.168.20.255 0.0.0.0/0
0 0 DROP 0 -- * * 192.168.30.255 0.0.0.0/0
0 0 DROP 0 -- * * 255.255.255.255 0.0.0.0/0
0 0 DROP 0 -- * * 224.0.0.0/4 0.0.0.0/0
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with tcp-reset
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-port-unreachable
0 0 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-unreachable
0 0 REJECT 0 -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-prohibited
Chain rtr2dmz (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain rtr2loc (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain shorewall (0 references)
pkts bytes target prot opt in out source destination
Chain smurfs (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG 0 -- * * 192.168.20.255 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'
0 0 DROP 0 -- * * 192.168.20.255 0.0.0.0/0
0 0 LOG 0 -- * * 192.168.30.255 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'
0 0 DROP 0 -- * * 192.168.30.255 0.0.0.0/0
0 0 LOG 0 -- * * 255.255.255.255 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'
0 0 DROP 0 -- * * 255.255.255.255 0.0.0.0/0
0 0 LOG 0 -- * * 224.0.0.0/4 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'
0 0 DROP 0 -- * * 224.0.0.0/4 0.0.0.0/0
Log (/var/log/messages)
Apr 16 13:48:39 net2all:DROP:IN=ppp0 OUT= SRC=220.165.8.32 DST=86.192.36.220
LEN=404 TOS=0x00 PREC=0x00 TTL=47 ID=4140 PROTO=UDP SPT=1500 DPT=1434 LEN=384
Apr 16 13:53:52 net2all:DROP:IN=ppp0 OUT= SRC=90.22.224.212 DST=86.192.36.220
LEN=95 TOS=0x00 PREC=0x00 TTL=121 ID=16486 PROTO=UDP SPT=19373 DPT=36404 LEN=75
Apr 16 14:00:36 net2all:DROP:IN=ppp0 OUT= SRC=202.97.238.204 DST=86.192.36.220
LEN=485 TOS=0x00 PREC=0x00 TTL=48 ID=0 DF PROTO=UDP SPT=43508 DPT=1026 LEN=465
Apr 16 14:30:15 net2all:DROP:IN=ppp0 OUT= SRC=218.64.237.219 DST=86.192.36.220
LEN=404 TOS=0x00 PREC=0x00 TTL=113 ID=51743 PROTO=UDP SPT=1069 DPT=1434 LEN=384
Apr 16 16:02:44 net2all:DROP:IN=ppp0 OUT= SRC=59.35.173.166 DST=86.192.36.220
LEN=126 TOS=0x00 PREC=0x00 TTL=112 ID=48797 PROTO=UDP SPT=23859 DPT=64399
LEN=106
Apr 16 16:02:50 net2all:DROP:IN=ppp0 OUT= SRC=59.35.173.166 DST=86.192.36.220
LEN=126 TOS=0x00 PREC=0x00 TTL=112 ID=49499 PROTO=UDP SPT=23859 DPT=64399
LEN=106
Apr 16 16:09:06 net2all:DROP:IN=ppp0 OUT= SRC=88.175.189.23 DST=86.192.36.220
LEN=64 TOS=0x00 PREC=0x00 TTL=36 ID=27696 DF PROTO=TCP SPT=3283 DPT=5901
WINDOW=53760 RES=0x00 SYN URGP=0
Apr 16 16:09:09 net2all:DROP:IN=ppp0 OUT= SRC=88.175.189.23 DST=86.192.36.220
LEN=64 TOS=0x00 PREC=0x00 TTL=36 ID=28765 DF PROTO=TCP SPT=3283 DPT=5901
WINDOW=53760 RES=0x00 SYN URGP=0
Apr 16 16:22:26 net2all:DROP:IN=ppp0 OUT= SRC=118.126.3.96 DST=86.192.36.220
LEN=40 TOS=0x00 PREC=0x00 TTL=104 ID=25743 PROTO=TCP SPT=6000 DPT=1433
WINDOW=16384 RES=0x00 SYN URGP=0
Apr 16 17:13:14 net2all:DROP:IN=ppp0 OUT= SRC=62.118.48.18 DST=86.192.36.220
LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=23578 DF PROTO=TCP SPT=1975 DPT=4899
WINDOW=16384 RES=0x00 SYN URGP=0
Apr 16 17:29:32 net2all:DROP:IN=ppp0 OUT= SRC=60.190.216.32 DST=86.192.36.220
LEN=40 TOS=0x00 PREC=0x00 TTL=102 ID=256 PROTO=TCP SPT=6000 DPT=1433
WINDOW=16384 RES=0x00 SYN URGP=0
Apr 16 17:30:34 net2all:DROP:IN=ppp0 OUT= SRC=86.104.20.2 DST=86.192.36.220
LEN=64 TOS=0x00 PREC=0x00 TTL=35 ID=39596 DF PROTO=TCP SPT=2479 DPT=1433
WINDOW=53760 RES=0x00 SYN URGP=0
Apr 16 17:30:37 net2all:DROP:IN=ppp0 OUT= SRC=86.104.20.2 DST=86.192.36.220
LEN=64 TOS=0x00 PREC=0x00 TTL=35 ID=40705 DF PROTO=TCP SPT=2479 DPT=1433
WINDOW=53760 RES=0x00 SYN URGP=0
Apr 16 17:43:52 net2all:DROP:IN=ppp0 OUT= SRC=86.106.40.14 DST=86.192.36.220
LEN=64 TOS=0x00 PREC=0x00 TTL=34 ID=40289 DF PROTO=TCP SPT=4145 DPT=5900
WINDOW=53760 RES=0x00 SYN URGP=0
Apr 16 17:50:39 net2all:DROP:IN=ppp0 OUT= SRC=221.208.208.86 DST=86.192.36.220
LEN=486 TOS=0x00 PREC=0x00 TTL=47 ID=0 DF PROTO=UDP SPT=48603 DPT=1026 LEN=466
Apr 16 18:21:02 net2all:DROP:IN=ppp0 OUT= SRC=80.12.242.49 DST=86.192.36.220
LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=18471 PROTO=TCP SPT=33391 DPT=25
WINDOW=5840 RES=0x00 SYN URGP=0
Apr 16 18:21:05 net2all:DROP:IN=ppp0 OUT= SRC=80.12.242.49 DST=86.192.36.220
LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=18472 PROTO=TCP SPT=33391 DPT=25
WINDOW=5840 RES=0x00 SYN URGP=0
Apr 16 18:21:11 net2all:DROP:IN=ppp0 OUT= SRC=80.12.242.49 DST=86.192.36.220
LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=18473 PROTO=TCP SPT=33391 DPT=25
WINDOW=5840 RES=0x00 SYN URGP=0
Apr 16 18:21:23 net2all:DROP:IN=ppp0 OUT= SRC=80.12.242.49 DST=86.192.36.220
LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=18474 PROTO=TCP SPT=33391 DPT=25
WINDOW=5840 RES=0x00 SYN URGP=0
Apr 16 18:21:40 net2all:DROP:IN=ppp0 OUT= SRC=211.101.27.118 DST=86.192.36.220
LEN=40 TOS=0x00 PREC=0x00 TTL=101 ID=256 PROTO=TCP SPT=6000 DPT=2967
WINDOW=16384 RES=0x00 SYN URGP=0
NAT Table
Chain PREROUTING (policy ACCEPT 239 packets, 15524 bytes)
pkts bytes target prot opt in out source destination
0 0 net_dnat 0 -- ppp0 * 0.0.0.0/0 0.0.0.0/0
policy match dir in pol none
223 14444 loc_dnat 0 -- eth1 * 0.0.0.0/0 0.0.0.0/0
policy match dir in pol none
Chain POSTROUTING (policy ACCEPT 35 packets, 2189 bytes)
pkts bytes target prot opt in out source destination
226 14695 ppp0_masq 0 -- * ppp0 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 15 packets, 983 bytes)
pkts bytes target prot opt in out source destination
0 0 DNAT tcp -- * * 0.0.0.0/0
86.192.36.220 tcp dpt:80 to:192.168.20.1
Chain loc_dnat (1 references)
pkts bytes target prot opt in out source destination
6 360 REDIRECT tcp -- * * 0.0.0.0/0
!192.168.20.1 tcp dpt:80 redir ports 3128
Chain net_dnat (1 references)
pkts bytes target prot opt in out source destination
0 0 DNAT tcp -- * * 0.0.0.0/0
86.192.36.220 tcp dpt:80 to:192.168.20.1
0 0 DNAT tcp -- * * 0.0.0.0/0
86.192.36.220 tcp dpt:443 to:192.168.20.1
Chain ppp0_masq (1 references)
pkts bytes target prot opt in out source destination
194 12692 MASQUERADE 0 -- * * 192.168.10.0/24 0.0.0.0/0
policy match dir out pol none
20 1272 MASQUERADE 0 -- * * 192.168.20.0/24 0.0.0.0/0
policy match dir out pol none
0 0 MASQUERADE 0 -- * * 192.168.30.0/24 0.0.0.0/0
policy match dir out pol none
0 0 MASQUERADE 0 -- * * 192.168.1.0/24 0.0.0.0/0
policy match dir out pol none
Mangle Table
Chain PREROUTING (policy ACCEPT 3975 packets, 534K bytes)
pkts bytes target prot opt in out source destination
3975 534K tcpre 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain INPUT (policy ACCEPT 379 packets, 71707 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 3596 packets, 463K bytes)
pkts bytes target prot opt in out source destination
3596 463K tcfor 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 2850K packets, 2286M bytes)
pkts bytes target prot opt in out source destination
308 93853 tcout 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain POSTROUTING (policy ACCEPT 3904 packets, 556K bytes)
pkts bytes target prot opt in out source destination
3904 556K tcpost 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain tcfor (1 references)
pkts bytes target prot opt in out source destination
Chain tcout (1 references)
pkts bytes target prot opt in out source destination
Chain tcpost (1 references)
pkts bytes target prot opt in out source destination
Chain tcpre (1 references)
pkts bytes target prot opt in out source destination
Conntrack Table
tcp 6 431700 ESTABLISHED src=192.168.10.6 dst=192.168.20.1 sport=55678
dport=143 packets=21 bytes=1728 src=192.168.20.1 dst=192.168.10.6 sport=143
dport=55678 packets=18 bytes=2638 [ASSURED] mark=0 use=1
tcp 6 431700 ESTABLISHED src=192.168.10.6 dst=192.168.20.1 sport=55680
dport=143 packets=16 bytes=1366 src=192.168.20.1 dst=192.168.10.6 sport=143
dport=55680 packets=13 bytes=1804 [ASSURED] mark=0 use=1
udp 17 10 src=192.168.10.6 dst=80.10.246.2 sport=34363 dport=53 packets=31
bytes=2025 src=80.10.246.2 dst=86.192.36.220 sport=53 dport=34363 packets=31
bytes=3228 [ASSURED] mark=0 use=1
tcp 6 431700 ESTABLISHED src=192.168.10.6 dst=192.168.20.1 sport=55676
dport=143 packets=24 bytes=2114 src=192.168.20.1 dst=192.168.10.6 sport=143
dport=55676 packets=21 bytes=3352 [ASSURED] mark=0 use=1
tcp 6 431670 ESTABLISHED src=192.168.10.6 dst=192.168.20.1 sport=42144
dport=143 packets=36 bytes=2223 src=192.168.20.1 dst=192.168.10.6 sport=143
dport=42144 packets=25 bytes=6640 [ASSURED] mark=0 use=1
tcp 6 431700 ESTABLISHED src=192.168.10.6 dst=192.168.20.1 sport=42147
dport=143 packets=21 bytes=1577 src=192.168.20.1 dst=192.168.10.6 sport=143
dport=42147 packets=12 bytes=1666 [ASSURED] mark=0 use=1
tcp 6 431700 ESTABLISHED src=192.168.10.6 dst=192.168.20.1 sport=55677
dport=143 packets=22 bytes=1453 src=192.168.20.1 dst=192.168.10.6 sport=143
dport=55677 packets=19 bytes=2619 [ASSURED] mark=0 use=1
tcp 6 430475 ESTABLISHED src=192.168.10.6 dst=192.168.20.1 sport=42143
dport=143 packets=18 bytes=1288 src=192.168.20.1 dst=192.168.10.6 sport=143
dport=42143 packets=13 bytes=1718 [ASSURED] mark=0 use=1
tcp 6 43 SYN_SENT src=192.168.10.6 dst=207.241.224.5 sport=39742 dport=53
packets=6 bytes=360 [UNREPLIED] src=207.241.224.5 dst=86.192.36.220 sport=53
dport=39742 packets=0 bytes=0 mark=0 use=1
tcp 6 430475 ESTABLISHED src=192.168.10.6 dst=192.168.20.1 sport=42148
dport=143 packets=11 bytes=753 src=192.168.20.1 dst=192.168.10.6 sport=143
dport=42148 packets=7 bytes=972 [ASSURED] mark=0 use=1
tcp 6 431670 ESTABLISHED src=192.168.10.6 dst=192.168.20.1 sport=42149
dport=143 packets=127 bytes=10071 src=192.168.20.1 dst=192.168.10.6 sport=143
dport=42149 packets=100 bytes=41503 [ASSURED] mark=0 use=1
tcp 6 431700 ESTABLISHED src=192.168.10.6 dst=192.168.20.1 sport=55675
dport=143 packets=22 bytes=1448 src=192.168.20.1 dst=192.168.10.6 sport=143
dport=55675 packets=19 bytes=2835 [ASSURED] mark=0 use=1
tcp 6 431700 ESTABLISHED src=192.168.10.6 dst=192.168.20.1 sport=55679
dport=143 packets=19 bytes=1638 src=192.168.20.1 dst=192.168.10.6 sport=143
dport=55679 packets=15 bytes=2125 [ASSURED] mark=0 use=1
tcp 6 430475 ESTABLISHED src=192.168.10.6 dst=192.168.20.1 sport=42142
dport=143 packets=20 bytes=1296 src=192.168.20.1 dst=192.168.10.6 sport=143
dport=42142 packets=15 bytes=2100 [ASSURED] mark=0 use=1
tcp 6 431998 ESTABLISHED src=192.168.10.6 dst=192.168.1.1 sport=42948
dport=22 packets=3516 bytes=267079 src=192.168.1.1 dst=192.168.10.6 sport=22
dport=42948 packets=3089 bytes=2277955 [ASSURED] mark=0 use=1
tcp 6 431671 ESTABLISHED src=192.168.10.6 dst=192.168.20.1 sport=42145
dport=143 packets=189 bytes=17469 src=192.168.20.1 dst=192.168.10.6 sport=143
dport=42145 packets=135 bytes=23127 [ASSURED] mark=0 use=1
tcp 6 431700 ESTABLISHED src=192.168.10.6 dst=192.168.20.1 sport=42141
dport=143 packets=25 bytes=1875 src=192.168.20.1 dst=192.168.10.6 sport=143
dport=42141 packets=16 bytes=2238 [ASSURED] mark=0 use=1
tcp 6 431700 ESTABLISHED src=192.168.10.6 dst=192.168.20.1 sport=42140
dport=143 packets=31 bytes=1965 src=192.168.20.1 dst=192.168.10.6 sport=143
dport=42140 packets=23 bytes=2850 [ASSURED] mark=0 use=1
tcp 6 431671 ESTABLISHED src=192.168.10.6 dst=192.168.20.1 sport=42139
dport=143 packets=285 bytes=21243 src=192.168.20.1 dst=192.168.10.6 sport=143
dport=42139 packets=274 bytes=49640 [ASSURED] mark=0 use=1
tcp 6 431671 ESTABLISHED src=192.168.10.6 dst=192.168.20.1 sport=42157
dport=143 packets=72 bytes=4796 src=192.168.20.1 dst=192.168.10.6 sport=143
dport=42157 packets=56 bytes=35729 [ASSURED] mark=0 use=1
IP Configuration
1: lo: <LOOPBACK,UP,10000> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:06:29:34:4c:40 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.1/24 brd 192.168.1.255 scope global eth0
inet6 fe80::206:29ff:fe34:4c40/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:50:ba:f1:65:2f brd ff:ff:ff:ff:ff:ff
inet 192.168.10.254/24 brd 192.168.10.255 scope global eth1
inet6 fe80::250:baff:fef1:652f/64 scope link
valid_lft forever preferred_lft forever
4: eth2: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:a0:cc:3f:48:3e brd ff:ff:ff:ff:ff:ff
inet 192.168.20.254/24 brd 192.168.20.255 scope global eth2
inet6 fe80::2a0:ccff:fe3f:483e/64 scope link
valid_lft forever preferred_lft forever
5: sit0: <NOARP> mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0
9: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,10000> mtu 1492 qdisc pfifo_fast qlen 3
link/ppp
inet 86.192.36.220 peer 193.253.160.3/32 scope global ppp0
IP Stats
1: lo: <LOOPBACK,UP,10000> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
RX: bytes packets errors dropped overrun mcast
2492 29 0 0 0 0
TX: bytes packets errors dropped carrier collsns
2492 29 0 0 0 0
2: eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:06:29:34:4c:40 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
2335828664 3401673 0 0 0 0
TX: bytes packets errors dropped carrier collsns
339114829 2918889 0 0 0 0
3: eth1: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:50:ba:f1:65:2f brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
600063175 3401743 0 0 0 0
TX: bytes packets errors dropped carrier collsns
2784228669 3952909 0 0 0 0
4: eth2: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:a0:cc:3f:48:3e brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
789208158 1510368 1 30 0 0
TX: bytes packets errors dropped carrier collsns
964823780 1562964 0 0 0 0
5: sit0: <NOARP> mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
0 0 0 0 0 0
9: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,10000> mtu 1492 qdisc pfifo_fast qlen 3
link/ppp
RX: bytes packets errors dropped overrun mcast
508446833 456869 0 0 0 0
TX: bytes packets errors dropped carrier collsns
21042622 301473 0 0 0 0
/proc
/proc/version = Linux version 2.6.18-4-486 (Debian 2.6.18.dfsg.1-12etch2)
([EMAIL PROTECTED]) (gcc version 4.1.2 20061115 (prerelease) (Debian 4.1.1-21))
#1 Wed May 9 22:23:40 UTC 2007
/proc/sys/net/ipv4/ip_forward = 1
/proc/sys/net/ipv4/icmp_echo_ignore_all = 0
/proc/sys/net/ipv4/conf/all/proxy_arp = 0
/proc/sys/net/ipv4/conf/all/arp_filter = 0
/proc/sys/net/ipv4/conf/all/arp_ignore = 0
/proc/sys/net/ipv4/conf/all/rp_filter = 1
/proc/sys/net/ipv4/conf/all/log_martians = 0
/proc/sys/net/ipv4/conf/default/proxy_arp = 0
/proc/sys/net/ipv4/conf/default/arp_filter = 0
/proc/sys/net/ipv4/conf/default/arp_ignore = 0
/proc/sys/net/ipv4/conf/default/rp_filter = 1
/proc/sys/net/ipv4/conf/default/log_martians = 0
/proc/sys/net/ipv4/conf/eth0/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth0/arp_filter = 0
/proc/sys/net/ipv4/conf/eth0/arp_ignore = 0
/proc/sys/net/ipv4/conf/eth0/rp_filter = 0
/proc/sys/net/ipv4/conf/eth0/log_martians = 0
/proc/sys/net/ipv4/conf/eth1/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth1/arp_filter = 0
/proc/sys/net/ipv4/conf/eth1/arp_ignore = 0
/proc/sys/net/ipv4/conf/eth1/rp_filter = 0
/proc/sys/net/ipv4/conf/eth1/log_martians = 0
/proc/sys/net/ipv4/conf/eth2/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth2/arp_filter = 0
/proc/sys/net/ipv4/conf/eth2/arp_ignore = 0
/proc/sys/net/ipv4/conf/eth2/rp_filter = 0
/proc/sys/net/ipv4/conf/eth2/log_martians = 0
/proc/sys/net/ipv4/conf/lo/proxy_arp = 0
/proc/sys/net/ipv4/conf/lo/arp_filter = 0
/proc/sys/net/ipv4/conf/lo/arp_ignore = 0
/proc/sys/net/ipv4/conf/lo/rp_filter = 0
/proc/sys/net/ipv4/conf/lo/log_martians = 0
/proc/sys/net/ipv4/conf/ppp0/proxy_arp = 0
/proc/sys/net/ipv4/conf/ppp0/arp_filter = 0
/proc/sys/net/ipv4/conf/ppp0/arp_ignore = 0
/proc/sys/net/ipv4/conf/ppp0/rp_filter = 0
/proc/sys/net/ipv4/conf/ppp0/log_martians = 0
Routing Rules
0: from all lookup 255
32766: from all lookup main
32767: from all lookup default
Table 255:
local 192.168.1.1 dev eth0 proto kernel scope host src 192.168.1.1
broadcast 192.168.1.0 dev eth0 proto kernel scope link src 192.168.1.1
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
local 192.168.10.254 dev eth1 proto kernel scope host src 192.168.10.254
broadcast 192.168.10.255 dev eth1 proto kernel scope link src 192.168.10.254
broadcast 192.168.20.255 dev eth2 proto kernel scope link src 192.168.20.254
local 86.192.36.220 dev ppp0 proto kernel scope host src 86.192.36.220
local 192.168.20.254 dev eth2 proto kernel scope host src 192.168.20.254
broadcast 192.168.1.255 dev eth0 proto kernel scope link src 192.168.1.1
broadcast 192.168.10.0 dev eth1 proto kernel scope link src 192.168.10.254
broadcast 192.168.20.0 dev eth2 proto kernel scope link src 192.168.20.254
broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1
Table default:
Table main:
193.253.160.3 dev ppp0 proto kernel scope link src 86.192.36.220
192.168.20.0/24 dev eth2 proto kernel scope link src 192.168.20.254
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.1
192.168.30.0/24 via 192.168.20.254 dev eth2
192.168.10.0/24 dev eth1 proto kernel scope link src 192.168.10.254
default dev ppp0 scope link
ARP
? (192.168.1.254) at 00:0E:50:AA:B5:8A [ether] on eth0
? (192.168.10.6) at 00:80:C8:EC:94:29 [ether] on eth1
? (192.168.30.1) at 00:E0:29:3C:34:BD [ether] on eth2
? (192.168.20.1) at 00:E0:29:3C:34:BD [ether] on eth2
? (192.168.10.4) at 00:80:C8:EC:92:B5 [ether] on eth1
Modules
iptable_raw 2176 0
ipt_ULOG 7812 0
ipt_TTL 2432 0
ipt_ttl 2048 0
ipt_TOS 2432 0
ipt_tos 1792 0
ipt_SAME 2560 0
ipt_REJECT 5248 4
ipt_REDIRECT 2304 1
ipt_recent 8464 0
ipt_owner 2176 0
ipt_NETMAP 2304 0
ipt_MASQUERADE 3584 4
ipt_LOG 6016 16
ipt_iprange 1920 0
ipt_hashlimit 8712 0
ipt_ECN 3200 0
ipt_ecn 2432 0
ipt_DSCP 2432 0
ipt_dscp 1920 0
ipt_CLUSTERIP 7940 0
ipt_ah 2048 0
ipt_addrtype 2048 0
ip_nat_tftp 2048 0
ip_nat_snmp_basic 9348 0
ip_nat_pptp 6020 0
ip_nat_irc 2816 0
ip_nat_ftp 3456 0
ip_nat_amanda 2432 0
ip_conntrack_tftp 4472 1 ip_nat_tftp
ip_conntrack_pptp 10640 1 ip_nat_pptp
ip_conntrack_netbios_ns 3072 0
ip_conntrack_irc 6896 1 ip_nat_irc
ip_conntrack_ftp 7536 1 ip_nat_ftp
ip_conntrack_amanda 4996 1 ip_nat_amanda
iptable_nat 7044 1
ip_nat 16428 10
ipt_SAME,ipt_REDIRECT,ipt_NETMAP,ipt_MASQUERADE,ip_nat_tftp,ip_nat_pptp,ip_nat_irc,ip_nat_ftp,ip_nat_amanda,iptable_nat
ip_conntrack 47156 20
ipt_MASQUERADE,ip_nat_tftp,ip_nat_snmp_basic,ip_nat_pptp,ip_nat_irc,ip_nat_ftp,ip_nat_amanda,ip_conntrack_tftp,ip_conntrack_pptp,ip_conntrack_netbios_ns,ip_conntrack_irc,ip_conntrack_ftp,ip_conntrack_amanda,xt_helper,xt_conntrack,xt_CONNMARK,xt_connmark,xt_state,iptable_nat,ip_nat
iptable_filter 3200 1
ipt_TCPMSS 4224 1
iptable_mangle 2944 1
ip_tables 12104 4
iptable_raw,iptable_nat,iptable_filter,iptable_mangle
Shorewall has detected the following iptables/netfilter capabilities:
NAT: Available
Packet Mangling: Available
Multi-port Match: Available
Extended Multi-port Match: Available
Connection Tracking Match: Available
Packet Type Match: Available
Policy Match: Available
Physdev Match: Available
Packet length Match: Available
IP range Match: Available
Recent Match: Available
Owner Match: Available
Ipset Match: Not available
CONNMARK Target: Available
Extended CONNMARK Target: Available
Connmark Match: Available
Extended Connmark Match: Available
Raw Table: Available
IPP2P Match: Not available
CLASSIFY Target: Available
Extended REJECT: Available
Repeat match: Available
MARK Target: Available
Extended MARK Target: Available
Mangle FORWARD Chain: Available
Traffic Control
Device eth0:
qdisc pfifo_fast 0: bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
Sent 339114829 bytes 2918889 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
Device eth1:
qdisc pfifo_fast 0: bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
Sent 2784228669 bytes 3952909 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
Device eth2:
qdisc pfifo_fast 0: bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
Sent 964823780 bytes 1562964 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
Device ppp0:
qdisc pfifo_fast 0: bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
Sent 21042592 bytes 301470 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
TC Filters
Device eth0:
Device eth1:
Device eth2:
Device ppp0:
Diagram
------------------------------
----------------------------------
| shorewall loc/dmz/net/rtr | | DMZ
---------------- |
internet(ppp0) --> machine1| eth1/eth2/ppp0/eth0| ---> machine2 |
server eth1 | guest vserver | |
modem | squid | |
vserver (host)| eth1 | |
| routing 192.168.1.1 | |
192.168.20.1 | 192.168.30.1 | |
------------------------------ |
shorewall ----------------- |
|
-----------------------------------
|
LAN machines 192.168.xx.xx
+ shorewall each
There is no other ethx in machine 2 !! -------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
Don't miss this year's exciting event. There's still time to save $100.
Use priority code J8TL2D2.
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
