On 3/05/2011 9:58 PM, Tom Eastep wrote:
On May 2, 2011, at 10:47 PM, Frank Richards wrote:
Hi
Have tried all I can think of but still unable to get to get it to
work,
IP_FORWARDING=ON
ADD_IP_ALIASES=Yes
my version 2 system is ok and have used the same settings as there, and
the start dialogue says the
IPv4 Forwarding Enabled
Am i missing something?
Regards Frank
root@server:~# shorewall restart
Compiling...
Processing /etc/shorewall/shorewall.conf...
Loading Modules...
Compiling /etc/shorewall/zones...
Compiling /etc/shorewall/interfaces...
Determining Hosts in Zones...
Preprocessing Action Files...
Compiling ...
Pre-processing /usr/share/shorewall/action.Drop...
Pre-processing /usr/share/shorewall/action.Reject...
Compiling /etc/shorewall/policy...
Adding rules for DHCP
Compiling Kernel Route Filtering...
Compiling Martian Logging...
Compiling /etc/shorewall/masq...
WARNING: Using an interface as the masq SOURCE requires the
interface to be up and configured when Shorewall starts/restarts :
/etc/shorewall/masq (line 1)
Compiling MAC Filtration -- Phase 1...
Compiling /etc/shorewall/rules...
Generating Transitive Closure of Used-action List...
Processing /usr/share/shorewall/action.Reject for chain Reject...
Compiling ...
Processing /usr/share/shorewall/action.Drop for chain Drop...
Compiling MAC Filtration -- Phase 2...
Applying Policies...
Generating Rule Matrix...
Creating iptables-restore input...
Compiling iptables-restore input for chain mangle:...
Shorewall configuration compiled to /var/lib/shorewall/.restart
Restarting Shorewall....
WARNING: default route ignored on interface eth1
The above message indicates that there is a default route defined out of eth1
and that you have entered 'eth1' in the SOURCE column of
/etc/shorewall/interfaces (we can see that from the WARNING: above). If eth1 is
really your internal (local) interface, then it should not have a default route
defined. Otherwise, you may have the interfaces reversed.
was an error in masq but problem still exists dump attached
As always, the output of 'shorewall dump' is most useful for trying to help you
determine the exact cause. Please see
http://www.shorewall.net/support.htm#Guidelines for information about how to
collect a useful dump.
Thanks,
-Tom
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
------------------------------------------------------------------------------
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network
management toolset available today. Delivers lowest initial
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
Shorewall 4.4.11.6 Dump at server - Wed May 4 10:30:20 EST 2011
Counters reset Wed May 4 10:00:16 EST 2011
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
205 29222 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW
660 57195 loc2fw all -- eth0 * 0.0.0.0/0 0.0.0.0/0
224 31275 net2fw all -- eth1 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:INPUT:REJECT:'
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW
0 0 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:0x06/0x02 TCPMSS clamp to PMTU
0 0 loc2net all -- eth0 eth1 0.0.0.0/0 0.0.0.0/0
0 0 net2loc all -- eth1 eth0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:FORWARD:REJECT:'
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
665 248K fw2loc all -- * eth0 0.0.0.0/0 0.0.0.0/0
58 7599 fw2net all -- * eth1 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:OUTPUT:REJECT:'
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain Drop (2 references)
pkts bytes target prot opt in out source destination
168 22717 all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:113 /* Auth */
168 22717 dropBcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 3 code 4 /* Needed ICMP types */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 11 /* Needed ICMP types */
3 152 dropInvalid all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,445 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:137:139 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:137 dpts:1024:65535 /* SMB */
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,139,445 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1900 /* UPnP */
3 152 dropNotSyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:53 /* Late DNS Replies */
Chain Reject (5 references)
pkts bytes target prot opt in out source destination
9 1194 all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:113 /* Auth */
9 1194 dropBcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 3 code 4 /* Needed ICMP types */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 11 /* Needed ICMP types */
0 0 dropInvalid all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,445 /* SMB */
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:137:139 /* SMB */
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:137 dpts:1024:65535 /* SMB */
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,139,445 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1900 /* UPnP */
0 0 dropNotSyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:53 /* Late DNS Replies */
Chain dropBcast (2 references)
pkts bytes target prot opt in out source destination
174 23759 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type BROADCAST
0 0 DROP all -- * * 0.0.0.0/0 224.0.0.0/4
Chain dropInvalid (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID
Chain dropNotSyn (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:!0x17/0x02
Chain dynamic (2 references)
pkts bytes target prot opt in out source destination
Chain fw2loc (1 references)
pkts bytes target prot opt in out source destination
659 246K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 8
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:22
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:68
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:123
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpts:137:139
6 1431 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:137:139
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:631
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:fw2loc:REJECT:'
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain fw2net (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:67:68
20 4304 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:22
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:23
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:25
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:53
29 2101 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:53
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:69
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:80
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:123
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:443
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:700
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:11371
9 1194 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:fw2net:REJECT:'
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain loc2fw (1 references)
pkts bytes target prot opt in out source destination
629 52388 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
31 4807 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain loc2net (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logdrop (0 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logreject (0 references)
pkts bytes target prot opt in out source destination
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
Chain net2fw (1 references)
pkts bytes target prot opt in out source destination
5 1646 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:67:68
50 6860 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:21
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:25
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:53
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:53
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:69
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:80
1 52 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:700
168 22717 Drop all -- * * 0.0.0.0/0 0.0.0.0/0
3 152 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain net2loc (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 Drop all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:net2loc:DROP:'
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain reject (12 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match src-type BROADCAST
0 0 DROP all -- * * 224.0.0.0/4 0.0.0.0/0
0 0 DROP 2 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with tcp-reset
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-port-unreachable
0 0 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-unreachable
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-prohibited
Chain shorewall (0 references)
pkts bytes target prot opt in out source destination
Log (/var/log/messages)
May 3 15:11:09 fw2net:REJECT:IN= OUT=eth1 SRC=192.168.1.64 DST=74.125.237.48
LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=14381
SEQ=1
May 3 15:11:09 fw2net:REJECT:IN= OUT=eth1 SRC=192.168.1.64 DST=74.125.237.48
LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=14381
SEQ=1
May 3 15:11:09 fw2net:REJECT:IN= OUT=eth1 SRC=192.168.1.64 DST=74.125.237.48
LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=14381
SEQ=1
May 3 15:11:09 fw2net:REJECT:IN= OUT=eth1 SRC=192.168.1.64 DST=74.125.237.48
LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=14381
SEQ=1
May 3 15:11:09 fw2net:REJECT:IN= OUT=eth1 SRC=192.168.1.64 DST=74.125.237.48
LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=14381
SEQ=1
May 3 15:11:09 fw2net:REJECT:IN= OUT=eth1 SRC=192.168.1.64 DST=74.125.237.48
LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=14381
SEQ=1
May 3 15:11:09 fw2net:REJECT:IN= OUT=eth1 SRC=192.168.1.64 DST=74.125.237.48
LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=14381
SEQ=1
May 3 15:11:09 fw2net:REJECT:IN= OUT=eth1 SRC=192.168.1.64 DST=74.125.237.48
LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=14381
SEQ=1
May 3 15:11:09 fw2net:REJECT:IN= OUT=eth1 SRC=192.168.1.64 DST=74.125.237.48
LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=14381
SEQ=1
May 3 15:11:09 fw2net:REJECT:IN= OUT=eth1 SRC=192.168.1.64 DST=74.125.237.48
LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=14381
SEQ=1
May 3 15:11:09 fw2net:REJECT:IN= OUT=eth1 SRC=192.168.1.64 DST=74.125.237.48
LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=14381
SEQ=1
May 3 15:11:09 fw2net:REJECT:IN= OUT=eth1 SRC=192.168.1.64 DST=74.125.237.48
LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=14381
SEQ=1
May 3 15:11:09 fw2net:REJECT:IN= OUT=eth1 SRC=192.168.1.64 DST=74.125.237.48
LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=14381
SEQ=1
May 3 15:11:09 fw2net:REJECT:IN= OUT=eth1 SRC=192.168.1.64 DST=74.125.237.48
LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=14381
SEQ=1
May 3 15:11:09 fw2net:REJECT:IN= OUT=eth1 SRC=192.168.1.64 DST=74.125.237.48
LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=14381
SEQ=1
May 3 15:11:09 fw2net:REJECT:IN= OUT=eth1 SRC=192.168.1.64 DST=74.125.237.48
LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=14381
SEQ=1
May 3 15:11:09 fw2net:REJECT:IN= OUT=eth1 SRC=192.168.1.64 DST=74.125.237.48
LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=14381
SEQ=1
May 3 15:11:09 fw2net:REJECT:IN= OUT=eth1 SRC=192.168.1.64 DST=74.125.237.48
LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=14381
SEQ=1
May 3 15:11:09 fw2net:REJECT:IN= OUT=eth1 SRC=192.168.1.64 DST=74.125.237.48
LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=14381
SEQ=1
May 3 15:11:09 fw2net:REJECT:IN= OUT=eth1 SRC=192.168.1.64 DST=74.125.237.48
LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=14381
SEQ=1
NAT Table
Chain PREROUTING (policy ACCEPT 185 packets, 24279 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 27 packets, 2295 bytes)
pkts bytes target prot opt in out source destination
29 2101 eth1_masq all -- * eth1 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 34 packets, 3169 bytes)
pkts bytes target prot opt in out source destination
Chain eth1_masq (1 references)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE all -- * * 192.168.0.0/24 0.0.0.0/0
Mangle Table
Chain PREROUTING (policy ACCEPT 517 packets, 57523 bytes)
pkts bytes target prot opt in out source destination
894 89010 tcpre all -- * * 0.0.0.0/0 0.0.0.0/0
Chain INPUT (policy ACCEPT 507 packets, 56983 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0
MARK and 0xffffff00
0 0 tcfor all -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 353 packets, 113K bytes)
pkts bytes target prot opt in out source destination
723 255K tcout all -- * * 0.0.0.0/0 0.0.0.0/0
Chain POSTROUTING (policy ACCEPT 350 packets, 114K bytes)
pkts bytes target prot opt in out source destination
720 255K tcpost all -- * * 0.0.0.0/0 0.0.0.0/0
Chain tcfor (1 references)
pkts bytes target prot opt in out source destination
Chain tcout (1 references)
pkts bytes target prot opt in out source destination
Chain tcpost (1 references)
pkts bytes target prot opt in out source destination
Chain tcpre (1 references)
pkts bytes target prot opt in out source destination
Raw Table
Chain PREROUTING (policy ACCEPT 894 packets, 89010 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 723 packets, 255K bytes)
pkts bytes target prot opt in out source destination
Conntrack Table (8 out of 65536)
udp 17 6 src=192.168.1.64 dst=192.168.1.220 sport=51704 dport=53 packets=1
bytes=84 src=192.168.1.220 dst=192.168.1.64 sport=53 dport=51704 packets=1
bytes=135 mark=0 secmark=0 use=2
udp 17 17 src=192.168.1.64 dst=192.168.1.220 sport=38422 dport=53
packets=1 bytes=71 src=192.168.1.220 dst=192.168.1.64 sport=53 dport=38422
packets=1 bytes=144 mark=0 secmark=0 use=2
udp 17 6 src=192.168.1.64 dst=192.168.1.220 sport=38805 dport=53 packets=1
bytes=61 src=192.168.1.220 dst=192.168.1.64 sport=53 dport=38805 packets=1
bytes=119 mark=0 secmark=0 use=2
tcp 6 430195 ESTABLISHED src=192.168.0.51 dst=192.168.0.220 sport=60740
dport=22 packets=74 bytes=6735 src=192.168.0.220 dst=192.168.0.51 sport=22
dport=60740 packets=55 bytes=8428 [ASSURED] mark=0 secmark=0 use=2
udp 17 6 src=192.168.1.64 dst=192.168.1.220 sport=60534 dport=53 packets=1
bytes=84 src=192.168.1.220 dst=192.168.1.64 sport=53 dport=60534 packets=1
bytes=135 mark=0 secmark=0 use=2
tcp 6 299 ESTABLISHED src=192.168.1.58 dst=192.168.1.64 sport=51764
dport=700 packets=22 bytes=3212 src=192.168.1.64 dst=192.168.1.58 sport=700
dport=51764 packets=20 bytes=4304 [ASSURED] mark=0 secmark=0 use=2
udp 17 6 src=192.168.1.64 dst=192.168.1.220 sport=37990 dport=53 packets=1
bytes=61 src=192.168.1.220 dst=192.168.1.64 sport=53 dport=37990 packets=1
bytes=119 mark=0 secmark=0 use=2
udp 17 6 src=192.168.0.51 dst=192.168.0.220 sport=68 dport=67 packets=1
bytes=328 src=192.168.0.220 dst=192.168.0.51 sport=67 dport=68 packets=1
bytes=328 mark=0 secmark=0 use=2
IP Configuration
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
inet 127.0.0.1/8 scope host lo
2: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
UNKNOWN qlen 1000
inet 192.168.1.64/24 brd 192.168.1.225 scope global eth1
3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
UNKNOWN qlen 1000
inet 192.168.0.220/24 brd 192.168.0.255 scope global eth0
IP Stats
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
RX: bytes packets errors dropped overrun mcast
480 8 0 0 0 0
TX: bytes packets errors dropped carrier collsns
480 8 0 0 0 0
2: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
UNKNOWN qlen 1000
link/ether 00:0e:2e:59:ce:c4 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
218590 1047 0 0 0 0
TX: bytes packets errors dropped carrier collsns
30142 275 0 0 0 0
3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
UNKNOWN qlen 1000
link/ether 6c:f0:49:90:e9:cd brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
202670 1907 0 0 0 0
TX: bytes packets errors dropped carrier collsns
750549 1973 0 0 0 0
/proc
/proc/version = Linux version 2.6.32-5-amd64 (Debian 2.6.32-31)
([email protected]) (gcc version 4.3.5 (Debian 4.3.5-4) ) #1 SMP Mon Mar 7
21:35:22 UTC 2011
/proc/sys/net/ipv4/ip_forward = 1
/proc/sys/net/ipv4/icmp_echo_ignore_all = 0
/proc/sys/net/ipv4/conf/all/proxy_arp = 0
/proc/sys/net/ipv4/conf/all/arp_filter = 0
/proc/sys/net/ipv4/conf/all/arp_ignore = 0
/proc/sys/net/ipv4/conf/all/rp_filter = 1
/proc/sys/net/ipv4/conf/all/log_martians = 0
/proc/sys/net/ipv4/conf/default/proxy_arp = 0
/proc/sys/net/ipv4/conf/default/arp_filter = 0
/proc/sys/net/ipv4/conf/default/arp_ignore = 0
/proc/sys/net/ipv4/conf/default/rp_filter = 1
/proc/sys/net/ipv4/conf/default/log_martians = 1
/proc/sys/net/ipv4/conf/eth0/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth0/arp_filter = 0
/proc/sys/net/ipv4/conf/eth0/arp_ignore = 0
/proc/sys/net/ipv4/conf/eth0/rp_filter = 1
/proc/sys/net/ipv4/conf/eth0/log_martians = 1
/proc/sys/net/ipv4/conf/eth1/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth1/arp_filter = 0
/proc/sys/net/ipv4/conf/eth1/arp_ignore = 0
/proc/sys/net/ipv4/conf/eth1/rp_filter = 1
/proc/sys/net/ipv4/conf/eth1/log_martians = 1
/proc/sys/net/ipv4/conf/lo/proxy_arp = 0
/proc/sys/net/ipv4/conf/lo/arp_filter = 0
/proc/sys/net/ipv4/conf/lo/arp_ignore = 0
/proc/sys/net/ipv4/conf/lo/rp_filter = 1
/proc/sys/net/ipv4/conf/lo/log_martians = 1
Routing Rules
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
Table default:
Table local:
broadcast 192.168.1.0 dev eth1 proto kernel scope link src 192.168.1.64
broadcast 192.168.0.255 dev eth0 proto kernel scope link src 192.168.0.220
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
local 192.168.1.64 dev eth1 proto kernel scope host src 192.168.1.64
local 192.168.0.220 dev eth0 proto kernel scope host src 192.168.0.220
broadcast 192.168.1.225 dev eth1 proto kernel scope link src 192.168.1.64
broadcast 192.168.1.255 dev eth1 proto kernel scope link src 192.168.1.64
broadcast 192.168.0.0 dev eth0 proto kernel scope link src 192.168.0.220
broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1
Table main:
192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.64
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.220
default via 192.168.1.220 dev eth1
ARP
? (192.168.1.58) at 00:22:15:d4:c2:e3 [ether] on eth1
? (192.168.0.51) at 00:11:d8:e5:93:d9 [ether] on eth0
? (192.168.1.220) at 00:e0:4d:28:20:47 [ether] on eth1
Modules
iptable_filter 2258 1
iptable_mangle 2817 1
iptable_nat 4299 1
iptable_raw 1867 0
ip_tables 13899 4
iptable_raw,iptable_nat,iptable_mangle,iptable_filter
ipt_addrtype 1769 2
ipt_ah 1061 0
ipt_CLUSTERIP 4910 0
ipt_ecn 1272 0
ipt_ECN 1672 0
ipt_LOG 4518 6
ipt_MASQUERADE 1554 1
ipt_NETMAP 1137 0
ipt_REDIRECT 1111 0
ipt_REJECT 1953 4
ipt_ULOG 7129 0
nf_conntrack 46535 31
xt_connlimit,ipt_MASQUERADE,ipt_CLUSTERIP,nf_nat_tftp,nf_nat_snmp_basic,nf_nat_sip,nf_nat_pptp,nf_nat_irc,nf_nat_h323,nf_nat_ftp,nf_nat_amanda,nf_conntrack_amanda,nf_conntrack_sane,nf_conntrack_tftp,nf_conntrack_sip,nf_conntrack_proto_sctp,nf_conntrack_pptp,nf_conntrack_proto_gre,nf_conntrack_netlink,nf_conntrack_netbios_ns,nf_conntrack_irc,nf_conntrack_h323,nf_conntrack_ftp,xt_helper,xt_conntrack,xt_CONNMARK,xt_connmark,xt_state,iptable_nat,nf_nat,nf_conntrack_ipv4
nf_conntrack_amanda 2197 1 nf_nat_amanda
nf_conntrack_ftp 5537 1 nf_nat_ftp
nf_conntrack_h323 36992 1 nf_nat_h323
nf_conntrack_ipv4 9833 15 iptable_nat,nf_nat
nf_conntrack_irc 3347 1 nf_nat_irc
nf_conntrack_netbios_ns 1282 0
nf_conntrack_netlink 13128 0
nf_conntrack_pptp 3801 1 nf_nat_pptp
nf_conntrack_proto_gre 3579 1 nf_conntrack_pptp
nf_conntrack_proto_sctp 6238 0
nf_conntrack_sane 3620 0
nf_conntrack_sip 13546 1 nf_nat_sip
nf_conntrack_tftp 3321 1 nf_nat_tftp
nf_defrag_ipv4 1139 2 xt_TPROXY,nf_conntrack_ipv4
nf_nat 13388 12
ipt_REDIRECT,ipt_NETMAP,ipt_MASQUERADE,nf_nat_tftp,nf_nat_sip,nf_nat_pptp,nf_nat_proto_gre,nf_nat_irc,nf_nat_h323,nf_nat_ftp,nf_nat_amanda,iptable_nat
nf_nat_amanda 1144 0
nf_nat_ftp 2031 0
nf_nat_h323 5095 0
nf_nat_irc 1366 0
nf_nat_pptp 2034 0
nf_nat_proto_gre 1245 1 nf_nat_pptp
nf_nat_sip 4934 0
nf_nat_snmp_basic 7796 0
nf_nat_tftp 966 0
nf_tproxy_core 1549 1 xt_TPROXY,[permanent]
xt_CLASSIFY 925 0
xt_comment 907 18
xt_connlimit 2863 0
xt_connmark 1123 0
xt_CONNMARK 1267 0
xt_conntrack 2407 12
xt_dccp 1915 0
xt_dscp 1611 0
xt_DSCP 1995 0
xt_hashlimit 7707 0
xt_helper 1227 0
xt_iprange 1433 0
xt_length 1164 0
xt_limit 1782 0
xt_mac 979 0
xt_mark 917 0
xt_MARK 917 1
xt_multiport 2267 4
xt_NFLOG 1038 0
xt_NFQUEUE 1989 0
xt_owner 1063 0
xt_physdev 1508 0
xt_pkttype 1003 0
xt_policy 2170 0
xt_realm 919 0
xt_recent 5977 0
xt_state 1303 0
xt_tcpmss 1401 0
xt_TCPMSS 2919 1
xt_tcpudp 2319 38
xt_time 1723 0
xt_TPROXY 1329 0
Shorewall has detected the following iptables/netfilter capabilities:
NAT: Available
Packet Mangling: Available
Multi-port Match: Available
Extended Multi-port Match: Available
Connection Tracking Match: Available
Extended Connection Tracking Match Support: Available
Packet Type Match: Available
Policy Match: Available
Physdev Match: Available
Physdev-is-bridged Support: Available
Packet length Match: Available
IP range Match: Available
Recent Match: Available
Owner Match: Available
Ipset Match: Not available
CONNMARK Target: Available
Extended CONNMARK Target: Available
Connmark Match: Available
Extended Connmark Match: Available
Raw Table: Available
IPP2P Match: Not available
CLASSIFY Target: Available
Extended REJECT: Available
Repeat match: Available
MARK Target: Available
Extended MARK Target: Available
Extended MARK Target 2: Available
Mangle FORWARD Chain: Available
Comments: Available
Address Type Match: Available
TCPMSS Match: Available
Hashlimit Match: Available
NFQUEUE Target: Available
Realm Match: Available
Helper Match: Available
Connlimit Match: Available
Time Match: Available
Goto Support: Available
LOGMARK Target: Not available
IPMARK Target: Not available
LOG Target: Available
Persistent SNAT: Available
TPROXY Target: Available
FLOW Classifier: Available
fwmark route mask: Available
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
PID/Program name
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN
1674/dovecot
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN
1674/dovecot
tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN
1793/perl
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
1735/sshd
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN
1779/master
tcp 0 0 0.0.0.0:700 0.0.0.0:* LISTEN
1735/sshd
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN
1674/dovecot
tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN
1674/dovecot
tcp 0 0 192.168.1.64:700 192.168.1.58:51764 ESTABLISHED
3634/1
tcp 0 0 192.168.0.220:22 192.168.0.51:60740 ESTABLISHED
2807/0
tcp6 0 0 :::80 :::* LISTEN
1568/apache2
tcp6 0 0 :::22 :::* LISTEN
1735/sshd
tcp6 0 0 :::700 :::* LISTEN
1735/sshd
tcp6 0 0 :::445 :::* LISTEN
1552/smbd
tcp6 0 0 :::139 :::* LISTEN
1552/smbd
udp 0 0 192.168.0.255:137 0.0.0.0:*
1542/nmbd
udp 0 0 192.168.0.220:137 0.0.0.0:*
1542/nmbd
udp 0 0 192.168.1.255:137 0.0.0.0:*
1542/nmbd
udp 0 0 192.168.1.64:137 0.0.0.0:*
1542/nmbd
udp 0 0 0.0.0.0:137 0.0.0.0:*
1542/nmbd
udp 0 0 192.168.0.255:138 0.0.0.0:*
1542/nmbd
udp 0 0 192.168.0.220:138 0.0.0.0:*
1542/nmbd
udp 0 0 192.168.1.255:138 0.0.0.0:*
1542/nmbd
udp 0 0 192.168.1.64:138 0.0.0.0:*
1542/nmbd
udp 0 0 0.0.0.0:138 0.0.0.0:*
1542/nmbd
udp 0 0 0.0.0.0:10000 0.0.0.0:*
1793/perl
udp 0 0 0.0.0.0:67 0.0.0.0:*
3412/dhcpd
udp 0 0 0.0.0.0:68 0.0.0.0:*
1509/dhclient
------------------------------------------------------------------------------
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network
management toolset available today. Delivers lowest initial
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
