Here is the output of the command:
Date: Mon, 23 Jan 2012 20:12:02 -0500
From: [email protected]
To: [email protected]
Subject: Re: [Shorewall-users] Shorewall blacklisting problem ~ new user
On Mon, Jan 23, 2012 at 01:48:24PM +0200, Christos Bakalis wrote:
> Hello! I have posted this question on linuxquestions.com but have not yet
> received a reply.
> Can any shorewall user help me out?
>
Your problem seems to be a result of the policy "fw net ACCEPT" but I do
not use blacklisting, so to be certain I would need to see the output of
'shorewall dump'.
Regards,
-Roberto
--
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
root@slack:/home/cb# shorewall dump
Shorewall 4.4.27 Dump at slack - Tue Jan 24 20:57:02 EET 2012
Counters reset Tue Jan 24 20:56:12 EET 2012
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
9 2708 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW
34 4016 wlan0_in all -- wlan0 * 0.0.0.0/0 0.0.0.0/0
0 0 eth0_in all -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix "Shorewall:INPUT:REJECT:"
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 wlan0_fwd all -- wlan0 * 0.0.0.0/0 0.0.0.0/0
0 0 eth0_fwd all -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix "Shorewall:FORWARD:REJECT:"
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
15 785 fw2net all -- * wlan0 0.0.0.0/0 0.0.0.0/0
0 0 fw2net all -- * eth0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix "Shorewall:OUTPUT:REJECT:"
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain Broadcast (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type BROADCAST
1 36 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type MULTICAST
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type ANYCAST
0 0 DROP all -- * * 0.0.0.0/0 224.0.0.0/4
Chain Drop (1 references)
pkts bytes target prot opt in out source destination
1 36 all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:113 /* Auth */
1 36 Broadcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 3 code 4 /* Needed ICMP types */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 11 /* Needed ICMP types */
0 0 Invalid all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,445 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:137:139 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:137 dpts:1024:65535 /* SMB */
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,139,445 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1900 /* UPnP */
0 0 NotSyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:53 /* Late DNS Replies */
Chain Invalid (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID
Chain NotSyn (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcpflags:! 0x17/0x02
Chain Reject (3 references)
pkts bytes target prot opt in out source destination
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:113 /* Auth */
0 0 Broadcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 3 code 4 /* Needed ICMP types */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 11 /* Needed ICMP types */
0 0 Invalid all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,445 /* SMB */
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:137:139 /* SMB */
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:137 dpts:1024:65535 /* SMB */
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,139,445 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1900 /* UPnP */
0 0 NotSyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:53 /* Late DNS Replies */
Chain blacklst (4 references)
pkts bytes target prot opt in out source destination
0 0 reject all -- * * 174.133.253.138 0.0.0.0/0
Chain dynamic (5 references)
pkts bytes target prot opt in out source destination
Chain eth0_fwd (1 references)
pkts bytes target prot opt in out source destination
0 0 sfilter all -- * eth0 0.0.0.0/0 0.0.0.0/0
[goto]
0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW
0 0 blacklst all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW
0 0 net_frwd all -- * * 0.0.0.0/0 0.0.0.0/0
Chain eth0_in (1 references)
pkts bytes target prot opt in out source destination
0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW
0 0 blacklst all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:67:68
0 0 net2fw all -- * * 0.0.0.0/0 0.0.0.0/0
Chain fw2net (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:67:68
15 785 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logdrop (0 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logreject (0 references)
pkts bytes target prot opt in out source destination
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
Chain net2fw (2 references)
pkts bytes target prot opt in out source destination
25 1308 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
1 36 Drop all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix "Shorewall:net2fw:DROP:"
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain net_frwd (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * wlan0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * eth0 0.0.0.0/0 0.0.0.0/0
Chain reject (11 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match src-type BROADCAST
0 0 DROP all -- * * 224.0.0.0/4 0.0.0.0/0
0 0 DROP 2 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with tcp-reset
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-port-unreachable
0 0 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-unreachable
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-prohibited
Chain sfilter (2 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix "Shorewall:sfilter:DROP:"
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain shorewall (0 references)
pkts bytes target prot opt in out source destination
Chain wlan0_fwd (1 references)
pkts bytes target prot opt in out source destination
0 0 sfilter all -- * wlan0 0.0.0.0/0 0.0.0.0/0
[goto]
0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW
0 0 blacklst all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW
0 0 net_frwd all -- * * 0.0.0.0/0 0.0.0.0/0
Chain wlan0_in (1 references)
pkts bytes target prot opt in out source destination
9 2708 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW
9 2708 blacklst all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW
8 2672 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:67:68
26 1344 net2fw all -- * * 0.0.0.0/0 0.0.0.0/0
Log (/var/log/messages)
NAT Table
Chain PREROUTING (policy ACCEPT 1 packets, 36 bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Mangle Table
Chain PREROUTING (policy ACCEPT 5 packets, 808 bytes)
pkts bytes target prot opt in out source destination
34 4016 tcpre all -- * * 0.0.0.0/0 0.0.0.0/0
Chain INPUT (policy ACCEPT 5 packets, 808 bytes)
pkts bytes target prot opt in out source destination
34 4016 tcin all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0
MARK and 0xffffff00
0 0 tcfor all -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 2 packets, 104 bytes)
pkts bytes target prot opt in out source destination
15 785 tcout all -- * * 0.0.0.0/0 0.0.0.0/0
Chain POSTROUTING (policy ACCEPT 2 packets, 104 bytes)
pkts bytes target prot opt in out source destination
15 785 tcpost all -- * * 0.0.0.0/0 0.0.0.0/0
Chain tcfor (1 references)
pkts bytes target prot opt in out source destination
Chain tcin (1 references)
pkts bytes target prot opt in out source destination
Chain tcout (1 references)
pkts bytes target prot opt in out source destination
Chain tcpost (1 references)
pkts bytes target prot opt in out source destination
Chain tcpre (1 references)
pkts bytes target prot opt in out source destination
Raw Table
Chain PREROUTING (policy ACCEPT 5 packets, 808 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 2 packets, 104 bytes)
pkts bytes target prot opt in out source destination
Conntrack Table (62 out of 65536)
tcp 6 431912 ESTABLISHED src=192.168.1.67 dst=173.194.70.120 sport=55083
dport=80 src=173.194.70.120 dst=192.168.1.67 sport=80 dport=55083 [ASSURED]
mark=0 use=2
tcp 6 84 TIME_WAIT src=192.168.1.67 dst=141.101.125.37 sport=35950
dport=80 src=141.101.125.37 dst=192.168.1.67 sport=80 dport=35950 [ASSURED]
mark=0 use=2
tcp 6 52 TIME_WAIT src=192.168.1.67 dst=174.133.253.138 sport=46678
dport=80 src=174.133.253.138 dst=192.168.1.67 sport=80 dport=46678 [ASSURED]
mark=0 use=2
tcp 6 53 TIME_WAIT src=192.168.1.67 dst=174.133.253.138 sport=46686
dport=80 src=174.133.253.138 dst=192.168.1.67 sport=80 dport=46686 [ASSURED]
mark=0 use=2
tcp 6 84 TIME_WAIT src=192.168.1.67 dst=141.101.125.37 sport=35951
dport=80 src=141.101.125.37 dst=192.168.1.67 sport=80 dport=35951 [ASSURED]
mark=0 use=2
tcp 6 431940 ESTABLISHED src=192.168.1.67 dst=64.4.34.84 sport=43818
dport=80 src=64.4.34.84 dst=192.168.1.67 sport=80 dport=43818 [ASSURED] mark=0
use=2
udp 17 25 src=0.0.0.0 dst=255.255.255.255 sport=68 dport=67 [UNREPLIED]
src=255.255.255.255 dst=0.0.0.0 sport=67 dport=68 mark=0 use=2
tcp 6 52 TIME_WAIT src=192.168.1.67 dst=174.133.253.138 sport=46675
dport=80 src=174.133.253.138 dst=192.168.1.67 sport=80 dport=46675 [ASSURED]
mark=0 use=2
tcp 6 53 TIME_WAIT src=192.168.1.67 dst=174.133.253.138 sport=46689
dport=80 src=174.133.253.138 dst=192.168.1.67 sport=80 dport=46689 [ASSURED]
mark=0 use=2
tcp 6 53 TIME_WAIT src=192.168.1.67 dst=174.133.253.138 sport=46685
dport=80 src=174.133.253.138 dst=192.168.1.67 sport=80 dport=46685 [ASSURED]
mark=0 use=2
tcp 6 53 TIME_WAIT src=192.168.1.67 dst=72.52.240.152 sport=47341 dport=80
src=72.52.240.152 dst=192.168.1.67 sport=80 dport=47341 [ASSURED] mark=0 use=2
tcp 6 431918 ESTABLISHED src=192.168.1.67 dst=74.125.79.139 sport=47070
dport=80 src=74.125.79.139 dst=192.168.1.67 sport=80 dport=47070 [ASSURED]
mark=0 use=2
tcp 6 59 TIME_WAIT src=192.168.1.67 dst=174.133.253.138 sport=46704
dport=80 src=174.133.253.138 dst=192.168.1.67 sport=80 dport=46704 [ASSURED]
mark=0 use=2
tcp 6 59 TIME_WAIT src=192.168.1.67 dst=174.133.253.138 sport=46705
dport=80 src=174.133.253.138 dst=192.168.1.67 sport=80 dport=46705 [ASSURED]
mark=0 use=2
tcp 6 431912 ESTABLISHED src=192.168.1.67 dst=173.194.70.120 sport=55088
dport=80 src=173.194.70.120 dst=192.168.1.67 sport=80 dport=55088 [ASSURED]
mark=0 use=2
tcp 6 84 TIME_WAIT src=192.168.1.67 dst=141.101.126.243 sport=53006
dport=80 src=141.101.126.243 dst=192.168.1.67 sport=80 dport=53006 [ASSURED]
mark=0 use=2
tcp 6 68 TIME_WAIT src=192.168.1.67 dst=141.101.124.244 sport=55070
dport=80 src=141.101.124.244 dst=192.168.1.67 sport=80 dport=55070 [ASSURED]
mark=0 use=2
tcp 6 53 TIME_WAIT src=192.168.1.67 dst=174.133.253.138 sport=46682
dport=80 src=174.133.253.138 dst=192.168.1.67 sport=80 dport=46682 [ASSURED]
mark=0 use=2
tcp 6 54 TIME_WAIT src=192.168.1.67 dst=174.133.253.138 sport=46697
dport=80 src=174.133.253.138 dst=192.168.1.67 sport=80 dport=46697 [ASSURED]
mark=0 use=2
udp 17 114 src=192.168.1.67 dst=192.168.1.254 sport=42104 dport=53
src=192.168.1.254 dst=192.168.1.67 sport=53 dport=42104 [ASSURED] mark=0 use=2
tcp 6 59 TIME_WAIT src=192.168.1.67 dst=174.133.253.138 sport=46707
dport=80 src=174.133.253.138 dst=192.168.1.67 sport=80 dport=46707 [ASSURED]
mark=0 use=2
tcp 6 52 TIME_WAIT src=192.168.1.67 dst=174.133.253.138 sport=46684
dport=80 src=174.133.253.138 dst=192.168.1.67 sport=80 dport=46684 [ASSURED]
mark=0 use=2
tcp 6 18 TIME_WAIT src=192.168.1.67 dst=64.4.61.111 sport=46612 dport=1863
src=64.4.61.111 dst=192.168.1.67 sport=1863 dport=46612 [ASSURED] mark=0 use=2
tcp 6 59 TIME_WAIT src=192.168.1.67 dst=174.133.253.138 sport=46709
dport=80 src=174.133.253.138 dst=192.168.1.67 sport=80 dport=46709 [ASSURED]
mark=0 use=2
tcp 6 53 TIME_WAIT src=192.168.1.67 dst=174.133.253.138 sport=46672
dport=80 src=174.133.253.138 dst=192.168.1.67 sport=80 dport=46672 [ASSURED]
mark=0 use=2
tcp 6 84 TIME_WAIT src=192.168.1.67 dst=141.101.125.244 sport=46132
dport=80 src=141.101.125.244 dst=192.168.1.67 sport=80 dport=46132 [ASSURED]
mark=0 use=2
tcp 6 54 TIME_WAIT src=192.168.1.67 dst=66.211.169.74 sport=57631
dport=443 src=66.211.169.74 dst=192.168.1.67 sport=443 dport=57631 [ASSURED]
mark=0 use=2
tcp 6 84 TIME_WAIT src=192.168.1.67 dst=141.101.126.243 sport=53005
dport=80 src=141.101.126.243 dst=192.168.1.67 sport=80 dport=53005 [ASSURED]
mark=0 use=2
tcp 6 52 TIME_WAIT src=192.168.1.67 dst=174.133.253.138 sport=46674
dport=80 src=174.133.253.138 dst=192.168.1.67 sport=80 dport=46674 [ASSURED]
mark=0 use=2
tcp 6 52 TIME_WAIT src=192.168.1.67 dst=174.133.253.138 sport=46673
dport=80 src=174.133.253.138 dst=192.168.1.67 sport=80 dport=46673 [ASSURED]
mark=0 use=2
tcp 6 52 TIME_WAIT src=192.168.1.67 dst=174.133.253.138 sport=46679
dport=80 src=174.133.253.138 dst=192.168.1.67 sport=80 dport=46679 [ASSURED]
mark=0 use=2
tcp 6 58 TIME_WAIT src=192.168.1.67 dst=72.52.240.152 sport=47340 dport=80
src=72.52.240.152 dst=192.168.1.67 sport=80 dport=47340 [ASSURED] mark=0 use=2
tcp 6 42 TIME_WAIT src=192.168.1.67 dst=199.27.134.243 sport=46727
dport=80 src=199.27.134.243 dst=192.168.1.67 sport=80 dport=46727 [ASSURED]
mark=0 use=2
tcp 6 58 TIME_WAIT src=192.168.1.67 dst=174.133.253.138 sport=46703
dport=80 src=174.133.253.138 dst=192.168.1.67 sport=80 dport=46703 [ASSURED]
mark=0 use=2
tcp 6 54 TIME_WAIT src=192.168.1.67 dst=199.7.50.72 sport=58134 dport=80
src=199.7.50.72 dst=192.168.1.67 sport=80 dport=58134 [ASSURED] mark=0 use=2
tcp 6 53 TIME_WAIT src=192.168.1.67 dst=174.133.253.138 sport=46690
dport=80 src=174.133.253.138 dst=192.168.1.67 sport=80 dport=46690 [ASSURED]
mark=0 use=2
tcp 6 53 TIME_WAIT src=192.168.1.67 dst=174.133.253.138 sport=46692
dport=80 src=174.133.253.138 dst=192.168.1.67 sport=80 dport=46692 [ASSURED]
mark=0 use=2
tcp 6 59 TIME_WAIT src=192.168.1.67 dst=174.133.253.138 sport=46710
dport=80 src=174.133.253.138 dst=192.168.1.67 sport=80 dport=46710 [ASSURED]
mark=0 use=2
tcp 6 52 TIME_WAIT src=192.168.1.67 dst=174.133.253.138 sport=46676
dport=80 src=174.133.253.138 dst=192.168.1.67 sport=80 dport=46676 [ASSURED]
mark=0 use=2
tcp 6 53 TIME_WAIT src=192.168.1.67 dst=174.133.253.138 sport=46687
dport=80 src=174.133.253.138 dst=192.168.1.67 sport=80 dport=46687 [ASSURED]
mark=0 use=2
tcp 6 84 TIME_WAIT src=192.168.1.67 dst=199.27.134.243 sport=46728
dport=80 src=199.27.134.243 dst=192.168.1.67 sport=80 dport=46728 [ASSURED]
mark=0 use=2
tcp 6 101 TIME_WAIT src=192.168.1.67 dst=207.46.124.167 sport=59723
dport=1863 src=207.46.124.167 dst=192.168.1.67 sport=1863 dport=59723 [ASSURED]
mark=0 use=2
tcp 6 85 TIME_WAIT src=192.168.1.67 dst=199.27.134.243 sport=46734
dport=80 src=199.27.134.243 dst=192.168.1.67 sport=80 dport=46734 [ASSURED]
mark=0 use=2
tcp 6 85 TIME_WAIT src=192.168.1.67 dst=141.101.125.244 sport=46148
dport=80 src=141.101.125.244 dst=192.168.1.67 sport=80 dport=46148 [ASSURED]
mark=0 use=2
tcp 6 431972 ESTABLISHED src=192.168.1.67 dst=64.4.44.85 sport=51576
dport=1863 src=64.4.44.85 dst=192.168.1.67 sport=1863 dport=51576 [ASSURED]
mark=0 use=2
tcp 6 59 TIME_WAIT src=192.168.1.67 dst=174.133.253.138 sport=46708
dport=80 src=174.133.253.138 dst=192.168.1.67 sport=80 dport=46708 [ASSURED]
mark=0 use=2
tcp 6 42 TIME_WAIT src=192.168.1.67 dst=199.27.134.243 sport=46729
dport=80 src=199.27.134.243 dst=192.168.1.67 sport=80 dport=46729 [ASSURED]
mark=0 use=2
tcp 6 42 TIME_WAIT src=192.168.1.67 dst=141.101.125.37 sport=35952
dport=80 src=141.101.125.37 dst=192.168.1.67 sport=80 dport=35952 [ASSURED]
mark=0 use=2
tcp 6 431911 ESTABLISHED src=192.168.1.67 dst=209.85.229.94 sport=47311
dport=80 src=209.85.229.94 dst=192.168.1.67 sport=80 dport=47311 [ASSURED]
mark=0 use=2
tcp 6 58 TIME_WAIT src=192.168.1.67 dst=199.7.50.72 sport=58135 dport=80
src=199.7.50.72 dst=192.168.1.67 sport=80 dport=58135 [ASSURED] mark=0 use=2
tcp 6 52 TIME_WAIT src=192.168.1.67 dst=174.133.253.138 sport=46677
dport=80 src=174.133.253.138 dst=192.168.1.67 sport=80 dport=46677 [ASSURED]
mark=0 use=2
tcp 6 84 TIME_WAIT src=192.168.1.67 dst=199.27.134.243 sport=46717
dport=80 src=199.27.134.243 dst=192.168.1.67 sport=80 dport=46717 [ASSURED]
mark=0 use=2
tcp 6 431627 ESTABLISHED src=192.168.1.67 dst=62.1.38.9 sport=58460
dport=80 [UNREPLIED] src=62.1.38.9 dst=192.168.1.67 sport=80 dport=58460 mark=0
use=2
tcp 6 431914 ESTABLISHED src=192.168.1.67 dst=209.85.229.94 sport=47312
dport=80 src=209.85.229.94 dst=192.168.1.67 sport=80 dport=47312 [ASSURED]
mark=0 use=2
tcp 6 52 TIME_WAIT src=192.168.1.67 dst=174.133.253.138 sport=46683
dport=80 src=174.133.253.138 dst=192.168.1.67 sport=80 dport=46683 [ASSURED]
mark=0 use=2
tcp 6 431917 ESTABLISHED src=192.168.1.67 dst=62.1.38.18 sport=42653
dport=80 src=62.1.38.18 dst=192.168.1.67 sport=80 dport=42653 [ASSURED] mark=0
use=2
tcp 6 52 TIME_WAIT src=192.168.1.67 dst=174.133.253.138 sport=46680
dport=80 src=174.133.253.138 dst=192.168.1.67 sport=80 dport=46680 [ASSURED]
mark=0 use=2
tcp 6 431917 ESTABLISHED src=192.168.1.67 dst=209.85.229.94 sport=47314
dport=80 src=209.85.229.94 dst=192.168.1.67 sport=80 dport=47314 [ASSURED]
mark=0 use=2
tcp 6 38 TIME_WAIT src=192.168.1.67 dst=95.172.94.55 sport=46162 dport=80
src=95.172.94.55 dst=192.168.1.67 sport=80 dport=46162 [ASSURED] mark=0 use=2
tcp 6 84 TIME_WAIT src=192.168.1.67 dst=141.101.126.243 sport=53004
dport=80 src=141.101.126.243 dst=192.168.1.67 sport=80 dport=53004 [ASSURED]
mark=0 use=2
tcp 6 59 TIME_WAIT src=192.168.1.67 dst=174.133.253.138 sport=46706
dport=80 src=174.133.253.138 dst=192.168.1.67 sport=80 dport=46706 [ASSURED]
mark=0 use=2
tcp 6 84 TIME_WAIT src=192.168.1.67 dst=199.27.134.243 sport=46718
dport=80 src=199.27.134.243 dst=192.168.1.67 sport=80 dport=46718 [ASSURED]
mark=0 use=2
IP Configuration
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
inet 127.0.0.1/8 scope host lo
3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
inet 192.168.1.67/24 brd 192.168.1.255 scope global wlan0
IP Stats
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
RX: bytes packets errors dropped overrun mcast
880 16 0 0 0 0
TX: bytes packets errors dropped carrier collsns
880 16 0 0 0 0
2: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state
DOWN qlen 1000
link/ether 00:1e:ec:a4:e8:fb brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
0 0 0 0 0 0
3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether 00:1f:e2:c1:93:32 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
10211554 11641 0 20 0 0
TX: bytes packets errors dropped carrier collsns
1852705 9365 0 0 0 0
Bridges
bridge name bridge id STP enabled interfaces
Per-IP Counters
iptaccount is not installed
/proc
/proc/version = Linux version 2.6.38.7-smp (root@midas) (gcc version 4.5.3
(GCC) ) #2 SMP Sat May 21 23:13:29 CDT 2011
/proc/sys/net/ipv4/ip_forward = 1
/proc/sys/net/ipv4/icmp_echo_ignore_all = 0
/proc/sys/net/ipv4/conf/all/proxy_arp = 0
/proc/sys/net/ipv4/conf/all/arp_filter = 0
/proc/sys/net/ipv4/conf/all/arp_ignore = 0
/proc/sys/net/ipv4/conf/all/rp_filter = 0
/proc/sys/net/ipv4/conf/all/log_martians = 0
/proc/sys/net/ipv4/conf/default/proxy_arp = 0
/proc/sys/net/ipv4/conf/default/arp_filter = 0
/proc/sys/net/ipv4/conf/default/arp_ignore = 0
/proc/sys/net/ipv4/conf/default/rp_filter = 0
/proc/sys/net/ipv4/conf/default/log_martians = 1
/proc/sys/net/ipv4/conf/eth0/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth0/arp_filter = 0
/proc/sys/net/ipv4/conf/eth0/arp_ignore = 0
/proc/sys/net/ipv4/conf/eth0/rp_filter = 0
/proc/sys/net/ipv4/conf/eth0/log_martians = 1
/proc/sys/net/ipv4/conf/lo/proxy_arp = 0
/proc/sys/net/ipv4/conf/lo/arp_filter = 0
/proc/sys/net/ipv4/conf/lo/arp_ignore = 0
/proc/sys/net/ipv4/conf/lo/rp_filter = 0
/proc/sys/net/ipv4/conf/lo/log_martians = 1
/proc/sys/net/ipv4/conf/wlan0/proxy_arp = 0
/proc/sys/net/ipv4/conf/wlan0/arp_filter = 0
/proc/sys/net/ipv4/conf/wlan0/arp_ignore = 0
/proc/sys/net/ipv4/conf/wlan0/rp_filter = 0
/proc/sys/net/ipv4/conf/wlan0/log_martians = 1
Routing Rules
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
Table default:
Table local:
local 192.168.1.67 dev wlan0 proto kernel scope host src 192.168.1.67
broadcast 192.168.1.0 dev wlan0 proto kernel scope link src 192.168.1.67
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
broadcast 192.168.1.255 dev wlan0 proto kernel scope link src 192.168.1.67
broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1
Table main:
192.168.1.0/24 dev wlan0 proto kernel scope link src 192.168.1.67 metric
303
127.0.0.0/8 dev lo scope link
default via 192.168.1.254 dev wlan0 metric 303
ARP
? (192.168.1.254) at 00:1f:9f:eb:5c:9e [ether] on wlan0
Modules
ip_set 10840 18
ipt_set,ipt_SET,ip_set_nethash,ip_set_iptreemap,ip_set_iptree,ip_set_ipporthash,ip_set_portmap,ip_set_macipmap,ip_set_ipmap,ip_set_iphash
ip_set_iphash 6148 0
ip_set_ipmap 2782 0
ip_set_ipporthash 6531 0
ip_set_iptree 4614 0
ip_set_iptreemap 8076 0
ip_set_macipmap 2821 0
ip_set_nethash 7373 0
ip_set_portmap 2936 0
ip_tables 9267 4
iptable_raw,iptable_nat,iptable_mangle,iptable_filter
ipt_CLUSTERIP 4957 0
ipt_ECN 1532 0
ipt_LOG 6486 5
ipt_MASQUERADE 1294 0
ipt_NETMAP 901 0
ipt_REDIRECT 875 0
ipt_REJECT 2021 4
ipt_SET 1267 0
ipt_ULOG 4885 0
ipt_addrtype 1589 4
ipt_ah 857 0
ipt_ecn 1084 0
ipt_set 1108 0
iptable_filter 1092 1
iptable_mangle 1252 1
iptable_nat 3388 0
iptable_raw 1016 0
nf_conntrack 44795 32
xt_CT,xt_connlimit,ipt_MASQUERADE,ipt_CLUSTERIP,nf_nat_tftp,nf_nat_snmp_basic,nf_nat_sip,nf_nat_pptp,nf_nat_irc,nf_nat_h323,nf_nat_ftp,nf_nat_amanda,nf_conntrack_amanda,nf_conntrack_sane,nf_conntrack_tftp,nf_conntrack_sip,nf_conntrack_proto_udplite,nf_conntrack_proto_sctp,nf_conntrack_pptp,nf_conntrack_proto_gre,nf_conntrack_netlink,nf_conntrack_netbios_ns,nf_conntrack_irc,nf_conntrack_h323,nf_conntrack_ftp,xt_helper,xt_conntrack,xt_connmark,xt_state,iptable_nat,nf_nat,nf_conntrack_ipv4
nf_conntrack_amanda 1713 1 nf_nat_amanda
nf_conntrack_ftp 4789 1 nf_nat_ftp
nf_conntrack_h323 36572 1 nf_nat_h323
nf_conntrack_ipv4 9597 15 iptable_nat,nf_nat
nf_conntrack_irc 2607 1 nf_nat_irc
nf_conntrack_netbios_ns 1070 0
nf_conntrack_netlink 11900 0
nf_conntrack_pptp 3890 1 nf_nat_pptp
nf_conntrack_proto_gre 3073 1 nf_conntrack_pptp
nf_conntrack_proto_sctp 5766 0
nf_conntrack_proto_udplite 2315 0
nf_conntrack_sane 2788 0
nf_conntrack_sip 16024 1 nf_nat_sip
nf_conntrack_tftp 2497 1 nf_nat_tftp
nf_defrag_ipv4 1015 2 xt_TPROXY,nf_conntrack_ipv4
nf_defrag_ipv6 4849 1 xt_TPROXY
nf_nat 12344 12
ipt_REDIRECT,ipt_NETMAP,ipt_MASQUERADE,nf_nat_tftp,nf_nat_sip,nf_nat_pptp,nf_nat_proto_gre,nf_nat_irc,nf_nat_h323,nf_nat_ftp,nf_nat_amanda,iptable_nat
nf_nat_amanda 836 0
nf_nat_ftp 1280 0
nf_nat_h323 5291 0
nf_nat_irc 1050 0
nf_nat_pptp 2006 0
nf_nat_proto_gre 1013 1 nf_nat_pptp
nf_nat_sip 5656 0
nf_nat_snmp_basic 7101 0
nf_nat_tftp 674 0
nf_tproxy_core 824 1 xt_TPROXY,[permanent]
xt_CLASSIFY 681 0
xt_CT 1415 0
xt_DSCP 1703 0
xt_NFLOG 834 0
xt_NFQUEUE 1481 0
xt_TPROXY 4043 0
xt_comment 679 18
xt_connlimit 2606 0
xt_connmark 1457 0
xt_conntrack 2237 12
xt_dccp 1799 0
xt_dscp 1231 0
xt_hashlimit 6153 0
xt_helper 1063 0
xt_iprange 1316 0
xt_length 864 0
xt_limit 1447 0
xt_mac 799 0
xt_mark 889 1
xt_multiport 1522 4
xt_owner 867 0
xt_physdev 1368 0
xt_pkttype 807 0
xt_policy 2150 0
xt_realm 707 0
xt_recent 6458 0
xt_state 963 0
xt_tcpmss 1125 0
xt_tcpudp 1939 14
xt_time 1663 0
Shorewall has detected the following iptables/netfilter capabilities:
NAT: Available
Packet Mangling: Available
Multi-port Match: Available
Extended Multi-port Match: Available
Connection Tracking Match: Available
Extended Connection Tracking Match Support: Available
Packet Type Match: Available
Policy Match: Available
Physdev Match: Available
Physdev-is-bridged Support: Available
Packet length Match: Available
IP range Match: Available
Recent Match: Available
Owner Match: Available
Ipset Match: Available
CONNMARK Target: Available
Extended CONNMARK Target: Available
Connmark Match: Available
Extended Connmark Match: Available
Raw Table: Available
Rawpost Table: Not available
IPP2P Match: Not available
CLASSIFY Target: Available
Extended REJECT: Available
Repeat match: Available
MARK Target: Available
Extended MARK Target: Available
Extended MARK Target 2: Available
Mangle FORWARD Chain: Available
Comments: Available
Address Type Match: Available
TCPMSS Match: Available
Hashlimit Match: Available
NFQUEUE Target: Available
Realm Match: Available
Helper Match: Available
Connlimit Match: Available
Time Match: Available
Goto Support: Available
LOGMARK Target: Not available
IPMARK Target: Not available
LOG Target: Available
ULOG Target: Available
NFLOG Target: Available
Persistent SNAT: Available
TPROXY Target: Available
FLOW Classifier: Available
fwmark route mask: Available
Mark in any table: Available
Header Match: Not available
ACCOUNT Target: Not available
AUDIT Target: Not available
ipset V5: Not available
Condition Match: Not available
iptables -S: Available
Basic Filter: Available
CT Target: Available
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
1860/sshd
tcp 0 0 0.0.0.0:37 0.0.0.0:* LISTEN
1855/inetd
tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN
2244/X
tcp 0 0 0.0.0.0:113 0.0.0.0:* LISTEN
1855/inetd
tcp 0 0 192.168.1.67:47311 209.85.229.94:80 ESTABLISHED
2506/firefox
tcp 0 0 192.168.1.67:55088 173.194.70.120:80 ESTABLISHED
2506/firefox
tcp 0 0 192.168.1.67:55083 173.194.70.120:80 ESTABLISHED
2506/firefox
tcp 0 0 192.168.1.67:43818 64.4.34.84:80 ESTABLISHED
2506/firefox
tcp 0 0 192.168.1.67:47314 209.85.229.94:80 ESTABLISHED
2506/firefox
tcp 0 0 192.168.1.67:59723 207.46.124.167:1863 TIME_WAIT
-
tcp 0 0 192.168.1.67:51576 64.4.44.85:1863 ESTABLISHED
2505/pidgin
tcp 0 0 192.168.1.67:47312 209.85.229.94:80 ESTABLISHED
2506/firefox
tcp 0 0 192.168.1.67:47070 74.125.79.139:80 ESTABLISHED
2506/firefox
tcp 0 0 192.168.1.67:42653 62.1.38.18:80 ESTABLISHED
2506/firefox
tcp 0 0 192.168.1.67:57795 65.55.85.91:443 ESTABLISHED
2505/pidgin
tcp 0 0 :::22 :::* LISTEN
1860/sshd
tcp 0 0 :::6000 :::* LISTEN
2244/X
udp 0 0 0.0.0.0:512 0.0.0.0:*
1855/inetd
udp 0 0 0.0.0.0:37 0.0.0.0:*
1855/inetd
Traffic Control
Device eth0:
qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1
1 1
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
Device wlan0:
qdisc mq 0: root
Sent 1684135 bytes 9365 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
class mq :1 root
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
class mq :2 root
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
class mq :3 root
Sent 1684135 bytes 9365 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
class mq :4 root
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
TC Filters
Device eth0:
Device wlan0:
------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
