Shorewall 4.0.15 Dump at nmiameldmz01.nautilus.local - Fri Oct 30 16:35:30 EST 2009

   Shorewall-shell 4.0.15

Counters reset Fri Oct 30 16:33:16 EST 2009

Chain INPUT (policy DROP 2 packets, 156 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
  400 28618 eth0_in    all  --  eth0   *       0.0.0.0/0            0.0.0.0/0           
    0     0 eth1_in    all  --  eth1   *       0.0.0.0/0            0.0.0.0/0           
    1    78 eth2_in    all  --  eth2   *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:INPUT:REJECT:' 
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 eth0_fwd   all  --  eth0   *       0.0.0.0/0            0.0.0.0/0           
    0     0 eth1_fwd   all  --  eth1   *       0.0.0.0/0            0.0.0.0/0           
    0     0 eth2_fwd   all  --  eth2   *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:FORWARD:REJECT:' 
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0           
  215  113K eth0_out   all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           
    0     0 eth1_out   all  --  *      eth1    0.0.0.0/0            0.0.0.0/0           
    0     0 eth2_out   all  --  *      eth2    0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:OUTPUT:REJECT:' 
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain Drop (4 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 reject     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:113 
    1    78 dropBcast  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 3 code 4 
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 11 
    0     0 dropInvalid  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           multiport dports 135,445 
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpts:137:139 
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:137 dpts:1024:65535 
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           multiport dports 135,139,445 
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:1900 
    0     0 dropNotSyn  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:53 

Chain Reject (4 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 reject     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:113 
    0     0 dropBcast  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 3 code 4 
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 11 
    0     0 dropInvalid  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 reject     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           multiport dports 135,445 
    0     0 reject     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpts:137:139 
    0     0 reject     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:137 dpts:1024:65535 
    0     0 reject     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           multiport dports 135,139,445 
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:1900 
    0     0 dropNotSyn  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:53 

Chain all2all (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:all2all:REJECT:' 
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain dmz2all (3 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 Drop       all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:dmz2all:DROP:' 
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain dmz2sql (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            172.16.1.8          tcp dpt:1433 ctorigdst 10.3.3.2 
    0     0 dmz2all    all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain dropBcast (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    1    78 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           PKTTYPE = broadcast 
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           PKTTYPE = multicast 

Chain dropInvalid (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID 

Chain dropNotSyn (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:!0x17/0x02 

Chain dynamic (6 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain eth0_fwd (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID,NEW 
    0     0 lan2dmz    all  --  *      eth1    0.0.0.0/0            0.0.0.0/0           
    0     0 lan2sql    all  --  *      eth2    0.0.0.0/0            0.0.0.0/0           

Chain eth0_in (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  121  9750 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID,NEW 
  400 28618 lan2fw     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain eth0_out (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  215  113K fw2lan     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain eth1_fwd (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID,NEW 
    0     0 dmz2all    all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           
    0     0 dmz2sql    all  --  *      eth2    0.0.0.0/0            0.0.0.0/0           

Chain eth1_in (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID,NEW 
    0     0 dmz2all    all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain eth1_out (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 fw2dmz     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain eth2_fwd (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID,NEW 
    0     0 sql2all    all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           
    0     0 sql2all    all  --  *      eth1    0.0.0.0/0            0.0.0.0/0           

Chain eth2_in (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    1    78 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID,NEW 
    1    78 sql2all    all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain eth2_out (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 fw2sql     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain fw2dmz (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:fw2dmz:ACCEPT:' 
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain fw2lan (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  215  113K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:fw2lan:ACCEPT:' 
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain fw2sql (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:fw2sql:ACCEPT:' 
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain lan2dmz (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 Drop       all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:lan2dmz:DROP:' 
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain lan2fw (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  279 18868 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
  121  9750 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain lan2sql (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 Drop       all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:lan2sql:DROP:' 
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain logdrop (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:logdrop:DROP:' 
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain logreject (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:logreject:REJECT:' 
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain reject (11 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           PKTTYPE = broadcast 
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           PKTTYPE = multicast 
    0     0 DROP       all  --  *      *       255.255.255.255      0.0.0.0/0           
    0     0 DROP       all  --  *      *       224.0.0.0/4          0.0.0.0/0           
    0     0 DROP       2    --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with tcp-reset 
    0     0 REJECT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable 
    0     0 REJECT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-unreachable 
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain shorewall (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain smurfs (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  *      *       192.168.1.255        0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:' 
    0     0 DROP       all  --  *      *       192.168.1.255        0.0.0.0/0           
    0     0 LOG        all  --  *      *       10.3.3.255           0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:' 
    0     0 DROP       all  --  *      *       10.3.3.255           0.0.0.0/0           
    0     0 LOG        all  --  *      *       172.16.1.255         0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:' 
    0     0 DROP       all  --  *      *       172.16.1.255         0.0.0.0/0           
    0     0 LOG        all  --  *      *       255.255.255.255      0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:' 
    0     0 DROP       all  --  *      *       255.255.255.255      0.0.0.0/0           
    0     0 LOG        all  --  *      *       224.0.0.0/4          0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:' 
    0     0 DROP       all  --  *      *       224.0.0.0/4          0.0.0.0/0           

Chain sql2all (3 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    1    78 Drop       all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:sql2all:DROP:' 
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Log (/var/log/messages)

Oct 30 15:45:17 dmz2all:DROP:IN=eth1 OUT= SRC=10.3.3.3 DST=10.3.3.2 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=10981 DF PROTO=TCP SPT=1192 DPT=1433 WINDOW=65535 RES=0x00 SYN URGP=0 
Oct 30 15:48:05 sql2all:DROP:IN=eth2 OUT= SRC=172.16.1.8 DST=172.16.1.2 LEN=60 TOS=0x00 PREC=0x00 TTL=128 ID=8929 PROTO=ICMP TYPE=8 CODE=0 ID=1024 SEQ=56325 
Oct 30 15:48:10 sql2all:DROP:IN=eth2 OUT= SRC=172.16.1.8 DST=172.16.1.2 LEN=60 TOS=0x00 PREC=0x00 TTL=128 ID=9111 PROTO=ICMP TYPE=8 CODE=0 ID=1024 SEQ=56581 
Oct 30 15:48:16 sql2all:DROP:IN=eth2 OUT= SRC=172.16.1.8 DST=172.16.1.2 LEN=60 TOS=0x00 PREC=0x00 TTL=128 ID=9275 PROTO=ICMP TYPE=8 CODE=0 ID=1024 SEQ=56837 
Oct 30 15:49:12 dmz2all:DROP:IN=eth1 OUT= SRC=10.3.3.3 DST=10.3.3.2 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=10982 DF PROTO=TCP SPT=1193 DPT=1433 WINDOW=65535 RES=0x00 SYN URGP=0 
Oct 30 15:49:15 dmz2all:DROP:IN=eth1 OUT= SRC=10.3.3.3 DST=10.3.3.2 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=10983 DF PROTO=TCP SPT=1193 DPT=1433 WINDOW=65535 RES=0x00 SYN URGP=0 
Oct 30 15:49:21 dmz2all:DROP:IN=eth1 OUT= SRC=10.3.3.3 DST=10.3.3.2 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=10984 DF PROTO=TCP SPT=1193 DPT=1433 WINDOW=65535 RES=0x00 SYN URGP=0 
Oct 30 16:10:25 fw2lan:ACCEPT:IN= OUT=eth0 SRC=192.168.1.14 DST=192.168.1.10 LEN=67 TOS=0x00 PREC=0x00 TTL=64 ID=1151 DF PROTO=UDP SPT=37345 DPT=53 LEN=47 
Oct 30 16:10:25 fw2lan:ACCEPT:IN= OUT=eth0 SRC=192.168.1.14 DST=192.168.1.10 LEN=69 TOS=0x00 PREC=0x00 TTL=64 ID=1269 DF PROTO=UDP SPT=57411 DPT=53 LEN=49 
Oct 30 16:10:26 fw2lan:ACCEPT:IN= OUT=eth0 SRC=192.168.1.14 DST=192.168.1.10 LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=1521 DF PROTO=UDP SPT=59488 DPT=53 LEN=52 
Oct 30 16:10:42 dmz2all:DROP:IN=eth1 OUT= SRC=10.3.3.3 DST=10.3.3.2 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=11003 DF PROTO=TCP SPT=1198 DPT=1433 WINDOW=65535 RES=0x00 SYN URGP=0 
Oct 30 16:10:45 dmz2all:DROP:IN=eth1 OUT= SRC=10.3.3.3 DST=10.3.3.2 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=11004 DF PROTO=TCP SPT=1198 DPT=1433 WINDOW=65535 RES=0x00 SYN URGP=0 
Oct 30 16:10:51 dmz2all:DROP:IN=eth1 OUT= SRC=10.3.3.3 DST=10.3.3.2 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=11005 DF PROTO=TCP SPT=1198 DPT=1433 WINDOW=65535 RES=0x00 SYN URGP=0 
Oct 30 16:12:15 dmz2all:ACCEPT:IN=eth1 OUT= SRC=10.3.3.3 DST=10.3.3.2 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=11008 DF PROTO=TCP SPT=1199 DPT=1433 WINDOW=65535 RES=0x00 SYN URGP=0 
Oct 30 16:12:16 dmz2all:ACCEPT:IN=eth1 OUT= SRC=10.3.3.3 DST=10.3.3.2 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=11009 DF PROTO=TCP SPT=1199 DPT=1433 WINDOW=65535 RES=0x00 SYN URGP=0 
Oct 30 16:12:16 dmz2all:ACCEPT:IN=eth1 OUT= SRC=10.3.3.3 DST=10.3.3.2 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=11010 DF PROTO=TCP SPT=1199 DPT=1433 WINDOW=65535 RES=0x00 SYN URGP=0 
Oct 30 16:13:43 dmz2all:ACCEPT:IN=eth1 OUT= SRC=10.3.3.3 DST=10.3.3.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=11011 PROTO=UDP SPT=138 DPT=138 LEN=209 
Oct 30 16:13:53 fw2lan:ACCEPT:IN= OUT=eth0 SRC=192.168.1.14 DST=192.168.1.10 LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=53238 DF PROTO=UDP SPT=34599 DPT=53 LEN=52 
Oct 30 16:25:45 dmz2all:ACCEPT:IN=eth1 OUT= SRC=10.3.3.3 DST=10.3.3.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=11013 PROTO=UDP SPT=138 DPT=138 LEN=209 
Oct 30 16:27:01 dmz2all:ACCEPT:IN=eth1 OUT= SRC=10.3.3.3 DST=10.3.3.255 LEN=241 TOS=0x00 PREC=0x00 TTL=128 ID=11016 PROTO=UDP SPT=138 DPT=138 LEN=221 

NAT Table

Chain PREROUTING (policy ACCEPT 34 packets, 3010 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 dmz_dnat   all  --  eth1   *       0.0.0.0/0            0.0.0.0/0           

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 eth1_masq  all  --  *      eth1    0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain dmz_dnat (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            10.3.3.2            tcp dpt:1433 to:172.16.1.8 

Chain eth1_masq (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 SNAT       all  --  *      *       192.168.1.0/24       0.0.0.0/0           to:10.3.3.2 
    0     0 SNAT       all  --  *      *       172.16.1.0/24        0.0.0.0/0           to:10.3.3.2 

Mangle Table

Chain PREROUTING (policy ACCEPT 403 packets, 28852 bytes)
 pkts bytes target     prot opt in     out     source               destination         
  401 28696 tcpre      all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain INPUT (policy ACCEPT 403 packets, 28852 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 tcfor      all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 6050 packets, 1166K bytes)
 pkts bytes target     prot opt in     out     source               destination         
  215  113K tcout      all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain POSTROUTING (policy ACCEPT 215 packets, 113K bytes)
 pkts bytes target     prot opt in     out     source               destination         
  215  113K tcpost     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain tcfor (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain tcout (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain tcpost (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain tcpre (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Conntrack Table

udp      17 28 src=192.168.1.50 dst=192.168.1.255 sport=138 dport=138 packets=1 bytes=245 [UNREPLIED] src=192.168.1.255 dst=192.168.1.50 sport=138 dport=138 packets=0 bytes=0 mark=0 secmark=0 use=1
unknown  2 568 src=192.168.1.254 dst=224.0.0.1 packets=56 bytes=1792 [UNREPLIED] src=224.0.0.1 dst=192.168.1.254 packets=0 bytes=0 mark=0 secmark=0 use=1
udp      17 10 src=192.168.1.4 dst=255.255.255.255 sport=4136 dport=1961 packets=1 bytes=52 [UNREPLIED] src=255.255.255.255 dst=192.168.1.4 sport=1961 dport=4136 packets=0 bytes=0 mark=0 secmark=0 use=1
udp      17 126 src=192.168.1.14 dst=128.250.33.242 sport=123 dport=123 packets=104 bytes=7904 src=128.250.33.242 dst=192.168.1.14 sport=123 dport=123 packets=103 bytes=7828 [ASSURED] mark=0 secmark=0 use=1
udp      17 10 src=192.168.1.4 dst=255.255.255.255 sport=4135 dport=1961 packets=1 bytes=50 [UNREPLIED] src=255.255.255.255 dst=192.168.1.4 sport=1961 dport=4135 packets=0 bytes=0 mark=0 secmark=0 use=1
udp      17 22 src=192.168.1.68 dst=192.168.1.14 sport=41123 dport=42508 packets=1 bytes=77 [UNREPLIED] src=192.168.1.14 dst=192.168.1.68 sport=42508 dport=41123 packets=0 bytes=0 mark=0 secmark=0 use=1
udp      17 178 src=192.168.1.14 dst=202.83.64.3 sport=123 dport=123 packets=127 bytes=9652 src=202.83.64.3 dst=192.168.1.14 sport=123 dport=123 packets=127 bytes=9652 [ASSURED] mark=0 secmark=0 use=1
udp      17 164 src=192.168.1.14 dst=150.101.112.134 sport=123 dport=123 packets=126 bytes=9576 src=150.101.112.134 dst=192.168.1.14 sport=123 dport=123 packets=125 bytes=9500 [ASSURED] mark=0 secmark=0 use=1
udp      17 139 src=192.168.1.14 dst=202.83.64.2 sport=123 dport=123 packets=125 bytes=9500 src=202.83.64.2 dst=192.168.1.14 sport=123 dport=123 packets=125 bytes=9500 [ASSURED] mark=0 secmark=0 use=1
udp      17 14 src=192.168.1.243 dst=192.168.1.255 sport=137 dport=137 packets=2 bytes=156 [UNREPLIED] src=192.168.1.255 dst=192.168.1.243 sport=137 dport=137 packets=0 bytes=0 mark=0 secmark=0 use=1
udp      17 179 src=192.168.1.14 dst=192.189.54.17 sport=123 dport=123 packets=60 bytes=4560 src=192.189.54.17 dst=192.168.1.14 sport=123 dport=123 packets=60 bytes=4560 [ASSURED] mark=0 secmark=0 use=1
tcp      6 431999 ESTABLISHED src=192.168.1.14 dst=192.168.1.9 sport=22 dport=3364 packets=5162 bytes=1087876 src=192.168.1.9 dst=192.168.1.14 sport=3364 dport=22 packets=6460 bytes=457324 [ASSURED] mark=0 secmark=0 use=1
udp      17 28 src=192.168.1.11 dst=192.168.1.255 sport=137 dport=137 packets=1 bytes=78 [UNREPLIED] src=192.168.1.255 dst=192.168.1.11 sport=137 dport=137 packets=0 bytes=0 mark=0 secmark=0 use=1
udp      17 1 src=192.168.1.96 dst=192.168.1.255 sport=137 dport=137 packets=9 bytes=702 [UNREPLIED] src=192.168.1.255 dst=192.168.1.96 sport=137 dport=137 packets=0 bytes=0 mark=0 secmark=0 use=1
udp      17 25 src=192.168.1.76 dst=192.168.1.255 sport=137 dport=137 packets=18 bytes=1404 [UNREPLIED] src=192.168.1.255 dst=192.168.1.76 sport=137 dport=137 packets=0 bytes=0 mark=0 secmark=0 use=1
udp      17 21 src=192.168.1.63 dst=192.168.1.255 sport=137 dport=137 packets=24 bytes=1872 [UNREPLIED] src=192.168.1.255 dst=192.168.1.63 sport=137 dport=137 packets=0 bytes=0 mark=0 secmark=0 use=1
udp      17 20 src=192.168.1.4 dst=255.255.255.255 sport=4147 dport=1961 packets=1 bytes=50 [UNREPLIED] src=255.255.255.255 dst=192.168.1.4 sport=1961 dport=4147 packets=0 bytes=0 mark=0 secmark=0 use=1
udp      17 172 src=192.168.1.14 dst=202.81.208.160 sport=123 dport=123 packets=128 bytes=9728 src=202.81.208.160 dst=192.168.1.14 sport=123 dport=123 packets=127 bytes=9652 [ASSURED] mark=0 secmark=0 use=1

IP Configuration

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
    link/ether 00:50:56:99:0d:e9 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.14/24 brd 192.168.1.255 scope global eth0
    inet6 fe80::250:56ff:fe99:de9/64 scope link 
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
    link/ether 00:50:56:99:7c:03 brd ff:ff:ff:ff:ff:ff
    inet 10.3.3.2/24 brd 10.3.3.255 scope global eth1
    inet6 fe80::250:56ff:fe99:7c03/64 scope link 
       valid_lft forever preferred_lft forever
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
    link/ether 00:50:56:99:4b:b0 brd ff:ff:ff:ff:ff:ff
    inet 172.16.1.2/24 brd 172.16.1.255 scope global eth2
    inet6 fe80::250:56ff:fe99:4bb0/64 scope link 
       valid_lft forever preferred_lft forever

IP Stats

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    RX: bytes  packets  errors  dropped overrun mcast   
    0          0        0       0       0       0      
    TX: bytes  packets  errors  dropped carrier collsns 
    0          0        0       0       0       0      
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
    link/ether 00:50:56:99:0d:e9 brd ff:ff:ff:ff:ff:ff
    RX: bytes  packets  errors  dropped overrun mcast   
    2524825    27735    0       0       0       0      
    TX: bytes  packets  errors  dropped carrier collsns 
    1475122    7743     0       0       0       0      
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
    link/ether 00:50:56:99:7c:03 brd ff:ff:ff:ff:ff:ff
    RX: bytes  packets  errors  dropped overrun mcast   
    12438      120      0       0       0       0      
    TX: bytes  packets  errors  dropped carrier collsns 
    1344       22       0       0       0       0      
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
    link/ether 00:50:56:99:4b:b0 brd ff:ff:ff:ff:ff:ff
    RX: bytes  packets  errors  dropped overrun mcast   
    21560      192      0       0       0       0      
    TX: bytes  packets  errors  dropped carrier collsns 
    4399       69       0       0       0       0      

/proc

   /proc/version = Linux version 2.6.26-2-686 (Debian 2.6.26-19lenny1) (dannf@debian.org) (gcc version 4.1.3 20080704 (prerelease) (Debian 4.1.2-25)) #1 SMP Sat Oct 17 17:59:23 UTC 2009
   /proc/sys/net/ipv4/ip_forward = 1
   /proc/sys/net/ipv4/icmp_echo_ignore_all = 0
   /proc/sys/net/ipv4/conf/all/proxy_arp = 0
   /proc/sys/net/ipv4/conf/all/arp_filter = 0
   /proc/sys/net/ipv4/conf/all/arp_ignore = 0
   /proc/sys/net/ipv4/conf/all/rp_filter = 1
   /proc/sys/net/ipv4/conf/all/log_martians = 0
   /proc/sys/net/ipv4/conf/default/proxy_arp = 0
   /proc/sys/net/ipv4/conf/default/arp_filter = 0
   /proc/sys/net/ipv4/conf/default/arp_ignore = 0
   /proc/sys/net/ipv4/conf/default/rp_filter = 1
   /proc/sys/net/ipv4/conf/default/log_martians = 0
   /proc/sys/net/ipv4/conf/eth0/proxy_arp = 0
   /proc/sys/net/ipv4/conf/eth0/arp_filter = 0
   /proc/sys/net/ipv4/conf/eth0/arp_ignore = 0
   /proc/sys/net/ipv4/conf/eth0/rp_filter = 1
   /proc/sys/net/ipv4/conf/eth0/log_martians = 0
   /proc/sys/net/ipv4/conf/eth1/proxy_arp = 0
   /proc/sys/net/ipv4/conf/eth1/arp_filter = 0
   /proc/sys/net/ipv4/conf/eth1/arp_ignore = 0
   /proc/sys/net/ipv4/conf/eth1/rp_filter = 0
   /proc/sys/net/ipv4/conf/eth1/log_martians = 0
   /proc/sys/net/ipv4/conf/eth2/proxy_arp = 0
   /proc/sys/net/ipv4/conf/eth2/arp_filter = 0
   /proc/sys/net/ipv4/conf/eth2/arp_ignore = 0
   /proc/sys/net/ipv4/conf/eth2/rp_filter = 0
   /proc/sys/net/ipv4/conf/eth2/log_martians = 0
   /proc/sys/net/ipv4/conf/lo/proxy_arp = 0
   /proc/sys/net/ipv4/conf/lo/arp_filter = 0
   /proc/sys/net/ipv4/conf/lo/arp_ignore = 0
   /proc/sys/net/ipv4/conf/lo/rp_filter = 0
   /proc/sys/net/ipv4/conf/lo/log_martians = 0

Routing Rules

0:	from all lookup local 
32766:	from all lookup main 
32767:	from all lookup default 

Table default:


Table local:

broadcast 192.168.1.0 dev eth0  proto kernel  scope link  src 192.168.1.14 
broadcast 127.255.255.255 dev lo  proto kernel  scope link  src 127.0.0.1 
broadcast 10.3.3.255 dev eth1  proto kernel  scope link  src 10.3.3.2 
broadcast 172.16.1.255 dev eth2  proto kernel  scope link  src 172.16.1.2 
local 10.3.3.2 dev eth1  proto kernel  scope host  src 10.3.3.2 
broadcast 192.168.1.255 dev eth0  proto kernel  scope link  src 192.168.1.14 
broadcast 10.3.3.0 dev eth1  proto kernel  scope link  src 10.3.3.2 
broadcast 172.16.1.0 dev eth2  proto kernel  scope link  src 172.16.1.2 
broadcast 127.0.0.0 dev lo  proto kernel  scope link  src 127.0.0.1 
local 172.16.1.2 dev eth2  proto kernel  scope host  src 172.16.1.2 
local 192.168.1.14 dev eth0  proto kernel  scope host  src 192.168.1.14 
local 127.0.0.1 dev lo  proto kernel  scope host  src 127.0.0.1 
local 127.0.0.0/8 dev lo  proto kernel  scope host  src 127.0.0.1 

Table main:

192.168.1.0/24 dev eth0  proto kernel  scope link  src 192.168.1.14 
172.16.1.0/24 dev eth2  proto kernel  scope link  src 172.16.1.2 
10.3.3.0/24 dev eth1  proto kernel  scope link  src 10.3.3.2 
default via 192.168.1.254 dev eth0 

ARP

? (192.168.1.9) at 00:0e:0c:bc:90:7b [ether] on eth0
? (192.168.1.68) at 00:50:56:a3:2d:56 [ether] on eth0
? (192.168.1.10) at 00:50:56:a3:2d:56 [ether] on eth0
? (192.168.1.254) at 00:22:6b:3d:7e:8e [ether] on eth0

Modules

iptable_filter          2624  1 
iptable_mangle          2688  1 
iptable_nat             4680  1 
iptable_raw             2176  0 
ip_tables              10160  4 iptable_raw,iptable_nat,iptable_mangle,iptable_filter
ipt_addrtype            2304  0 
ipt_ah                  1664  0 
ipt_CLUSTERIP           5956  0 
ipt_ecn                 1888  0 
ipt_ECN                 2336  0 
ipt_LOG                 5028  18 
ipt_MASQUERADE          2592  0 
ipt_NETMAP              1760  0 
ipt_recent              6908  0 
ipt_REDIRECT            1760  0 
ipt_REJECT              2784  4 
ipt_ttl                 1600  0 
ipt_TTL                 1856  0 
ipt_ULOG                6820  0 
nf_conntrack           55540  29 ipt_MASQUERADE,ipt_CLUSTERIP,nf_nat_tftp,nf_nat_snmp_basic,nf_nat_sip,nf_nat_pptp,nf_nat_irc,nf_nat_h323,nf_nat_ftp,nf_nat_amanda,nf_conntrack_amanda,nf_conntrack_tftp,nf_conntrack_sip,nf_conntrack_proto_sctp,nf_conntrack_pptp,nf_conntrack_proto_gre,nf_conntrack_netlink,nf_conntrack_netbios_ns,nf_conntrack_irc,nf_conntrack_h323,nf_conntrack_ftp,xt_helper,xt_conntrack,xt_CONNMARK,xt_connmark,xt_state,iptable_nat,nf_nat,nf_conntrack_ipv4
nf_conntrack_amanda     3808  1 nf_nat_amanda
nf_conntrack_ftp        6852  1 nf_nat_ftp
nf_conntrack_h323      44712  1 nf_nat_h323
nf_conntrack_ipv4      12268  24 iptable_nat,nf_nat
nf_conntrack_irc        5124  1 nf_nat_irc
nf_conntrack_netbios_ns     2368  0 
nf_conntrack_netlink    14176  0 
nf_conntrack_pptp       5476  1 nf_nat_pptp
nf_conntrack_proto_gre     4416  1 nf_conntrack_pptp
nf_conntrack_proto_sctp     6600  0 
nf_conntrack_sip       16124  1 nf_nat_sip
nf_conntrack_tftp       4180  1 nf_nat_tftp
nf_nat                 15576  13 ipt_REDIRECT,ipt_NETMAP,ipt_MASQUERADE,nf_nat_tftp,nf_nat_sip,nf_nat_pptp,nf_nat_proto_gre,nf_nat_irc,nf_nat_h323,nf_nat_ftp,nf_nat_amanda,nf_conntrack_netlink,iptable_nat
nf_nat_amanda           1824  0 
nf_nat_ftp              2528  0 
nf_nat_h323             5728  0 
nf_nat_irc              2080  0 
nf_nat_pptp             2880  0 
nf_nat_proto_gre        2212  1 nf_nat_pptp
nf_nat_sip              5440  0 
nf_nat_snmp_basic       8296  0 
nf_nat_tftp             1568  0 
xt_CLASSIFY             1696  0 
xt_comment              1664  0 
xt_connmark             2368  0 
xt_CONNMARK             2944  0 
xt_conntrack            3488  1 
xt_dccp                 2696  0 
xt_dscp                 2368  0 
xt_DSCP                 2944  0 
xt_hashlimit            9360  0 
xt_helper               2112  0 
xt_iprange              2272  0 
xt_length               1760  0 
xt_limit                2180  0 
xt_mac                  1728  0 
xt_mark                 1952  0 
xt_MARK                 2304  0 
xt_multiport            2816  4 
xt_NFLOG                1824  0 
xt_NFQUEUE              1792  0 
xt_owner                2560  0 
xt_physdev              2352  0 
xt_pkttype              1728  4 
xt_policy               2848  0 
xt_state                2016  20 
xt_tcpmss               1984  0 
xt_tcpudp               2816  13 

Shorewall has detected the following iptables/netfilter capabilities:
   NAT: Available
   Packet Mangling: Available
   Multi-port Match: Available
   Extended Multi-port Match: Available
   Connection Tracking Match: Available
   New Connection Tracking Match Syntax: Available
   Packet Type Match: Available
   Policy Match: Available
   Physdev Match: Available
   Physdev-is-bridged Support: Available
   Packet length Match: Available
   IP range Match: Available
   Recent Match: Available
   Owner Match: Available
   Ipset Match: Not available
   CONNMARK Target: Available
   Extended CONNMARK Target: Available
   Connmark Match: Available
   Extended Connmark Match: Available
   Raw Table: Available
   IPP2P Match: Not available
   CLASSIFY Target: Available
   Extended REJECT: Available
   Repeat match: Available
   MARK Target: Available
   Extended MARK Target: Available
   Mangle FORWARD Chain: Available
   Comments: Available
   Address Type Match: Available
   TCPMSS Match: Available
   Hashlimit Match: Available
   NFQUEUE Target: Available

Traffic Control

Device eth0:
qdisc pfifo_fast 0: root bands 3 priomap  1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
 Sent 1473124 bytes 7706 pkt (dropped 0, overlimits 0 requeues 0) 
 rate 0bit 0pps backlog 0b 0p requeues 0 

Device eth1:
qdisc pfifo_fast 0: root bands 3 priomap  1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
 Sent 1344 bytes 22 pkt (dropped 0, overlimits 0 requeues 0) 
 rate 0bit 0pps backlog 0b 0p requeues 0 

Device eth2:
qdisc pfifo_fast 0: root bands 3 priomap  1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
 Sent 4399 bytes 69 pkt (dropped 0, overlimits 0 requeues 0) 
 rate 0bit 0pps backlog 0b 0p requeues 0 


TC Filters

Device eth0:

Device eth1:

Device eth2:

