Hello,
I can?t connect my Webserver from the Internet.
Here is my net-structure:
Webserver 192.168.3.203 (DMZ)
|
Internet --- Firewall/Router (mit 3 Netzwerkkarten)
|
Local Netzwerk 192.168.1.X (loc)
The Firewall should forward all requests from the Internet to the
webserver. But it does?t run. All requests are answered from the Firewall.
* From the local Network I can connect the Webserver (192.168.4.203). I
get the Apache2-Message on my browser.
* If I try to connect from the Internet I get the Apache2-answer from
the apache2-service on the firewall. I want stop the apache2-service on
the firewall (security).
But I don?t understand why I get the answer from the firewall and not
from the webserver. Forwarding is activated.
Could someone give me tipp?
Thank you!
Tony
/etc/shorewall/interfaces
#ZONE INTERFACE BROADCAST OPTIONS
net ppp0 detect
tcpflags,dhcp,routefilter,norfc1918,nosmurfs,logmartians
loc eth0 detect tcpflags,detectnets,nosmurfs
dmz eth2 detect
/etc/shorewall/zones
#ZONE TYPE OPTIONS IN OUT
fw firewall
net ipv4
loc ipv4
dmz ipv4
/etc/shorewall/masq
#INTERFACE SUBNET ADDRESS PROTO PORT(S)
IPSEC
ppp0 eth0
ppp0 eth2
/etc/shorewall/policy
#SOURCE DEST POLICY LOG LEVEL LIMIT:BURST
loc net ACCEPT
loc dmz REJECT info
loc $FW REJECT info
loc all REJECT info
$FW net REJECT info
$FW dmz REJECT info
$FW loc REJECT info
$FW all REJECT info
dmz net ACCEPT info
dmz $FW REJECT info
dmz loc REJECT info
dmz all REJECT info
net dmz DROP info
net $FW DROP info
net loc DROP info
net all DROP info
all all REJECT info
/etc/shorewall/rules
#ACTION SOURCE DEST PROTO DEST SOURCE
ORIGINAL RATE USER/
# Accept DNS connections from the firewall to the Internet
DNS/ACCEPT $FW net
# Accept SSH connections from the local network to the firewall and DMZ
SSH/ACCEPT loc $FW
SSH/ACCEPT loc dmz
# DMZ DNS access to the Internet
DNS/ACCEPT dmz net
# DNS Zugriff aus loc und DMZ
DNS/ACCEPT loc net
DNS/ACCEPT loc $FW
DNS/ACCEPT dmz $FW
# Reject Ping from the "bad" net zone.
Ping/REJECT net $FW
# Make ping work bi-directionally between the dmz, net, Firewall and
local zone
Ping/ACCEPT loc $FW
Ping/ACCEPT dmz $FW
Ping/ACCEPT loc dmz
Ping/ACCEPT dmz loc
Ping/ACCEPT dmz net
Ping/ACCEPT loc net
ACCEPT $FW net icmp
ACCEPT $FW loc icmp
ACCEPT $FW dmz icmp
# loc -> dmz
Web/ACCEPT loc dmz:192.168.3.203
Web/ACCEPT loc $FW
# Weiterleiten der Web-Anfragen an den Webserver
DNAT net dmz:192.168.3.203:80 tcp 80
# Zugang zu FTP
FTP/ACCEPT loc dmz:192.168.3.203
FTP/ACCEPT loc $FW
FTP/ACCEPT $FW dmz:192.168.3.203
FTP/ACCEPT net $FW
# für aptitude
Web/ACCEPT dmz net
Web/ACCEPT $FW net
ACCEPT $FW net udp 45558
# Zeitsyncronisation per NTP
NTP/ACCEPT dmz net
NTP/ACCEPT $FW net
NTP/ACCEPT loc net
# Absenden von Mails vom Webserver an den Mailserver im Local-Net
ACCEPT dmz loc tcp smtp
ACCEPT dmz net tcp smtp
ACCEPT $FW net tcp smtp
ACCEPT net $FW tcp smtp
ACCEPT net $FW udp 45558
Shorewall-3.2.6 Dump at micky - So 11. Jan 22:34:56 CET 2009
Counters reset So 11. Jan 22:30:43 CET 2009
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT 0 -- lo * 0.0.0.0/0 0.0.0.0/0
49 6940 ppp0_in 0 -- ppp0 * 0.0.0.0/0 0.0.0.0/0
1397 105K eth0_in 0 -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 eth2_in 0 -- eth2 * 0.0.0.0/0 0.0.0.0/0
0 0 Reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:INPUT:REJECT:'
0 0 reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
102 6120 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:0x06/0x02 TCPMSS clamp to PMTU
520 72106 ppp0_fwd 0 -- ppp0 * 0.0.0.0/0 0.0.0.0/0
547 52253 eth0_fwd 0 -- eth0 * 0.0.0.0/0 0.0.0.0/0
25 5154 eth2_fwd 0 -- eth2 * 0.0.0.0/0 0.0.0.0/0
0 0 Reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:FORWARD:REJECT:'
0 0 reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT 0 -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp -- * ppp0 0.0.0.0/0 0.0.0.0/0
udp dpts:67:68
43 2591 fw2net 0 -- * ppp0 0.0.0.0/0 0.0.0.0/0
1378 158K fw2loc 0 -- * eth0 0.0.0.0/0
192.168.1.0/24
0 0 fw2loc 0 -- * eth0 0.0.0.0/0
255.255.255.255
0 0 fw2loc 0 -- * eth0 0.0.0.0/0 224.0.0.0/4
0 0 fw2dmz 0 -- * eth2 0.0.0.0/0 0.0.0.0/0
0 0 Reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:OUTPUT:REJECT:'
0 0 reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain Drop (4 references)
pkts bytes target prot opt in out source destination
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:113
6 1450 dropBcast 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 3 code 4
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 11
6 1450 dropInvalid 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,445
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:137:139
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:137 dpts:1024:65535
4 208 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,139,445
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1900
0 0 dropNotSyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:53
Chain Reject (14 references)
pkts bytes target prot opt in out source destination
4 240 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:113
1 78 dropBcast 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 3 code 4
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 11
0 0 dropInvalid 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,445
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:137:139
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:137 dpts:1024:65535
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,139,445
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1900
0 0 dropNotSyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:53
Chain all2all (0 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 Reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:all2all:REJECT:'
0 0 reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain dmz2all (0 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 Reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:dmz2all:REJECT:'
0 0 reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain dmz2fw (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:53
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:53
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 8
0 0 Reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:dmz2fw:REJECT:'
0 0 reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain dmz2loc (1 references)
pkts bytes target prot opt in out source destination
4 352 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 8
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:25
0 0 Reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:dmz2loc:REJECT:'
0 0 reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain dmz2net (1 references)
pkts bytes target prot opt in out source destination
19 4650 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:53
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:53
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 8
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:443
2 152 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:123
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:25
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:dmz2net:ACCEPT:'
0 0 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain dropBcast (2 references)
pkts bytes target prot opt in out source destination
1 78 DROP 0 -- * * 0.0.0.0/0
192.168.1.255
0 0 DROP 0 -- * * 0.0.0.0/0
192.168.3.255
0 0 DROP 0 -- * * 0.0.0.0/0
255.255.255.255
0 0 DROP 0 -- * * 0.0.0.0/0 224.0.0.0/4
Chain dropInvalid (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID
Chain dropNotSyn (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:!0x17/0x02
Chain dynamic (6 references)
pkts bytes target prot opt in out source destination
Chain eth0_fwd (1 references)
pkts bytes target prot opt in out source destination
62 5610 dynamic 0 -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
62 5610 smurfs 0 -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
531 49127 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
544 52045 loc2net 0 -- * ppp0 192.168.1.0/24 0.0.0.0/0
3 208 loc2dmz 0 -- * eth2 192.168.1.0/24 0.0.0.0/0
Chain eth0_in (1 references)
pkts bytes target prot opt in out source destination
27 1692 dynamic 0 -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
27 1692 smurfs 0 -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
1239 95036 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
1397 105K loc2fw 0 -- * * 192.168.1.0/24 0.0.0.0/0
Chain eth2_fwd (1 references)
pkts bytes target prot opt in out source destination
2 152 dynamic 0 -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
21 4802 dmz2net 0 -- * ppp0 0.0.0.0/0 0.0.0.0/0
4 352 dmz2loc 0 -- * eth0 0.0.0.0/0
192.168.1.0/24
Chain eth2_in (1 references)
pkts bytes target prot opt in out source destination
0 0 dynamic 0 -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
0 0 dmz2fw 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain fw2all (0 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 Reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:fw2all:REJECT:'
0 0 reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain fw2dmz (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- * * 0.0.0.0/0
192.168.3.203 tcp dpt:21
0 0 Reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:fw2dmz:REJECT:'
0 0 reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain fw2loc (3 references)
pkts bytes target prot opt in out source destination
1374 158K ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
4 240 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:25
0 0 Reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:fw2loc:REJECT:'
0 0 reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain fw2net (1 references)
pkts bytes target prot opt in out source destination
20 1148 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
23 1443 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:53
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:53
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:443
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:45558
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:123
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:25
0 0 Reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:fw2net:REJECT:'
0 0 reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain loc2all (0 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 Reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:loc2all:REJECT:'
0 0 reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain loc2dmz (1 references)
pkts bytes target prot opt in out source destination
3 208 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:22
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 8
0 0 ACCEPT tcp -- * * 0.0.0.0/0
192.168.3.203 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0
192.168.3.203 tcp dpt:443
0 0 ACCEPT tcp -- * * 0.0.0.0/0
192.168.3.203 tcp dpt:21
0 0 Reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:loc2dmz:REJECT:'
0 0 reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain loc2fw (1 references)
pkts bytes target prot opt in out source destination
1370 103K ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:22
22 1374 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:53
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:53
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 8
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:443
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:21
5 318 Reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:loc2fw:REJECT:'
0 0 reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain loc2net (1 references)
pkts bytes target prot opt in out source destination
482 46435 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:53
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:53
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 8
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:123
62 5610 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain logdrop (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:logdrop:DROP:'
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain logflags (5 references)
pkts bytes target prot opt in out source destination
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:logflags:DROP:'
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain logreject (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:logreject:REJECT:'
0 0 reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain net2all (0 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 Drop 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:net2all:DROP:'
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain net2dmz (1 references)
pkts bytes target prot opt in out source destination
12 1014 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
2 120 ACCEPT tcp -- * * 0.0.0.0/0
192.168.3.203 tcp dpt:80
0 0 Drop 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:net2dmz:DROP:'
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain net2fw (1 references)
pkts bytes target prot opt in out source destination
43 5490 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 reject icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 8
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:21
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:25
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:45558
6 1450 Drop 0 -- * * 0.0.0.0/0 0.0.0.0/0
2 1242 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:net2fw:DROP:'
2 1242 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain net2loc (1 references)
pkts bytes target prot opt in out source destination
506 70972 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 Drop 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:net2loc:DROP:'
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain norfc1918 (2 references)
pkts bytes target prot opt in out source destination
0 0 rfc1918 0 -- * * 172.16.0.0/12 0.0.0.0/0
0 0 rfc1918 0 -- * * 192.168.0.0/16 0.0.0.0/0
0 0 rfc1918 0 -- * * 10.0.0.0/8 0.0.0.0/0
Chain ppp0_fwd (1 references)
pkts bytes target prot opt in out source destination
2 120 dynamic 0 -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
2 120 smurfs 0 -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
2 120 norfc1918 0 -- * * 0.0.0.0/0 0.0.0.0/0
state NEW
508 70744 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
506 70972 net2loc 0 -- * eth0 0.0.0.0/0
192.168.1.0/24
14 1134 net2dmz 0 -- * eth2 0.0.0.0/0 0.0.0.0/0
Chain ppp0_in (1 references)
pkts bytes target prot opt in out source destination
6 1450 dynamic 0 -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
6 1450 smurfs 0 -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:67:68
6 1450 norfc1918 0 -- * * 0.0.0.0/0 0.0.0.0/0
state NEW
4 208 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
49 6940 net2fw 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain reject (22 references)
pkts bytes target prot opt in out source destination
0 0 DROP 0 -- * * 255.255.255.255 0.0.0.0/0
0 0 DROP 0 -- * * 224.0.0.0/4 0.0.0.0/0
0 0 DROP 0 -- * * 0.0.0.0/0
192.168.1.255
0 0 DROP 0 -- * * 0.0.0.0/0
192.168.3.255
0 0 DROP 0 -- * * 0.0.0.0/0
255.255.255.255
0 0 DROP 0 -- * * 0.0.0.0/0 224.0.0.0/4
0 0 DROP 0 -- * * 255.255.255.255 0.0.0.0/0
0 0 DROP 0 -- * * 224.0.0.0/4 0.0.0.0/0
4 240 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with tcp-reset
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-port-unreachable
0 0 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-unreachable
0 0 REJECT 0 -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-prohibited
Chain rfc1918 (3 references)
pkts bytes target prot opt in out source destination
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:rfc1918:DROP:'
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain shorewall (0 references)
pkts bytes target prot opt in out source destination
Chain smurfs (4 references)
pkts bytes target prot opt in out source destination
0 0 LOG 0 -- * * 192.168.1.255 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'
0 0 DROP 0 -- * * 192.168.1.255 0.0.0.0/0
0 0 LOG 0 -- * * 192.168.3.255 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'
0 0 DROP 0 -- * * 192.168.3.255 0.0.0.0/0
0 0 LOG 0 -- * * 255.255.255.255 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'
0 0 DROP 0 -- * * 255.255.255.255 0.0.0.0/0
0 0 LOG 0 -- * * 224.0.0.0/4 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'
0 0 DROP 0 -- * * 224.0.0.0/4 0.0.0.0/0
Chain tcpflags (4 references)
pkts bytes target prot opt in out source destination
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:0x3F/0x29
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:0x3F/0x00
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:0x06/0x06
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:0x03/0x03
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp spt:0 flags:0x17/0x02
Log (/var/log/messages)
Jan 11 22:20:02 loc2fw:REJECT:IN=eth0 OUT= SRC=192.168.1.200 DST=192.168.1.254
LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=14196 DF PROTO=TCP SPT=59599 DPT=4949
WINDOW=5840 RES=0x00 SYN URGP=0
Jan 11 22:20:51 fw2loc:REJECT:IN= OUT=eth0 SRC=192.168.1.254 DST=192.168.1.200
LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=34050 DF PROTO=TCP SPT=33565 DPT=25
WINDOW=5840 RES=0x00 SYN URGP=0
Jan 11 22:20:52 fw2loc:REJECT:IN= OUT=eth0 SRC=192.168.1.254 DST=192.168.1.200
LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=44205 DF PROTO=TCP SPT=33566 DPT=25
WINDOW=5840 RES=0x00 SYN URGP=0
Jan 11 22:20:52 fw2loc:REJECT:IN= OUT=eth0 SRC=192.168.1.254 DST=192.168.1.200
LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=16450 DF PROTO=TCP SPT=33567 DPT=25
WINDOW=5840 RES=0x00 SYN URGP=0
Jan 11 22:20:52 fw2loc:REJECT:IN= OUT=eth0 SRC=192.168.1.254 DST=192.168.1.200
LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=62532 DF PROTO=TCP SPT=33568 DPT=25
WINDOW=5840 RES=0x00 SYN URGP=0
Jan 11 22:20:52 fw2loc:REJECT:IN= OUT=eth0 SRC=192.168.1.254 DST=192.168.1.200
LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=24669 DF PROTO=TCP SPT=33569 DPT=25
WINDOW=5840 RES=0x00 SYN URGP=0
Jan 11 22:20:52 fw2loc:REJECT:IN= OUT=eth0 SRC=192.168.1.254 DST=192.168.1.200
LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=46331 DF PROTO=TCP SPT=33570 DPT=25
WINDOW=5840 RES=0x00 SYN URGP=0
Jan 11 22:20:53 fw2loc:REJECT:IN= OUT=eth0 SRC=192.168.1.254 DST=192.168.1.200
LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=59186 DF PROTO=TCP SPT=33571 DPT=25
WINDOW=5840 RES=0x00 SYN URGP=0
Jan 11 22:20:53 fw2loc:REJECT:IN= OUT=eth0 SRC=192.168.1.254 DST=192.168.1.200
LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=24273 DF PROTO=TCP SPT=33572 DPT=25
WINDOW=5840 RES=0x00 SYN URGP=0
Jan 11 22:20:53 fw2loc:REJECT:IN= OUT=eth0 SRC=192.168.1.254 DST=192.168.1.200
LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=47180 DF PROTO=TCP SPT=33573 DPT=25
WINDOW=5840 RES=0x00 SYN URGP=0
Jan 11 22:20:53 fw2loc:REJECT:IN= OUT=eth0 SRC=192.168.1.254 DST=192.168.1.200
LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=47662 DF PROTO=TCP SPT=33574 DPT=25
WINDOW=5840 RES=0x00 SYN URGP=0
Jan 11 22:20:53 fw2loc:REJECT:IN= OUT=eth0 SRC=192.168.1.254 DST=192.168.1.200
LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=64118 DF PROTO=TCP SPT=33575 DPT=25
WINDOW=5840 RES=0x00 SYN URGP=0
Jan 11 22:20:54 fw2loc:REJECT:IN= OUT=eth0 SRC=192.168.1.254 DST=192.168.1.200
LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=51351 DF PROTO=TCP SPT=33576 DPT=25
WINDOW=5840 RES=0x00 SYN URGP=0
Jan 11 22:20:54 fw2loc:REJECT:IN= OUT=eth0 SRC=192.168.1.254 DST=192.168.1.200
LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=25756 DF PROTO=TCP SPT=33577 DPT=25
WINDOW=5840 RES=0x00 SYN URGP=0
Jan 11 22:25:03 loc2fw:REJECT:IN=eth0 OUT= SRC=192.168.1.200 DST=192.168.1.254
LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=8013 DF PROTO=TCP SPT=42395 DPT=4949
WINDOW=5840 RES=0x00 SYN URGP=0
Jan 11 22:26:46 net2fw:DROP:IN=ppp0 OUT= SRC=84.57.133.73 DST=84.57.1.42 LEN=48
TOS=0x00 PREC=0x00 TTL=62 ID=47666 DF PROTO=TCP SPT=1920 DPT=2967 WINDOW=32767
RES=0x00 SYN URGP=0
Jan 11 22:26:49 net2fw:DROP:IN=ppp0 OUT= SRC=84.57.133.73 DST=84.57.1.42 LEN=48
TOS=0x00 PREC=0x00 TTL=62 ID=48051 DF PROTO=TCP SPT=1920 DPT=2967 WINDOW=32767
RES=0x00 SYN URGP=0
Jan 11 22:30:02 loc2fw:REJECT:IN=eth0 OUT= SRC=192.168.1.200 DST=192.168.1.254
LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=8526 DF PROTO=TCP SPT=39883 DPT=4949
WINDOW=5840 RES=0x00 SYN URGP=0
Jan 11 22:31:40 net2fw:DROP:IN=ppp0 OUT= SRC=60.15.177.166 DST=84.57.1.42
LEN=620 TOS=0x00 PREC=0x00 TTL=48 ID=0 DF PROTO=UDP SPT=50519 DPT=1027 LEN=600
Jan 11 22:32:11 net2fw:DROP:IN=ppp0 OUT= SRC=60.222.224.138 DST=84.57.1.42
LEN=622 TOS=0x00 PREC=0x00 TTL=48 ID=0 DF PROTO=UDP SPT=53416 DPT=1026 LEN=602
NAT Table
Chain PREROUTING (policy ACCEPT 94 packets, 8725 bytes)
pkts bytes target prot opt in out source destination
8 1570 net_dnat 0 -- ppp0 * 0.0.0.0/0 0.0.0.0/0
Chain POSTROUTING (policy ACCEPT 33 packets, 1963 bytes)
pkts bytes target prot opt in out source destination
86 7145 ppp0_masq 0 -- * ppp0 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain net_dnat (1 references)
pkts bytes target prot opt in out source destination
2 120 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:80 to:192.168.3.203:80
Chain ppp0_masq (1 references)
pkts bytes target prot opt in out source destination
61 5550 MASQUERADE 0 -- * * 192.168.1.0/24 0.0.0.0/0
2 152 MASQUERADE 0 -- * * 192.168.3.0/24 0.0.0.0/0
Mangle Table
Chain PREROUTING (policy ACCEPT 2547 packets, 242K bytes)
pkts bytes target prot opt in out source destination
8 1570 man1918 0 -- ppp0 * 0.0.0.0/0 0.0.0.0/0
state NEW
2538 241K tcpre 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain INPUT (policy ACCEPT 1455 packets, 112K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 1092 packets, 130K bytes)
pkts bytes target prot opt in out source destination
1092 130K tcfor 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 163K packets, 24M bytes)
pkts bytes target prot opt in out source destination
1421 161K tcout 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain POSTROUTING (policy ACCEPT 2523 packets, 291K bytes)
pkts bytes target prot opt in out source destination
2513 290K tcpost 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain man1918 (1 references)
pkts bytes target prot opt in out source destination
0 0 rfc1918 0 -- * * 0.0.0.0/0
172.16.0.0/12
0 0 rfc1918 0 -- * * 0.0.0.0/0
192.168.0.0/16
0 0 rfc1918 0 -- * * 0.0.0.0/0 10.0.0.0/8
Chain rfc1918 (3 references)
pkts bytes target prot opt in out source destination
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:rfc1918:DROP:'
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain tcfor (1 references)
pkts bytes target prot opt in out source destination
Chain tcout (1 references)
pkts bytes target prot opt in out source destination
Chain tcpost (1 references)
pkts bytes target prot opt in out source destination
Chain tcpre (1 references)
pkts bytes target prot opt in out source destination
Conntrack Table
udp 17 71 src=192.168.1.200 dst=192.168.1.254 sport=55345 dport=53
src=192.168.1.254 dst=192.168.1.200 sport=53 dport=55345 [ASSURED] use=1
udp 17 70 src=192.168.1.200 dst=192.168.1.254 sport=55339 dport=53
src=192.168.1.254 dst=192.168.1.200 sport=53 dport=55339 [ASSURED] use=1
udp 17 100 src=192.168.1.200 dst=192.168.1.254 sport=55348 dport=53
src=192.168.1.254 dst=192.168.1.200 sport=53 dport=55348 [ASSURED] use=1
udp 17 70 src=192.168.1.200 dst=192.168.1.254 sport=55342 dport=53
src=192.168.1.254 dst=192.168.1.200 sport=53 dport=55342 [ASSURED] use=1
udp 17 79 src=192.168.1.200 dst=136.199.199.102 sport=55348 dport=6277
src=136.199.199.102 dst=84.57.1.42 sport=6277 dport=55348 [ASSURED] use=1
tcp 6 59 TIME_WAIT src=210.245.122.38 dst=84.57.1.42 sport=55931 dport=80
src=192.168.3.203 dst=210.245.122.38 sport=80 dport=55931 [ASSURED] use=1
tcp 6 431999 ESTABLISHED src=192.168.1.2 dst=192.168.1.254 sport=1300
dport=22 src=192.168.1.254 dst=192.168.1.2 sport=22 dport=1300 [ASSURED] use=1
udp 17 73 src=192.168.1.200 dst=192.168.1.254 sport=51136 dport=53
src=192.168.1.254 dst=192.168.1.200 sport=53 dport=51136 [ASSURED] use=1
tcp 6 12 TIME_WAIT src=192.168.1.200 dst=217.12.10.64 sport=54429
dport=110 src=217.12.10.64 dst=84.57.1.42 sport=110 dport=54429 [ASSURED] use=1
udp 17 69 src=192.168.1.200 dst=192.168.1.254 sport=55338 dport=53
src=192.168.1.254 dst=192.168.1.200 sport=53 dport=55338 [ASSURED] use=1
tcp 6 431776 ESTABLISHED src=192.168.1.2 dst=192.168.3.203 sport=1533
dport=22 src=192.168.3.203 dst=192.168.1.2 sport=22 dport=1533 [ASSURED] use=1
tcp 6 40 TIME_WAIT src=192.168.1.200 dst=217.72.192.134 sport=47368
dport=110 src=217.72.192.134 dst=84.57.1.42 sport=110 dport=47368 [ASSURED]
use=1
udp 17 65 src=84.57.1.42 dst=195.50.140.252 sport=32856 dport=53
src=195.50.140.252 dst=84.57.1.42 sport=53 dport=32856 [ASSURED] use=1
tcp 6 96 TIME_WAIT src=210.245.122.38 dst=84.57.1.42 sport=50396 dport=80
src=192.168.3.203 dst=210.245.122.38 sport=80 dport=50396 [ASSURED] use=1
tcp 6 40 TIME_WAIT src=192.168.1.200 dst=217.12.10.64 sport=54451
dport=110 src=217.12.10.64 dst=84.57.1.42 sport=110 dport=54451 [ASSURED] use=1
tcp 6 431880 ESTABLISHED src=192.168.1.2 dst=192.168.1.254 sport=1538
dport=22 src=192.168.1.254 dst=192.168.1.2 sport=22 dport=1538 [ASSURED] use=1
udp 17 100 src=192.168.1.200 dst=192.168.1.254 sport=55352 dport=53
src=192.168.1.254 dst=192.168.1.200 sport=53 dport=55352 [ASSURED] use=1
udp 17 64 src=192.168.1.200 dst=192.168.1.254 sport=64704 dport=53
src=192.168.1.254 dst=192.168.1.200 sport=53 dport=64704 [ASSURED] use=1
IP Configuration
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:48:54:55:36:19 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.254/24 brd 192.168.1.255 scope global eth0
3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:e0:7d:01:c6:c9 brd ff:ff:ff:ff:ff:ff
4: eth2: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:02:44:0e:db:8f brd ff:ff:ff:ff:ff:ff
inet 192.168.3.254/24 brd 192.168.3.255 scope global eth2
11: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP> mtu 1492 qdisc pfifo_fast qlen 3
link/ppp
inet 84.57.1.42 peer 84.57.0.1/32 scope global ppp0
IP Stats
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
RX: bytes packets errors dropped overrun mcast
6482971 3731 0 0 0 0
TX: bytes packets errors dropped carrier collsns
6482971 3731 0 0 0 0
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:48:54:55:36:19 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
57820746 501601 0 0 0 0
TX: bytes packets errors dropped carrier collsns
266181407 550227 0 0 0 0
3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:e0:7d:01:c6:c9 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
300897846 499190 0 0 0 0
TX: bytes packets errors dropped carrier collsns
53201879 438264 0 0 0 0
4: eth2: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:02:44:0e:db:8f brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
12612111 64515 0 0 0 0
TX: bytes packets errors dropped carrier collsns
46935163 66121 0 0 0 0
11: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP> mtu 1492 qdisc pfifo_fast qlen 3
link/ppp
RX: bytes packets errors dropped overrun mcast
17925768 28394 0 0 0 0
TX: bytes packets errors dropped carrier collsns
3166962 25863 0 0 0 0
/proc
/proc/version = Linux version 2.6.8 (r...@donald) (gcc-Version 3.3.5 (Debian
1:3.3.5-13)) #1 Tue Mar 14 13:45:54 CET 2006
/proc/sys/net/ipv4/ip_forward = 1
/proc/sys/net/ipv4/icmp_echo_ignore_all = 0
/proc/sys/net/ipv4/conf/all/proxy_arp = 0
/proc/sys/net/ipv4/conf/all/arp_filter = 0
/proc/sys/net/ipv4/conf/all/arp_ignore = 0
/proc/sys/net/ipv4/conf/all/rp_filter = 1
/proc/sys/net/ipv4/conf/all/log_martians = 0
/proc/sys/net/ipv4/conf/default/proxy_arp = 0
/proc/sys/net/ipv4/conf/default/arp_filter = 0
/proc/sys/net/ipv4/conf/default/arp_ignore = 0
/proc/sys/net/ipv4/conf/default/rp_filter = 1
/proc/sys/net/ipv4/conf/default/log_martians = 0
/proc/sys/net/ipv4/conf/eth0/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth0/arp_filter = 0
/proc/sys/net/ipv4/conf/eth0/arp_ignore = 0
/proc/sys/net/ipv4/conf/eth0/rp_filter = 0
/proc/sys/net/ipv4/conf/eth0/log_martians = 0
/proc/sys/net/ipv4/conf/eth2/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth2/arp_filter = 0
/proc/sys/net/ipv4/conf/eth2/arp_ignore = 0
/proc/sys/net/ipv4/conf/eth2/rp_filter = 0
/proc/sys/net/ipv4/conf/eth2/log_martians = 0
/proc/sys/net/ipv4/conf/lo/proxy_arp = 0
/proc/sys/net/ipv4/conf/lo/arp_filter = 0
/proc/sys/net/ipv4/conf/lo/arp_ignore = 0
/proc/sys/net/ipv4/conf/lo/rp_filter = 0
/proc/sys/net/ipv4/conf/lo/log_martians = 0
/proc/sys/net/ipv4/conf/ppp0/proxy_arp = 0
/proc/sys/net/ipv4/conf/ppp0/arp_filter = 0
/proc/sys/net/ipv4/conf/ppp0/arp_ignore = 0
/proc/sys/net/ipv4/conf/ppp0/rp_filter = 1
/proc/sys/net/ipv4/conf/ppp0/log_martians = 1
Routing Table
84.57.0.1 dev ppp0 proto kernel scope link src 84.57.1.42
192.168.3.0/24 dev eth2 proto kernel scope link src 192.168.3.254
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.254
default dev ppp0 scope link
ARP
? (192.168.1.2) auf 00:17:42:41:B6:A5 [ether] auf eth0
? (192.168.3.203) auf 00:50:DA:41:11:E1 [ether] auf eth2
? (192.168.1.200) auf 00:30:05:78:26:6D [ether] auf eth0
Modules
ipt_ttl 1856 0
ipt_TOS 2368 0
ipt_tos 1600 0
ipt_state 1984 31
ipt_REJECT 6304 4
ipt_REDIRECT 2112 0
ipt_owner 2976 0
ipt_multiport 1952 4
ipt_MASQUERADE 3584 2
ipt_MARK 2048 0
ipt_mark 1632 0
ipt_mac 1888 0
ipt_LOG 5952 28
ipt_limit 2304 0
ipt_length 1664 0
ip_nat_snmp_basic 10372 0
ip_nat_irc 4048 0
ip_nat_ftp 4560 0
ip_conntrack_irc 71120 1 ip_nat_irc
ip_conntrack_ftp 71888 1 ip_nat_ftp
iptable_nat 21508 6
ipt_REDIRECT,ipt_MASQUERADE,ip_nat_snmp_basic,ip_nat_irc,ip_nat_ftp
ip_conntrack 32556 8
ipt_state,ipt_REDIRECT,ipt_MASQUERADE,ip_nat_irc,ip_nat_ftp,ip_conntrack_irc,ip_conntrack_ftp,iptable_nat
iptable_mangle 2720 1
ipt_TCPMSS 4256 1
ipt_tcpmss 2208 0
iptable_filter 2752 1
ip_tables 16128 20
ipt_ttl,ipt_TOS,ipt_tos,ipt_state,ipt_REJECT,ipt_REDIRECT,ipt_owner,ipt_multiport,ipt_MASQUERADE,ipt_MARK,ipt_mark,ipt_mac,ipt_LOG,ipt_limit,ipt_length,iptable_nat,iptable_mangle,ipt_TCPMSS,ipt_tcpmss,iptable_filter
Shorewall has detected the following iptables/netfilter capabilities:
NAT: Available
Packet Mangling: Available
Multi-port Match: Available
Extended Multi-port Match: Not available
Connection Tracking Match: Not available
Packet Type Match: Not available
Policy Match: Not available
Physdev Match: Not available
Packet length Match: Available
IP range Match: Not available
Recent Match: Not available
Owner Match: Available
Ipset Match: Not available
CONNMARK Target: Not available
Connmark Match: Not available
Raw Table: Not available
IPP2P Match: Not available
CLASSIFY Target: Not available
Extended REJECT: Available
Repeat match: Not available
MARK Target: Available
Extended MARK Target: Not available
Mangle FORWARD Chain: Available
Traffic Control
TC Filters
------------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It is the best place to buy or sell services for
just about anything Open Source.
http://p.sf.net/sfu/Xq1LFB
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
