Hi
Had shorewall working fine with net on dhcp have changed it to pppoe
updated shorewall interfaces and masg but the interface doesn't work in
or out. If I reboot with shorewall disabled access is fine.
Regards
Shorewall 4.4.11.6 Dump at server - Wed Jun 29 15:23:12 EST 2011
Counters reset Wed Jun 29 15:20:27 EST 2011
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
2 477 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW
2 477 loc2fw all -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 net2fw all -- pppoe * 0.0.0.0/0 0.0.0.0/0
8 688 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:INPUT:REJECT:'
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW
0 0 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:0x06/0x02 TCPMSS clamp to PMTU
0 0 loc2net all -- eth0 pppoe 0.0.0.0/0 0.0.0.0/0
0 0 net2loc all -- pppoe eth0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:FORWARD:REJECT:'
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
2 477 fw2loc all -- * eth0 0.0.0.0/0 0.0.0.0/0
0 0 fw2net all -- * pppoe 0.0.0.0/0 0.0.0.0/0
8 688 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
8 464 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
8 464 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:OUTPUT:REJECT:'
8 464 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain Drop (2 references)
pkts bytes target prot opt in out source destination
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:113 /* Auth */
0 0 dropBcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 3 code 4 /* Needed ICMP types */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 11 /* Needed ICMP types */
0 0 dropInvalid all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,445 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:137:139 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:137 dpts:1024:65535 /* SMB */
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,139,445 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1900 /* UPnP */
0 0 dropNotSyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:53 /* Late DNS Replies */
Chain Reject (5 references)
pkts bytes target prot opt in out source destination
8 464 all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:113 /* Auth */
8 464 dropBcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 3 code 4 /* Needed ICMP types */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 11 /* Needed ICMP types */
8 464 dropInvalid all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,445 /* SMB */
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:137:139 /* SMB */
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:137 dpts:1024:65535 /* SMB */
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,139,445 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1900 /* UPnP */
0 0 dropNotSyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:53 /* Late DNS Replies */
Chain dropBcast (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type BROADCAST
0 0 DROP all -- * * 0.0.0.0/0 224.0.0.0/4
Chain dropInvalid (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID
Chain dropNotSyn (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:!0x17/0x02
Chain dynamic (2 references)
pkts bytes target prot opt in out source destination
Chain fw2loc (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 8
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:22
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:68
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:123
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpts:137:139
2 477 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:137:139
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:631
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:fw2loc:REJECT:'
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain fw2net (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:22
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:23
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:25
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:53
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:53
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:69
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:80
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:123
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:443
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:700
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:11371
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:fw2net:REJECT:'
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain loc2fw (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:3128
2 477 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain loc2net (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain log0 (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:net2fw:ACCEPT:'
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logdrop (0 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logreject (0 references)
pkts bytes target prot opt in out source destination
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
Chain net2fw (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:21
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:25
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:53
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:53
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:69
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:700
0 0 log0 tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp dpt:10000
0 0 Drop all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain net2loc (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 Drop all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:net2loc:DROP:'
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain reject (12 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match src-type BROADCAST
0 0 DROP all -- * * 224.0.0.0/4 0.0.0.0/0
0 0 DROP 2 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with tcp-reset
8 464 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-port-unreachable
0 0 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-unreachable
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-prohibited
Chain shorewall (0 references)
pkts bytes target prot opt in out source destination
Log (/var/log/messages)
Jun 29 15:17:20 OUTPUT:REJECT:IN= OUT=ppp0 SRC=58.169.69.87 DST=61.9.188.33
LEN=88 TOS=0x00 PREC=0x00 TTL=64 ID=3202 DF PROTO=UDP SPT=41114 DPT=53 LEN=68
Jun 29 15:17:20 OUTPUT:REJECT:IN= OUT=ppp0 SRC=58.169.69.87 DST=61.9.211.1
LEN=88 TOS=0x00 PREC=0x00 TTL=64 ID=3202 DF PROTO=UDP SPT=56593 DPT=53 LEN=68
Jun 29 15:17:20 OUTPUT:REJECT:IN= OUT=ppp0 SRC=58.169.69.87 DST=61.9.188.33
LEN=88 TOS=0x00 PREC=0x00 TTL=64 ID=3202 DF PROTO=UDP SPT=44457 DPT=53 LEN=68
Jun 29 15:17:20 OUTPUT:REJECT:IN= OUT=ppp0 SRC=58.169.69.87 DST=61.9.211.1
LEN=88 TOS=0x00 PREC=0x00 TTL=64 ID=3202 DF PROTO=UDP SPT=53277 DPT=53 LEN=68
Jun 29 15:17:20 OUTPUT:REJECT:IN= OUT=ppp0 SRC=58.169.69.87 DST=61.9.188.33
LEN=88 TOS=0x00 PREC=0x00 TTL=64 ID=3202 DF PROTO=UDP SPT=58854 DPT=53 LEN=68
Jun 29 15:17:20 OUTPUT:REJECT:IN= OUT=ppp0 SRC=58.169.69.87 DST=61.9.211.1
LEN=88 TOS=0x00 PREC=0x00 TTL=64 ID=3202 DF PROTO=UDP SPT=48764 DPT=53 LEN=68
Jun 29 15:17:20 INPUT:REJECT:IN=ppp0 OUT= SRC=112.202.254.139 DST=58.169.69.87
LEN=42 TOS=0x00 PREC=0x00 TTL=109 ID=17113 PROTO=UDP SPT=22794 DPT=15181 LEN=22
Jun 29 15:17:24 INPUT:REJECT:IN=ppp0 OUT= SRC=41.133.50.35 DST=58.169.69.87
LEN=48 TOS=0x00 PREC=0x00 TTL=100 ID=31520 DF PROTO=TCP SPT=3527 DPT=15181
WINDOW=65535 RES=0x00 SYN URGP=0
Jun 29 15:17:24 INPUT:REJECT:IN=ppp0 OUT= SRC=112.202.254.139 DST=58.169.69.87
LEN=42 TOS=0x00 PREC=0x00 TTL=109 ID=17251 PROTO=UDP SPT=22794 DPT=15181 LEN=22
Jun 29 15:17:25 INPUT:REJECT:IN=ppp0 OUT= SRC=41.133.50.35 DST=58.169.69.87
LEN=48 TOS=0x00 PREC=0x00 TTL=100 ID=31770 DF PROTO=TCP SPT=3527 DPT=15181
WINDOW=65535 RES=0x00 SYN URGP=0
Jun 29 15:17:26 INPUT:REJECT:IN=ppp0 OUT= SRC=41.133.50.35 DST=58.169.69.87
LEN=48 TOS=0x00 PREC=0x00 TTL=100 ID=32048 DF PROTO=TCP SPT=3527 DPT=15181
WINDOW=65535 RES=0x00 SYN URGP=0
Jun 29 15:17:36 INPUT:REJECT:IN=ppp0 OUT= SRC=174.71.122.95 DST=58.169.69.87
LEN=99 TOS=0x00 PREC=0x00 TTL=48 ID=0 DF PROTO=UDP SPT=19506 DPT=51446 LEN=79
Jun 29 15:20:36 OUTPUT:REJECT:IN= OUT=ppp0 SRC=124.179.238.86 DST=61.9.188.33
LEN=59 TOS=0x00 PREC=0x00 TTL=64 ID=32026 PROTO=UDP SPT=40858 DPT=53 LEN=39
Jun 29 15:20:37 OUTPUT:REJECT:IN= OUT=ppp0 SRC=124.179.238.86 DST=61.9.133.193
LEN=59 TOS=0x00 PREC=0x00 TTL=64 ID=5615 PROTO=UDP SPT=36262 DPT=53 LEN=39
Jun 29 15:20:42 OUTPUT:REJECT:IN= OUT=ppp0 SRC=124.179.238.86 DST=61.9.188.33
LEN=59 TOS=0x00 PREC=0x00 TTL=64 ID=32027 PROTO=UDP SPT=40858 DPT=53 LEN=39
Jun 29 15:20:43 OUTPUT:REJECT:IN= OUT=ppp0 SRC=124.179.238.86 DST=61.9.133.193
LEN=59 TOS=0x00 PREC=0x00 TTL=64 ID=5616 PROTO=UDP SPT=36262 DPT=53 LEN=39
Jun 29 15:22:26 OUTPUT:REJECT:IN= OUT=ppp0 SRC=124.179.238.86 DST=61.9.188.33
LEN=57 TOS=0x00 PREC=0x00 TTL=64 ID=32028 PROTO=UDP SPT=55720 DPT=53 LEN=37
Jun 29 15:22:27 OUTPUT:REJECT:IN= OUT=ppp0 SRC=124.179.238.86 DST=61.9.133.193
LEN=57 TOS=0x00 PREC=0x00 TTL=64 ID=5617 PROTO=UDP SPT=35295 DPT=53 LEN=37
Jun 29 15:22:32 OUTPUT:REJECT:IN= OUT=ppp0 SRC=124.179.238.86 DST=61.9.188.33
LEN=57 TOS=0x00 PREC=0x00 TTL=64 ID=32029 PROTO=UDP SPT=55720 DPT=53 LEN=37
Jun 29 15:22:33 OUTPUT:REJECT:IN= OUT=ppp0 SRC=124.179.238.86 DST=61.9.133.193
LEN=57 TOS=0x00 PREC=0x00 TTL=64 ID=5618 PROTO=UDP SPT=35295 DPT=53 LEN=37
NAT Table
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 1 packets, 242 bytes)
pkts bytes target prot opt in out source destination
0 0 pppoe_masq all -- * pppoe 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 9 packets, 706 bytes)
pkts bytes target prot opt in out source destination
Chain pppoe_masq (1 references)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE all -- * * 10.230.51.0/24 0.0.0.0/0
Mangle Table
Chain PREROUTING (policy ACCEPT 10 packets, 1165 bytes)
pkts bytes target prot opt in out source destination
10 1165 tcpre all -- * * 0.0.0.0/0 0.0.0.0/0
Chain INPUT (policy ACCEPT 10 packets, 1165 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0
MARK and 0xffffff00
0 0 tcfor all -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 18 packets, 1629 bytes)
pkts bytes target prot opt in out source destination
18 1629 tcout all -- * * 0.0.0.0/0 0.0.0.0/0
Chain POSTROUTING (policy ACCEPT 12 packets, 1642 bytes)
pkts bytes target prot opt in out source destination
12 1642 tcpost all -- * * 0.0.0.0/0 0.0.0.0/0
Chain tcfor (1 references)
pkts bytes target prot opt in out source destination
Chain tcout (1 references)
pkts bytes target prot opt in out source destination
Chain tcpost (1 references)
pkts bytes target prot opt in out source destination
Chain tcpre (1 references)
pkts bytes target prot opt in out source destination
Raw Table
Chain PREROUTING (policy ACCEPT 10 packets, 1165 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 18 packets, 1629 bytes)
pkts bytes target prot opt in out source destination
Conntrack Table (0 out of 65536)
IP Configuration
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
inet 127.0.0.1/8 scope host lo
2: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state
DOWN qlen 1000
inet 10.230.51.220/24 brd 10.230.51.255 scope global eth0
4: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc pfifo_fast
state UNKNOWN qlen 3
inet 124.179.238.86 peer 172.18.113.161/32 scope global ppp0
IP Stats
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
RX: bytes packets errors dropped overrun mcast
3372 41 0 0 0 0
TX: bytes packets errors dropped carrier collsns
3372 41 0 0 0 0
2: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state
DOWN qlen 1000
link/ether 1c:6f:65:ff:9e:0c brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
0 0 0 0 0 0
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
UNKNOWN qlen 1000
link/ether 00:48:54:80:8e:fd brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
10252 91 0 0 0 0
TX: bytes packets errors dropped carrier collsns
8864 102 0 0 0 0
4: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc pfifo_fast
state UNKNOWN qlen 3
link/ppp
RX: bytes packets errors dropped overrun mcast
7418 71 0 0 0 0
TX: bytes packets errors dropped carrier collsns
5502 77 0 0 0 0
/proc
/proc/version = Linux version 2.6.32-5-amd64 (Debian 2.6.32-35)
([email protected]) (gcc version 4.3.5 (Debian 4.3.5-4) ) #1 SMP Tue Jun 14
09:42:28 UTC 2011
/proc/sys/net/ipv4/ip_forward = 1
/proc/sys/net/ipv4/icmp_echo_ignore_all = 0
/proc/sys/net/ipv4/conf/all/proxy_arp = 0
/proc/sys/net/ipv4/conf/all/arp_filter = 0
/proc/sys/net/ipv4/conf/all/arp_ignore = 0
/proc/sys/net/ipv4/conf/all/rp_filter = 1
/proc/sys/net/ipv4/conf/all/log_martians = 0
/proc/sys/net/ipv4/conf/default/proxy_arp = 0
/proc/sys/net/ipv4/conf/default/arp_filter = 0
/proc/sys/net/ipv4/conf/default/arp_ignore = 0
/proc/sys/net/ipv4/conf/default/rp_filter = 1
/proc/sys/net/ipv4/conf/default/log_martians = 1
/proc/sys/net/ipv4/conf/eth0/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth0/arp_filter = 0
/proc/sys/net/ipv4/conf/eth0/arp_ignore = 0
/proc/sys/net/ipv4/conf/eth0/rp_filter = 1
/proc/sys/net/ipv4/conf/eth0/log_martians = 1
/proc/sys/net/ipv4/conf/eth1/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth1/arp_filter = 0
/proc/sys/net/ipv4/conf/eth1/arp_ignore = 0
/proc/sys/net/ipv4/conf/eth1/rp_filter = 1
/proc/sys/net/ipv4/conf/eth1/log_martians = 1
/proc/sys/net/ipv4/conf/lo/proxy_arp = 0
/proc/sys/net/ipv4/conf/lo/arp_filter = 0
/proc/sys/net/ipv4/conf/lo/arp_ignore = 0
/proc/sys/net/ipv4/conf/lo/rp_filter = 1
/proc/sys/net/ipv4/conf/lo/log_martians = 1
/proc/sys/net/ipv4/conf/ppp0/proxy_arp = 0
/proc/sys/net/ipv4/conf/ppp0/arp_filter = 0
/proc/sys/net/ipv4/conf/ppp0/arp_ignore = 0
/proc/sys/net/ipv4/conf/ppp0/rp_filter = 1
/proc/sys/net/ipv4/conf/ppp0/log_martians = 1
Routing Rules
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
Table default:
Table local:
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
broadcast 10.230.51.0 dev eth0 proto kernel scope link src 10.230.51.220
local 10.230.51.220 dev eth0 proto kernel scope host src 10.230.51.220
broadcast 10.230.51.255 dev eth0 proto kernel scope link src 10.230.51.220
local 124.179.238.86 dev ppp0 proto kernel scope host src 124.179.238.86
broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1
Table main:
172.18.113.161 dev ppp0 proto kernel scope link src 124.179.238.86
10.230.51.0/24 dev eth0 proto kernel scope link src 10.230.51.220
default dev ppp0 scope link
ARP
Modules
iptable_filter 2258 1
iptable_mangle 2817 1
iptable_nat 4299 1
iptable_raw 1867 0
ip_tables 13915 4
iptable_raw,iptable_nat,iptable_filter,iptable_mangle
ipt_addrtype 1769 2
ipt_ah 1061 0
ipt_CLUSTERIP 4926 0
ipt_ecn 1272 0
ipt_ECN 1672 0
ipt_LOG 4518 7
ipt_MASQUERADE 1554 1
ipt_NETMAP 1137 0
ipt_REDIRECT 1111 0
ipt_REJECT 1953 4
ipt_ULOG 7129 0
nf_conntrack 46535 31
xt_connlimit,ipt_MASQUERADE,ipt_CLUSTERIP,nf_nat_tftp,nf_nat_snmp_basic,nf_nat_sip,nf_nat_pptp,nf_nat_irc,nf_nat_h323,nf_nat_ftp,nf_nat_amanda,nf_conntrack_amanda,nf_conntrack_sane,nf_conntrack_tftp,nf_conntrack_sip,nf_conntrack_proto_sctp,nf_conntrack_pptp,nf_conntrack_proto_gre,nf_conntrack_netlink,nf_conntrack_netbios_ns,nf_conntrack_irc,nf_conntrack_h323,nf_conntrack_ftp,xt_helper,xt_conntrack,xt_CONNMARK,xt_connmark,xt_state,iptable_nat,nf_nat,nf_conntrack_ipv4
nf_conntrack_amanda 2197 1 nf_nat_amanda
nf_conntrack_ftp 5537 1 nf_nat_ftp
nf_conntrack_h323 36992 1 nf_nat_h323
nf_conntrack_ipv4 9833 15 iptable_nat,nf_nat
nf_conntrack_irc 3347 1 nf_nat_irc
nf_conntrack_netbios_ns 1282 0
nf_conntrack_netlink 13128 0
nf_conntrack_pptp 3801 1 nf_nat_pptp
nf_conntrack_proto_gre 3579 1 nf_conntrack_pptp
nf_conntrack_proto_sctp 6238 0
nf_conntrack_sane 3620 0
nf_conntrack_sip 13546 1 nf_nat_sip
nf_conntrack_tftp 3321 1 nf_nat_tftp
nf_defrag_ipv4 1139 2 xt_TPROXY,nf_conntrack_ipv4
nf_nat 13388 12
ipt_REDIRECT,ipt_NETMAP,ipt_MASQUERADE,nf_nat_tftp,nf_nat_sip,nf_nat_pptp,nf_nat_proto_gre,nf_nat_irc,nf_nat_h323,nf_nat_ftp,nf_nat_amanda,iptable_nat
nf_nat_amanda 1144 0
nf_nat_ftp 2031 0
nf_nat_h323 5095 0
nf_nat_irc 1366 0
nf_nat_pptp 2034 0
nf_nat_proto_gre 1245 1 nf_nat_pptp
nf_nat_sip 4934 0
nf_nat_snmp_basic 7796 0
nf_nat_tftp 966 0
nf_tproxy_core 1549 1 xt_TPROXY,[permanent]
xt_CLASSIFY 925 0
xt_comment 907 18
xt_connlimit 2863 0
xt_connmark 1123 0
xt_CONNMARK 1267 0
xt_conntrack 2407 12
xt_dccp 1915 0
xt_dscp 1611 0
xt_DSCP 1995 0
xt_hashlimit 7707 0
xt_helper 1227 0
xt_iprange 1433 0
xt_length 1164 0
xt_limit 1782 0
xt_mac 979 0
xt_mark 917 0
xt_MARK 917 1
xt_multiport 2267 4
xt_NFLOG 1038 0
xt_NFQUEUE 1989 0
xt_owner 1063 0
xt_physdev 1508 0
xt_pkttype 1003 0
xt_policy 2170 0
xt_realm 919 0
xt_recent 5977 0
xt_state 1303 0
xt_tcpmss 1401 0
xt_TCPMSS 2919 1
xt_tcpudp 2319 38
xt_time 1723 0
xt_TPROXY 1329 0
Shorewall has detected the following iptables/netfilter capabilities:
NAT: Available
Packet Mangling: Available
Multi-port Match: Available
Extended Multi-port Match: Available
Connection Tracking Match: Available
Extended Connection Tracking Match Support: Available
Packet Type Match: Available
Policy Match: Available
Physdev Match: Available
Physdev-is-bridged Support: Available
Packet length Match: Available
IP range Match: Available
Recent Match: Available
Owner Match: Available
Ipset Match: Not available
CONNMARK Target: Available
Extended CONNMARK Target: Available
Connmark Match: Available
Extended Connmark Match: Available
Raw Table: Available
IPP2P Match: Not available
CLASSIFY Target: Available
Extended REJECT: Available
Repeat match: Available
MARK Target: Available
Extended MARK Target: Available
Extended MARK Target 2: Available
Mangle FORWARD Chain: Available
Comments: Available
Address Type Match: Available
TCPMSS Match: Available
Hashlimit Match: Available
NFQUEUE Target: Available
Realm Match: Available
Helper Match: Available
Connlimit Match: Available
Time Match: Available
Goto Support: Available
LOGMARK Target: Not available
IPMARK Target: Not available
LOG Target: Available
Persistent SNAT: Available
TPROXY Target: Available
FLOW Classifier: Available
fwmark route mask: Available
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
PID/Program name
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN
1313/dovecot
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN
1313/dovecot
tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN
1655/perl
tcp 0 0 124.179.238.86:53 0.0.0.0:* LISTEN
1285/named
tcp 0 0 10.230.51.220:53 0.0.0.0:* LISTEN
1285/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN
1285/named
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
1576/sshd
tcp 0 0 0.0.0.0:3128 0.0.0.0:* LISTEN
1591/(squid)
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN
1639/master
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN
1285/named
tcp 0 0 0.0.0.0:1723 0.0.0.0:* LISTEN
1407/pptpd
tcp 0 0 0.0.0.0:700 0.0.0.0:* LISTEN
1576/sshd
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN
1313/dovecot
tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN
1313/dovecot
tcp6 0 0 :::53 :::* LISTEN
1285/named
tcp6 0 0 :::22 :::* LISTEN
1576/sshd
tcp6 0 0 ::1:953 :::* LISTEN
1285/named
tcp6 0 0 :::700 :::* LISTEN
1576/sshd
tcp6 0 0 :::445 :::* LISTEN
1439/smbd
tcp6 0 0 :::139 :::* LISTEN
1439/smbd
udp 0 0 10.230.51.255:137 0.0.0.0:*
1228/nmbd
udp 0 0 10.230.51.220:137 0.0.0.0:*
1228/nmbd
udp 0 0 0.0.0.0:137 0.0.0.0:*
1228/nmbd
udp 0 0 10.230.51.255:138 0.0.0.0:*
1228/nmbd
udp 0 0 10.230.51.220:138 0.0.0.0:*
1228/nmbd
udp 0 0 0.0.0.0:138 0.0.0.0:*
1228/nmbd
udp 0 0 0.0.0.0:10000 0.0.0.0:*
1655/perl
udp 0 0 0.0.0.0:161 0.0.0.0:*
1413/snmpd
udp 0 0 124.179.238.86:53 0.0.0.0:*
1285/named
udp 0 0 10.230.51.220:53 0.0.0.0:*
1285/named
udp 0 0 127.0.0.1:53 0.0.0.0:*
1285/named
udp 0 0 0.0.0.0:40761 0.0.0.0:*
1591/(squid)
udp 0 0 0.0.0.0:3130 0.0.0.0:*
1591/(squid)
udp 0 0 0.0.0.0:67 0.0.0.0:*
1647/dhcpd
udp6 0 0 :::53 :::*
1285/named
net pppoe
loc eth0
pppoe eth0
------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security
threats, fraudulent activity, and more. Splunk takes this data and makes
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
