Dear shorewall users,
I have installed shorewall on ubuntu 10.10. i want to use it as a dhcp
server/gateway for our network. the computer have two network cards, one of
them connected to the WAN (eth4) and the other one is connected to the lan.
I have installed a dhcp server, which was distributing IP Addresses fine and
then I installed dnsmasq. now the computer is distributing IP addresses but
the clients cannot get a connection outside the box. I can ping the net from
within the gateway(machine that shorewall is installed on) but not from the
clients. the Shorewall seems to be running fine, "shorewall
start/restart/stop" works fine. the dhcp server is running, the dnsmasq is
running. But I don't have any idea why i cannot ping through this? your help
is very much appreciated.
best regards,
sayed jahed hussini
Shorewall 4.4.10.1 Dump at sjahed-TravelMate-6292 - Sun Sep 25 11:04:15 AFT 2011
Counters reset Sun Sep 25 10:48:00 AFT 2011
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
9 1572 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW
2573 2414K net2fw all -- eth4 * 0.0.0.0/0 0.0.0.0/0
6 1480 lan2fw all -- eth5 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:INPUT:REJECT:'
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW
0 0 net2lan all -- eth4 eth5 0.0.0.0/0 0.0.0.0/0
0 0 lan2net all -- eth5 eth4 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:FORWARD:REJECT:'
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
2543 581K fw2net all -- * eth4 0.0.0.0/0 0.0.0.0/0
6 1480 fw2lan all -- * eth5 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:OUTPUT:REJECT:'
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain Drop (2 references)
pkts bytes target prot opt in out source destination
4 176 all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:113 /* Auth */
4 176 dropBcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 3 code 4 /* Needed ICMP types */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 11 /* Needed ICMP types */
4 176 dropInvalid all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,445 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:137:139 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:137 dpts:1024:65535 /* SMB */
2 96 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,139,445 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1900 /* UPnP */
2 80 dropNotSyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:53 /* Late DNS Replies */
Chain Reject (3 references)
pkts bytes target prot opt in out source destination
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:113 /* Auth */
0 0 dropBcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 3 code 4 /* Needed ICMP types */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 11 /* Needed ICMP types */
0 0 dropInvalid all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,445 /* SMB */
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:137:139 /* SMB */
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:137 dpts:1024:65535 /* SMB */
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,139,445 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1900 /* UPnP */
0 0 dropNotSyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:53 /* Late DNS Replies */
Chain dropBcast (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type BROADCAST
0 0 DROP all -- * * 0.0.0.0/0 224.0.0.0/4
Chain dropInvalid (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID
Chain dropNotSyn (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:!0x17/0x02
Chain dynamic (2 references)
pkts bytes target prot opt in out source destination
Chain fw2lan (1 references)
pkts bytes target prot opt in out source destination
6 1480 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain fw2net (1 references)
pkts bytes target prot opt in out source destination
2402 572K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
141 8770 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain lan2fw (1 references)
pkts bytes target prot opt in out source destination
1 84 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
5 1396 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain lan2net (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logdrop (0 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logflags (5 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 4 level 6 prefix `Shorewall:logflags:DROP:'
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logreject (0 references)
pkts bytes target prot opt in out source destination
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
Chain net2fw (1 references)
pkts bytes target prot opt in out source destination
4 176 smurfs all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW
2517 2397K tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
2569 2414K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
4 176 Drop all -- * * 0.0.0.0/0 0.0.0.0/0
2 80 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain net2lan (1 references)
pkts bytes target prot opt in out source destination
0 0 smurfs all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW
0 0 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 Drop all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain reject (10 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match src-type BROADCAST
0 0 DROP all -- * * 224.0.0.0/4 0.0.0.0/0
0 0 DROP 2 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with tcp-reset
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-port-unreachable
0 0 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-unreachable
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-prohibited
Chain shorewall (0 references)
pkts bytes target prot opt in out source destination
Chain smurflog (2 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain smurfs (2 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- * * 0.0.0.0 0.0.0.0/0
0 0 smurflog all -- * * 0.0.0.0/0 0.0.0.0/0
[goto] ADDRTYPE match src-type BROADCAST
0 0 smurflog all -- * * 224.0.0.0/4 0.0.0.0/0
[goto]
Chain tcpflags (2 references)
pkts bytes target prot opt in out source destination
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x3F/0x29
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x3F/0x00
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x06/0x06
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x03/0x03
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp spt:0 flags:0x17/0x02
Log (/var/log/messages)
NAT Table
Chain PREROUTING (policy ACCEPT 9 packets, 1572 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 141 packets, 8770 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 141 packets, 8770 bytes)
pkts bytes target prot opt in out source destination
141 8770 eth4_masq all -- * eth4 0.0.0.0/0 0.0.0.0/0
Chain eth4_masq (1 references)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE all -- * * 192.168.1.0/24 0.0.0.0/0
0 0 MASQUERADE all -- * * 169.254.0.0/16 0.0.0.0/0
Mangle Table
Chain PREROUTING (policy ACCEPT 2579 packets, 2415K bytes)
pkts bytes target prot opt in out source destination
2579 2415K tcpre all -- * * 0.0.0.0/0 0.0.0.0/0
Chain INPUT (policy ACCEPT 2579 packets, 2415K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0
MARK and 0x0
0 0 tcfor all -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 2549 packets, 583K bytes)
pkts bytes target prot opt in out source destination
2549 583K tcout all -- * * 0.0.0.0/0 0.0.0.0/0
Chain POSTROUTING (policy ACCEPT 2549 packets, 583K bytes)
pkts bytes target prot opt in out source destination
2549 583K tcpost all -- * * 0.0.0.0/0 0.0.0.0/0
Chain tcfor (1 references)
pkts bytes target prot opt in out source destination
Chain tcout (1 references)
pkts bytes target prot opt in out source destination
Chain tcpost (1 references)
pkts bytes target prot opt in out source destination
Chain tcpre (1 references)
pkts bytes target prot opt in out source destination
Raw Table
Chain PREROUTING (policy ACCEPT 2579 packets, 2415K bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 2549 packets, 583K bytes)
pkts bytes target prot opt in out source destination
Conntrack Table (5 out of 54780)
tcp 6 431996 ESTABLISHED src=182.50.182.26 dst=74.125.39.18 sport=55527
dport=443 packets=47 bytes=35790 src=74.125.39.18 dst=182.50.182.26 sport=443
dport=55527 packets=48 bytes=14369 [ASSURED] mark=0 secmark=0 use=2
tcp 6 94 TIME_WAIT src=182.50.182.26 dst=74.125.39.18 sport=55528
dport=443 packets=30 bytes=10340 src=74.125.39.18 dst=182.50.182.26 sport=443
dport=55528 packets=29 bytes=7169 [ASSURED] mark=0 secmark=0 use=2
tcp 6 8 TIME_WAIT src=182.50.182.26 dst=74.125.39.99 sport=48792 dport=443
packets=16 bytes=6130 src=74.125.39.99 dst=182.50.182.26 sport=443 dport=48792
packets=8 bytes=2515 [ASSURED] mark=0 secmark=0 use=2
tcp 6 431974 ESTABLISHED src=182.50.182.26 dst=74.125.39.18 sport=55524
dport=443 packets=76 bytes=51019 src=74.125.39.18 dst=182.50.182.26 sport=443
dport=55524 packets=65 bytes=22024 [ASSURED] mark=0 secmark=0 use=2
tcp 6 8 TIME_WAIT src=182.50.182.26 dst=74.125.39.113 sport=60592 dport=80
packets=15 bytes=6870 src=74.125.39.113 dst=182.50.182.26 sport=80 dport=60592
packets=16 bytes=6537 [ASSURED] mark=0 secmark=0 use=2
IP Configuration
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
inet 127.0.0.1/8 scope host lo
2: eth4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
inet 182.50.182.26/30 brd 182.50.182.27 scope global eth4
4: eth5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
inet 192.168.1.1/24 brd 192.168.1.255 scope global eth5
IP Stats
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
RX: bytes packets errors dropped overrun mcast
890 15 0 0 0 0
TX: bytes packets errors dropped carrier collsns
890 15 0 0 0 0
2: eth4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether 00:1b:21:58:6d:48 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
4935963 5606 0 0 0 0
TX: bytes packets errors dropped carrier collsns
1068739 5582 0 0 0 0
3: eth3: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state
DOWN qlen 1000
link/ether 6c:f0:49:25:e8:87 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
0 0 0 0 0 0
4: eth5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether 00:1b:21:58:6d:49 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
29446 253 0 0 0 34
TX: bytes packets errors dropped carrier collsns
10070 58 0 0 0 0
/proc
/proc/version = Linux version 2.6.35-30-generic (buildd@roseapple) (gcc
version 4.4.5 (Ubuntu/Linaro 4.4.4-14ubuntu5) ) #59-Ubuntu SMP Tue Aug 30
15:58:00 UTC 2011
/proc/sys/net/ipv4/ip_forward = 1
/proc/sys/net/ipv4/icmp_echo_ignore_all = 0
/proc/sys/net/ipv4/conf/all/proxy_arp = 0
/proc/sys/net/ipv4/conf/all/arp_filter = 0
/proc/sys/net/ipv4/conf/all/arp_ignore = 0
/proc/sys/net/ipv4/conf/all/rp_filter = 1
/proc/sys/net/ipv4/conf/all/log_martians = 0
/proc/sys/net/ipv4/conf/default/proxy_arp = 0
/proc/sys/net/ipv4/conf/default/arp_filter = 0
/proc/sys/net/ipv4/conf/default/arp_ignore = 0
/proc/sys/net/ipv4/conf/default/rp_filter = 1
/proc/sys/net/ipv4/conf/default/log_martians = 1
/proc/sys/net/ipv4/conf/eth3/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth3/arp_filter = 0
/proc/sys/net/ipv4/conf/eth3/arp_ignore = 0
/proc/sys/net/ipv4/conf/eth3/rp_filter = 1
/proc/sys/net/ipv4/conf/eth3/log_martians = 1
/proc/sys/net/ipv4/conf/eth4/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth4/arp_filter = 0
/proc/sys/net/ipv4/conf/eth4/arp_ignore = 0
/proc/sys/net/ipv4/conf/eth4/rp_filter = 1
/proc/sys/net/ipv4/conf/eth4/log_martians = 1
/proc/sys/net/ipv4/conf/eth5/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth5/arp_filter = 0
/proc/sys/net/ipv4/conf/eth5/arp_ignore = 0
/proc/sys/net/ipv4/conf/eth5/rp_filter = 1
/proc/sys/net/ipv4/conf/eth5/log_martians = 1
/proc/sys/net/ipv4/conf/lo/proxy_arp = 0
/proc/sys/net/ipv4/conf/lo/arp_filter = 0
/proc/sys/net/ipv4/conf/lo/arp_ignore = 0
/proc/sys/net/ipv4/conf/lo/rp_filter = 1
/proc/sys/net/ipv4/conf/lo/log_martians = 1
Routing Rules
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
Table default:
Table local:
local 192.168.1.1 dev eth5 proto kernel scope host src 192.168.1.1
broadcast 192.168.1.0 dev eth5 proto kernel scope link src 192.168.1.1
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
local 182.50.182.26 dev eth4 proto kernel scope host src 182.50.182.26
broadcast 182.50.182.27 dev eth4 proto kernel scope link src 182.50.182.26
broadcast 192.168.1.255 dev eth5 proto kernel scope link src 192.168.1.1
broadcast 182.50.182.24 dev eth4 proto kernel scope link src 182.50.182.26
broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1
Table main:
182.50.182.24/30 dev eth4 proto kernel scope link src 182.50.182.26
192.168.1.0/24 dev eth5 proto kernel scope link src 192.168.1.1
169.254.0.0/16 dev eth5 scope link metric 1000
default via 182.50.182.25 dev eth4 metric 100
ARP
? (182.50.182.25) at 00:09:0f:cb:8e:a9 [ether] on eth4
? (192.168.1.4) at 00:1b:24:c5:d0:8c [ether] on eth5
Modules
iptable_filter 1302 1
iptable_mangle 1371 1
iptable_nat 3752 1
iptable_raw 1130 0
ip_tables 10492 4
iptable_raw,iptable_nat,iptable_mangle,iptable_filter
ipt_addrtype 1611 3
ipt_ah 905 0
ipt_CLUSTERIP 5169 0
ipt_ecn 1101 0
ipt_ECN 1549 0
ipt_LOG 4490 5
ipt_MASQUERADE 1419 2
ipt_NETMAP 953 0
ipt_REDIRECT 929 0
ipt_REJECT 2004 4
ipt_ULOG 5246 0
nf_conntrack 63258 30
xt_connlimit,ipt_MASQUERADE,ipt_CLUSTERIP,nf_nat_tftp,nf_nat_snmp_basic,nf_nat_sip,nf_nat_pptp,nf_nat_irc,nf_nat_h323,nf_nat_ftp,nf_nat_amanda,nf_conntrack_amanda,nf_conntrack_sane,nf_conntrack_tftp,nf_conntrack_sip,nf_conntrack_proto_sctp,nf_conntrack_pptp,nf_conntrack_proto_gre,nf_conntrack_netlink,nf_conntrack_netbios_ns,nf_conntrack_irc,nf_conntrack_h323,nf_conntrack_ftp,xt_helper,xt_conntrack,xt_connmark,xt_state,iptable_nat,nf_nat,nf_conntrack_ipv4
nf_conntrack_amanda 2261 1 nf_nat_amanda
nf_conntrack_ftp 5361 1 nf_nat_ftp
nf_conntrack_h323 46894 1 nf_nat_h323
nf_conntrack_ipv4 10783 17 iptable_nat,nf_nat
nf_conntrack_irc 3348 1 nf_nat_irc
nf_conntrack_netbios_ns 1266 0
nf_conntrack_netlink 15266 0
nf_conntrack_pptp 4681 1 nf_nat_pptp
nf_conntrack_proto_gre 3901 1 nf_conntrack_pptp
nf_conntrack_proto_sctp 6308 0
nf_conntrack_sane 3091 0
nf_conntrack_sip 18703 1 nf_nat_sip
nf_conntrack_tftp 2905 1 nf_nat_tftp
nf_defrag_ipv4 1117 2 xt_TPROXY,nf_conntrack_ipv4
nf_nat 16289 12
ipt_REDIRECT,ipt_NETMAP,ipt_MASQUERADE,nf_nat_tftp,nf_nat_sip,nf_nat_pptp,nf_nat_proto_gre,nf_nat_irc,nf_nat_h323,nf_nat_ftp,nf_nat_amanda,iptable_nat
nf_nat_amanda 890 0
nf_nat_ftp 1398 0
nf_nat_h323 5121 0
nf_nat_irc 1168 0
nf_nat_pptp 1996 0
nf_nat_proto_gre 1271 1 nf_nat_pptp
nf_nat_sip 5574 0
nf_nat_snmp_basic 7568 0
nf_nat_tftp 728 0
nf_tproxy_core 1620 1 xt_TPROXY,[permanent]
xt_CLASSIFY 735 0
xt_comment 732 18
xt_connlimit 2920 0
xt_connmark 1607 0
xt_conntrack 2314 14
xt_dccp 1777 0
xt_dscp 1249 0
xt_DSCP 1657 0
xt_hashlimit 7078 0
xt_helper 1115 0
xt_iprange 1337 0
xt_length 916 0
xt_limit 1394 0
xt_mac 816 0
xt_mark 935 1
xt_multiport 1577 4
xt_NFLOG 885 0
xt_NFQUEUE 1743 0
xt_owner 918 0
xt_physdev 1487 0
xt_pkttype 860 0
xt_policy 2170 0
xt_realm 726 0
xt_recent 7872 0
xt_state 1014 0
xt_tcpmss 1177 0
xt_tcpudp 1927 16
xt_time 1785 0
xt_TPROXY 1177 0
Shorewall has detected the following iptables/netfilter capabilities:
NAT: Available
Packet Mangling: Available
Multi-port Match: Available
Extended Multi-port Match: Available
Connection Tracking Match: Available
Extended Connection Tracking Match Support: Available
Packet Type Match: Available
Policy Match: Available
Physdev Match: Available
Physdev-is-bridged Support: Available
Packet length Match: Available
IP range Match: Available
Recent Match: Available
Owner Match: Available
Ipset Match: Not available
CONNMARK Target: Available
Extended CONNMARK Target: Available
Connmark Match: Available
Extended Connmark Match: Available
Raw Table: Available
IPP2P Match: Not available
CLASSIFY Target: Available
Extended REJECT: Available
Repeat match: Available
MARK Target: Available
Extended MARK Target: Available
Extended MARK Target 2: Available
Mangle FORWARD Chain: Available
Comments: Available
Address Type Match: Available
TCPMSS Match: Available
Hashlimit Match: Available
NFQUEUE Target: Available
Realm Match: Available
Helper Match: Available
Connlimit Match: Available
Time Match: Available
Goto Support: Available
LOGMARK Target: Not available
IPMARK Target: Not available
LOG Target: Available
Persistent SNAT: Available
TPROXY Target: Available
FLOW Classifier: Available
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
PID/Program name
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN
3678/dnsmasq
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
1124/cupsd
tcp 0 0 182.50.182.26:55524 74.125.39.18:443 ESTABLISHED
1847/firefox-bin
tcp 0 0 182.50.182.26:55528 74.125.39.18:443 TIME_WAIT
-
tcp 0 0 182.50.182.26:55527 74.125.39.18:443 ESTABLISHED
1847/firefox-bin
tcp6 0 0 :::53 :::* LISTEN
3678/dnsmasq
tcp6 0 0 ::1:631 :::* LISTEN
1124/cupsd
udp 0 0 0.0.0.0:53 0.0.0.0:*
3678/dnsmasq
udp 0 0 0.0.0.0:67 0.0.0.0:*
3101/dhcpd3
udp 0 0 0.0.0.0:36530 0.0.0.0:*
870/avahi-daemon: r
udp 0 0 0.0.0.0:5353 0.0.0.0:*
870/avahi-daemon: r
udp6 0 0 :::53 :::*
3678/dnsmasq
udp6 0 0 :::56488 :::*
870/avahi-daemon: r
udp6 0 0 :::5353 :::*
870/avahi-daemon: r
Traffic Control
Device eth4:
qdisc mq 0: root
Sent 1068343 bytes 5576 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
class mq :1 root
Sent 660910 bytes 3091 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
class mq :2 root
Sent 407433 bytes 2485 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
class mq :3 root
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
class mq :4 root
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
class mq :5 root
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
class mq :6 root
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
class mq :7 root
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
class mq :8 root
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
Device eth3:
qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1
1 1
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
Device eth5:
qdisc mq 0: root
Sent 10070 bytes 58 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
class mq :1 root
Sent 1228 bytes 8 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
class mq :2 root
Sent 8842 bytes 50 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
class mq :3 root
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
class mq :4 root
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
class mq :5 root
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
class mq :6 root
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
class mq :7 root
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
class mq :8 root
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
TC Filters
Device eth4:
Device eth3:
Device eth5:
------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security
threats, fraudulent activity, and more. Splunk takes this data and makes
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2dcopy2
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
