Shorewall 4.4.9 Dump at mr-clever - Sun Jun  6 17:31:24 EST 2010

Counters reset Sun Jun  6 17:30:54 EST 2010

Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctstate INVALID,NEW 
  114  8122 loc2fw     all  --  eth0   *       0.0.0.0/0            0.0.0.0/0           
    2    80 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctstate RELATED,ESTABLISHED 
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctstate INVALID,NEW 
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctstate RELATED,ESTABLISHED 
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
   76  8476 fw2loc     all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           
    2    80 ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctstate RELATED,ESTABLISHED 
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain Drop (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 reject     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:113 /* Auth */ 
    0     0 dropBcast  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 3 code 4 /* Needed ICMP types */ 
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 11 /* Needed ICMP types */ 
    0     0 dropInvalid  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           multiport dports 135,445 /* SMB */ 
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpts:137:139 /* SMB */ 
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:137 dpts:1024:65535 /* SMB */ 
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           multiport dports 135,139,445 /* SMB */ 
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:1900 /* UPnP */ 
    0     0 dropNotSyn  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:53 /* Late DNS Replies */ 

Chain Reject (4 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 reject     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:113 /* Auth */ 
    0     0 dropBcast  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 3 code 4 /* Needed ICMP types */ 
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 11 /* Needed ICMP types */ 
    0     0 dropInvalid  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 reject     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           multiport dports 135,445 /* SMB */ 
    0     0 reject     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpts:137:139 /* SMB */ 
    0     0 reject     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:137 dpts:1024:65535 /* SMB */ 
    0     0 reject     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           multiport dports 135,139,445 /* SMB */ 
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:1900 /* UPnP */ 
    0     0 dropNotSyn  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:53 /* Late DNS Replies */ 

Chain dropBcast (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           ADDRTYPE match dst-type BROADCAST 
    0     0 DROP       all  --  *      *       0.0.0.0/0            224.0.0.0/4         

Chain dropInvalid (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctstate INVALID 

Chain dropNotSyn (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:!0x17/0x02 

Chain dynamic (2 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain fw2loc (1 references)
 pkts bytes target     prot opt in     out     source               destination         
   70  8072 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctstate RELATED,ESTABLISHED 
    2   120 reject     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:21 mark match 0x0/0xff /* FTP */ 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:21 mark match 0x2/0xff /* FTP */ 
    4   284 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain loc2fw (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  114  8122 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctstate RELATED,ESTABLISHED 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:22 
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain logdrop (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain logreject (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain reject (12 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           ADDRTYPE match src-type BROADCAST 
    0     0 DROP       all  --  *      *       224.0.0.0/4          0.0.0.0/0           
    0     0 DROP       2    --  *      *       0.0.0.0/0            0.0.0.0/0           
    2   120 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with tcp-reset 
    0     0 REJECT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable 
    0     0 REJECT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-unreachable 
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain shorewall (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Log (/var/log/messages)

Jun  6 17:30:55 mr-clever TRACE: mangle:POSTROUTING:rule:1 IN= OUT=eth0 SRC=192.168.3.21 DST=192.168.3.2 LEN=100 TOS=0x10 PREC=0x00 TTL=64 ID=10421 DF PROTO=TCP SPT=22 DPT=32942 SEQ=4221277451 ACK=1359635645 WINDOW=3428 RES=0x00 ACK PSH URGP=0 OPT (0101080A00088950006A11D8) UID=0 GID=0 
Jun  6 17:30:55 mr-clever TRACE: mangle:tcpost:return:1 IN= OUT=eth0 SRC=192.168.3.21 DST=192.168.3.2 LEN=100 TOS=0x10 PREC=0x00 TTL=64 ID=10421 DF PROTO=TCP SPT=22 DPT=32942 SEQ=4221277451 ACK=1359635645 WINDOW=3428 RES=0x00 ACK PSH URGP=0 OPT (0101080A00088950006A11D8) UID=0 GID=0 
Jun  6 17:30:55 mr-clever TRACE: mangle:POSTROUTING:policy:2 IN= OUT=eth0 SRC=192.168.3.21 DST=192.168.3.2 LEN=100 TOS=0x10 PREC=0x00 TTL=64 ID=10421 DF PROTO=TCP SPT=22 DPT=32942 SEQ=4221277451 ACK=1359635645 WINDOW=3428 RES=0x00 ACK PSH URGP=0 OPT (0101080A00088950006A11D8) UID=0 GID=0 
Jun  6 17:30:55 mr-clever TRACE: raw:OUTPUT:policy:1 IN= OUT=eth0 SRC=192.168.3.21 DST=192.168.3.2 LEN=132 TOS=0x10 PREC=0x00 TTL=64 ID=35523 DF PROTO=TCP SPT=22 DPT=32940 SEQ=3297367164 ACK=435880172 WINDOW=3428 RES=0x00 ACK PSH URGP=0 OPT (0101080A000889A70069F4E1) UID=0 GID=0 
Jun  6 17:30:55 mr-clever TRACE: mangle:OUTPUT:rule:1 IN= OUT=eth0 SRC=192.168.3.21 DST=192.168.3.2 LEN=132 TOS=0x10 PREC=0x00 TTL=64 ID=35523 DF PROTO=TCP SPT=22 DPT=32940 SEQ=3297367164 ACK=435880172 WINDOW=3428 RES=0x00 ACK PSH URGP=0 OPT (0101080A000889A70069F4E1) UID=0 GID=0 
Jun  6 17:30:55 mr-clever TRACE: mangle:tcout:return:2 IN= OUT=eth0 SRC=192.168.3.21 DST=192.168.3.2 LEN=132 TOS=0x10 PREC=0x00 TTL=64 ID=35523 DF PROTO=TCP SPT=22 DPT=32940 SEQ=3297367164 ACK=435880172 WINDOW=3428 RES=0x00 ACK PSH URGP=0 OPT (0101080A000889A70069F4E1) UID=0 GID=0 
Jun  6 17:30:55 mr-clever TRACE: mangle:OUTPUT:policy:2 IN= OUT=eth0 SRC=192.168.3.21 DST=192.168.3.2 LEN=132 TOS=0x10 PREC=0x00 TTL=64 ID=35523 DF PROTO=TCP SPT=22 DPT=32940 SEQ=3297367164 ACK=435880172 WINDOW=3428 RES=0x00 ACK PSH URGP=0 OPT (0101080A000889A70069F4E1) UID=0 GID=0 
Jun  6 17:30:55 mr-clever TRACE: filter:OUTPUT:rule:1 IN= OUT=eth0 SRC=192.168.3.21 DST=192.168.3.2 LEN=132 TOS=0x10 PREC=0x00 TTL=64 ID=35523 DF PROTO=TCP SPT=22 DPT=32940 SEQ=3297367164 ACK=435880172 WINDOW=3428 RES=0x00 ACK PSH URGP=0 OPT (0101080A000889A70069F4E1) UID=0 GID=0 
Jun  6 17:30:55 mr-clever TRACE: filter:fw2loc:rule:1 IN= OUT=eth0 SRC=192.168.3.21 DST=192.168.3.2 LEN=132 TOS=0x10 PREC=0x00 TTL=64 ID=35523 DF PROTO=TCP SPT=22 DPT=32940 SEQ=3297367164 ACK=435880172 WINDOW=3428 RES=0x00 ACK PSH URGP=0 OPT (0101080A000889A70069F4E1) UID=0 GID=0 
Jun  6 17:30:55 mr-clever TRACE: mangle:POSTROUTING:rule:1 IN= OUT=eth0 SRC=192.168.3.21 DST=192.168.3.2 LEN=132 TOS=0x10 PREC=0x00 TTL=64 ID=35523 DF PROTO=TCP SPT=22 DPT=32940 SEQ=3297367164 ACK=435880172 WINDOW=3428 RES=0x00 ACK PSH URGP=0 OPT (0101080A000889A70069F4E1) UID=0 GID=0 
Jun  6 17:30:55 mr-clever TRACE: mangle:tcpost:return:1 IN= OUT=eth0 SRC=192.168.3.21 DST=192.168.3.2 LEN=132 TOS=0x10 PREC=0x00 TTL=64 ID=35523 DF PROTO=TCP SPT=22 DPT=32940 SEQ=3297367164 ACK=435880172 WINDOW=3428 RES=0x00 ACK PSH URGP=0 OPT (0101080A000889A70069F4E1) UID=0 GID=0 
Jun  6 17:30:55 mr-clever TRACE: mangle:POSTROUTING:policy:2 IN= OUT=eth0 SRC=192.168.3.21 DST=192.168.3.2 LEN=132 TOS=0x10 PREC=0x00 TTL=64 ID=35523 DF PROTO=TCP SPT=22 DPT=32940 SEQ=3297367164 ACK=435880172 WINDOW=3428 RES=0x00 ACK PSH URGP=0 OPT (0101080A000889A70069F4E1) UID=0 GID=0 
Jun  6 17:30:55 mr-clever TRACE: raw:OUTPUT:policy:1 IN= OUT=eth0 SRC=192.168.3.21 DST=192.168.3.23 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=1216 DF PROTO=TCP SPT=39002 DPT=21 SEQ=3407318375 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40402080A000889A70000000001030302) UID=0 GID=0 
Jun  6 17:30:55 mr-clever TRACE: mangle:OUTPUT:rule:1 IN= OUT=eth0 SRC=192.168.3.21 DST=192.168.3.23 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=1216 DF PROTO=TCP SPT=39002 DPT=21 SEQ=3407318375 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40402080A000889A70000000001030302) UID=0 GID=0 
Jun  6 17:30:55 mr-clever TRACE: mangle:tcout:return:2 IN= OUT=eth0 SRC=192.168.3.21 DST=192.168.3.23 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=1216 DF PROTO=TCP SPT=39002 DPT=21 SEQ=3407318375 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40402080A000889A70000000001030302) UID=0 GID=0 
Jun  6 17:30:55 mr-clever TRACE: mangle:OUTPUT:policy:2 IN= OUT=eth0 SRC=192.168.3.21 DST=192.168.3.23 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=1216 DF PROTO=TCP SPT=39002 DPT=21 SEQ=3407318375 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40402080A000889A70000000001030302) UID=0 GID=0 
Jun  6 17:30:55 mr-clever TRACE: nat:OUTPUT:policy:1 IN= OUT=eth0 SRC=192.168.3.21 DST=192.168.3.23 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=1216 DF PROTO=TCP SPT=39002 DPT=21 SEQ=3407318375 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40402080A000889A70000000001030302) UID=0 GID=0 
Jun  6 17:30:55 mr-clever TRACE: filter:OUTPUT:rule:1 IN= OUT=eth0 SRC=192.168.3.21 DST=192.168.3.23 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=1216 DF PROTO=TCP SPT=39002 DPT=21 SEQ=3407318375 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40402080A000889A70000000001030302) UID=0 GID=0 
Jun  6 17:30:55 mr-clever TRACE: filter:fw2loc:rule:2 IN= OUT=eth0 SRC=192.168.3.21 DST=192.168.3.23 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=1216 DF PROTO=TCP SPT=39002 DPT=21 SEQ=3407318375 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40402080A000889A70000000001030302) UID=0 GID=0 
Jun  6 17:30:55 mr-clever TRACE: filter:reject:rule:4 IN= OUT=eth0 SRC=192.168.3.21 DST=192.168.3.23 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=1216 DF PROTO=TCP SPT=39002 DPT=21 SEQ=3407318375 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40402080A000889A70000000001030302) UID=0 GID=0 

NAT Table

Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 6 packets, 364 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 6 packets, 404 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Mangle Table

Chain PREROUTING (policy ACCEPT 116 packets, 8202 bytes)
 pkts bytes target     prot opt in     out     source               destination         
  116  8202 tcpre      all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain INPUT (policy ACCEPT 116 packets, 8202 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0           MARK and 0x0 
    0     0 tcfor      all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 78 packets, 8556 bytes)
 pkts bytes target     prot opt in     out     source               destination         
   78  8556 tcout      all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain POSTROUTING (policy ACCEPT 76 packets, 8436 bytes)
 pkts bytes target     prot opt in     out     source               destination         
   76  8436 tcpost     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain tcfor (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain tcout (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           helper match "ftp" MARK xset 0x2/0xffffffff 

Chain tcpost (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain tcpre (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Raw Table

Chain PREROUTING (policy ACCEPT 116 packets, 8202 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 78 packets, 8556 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Conntrack Table (7 out of 8188)

udp      17 0 src=192.168.3.21 dst=192.168.3.2 sport=49888 dport=53 packets=1 bytes=71 src=192.168.3.2 dst=192.168.3.21 sport=53 dport=49888 packets=1 bytes=120 mark=0 use=1
tcp      6 431972 ESTABLISHED src=192.168.3.2 dst=192.168.3.21 sport=32942 dport=22 packets=152 bytes=13485 src=192.168.3.21 dst=192.168.3.2 sport=22 dport=32942 packets=94 bytes=11469 [ASSURED] mark=0 use=1
tcp      6 431999 ESTABLISHED src=192.168.3.21 dst=192.168.3.2 sport=22 dport=32941 packets=4574 bytes=974280 src=192.168.3.2 dst=192.168.3.21 sport=32941 dport=22 packets=6102 bytes=414664 [ASSURED] mark=0 use=1
udp      17 11 src=192.168.3.21 dst=192.168.3.2 sport=39573 dport=53 packets=1 bytes=71 src=192.168.3.2 dst=192.168.3.21 sport=53 dport=39573 packets=1 bytes=120 mark=0 use=1
tcp      6 431981 ESTABLISHED src=192.168.3.2 dst=192.168.3.21 sport=32940 dport=22 packets=279 bytes=17772 src=192.168.3.21 dst=192.168.3.2 sport=22 dport=32940 packets=218 bytes=27928 [ASSURED] mark=0 use=1
udp      17 11 src=192.168.3.21 dst=192.168.3.2 sport=58874 dport=53 packets=1 bytes=71 src=192.168.3.2 dst=192.168.3.21 sport=53 dport=58874 packets=1 bytes=121 mark=0 use=1
udp      17 0 src=192.168.3.21 dst=192.168.3.2 sport=45702 dport=53 packets=1 bytes=71 src=192.168.3.2 dst=192.168.3.21 sport=53 dport=45702 packets=1 bytes=121 mark=0 use=1

IP Configuration

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN 
    inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc htb state UNKNOWN qlen 1000
    inet 192.168.3.21/24 brd 192.168.3.255 scope global eth0

IP Stats

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    RX: bytes  packets  errors  dropped overrun mcast   
    2968       45       0       0       0       0      
    TX: bytes  packets  errors  dropped carrier collsns 
    2968       45       0       0       0       0      
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc htb state UNKNOWN qlen 1000
    link/ether 00:60:67:74:e9:f4 brd ff:ff:ff:ff:ff:ff
    RX: bytes  packets  errors  dropped overrun mcast   
    601799     7132     0       0       0       0      
    TX: bytes  packets  errors  dropped carrier collsns 
    1135164    5406     0       0       0       70     
3: ifb0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 32
    link/ether fa:a4:f9:35:9c:73 brd ff:ff:ff:ff:ff:ff
    RX: bytes  packets  errors  dropped overrun mcast   
    0          0        0       0       0       0      
    TX: bytes  packets  errors  dropped carrier collsns 
    0          0        0       0       0       0      

/proc

   /proc/version = Linux version 2.6.29-gentoo-r5 (root@mr-clever) (gcc version 4.3.2 (Gentoo 4.3.2-r3 p1.6, pie-10.1.5) ) #13 Thu May 13 15:17:46 EST 2010
   /proc/sys/net/ipv4/ip_forward = 1
   /proc/sys/net/ipv4/icmp_echo_ignore_all = 0
   /proc/sys/net/ipv4/conf/all/proxy_arp = 0
   /proc/sys/net/ipv4/conf/all/arp_filter = 0
   /proc/sys/net/ipv4/conf/all/arp_ignore = 0
   /proc/sys/net/ipv4/conf/all/rp_filter = 1
   /proc/sys/net/ipv4/conf/all/log_martians = 0
   /proc/sys/net/ipv4/conf/default/proxy_arp = 0
   /proc/sys/net/ipv4/conf/default/arp_filter = 0
   /proc/sys/net/ipv4/conf/default/arp_ignore = 0
   /proc/sys/net/ipv4/conf/default/rp_filter = 0
   /proc/sys/net/ipv4/conf/default/log_martians = 1
   /proc/sys/net/ipv4/conf/eth0/proxy_arp = 0
   /proc/sys/net/ipv4/conf/eth0/arp_filter = 0
   /proc/sys/net/ipv4/conf/eth0/arp_ignore = 0
   /proc/sys/net/ipv4/conf/eth0/rp_filter = 0
   /proc/sys/net/ipv4/conf/eth0/log_martians = 1
   /proc/sys/net/ipv4/conf/ifb0/proxy_arp = 0
   /proc/sys/net/ipv4/conf/ifb0/arp_filter = 0
   /proc/sys/net/ipv4/conf/ifb0/arp_ignore = 0
   /proc/sys/net/ipv4/conf/ifb0/rp_filter = 0
   /proc/sys/net/ipv4/conf/ifb0/log_martians = 1
   /proc/sys/net/ipv4/conf/lo/proxy_arp = 0
   /proc/sys/net/ipv4/conf/lo/arp_filter = 0
   /proc/sys/net/ipv4/conf/lo/arp_ignore = 0
   /proc/sys/net/ipv4/conf/lo/rp_filter = 0
   /proc/sys/net/ipv4/conf/lo/log_martians = 1

Routing Table

192.168.3.0/24 dev eth0  proto kernel  scope link  src 192.168.3.21 
127.0.0.0/8 dev lo  scope link 
default via 192.168.3.1 dev eth0 

ARP

? (192.168.3.2) at 00:0b:cd:6a:52:dd [ether] on eth0

Modules

ip_tables               9144  4 iptable_raw,iptable_nat,iptable_mangle,iptable_filter
ipt_CLUSTERIP           5304  0 
ipt_ECN                 1980  0 
ipt_LOG                 4312  0 
ipt_MASQUERADE          2196  0 
ipt_NETMAP              1420  0 
ipt_REDIRECT            1404  0 
ipt_REJECT              2376  4 
ipt_TTL                 1532  0 
ipt_ULOG                6380  0 
ipt_addrtype            1952  2 
ipt_ah                  1304  0 
ipt_ecn                 1532  0 
ipt_ttl                 1268  0 
iptable_filter          2160  1 
iptable_mangle          2152  1 
iptable_nat             3640  0 
iptable_raw             1652  0 
nf_conntrack           49236  28 xt_connlimit,ipt_MASQUERADE,ipt_CLUSTERIP,nf_nat_tftp,nf_nat_snmp_basic,nf_nat_sip,nf_nat_pptp,nf_nat_irc,nf_nat_h323,nf_nat_ftp,nf_conntrack_sane,nf_conntrack_tftp,nf_conntrack_sip,nf_conntrack_proto_sctp,nf_conntrack_pptp,nf_conntrack_proto_gre,nf_conntrack_netlink,nf_conntrack_irc,nf_conntrack_h323,nf_conntrack_ftp,xt_helper,xt_conntrack,xt_CONNMARK,xt_connmark,xt_state,iptable_nat,nf_nat,nf_conntrack_ipv4
nf_conntrack_ftp        6144  1 nf_nat_ftp
nf_conntrack_h323      41624  1 nf_nat_h323
nf_conntrack_ipv4      10868  12 iptable_nat,nf_nat
nf_conntrack_irc        4580  1 nf_nat_irc
nf_conntrack_netlink    14040  0 
nf_conntrack_pptp       4904  1 nf_nat_pptp
nf_conntrack_proto_gre     4080  1 nf_conntrack_pptp
nf_conntrack_proto_sctp     6320  0 
nf_conntrack_sane       3944  0 
nf_conntrack_sip       14488  1 nf_nat_sip
nf_conntrack_tftp       3744  1 nf_nat_tftp
nf_defrag_ipv4          1476  1 nf_conntrack_ipv4
nf_nat                 14144  11 ipt_REDIRECT,ipt_NETMAP,ipt_MASQUERADE,nf_nat_tftp,nf_nat_sip,nf_nat_pptp,nf_nat_proto_gre,nf_nat_irc,nf_nat_h323,nf_nat_ftp,iptable_nat
nf_nat_ftp              2200  0 
nf_nat_h323             5288  0 
nf_nat_irc              1744  0 
nf_nat_pptp             2484  0 
nf_nat_proto_gre        1768  1 nf_nat_pptp
nf_nat_sip              5352  0 
nf_nat_snmp_basic       7596  0 
nf_nat_tftp             1232  0 
xt_CLASSIFY             1240  0 
xt_CONNMARK             2328  0 
xt_DSCP                 2572  0 
xt_MARK                 1680  2 
xt_NFLOG                1348  0 
xt_NFQUEUE              1428  0 
xt_TCPMSS               2676  0 
xt_comment              1200  20 
xt_connlimit            3180  0 
xt_connmark             1820  0 
xt_conntrack            3108  8 
xt_dccp                 2288  0 
xt_dscp                 1956  0 
xt_hashlimit            7480  0 
xt_helper               1648  1 
xt_iprange              1908  0 
xt_length               1400  0 
xt_limit                1660  0 
xt_mac                  1260  0 
xt_mark                 1384  2 
xt_multiport            2420  4 
xt_owner                2096  0 
xt_pkttype              1284  0 
xt_realm                1180  0 
xt_recent               8376  0 
xt_state                1688  0 
xt_tcpmss               1608  0 
xt_tcpudp               2432  14 
xt_time                 2228  0 

Shorewall has detected the following iptables/netfilter capabilities:
   NAT: Available
   Packet Mangling: Available
   Multi-port Match: Available
   Extended Multi-port Match: Available
   Connection Tracking Match: Available
   Extended Connection Tracking Match Support: Available
   Packet Type Match: Available
   Policy Match: Not available
   Physdev Match: Not available
   Physdev-is-bridged Support: Not available
   Packet length Match: Available
   IP range Match: Available
   Recent Match: Available
   Owner Match: Available
   Ipset Match: Not available
   CONNMARK Target: Available
   Extended CONNMARK Target: Available
   Connmark Match: Available
   Extended Connmark Match: Available
   Raw Table: Available
   IPP2P Match: Not available
   CLASSIFY Target: Available
   Extended REJECT: Available
   Repeat match: Available
   MARK Target: Available
   Extended MARK Target: Available
   Extended MARK Target 2: Available
   Mangle FORWARD Chain: Available
   Comments: Available
   Address Type Match: Available
   TCPMSS Match: Available
   Hashlimit Match: Available
   NFQUEUE Target: Available
   Realm Match: Available
   Helper Match: Available
   Connlimit Match: Available
   Time Match: Available
   Goto Support: Available
   LOGMARK Target: Not available
   IPMARK Target: Not available
   LOG Target: Available
   Persistent SNAT: Not available
   TPROXY Target: Not available
   FLOW Classifier: Available

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name   
tcp        0      0 0.0.0.0:514             0.0.0.0:*               LISTEN     5610/xinetd         
tcp        0      0 0.0.0.0:36973           0.0.0.0:*               LISTEN     -                   
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN     5183/portmap        
tcp        0      0 0.0.0.0:40913           0.0.0.0:*               LISTEN     5269/rpc.statd      
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN     5524/sshd           
tcp        0      0 192.168.3.21:22         192.168.3.2:32941       ESTABLISHED5846/1              
tcp        0      0 192.168.3.21:22         192.168.3.2:32940       ESTABLISHED5816/0              
tcp        0      0 192.168.3.21:22         192.168.3.2:32942       ESTABLISHED6277/2              
udp        0      0 0.0.0.0:781             0.0.0.0:*                          5269/rpc.statd      
udp        0      0 0.0.0.0:39489           0.0.0.0:*                          5269/rpc.statd      
udp        0      0 0.0.0.0:33231           0.0.0.0:*                          -                   
udp        0      0 0.0.0.0:111             0.0.0.0:*                          5183/portmap        

Traffic Control

Device eth0:
qdisc htb 1: root r2q 100 default 0 direct_packets_stat 78 ver 3.17
 Sent 9896 bytes 78 pkt (dropped 0, overlimits 0 requeues 0) 
 rate 0bit 0pps backlog 0b 0p requeues 0 
qdisc sfq 2: parent 1:12 limit 127p quantum 1500b flows 127/1024 perturb 10sec 
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) 
 rate 0bit 0pps backlog 0b 0p requeues 0 

class htb 1:1 root rate 20000Kbit ceil 20000Kbit burst 11637b/8 mpu 0b overhead 0b cburst 11637b/8 mpu 0b overhead 0b level 7 
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) 
 rate 0bit 0pps backlog 0b 0p requeues 0 
 lended: 0 borrowed: 0 giants: 0
 tokens: 4546 ctokens: 4546

class htb 1:12 parent 1:1 leaf 2: prio 2 quantum 1500 rate 2000bit ceil 20000Kbit burst 1600b/8 mpu 0b overhead 0b cburst 11637b/8 mpu 0b overhead 0b level 0 
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) 
 rate 0bit 0pps backlog 0b 0p requeues 0 
 lended: 0 borrowed: 0 giants: 0
 tokens: 6253906 ctokens: 4546


Device ifb0:
qdisc pfifo_fast 0: root bands 3 priomap  1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) 
 rate 0bit 0pps backlog 0b 0p requeues 0 



TC Filters

Device eth0:
filter parent 1: protocol all pref 532 fw 
filter parent 1: protocol all pref 532 fw handle 0x2 classid 1:12 

Device ifb0:

