Hello!
I get this error when starting apt update:
W: Fehlschlag beim Holen von
http://repo.saltstack.com/apt/debian/8/amd64/latest/dists/jessie/Release.gpg
Verbindung mit repo.saltstack.com:80 kann nicht aufgebaut werden
(2604:a880:400:d0::2:e001). - connect (101: Das Netzwerk ist nicht
erreichbar) [IP: 2604:a880:400:d0::2:e001 80]
This error is reproducible and is reported for different URLs defined
in /etc/apt/sources.list.
In my configuration I have 2 ISP and 2 networks: loc and dmz
I want to ensure that all traffic from loc / dmz is routed to ISP #1 and
traffic of another subnet 192.168.178.0/24 is routed to ISP #2.
With this configuration the error is reproducible:
root@pc4-svp:/etc/shorewall# cat interfaces
#ZONE INTERFACE BROADCAST OPTIONS
net UMB_IF -
optional,sourceroute=0,routefilter=0,arp_ignore=1,proxyarp=0,physical=$UMB_IF,upnp,nosmurfs,tcpflags,dhcp
net UMP_IF -
optional,sourceroute=0,routefilter=0,arp_ignore=1,proxyarp=0,physical=$UMP_IF,upnp,nosmurfs,tcpflags
loc INT_IF -
dhcp,physical=$INT_IF,ignore=1,wait=5,routefilter,nets=10.0.0.0/24,routeback
vpn TUN_IF+ - physical=tun+,ignore=1
dmz DMZ_IF -
dhcp,physical=$DMZ_IF,ignore=1,wait=5,routefilter,nets=10.1.0.0/24,routeback
root@pc4-svp:/etc/shorewall# cat rtrules
#SOURCE DEST PROVIDER PRIORITY
&UMB_IF - um_business 1000
&UMP_IF - um_private 1000
&DMZ_IF - um_business 11000
#NAME NUMBER MARK DUPLICATE INTERFACE
GATEWAY OPTIONS COPY
um_business 1 0x10000 - UMB_IF detect
track,balance
um_private 2 0x20000 - UMP_IF 192.168.1.1
track,balance
root@pc4-svp:/etc/shorewall# cat zones
#ZONE TYPE OPTIONS
fw firewall
net ipv4 #Internet
fb:net ipv4 #Fritz!Box6490 192.168.178.0/24
loc ipv4 #Local Zone
vpn ipv4 #OpenVPN Clients
dmz ipv4 #LXC Containers
root@pc4-svp:/etc/shorewall# ip rule ls
0: from all lookup local
999: from all lookup main
1000: from 217.8.50.86 lookup um_business
1000: from 192.168.178.14 lookup um_private
10000: from all fwmark 0x10000/0x30000 lookup um_business
10001: from all fwmark 0x20000/0x30000 lookup um_private
11000: from 10.1.0.1 lookup um_business
20000: from 217.8.50.86 lookup um_business
20000: from 192.168.178.14 lookup um_private
32765: from all lookup balance
32767: from all lookup default
With this configuration there are no issues with apt update, though.
But I'm not sure if traffic is routed to ISP #2.
root@pc4-svp:/etc/shorewall# cat providers
#NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY
OPTIONS COPY
um_business 1 0x10000 - UMB_IF detect loose
um_private 2 0x20000 - UMP_IF 192.168.178.1 loose
root@pc4-svp:/etc/shorewall# ip rule ls
0: from all lookup local
999: from all lookup main
1000: from 217.8.50.86 lookup um_business
1000: from 192.168.178.14 lookup um_private
10000: from all fwmark 0x10000/0x30000 lookup um_business
10001: from all fwmark 0x20000/0x30000 lookup um_private
11000: from 10.1.0.1 lookup um_business
32765: from all lookup balance
32767: from all lookup default
There's obviously a difference with routing affecting these lines:
20000: from 217.8.50.86 lookup um_business
20000: from 192.168.178.14 lookup um_private
Please advise for the correct configuration providers, rtrules, interfaces.
I have attached dump file for erroneous configuration.
THX
Shorewall 5.0.7.2 Dump at pc4-svp - Di 12. Apr 19:42:21 CEST 2016
Shorewall is running
State:Started (Di 12. Apr 19:38:18 CEST 2016) from /etc/shorewall/
(/var/lib/shorewall/firewall compiled by Shorewall version 5.0.7.2)
Counters reset Di 12. Apr 19:38:22 CEST 2016
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
848 45628 UMP_IF_in all -- vmbr2 * 0.0.0.0/0 0.0.0.0/0
403 143K UMB_IF_in all -- eth0 * 0.0.0.0/0 0.0.0.0/0
513 94184 INT_IF_in all -- vmbr0 * 0.0.0.0/0 0.0.0.0/0
0 0 vpn-fw all -- tun+ * 0.0.0.0/0 0.0.0.0/0
4 304 DMZ_IF_in all -- vmbr1 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix "Shorewall:INPUT:REJECT:"
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 UMP_IF_fwd all -- vmbr2 * 0.0.0.0/0 0.0.0.0/0
209 312K UMB_IF_fwd all -- eth0 * 0.0.0.0/0 0.0.0.0/0
271 22111 INT_IF_fwd all -- vmbr0 * 0.0.0.0/0 0.0.0.0/0
0 0 vpn_frwd all -- tun+ * 0.0.0.0/0 0.0.0.0/0
0 0 DMZ_IF_fwd all -- vmbr1 * 0.0.0.0/0 0.0.0.0/0
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix "Shorewall:FORWARD:REJECT:"
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
839 512K ACCEPT all -- * vmbr2 0.0.0.0/0 0.0.0.0/0
5 350 ACCEPT all -- * eth0 0.0.0.0/0 0.0.0.0/0
514 26900 INT_IF_out all -- * vmbr0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * tun+ 0.0.0.0/0 0.0.0.0/0
4 304 DMZ_IF_out all -- * vmbr1 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain Broadcast (2 references)
pkts bytes target prot opt in out source destination
8 783 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type BROADCAST
2 72 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type MULTICAST
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type ANYCAST
Chain DMZ_IF_fwd (1 references)
pkts bytes target prot opt in out source destination
0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
0 0 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 dmz_frwd all -- * * 10.1.0.0/24 0.0.0.0/0
Chain DMZ_IF_in (1 references)
pkts bytes target prot opt in out source destination
4 304 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:67:68
0 0 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp -- * * 0.0.0.0 0.0.0.0/0
udp dpts:67:68
4 304 dmz-fw all -- * * 10.1.0.0/24 0.0.0.0/0
Chain DMZ_IF_out (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:67:68
4 304 ACCEPT all -- * * 0.0.0.0/0 10.1.0.0/24
0 0 ACCEPT all -- * * 0.0.0.0/0
255.255.255.255
0 0 ACCEPT all -- * * 0.0.0.0/0 224.0.0.0/4
Chain Drop (1 references)
pkts bytes target prot opt in out source destination
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 Broadcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 3 code 4 /* Needed ICMP types */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 11 /* Needed ICMP types */
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,445 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:137:139 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:137 dpts:1024:65535 /* SMB */
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,139,445 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1900 /* UPnP */
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:!0x17/0x02
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:53 /* Late DNS Replies */
Chain INT_IF_fwd (1 references)
pkts bytes target prot opt in out source destination
127 7612 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
179 16429 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
271 22111 loc_frwd all -- * * 10.0.0.0/24 0.0.0.0/0
Chain INT_IF_in (1 references)
pkts bytes target prot opt in out source destination
3 228 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:67:68
510 93956 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp -- * * 0.0.0.0 0.0.0.0/0
udp dpts:67:68
513 94184 ~comb1 all -- * * 10.0.0.0/24 0.0.0.0/0
Chain INT_IF_out (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:67:68
514 26900 ACCEPT all -- * * 0.0.0.0/0 10.0.0.0/24
0 0 ACCEPT all -- * * 0.0.0.0/0
255.255.255.255
0 0 ACCEPT all -- * * 0.0.0.0/0 224.0.0.0/4
Chain Reject (10 references)
pkts bytes target prot opt in out source destination
10 855 all -- * * 0.0.0.0/0 0.0.0.0/0
10 855 Broadcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 3 code 4 /* Needed ICMP types */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 11 /* Needed ICMP types */
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,445 /* SMB */
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:137:139 /* SMB */
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:137 dpts:1024:65535 /* SMB */
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,139,445 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1900 /* UPnP */
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:!0x17/0x02
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:53 /* Late DNS Replies */
Chain UMB_IF_fwd (1 references)
pkts bytes target prot opt in out source destination
0 0 sfilter all -- * eth0 0.0.0.0/0 0.0.0.0/0
[goto]
0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
0 0 smurfs all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
186 310K tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
209 312K net_frwd all -- * * 0.0.0.0/0 0.0.0.0/0
Chain UMB_IF_in (1 references)
pkts bytes target prot opt in out source destination
398 142K dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
398 142K smurfs all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
398 142K ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:67:68
0 0 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
5 715 net-fw all -- * * 0.0.0.0/0 0.0.0.0/0
Chain UMP_IF_fwd (1 references)
pkts bytes target prot opt in out source destination
0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
0 0 smurfs all -- * * 192.168.178.0/24 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
0 0 smurfs all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
0 0 tcpflags tcp -- * * 192.168.178.0/24 0.0.0.0/0
0 0 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 fb_frwd all -- * * 192.168.178.0/24 0.0.0.0/0
0 0 net_frwd all -- * * 0.0.0.0/0 0.0.0.0/0
Chain UMP_IF_in (1 references)
pkts bytes target prot opt in out source destination
3 323 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
3 323 smurfs all -- * * 192.168.178.0/24 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
3 323 smurfs all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
842 44876 tcpflags tcp -- * * 192.168.178.0/24 0.0.0.0/0
842 44876 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
845 45199 ~comb1 all -- * * 192.168.178.0/24 0.0.0.0/0
3 429 net-fw all -- * * 0.0.0.0/0 0.0.0.0/0
Chain all-all (7 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
6 551 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix "Shorewall:all-all:REJECT:"
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain dmz-all (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain dmz-fw (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:22
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 4505,4506
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
4 304 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain dmz-loc (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 10.0.0.3
tcp dpt:3306
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain dmz-net (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:53 /* DNS */
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:53 /* DNS */
0 0 ACCEPT tcp -- * * 0.0.0.0/0
130.89.148.12 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0
195.20.242.89 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0
87.230.23.19 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0
198.199.77.106 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0
134.109.228.1 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0
212.211.132.250 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0
129.143.116.113 tcp dpt:80
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain dmz_frwd (1 references)
pkts bytes target prot opt in out source destination
0 0 dmz-all all -- * vmbr2 0.0.0.0/0
192.168.178.0/24
0 0 dmz-net all -- * eth0 0.0.0.0/0 0.0.0.0/0
0 0 dmz-net all -- * vmbr2 0.0.0.0/0 0.0.0.0/0
0 0 dmz-loc all -- * vmbr0 0.0.0.0/0 10.0.0.0/24
0 0 dmz-loc all -- * vmbr0 0.0.0.0/0 224.0.0.0/4
0 0 dmz-all all -- * tun+ 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * vmbr1 0.0.0.0/0 10.1.0.0/24
Chain dynamic (10 references)
pkts bytes target prot opt in out source destination
Chain fb-net (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 80,443 /* HTTP, HTTPS */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- * * 192.168.178.121 0.0.0.0/0
tcp dpt:5938
0 0 ACCEPT tcp -- * * 192.168.178.48 0.0.0.0/0
tcp dpt:5938
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain fb_frwd (1 references)
pkts bytes target prot opt in out source destination
0 0 fb-net all -- * eth0 0.0.0.0/0 0.0.0.0/0
0 0 fb-net all -- * vmbr2 0.0.0.0/0 0.0.0.0/0
0 0 all-all all -- * tun+ 0.0.0.0/0 0.0.0.0/0
0 0 ~comb0 all -- * vmbr1 0.0.0.0/0 10.1.0.0/24
0 0 ~comb0 all -- * vmbr1 0.0.0.0/0 224.0.0.0/4
Chain loc-net (2 references)
pkts bytes target prot opt in out source destination
144 14499 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
41 2316 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 80,443,143 /* HTTP, HTTPS, IMAP */
86 5296 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:53 /* DNS */
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:53 /* DNS */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain loc_frwd (1 references)
pkts bytes target prot opt in out source destination
206 18199 loc-net all -- * eth0 0.0.0.0/0 0.0.0.0/0
65 3912 loc-net all -- * vmbr2 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * vmbr0 0.0.0.0/0 10.0.0.0/24
0 0 all-all all -- * tun+ 0.0.0.0/0 0.0.0.0/0
0 0 ~comb0 all -- * vmbr1 0.0.0.0/0 10.1.0.0/24
0 0 ~comb0 all -- * vmbr1 0.0.0.0/0 224.0.0.0/4
Chain logdrop (0 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logflags (7 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 4 level 6 prefix "Shorewall:logflags:DROP:"
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logreject (0 references)
pkts bytes target prot opt in out source destination
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
Chain net-all (4 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 Drop all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix "Shorewall:net-all:DROP:"
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain net-dmz (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 143,25,80,443,465,587,993
0 0 DROP icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 8 /* Ping */
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 10.1.0.4
tcp dpt:25 limit: avg 5/sec burst 10
0 0 net-all all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain net-fw (2 references)
pkts bytes target prot opt in out source destination
8 1144 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:22
0 0 DROP icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 8 /* Ping */
0 0 net-all all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain net-loc (2 references)
pkts bytes target prot opt in out source destination
209 312K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID
0 0 DROP icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 8 /* Ping */
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 10.0.0.2
multiport dports 80,443 limit: avg 5/sec burst 10
0 0 net-all all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain net_frwd (2 references)
pkts bytes target prot opt in out source destination
0 0 ~comb2 all -- * vmbr2 0.0.0.0/0
192.168.178.0/24
0 0 ACCEPT all -- * eth0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * vmbr2 0.0.0.0/0 0.0.0.0/0
209 312K net-loc all -- * vmbr0 0.0.0.0/0 10.0.0.0/24
0 0 net-loc all -- * vmbr0 0.0.0.0/0 224.0.0.0/4
0 0 ~comb2 all -- * tun+ 0.0.0.0/0 0.0.0.0/0
0 0 net-dmz all -- * vmbr1 0.0.0.0/0 10.1.0.0/24
0 0 net-dmz all -- * vmbr1 0.0.0.0/0 224.0.0.0/4
Chain reject (19 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match src-type BROADCAST
0 0 DROP all -- * * 224.0.0.0/4 0.0.0.0/0
0 0 DROP 2 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with tcp-reset
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-port-unreachable
0 0 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-unreachable
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-prohibited
Chain sfilter (2 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix "Shorewall:sfilter:DROP:"
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain sha-lh-84e08b4e577470aa2970 (0 references)
pkts bytes target prot opt in out source destination
Chain sha-rh-1a7812a8b4ea32446117 (0 references)
pkts bytes target prot opt in out source destination
Chain shorewall (0 references)
pkts bytes target prot opt in out source destination
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0
recent: SET name: %CURRENTTIME side: source mask: 255.255.255.255
Chain smurflog (2 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix "Shorewall:smurfs:DROP:"
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain smurfs (6 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- * * 0.0.0.0 0.0.0.0/0
0 0 smurflog all -- * * 0.0.0.0/0 0.0.0.0/0
[goto] ADDRTYPE match src-type BROADCAST
0 0 smurflog all -- * * 224.0.0.0/4 0.0.0.0/0
[goto]
Chain tcpflags (12 references)
pkts bytes target prot opt in out source destination
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x3F/0x29
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x3F/0x00
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x06/0x06
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x05/0x05
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x03/0x03
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x19/0x09
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp spt:0 flags:0x17/0x02
Chain vpn-dmz (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 143,25,80,443,465,587,993
0 0 all-all all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain vpn-fw (1 references)
pkts bytes target prot opt in out source destination
0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
0 0 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:22
0 0 all-all all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain vpn_frwd (1 references)
pkts bytes target prot opt in out source destination
0 0 sfilter all -- * tun+ 0.0.0.0/0 0.0.0.0/0
[goto]
0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
0 0 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 all-all all -- * vmbr0 0.0.0.0/0 10.0.0.0/24
0 0 all-all all -- * vmbr0 0.0.0.0/0 224.0.0.0/4
0 0 vpn-dmz all -- * vmbr1 0.0.0.0/0 10.1.0.0/24
0 0 vpn-dmz all -- * vmbr1 0.0.0.0/0 224.0.0.0/4
Chain ~comb0 (4 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 143,25,80,443,465,587,993
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpts:2200:2299
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain ~comb1 (2 references)
pkts bytes target prot opt in out source destination
1352 139K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:2214
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:22
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:8006
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 443,5900:5999
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 8 /* Ping */
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 4505,4506
6 551 all-all all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain ~comb2 (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID
0 0 DROP icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 8 /* Ping */
0 0 net-all all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Log (/var/log/messages)
Apr 12 17:56:40 net-all:DROP:IN=eth0 OUT= SRC=79.77.31.179 DST=217.8.50.86
LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=8148 DF PROTO=TCP SPT=33355 DPT=23
WINDOW=5840 RES=0x00 SYN URGP=0 MARK=0x10000
Apr 12 17:56:41 net-all:DROP:IN=eth0 OUT= SRC=79.77.31.179 DST=217.8.50.86
LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=8149 DF PROTO=TCP SPT=33355 DPT=23
WINDOW=5840 RES=0x00 SYN URGP=0 MARK=0x10000
Apr 12 17:59:10 net-all:DROP:IN=eth0 OUT= SRC=189.205.45.66 DST=217.8.50.86
LEN=52 TOS=0x00 PREC=0x00 TTL=45 ID=52484 DF PROTO=TCP SPT=53154 DPT=23
WINDOW=14600 RES=0x00 SYN URGP=0 MARK=0x10000
Apr 12 17:59:13 net-all:DROP:IN=eth0 OUT= SRC=189.205.45.66 DST=217.8.50.86
LEN=52 TOS=0x00 PREC=0x00 TTL=45 ID=52485 DF PROTO=TCP SPT=53154 DPT=23
WINDOW=14600 RES=0x00 SYN URGP=0 MARK=0x10000
Apr 12 18:00:07 net-all:DROP:IN=eth0 OUT= SRC=124.113.226.94 DST=217.8.50.86
LEN=48 TOS=0x00 PREC=0x00 TTL=47 ID=28697 DF PROTO=TCP SPT=39284 DPT=23
WINDOW=14600 RES=0x00 SYN URGP=0 MARK=0x10000
Apr 12 18:00:08 net-all:DROP:IN=eth0 OUT= SRC=124.113.226.94 DST=217.8.50.86
LEN=48 TOS=0x00 PREC=0x00 TTL=47 ID=28698 DF PROTO=TCP SPT=39284 DPT=23
WINDOW=14600 RES=0x00 SYN URGP=0 MARK=0x10000
Apr 12 18:00:10 net-all:DROP:IN=eth0 OUT= SRC=124.113.226.94 DST=217.8.50.86
LEN=48 TOS=0x00 PREC=0x00 TTL=47 ID=28699 DF PROTO=TCP SPT=39284 DPT=23
WINDOW=14600 RES=0x00 SYN URGP=0 MARK=0x10000
Apr 12 18:00:15 net-all:DROP:IN=eth0 OUT= SRC=124.107.125.208 DST=217.8.50.86
LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=30172 DF PROTO=TCP SPT=37415 DPT=23
WINDOW=5808 RES=0x00 SYN URGP=0 MARK=0x10000
Apr 12 18:00:21 net-all:DROP:IN=eth0 OUT= SRC=124.107.125.208 DST=217.8.50.86
LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=30173 DF PROTO=TCP SPT=37415 DPT=23
WINDOW=5808 RES=0x00 SYN URGP=0 MARK=0x10000
Apr 12 18:21:30 net-all:DROP:IN=eth0 OUT= SRC=104.171.122.176 DST=217.8.50.86
LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=19790 PROTO=TCP SPT=58143 DPT=3389
WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x10000
Apr 12 18:26:15 net-all:DROP:IN=eth0 OUT= SRC=192.96.201.142 DST=217.8.50.86
LEN=439 TOS=0x00 PREC=0x00 TTL=49 ID=0 DF PROTO=UDP SPT=5126 DPT=5060 LEN=419
MARK=0x10000
Apr 12 18:26:51 net-all:DROP:IN=eth0 OUT= SRC=82.81.29.7 DST=217.8.50.86 LEN=52
TOS=0x00 PREC=0x00 TTL=50 ID=4663 DF PROTO=TCP SPT=57315 DPT=23 WINDOW=14600
RES=0x00 SYN URGP=0 MARK=0x10000
Apr 12 18:26:54 net-all:DROP:IN=eth0 OUT= SRC=82.81.29.7 DST=217.8.50.86 LEN=52
TOS=0x00 PREC=0x00 TTL=50 ID=4664 DF PROTO=TCP SPT=57315 DPT=23 WINDOW=14600
RES=0x00 SYN URGP=0 MARK=0x10000
Apr 12 18:50:19 net-all:DROP:IN=eth0 OUT= SRC=180.140.191.206 DST=217.8.50.86
LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=52129 DPT=8080
WINDOW=65535 RES=0x00 SYN URGP=0
Apr 12 19:07:59 all-all:REJECT:IN=vmbr2 OUT= SRC=192.168.178.48
DST=192.168.178.14 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=58814 DF PROTO=TCP
SPT=58074 DPT=9000 WINDOW=29200 RES=0x00 SYN URGP=0 MARK=0x20000
Apr 12 19:11:32 net-all:DROP:IN=eth0 OUT= SRC=114.31.6.250 DST=217.8.50.86
LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=16188 DF PROTO=TCP SPT=48039 DPT=23
WINDOW=5840 RES=0x00 SYN URGP=0 MARK=0x10000
Apr 12 19:11:33 net-all:DROP:IN=eth0 OUT= SRC=114.31.6.250 DST=217.8.50.86
LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=16189 DF PROTO=TCP SPT=48039 DPT=23
WINDOW=5840 RES=0x00 SYN URGP=0 MARK=0x10000
Apr 12 19:11:34 net-all:DROP:IN=eth0 OUT= SRC=114.31.6.250 DST=217.8.50.86
LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=16190 DF PROTO=TCP SPT=48039 DPT=23
WINDOW=5840 RES=0x00 SYN URGP=0 MARK=0x10000
Apr 12 19:13:11 net-all:DROP:IN=eth0 OUT= SRC=141.212.122.121 DST=217.8.50.86
LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=44472 DPT=995
WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x10000
Apr 12 19:13:11 net-all:DROP:IN=eth0 OUT= SRC=141.212.122.120 DST=217.8.50.86
LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=49644 DPT=995
WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x10000
NAT Table
Chain PREROUTING (policy ACCEPT 53 packets, 3130 bytes)
pkts bytes target prot opt in out source destination
0 0 UPnP all -- eth0 * 0.0.0.0/0 0.0.0.0/0
11 684 UPnP all -- vmbr2 * 0.0.0.0/0 0.0.0.0/0
11 684 RETURN all -- vmbr2 * 192.168.178.0/24 0.0.0.0/0
0 0 net_dnat all -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 net_dnat all -- vmbr2 * 0.0.0.0/0 0.0.0.0/0
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 15 packets, 1092 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 40 packets, 2602 bytes)
pkts bytes target prot opt in out source destination
22 1286 UMB_IF_masq all -- * eth0 0.0.0.0/0 0.0.0.0/0
Chain UMB_IF_masq (1 references)
pkts bytes target prot opt in out source destination
17 936 SNAT all -- * * 10.0.0.0/24 0.0.0.0/0
to:217.8.50.86
0 0 SNAT all -- * * 10.1.0.0/24 0.0.0.0/0
to:217.8.50.86
Chain UPnP (2 references)
pkts bytes target prot opt in out source destination
Chain net_dnat (2 references)
pkts bytes target prot opt in out source destination
0 0 DNAT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0
multiport dports 80,443 to:10.0.0.2
0 0 DNAT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0
tcp dpt:25 to:10.1.0.4
Mangle Table
Chain PREROUTING (policy ACCEPT 2256 packets, 618K bytes)
pkts bytes target prot opt in out source destination
2256 618K CONNMARK all -- * * 0.0.0.0/0 0.0.0.0/0
CONNMARK restore mask 0x30000
22 2620 routemark all -- eth0 * 0.0.0.0/0 0.0.0.0/0
mark match 0x0/0x30000
14 1113 routemark all -- vmbr2 * 0.0.0.0/0 0.0.0.0/0
mark match 0x0/0x30000
Chain INPUT (policy ACCEPT 1768 packets, 283K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 480 packets, 334K bytes)
pkts bytes target prot opt in out source destination
480 334K MARK all -- * * 0.0.0.0/0 0.0.0.0/0
MARK and 0xfffcffff
Chain OUTPUT (policy ACCEPT 1362 packets, 539K bytes)
pkts bytes target prot opt in out source destination
1362 539K CONNMARK all -- * * 0.0.0.0/0 0.0.0.0/0
CONNMARK restore mask 0x30000
Chain POSTROUTING (policy ACCEPT 1849 packets, 874K bytes)
pkts bytes target prot opt in out source destination
Chain routemark (2 references)
pkts bytes target prot opt in out source destination
22 2620 MARK all -- eth0 * 0.0.0.0/0 0.0.0.0/0
MARK xset 0x10000/0x30000
14 1113 MARK all -- vmbr2 * 0.0.0.0/0 0.0.0.0/0
MARK xset 0x20000/0x30000
36 3733 CONNMARK all -- * * 0.0.0.0/0 0.0.0.0/0
mark match ! 0x0/0x30000 CONNMARK save mask 0x30000
Raw Table
Chain PREROUTING (policy ACCEPT 2304 packets, 623K bytes)
pkts bytes target prot opt in out source destination
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:10080 CT helper amanda
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:21 CT helper ftp
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1719 CT helper RAS
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:1720 CT helper Q.931
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:6667 CT helper irc
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:137 CT helper netbios-ns
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:1723 CT helper pptp
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:6566 CT helper sane
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:5060 CT helper sip
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:161 CT helper snmp
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:69 CT helper tftp
Chain OUTPUT (policy ACCEPT 1384 packets, 553K bytes)
pkts bytes target prot opt in out source destination
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:10080 CT helper amanda
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:21 CT helper ftp
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1719 CT helper RAS
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:1720 CT helper Q.931
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:6667 CT helper irc
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:137 CT helper netbios-ns
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:1723 CT helper pptp
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:6566 CT helper sane
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:5060 CT helper sip
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:161 CT helper snmp
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:69 CT helper tftp
Conntrack Table (12 out of 262144)
tcp 6 431999 ESTABLISHED src=192.168.178.48 dst=192.168.178.14 sport=35368
dport=2214 src=192.168.178.14 dst=192.168.178.48 sport=2214 dport=35368
[ASSURED] mark=131072 use=1
udp 17 29 src=10.120.192.1 dst=255.255.255.255 sport=67 dport=68
[UNREPLIED] src=255.255.255.255 dst=10.120.192.1 sport=68 dport=67 mark=65536
use=1
tcp 6 16 SYN_SENT src=10.0.0.2 dst=107.191.106.50 sport=36678 dport=80
[UNREPLIED] src=107.191.106.50 dst=10.0.0.2 sport=80 dport=36678 mark=0 use=1
udp 17 16 src=192.168.178.14 dst=78.42.43.41 sport=47533 dport=53
src=78.42.43.41 dst=192.168.178.14 sport=53 dport=47533 mark=131072 use=1
tcp 6 427269 ESTABLISHED src=10.0.0.1 dst=10.0.0.2 sport=44614 dport=2200
src=10.0.0.2 dst=10.0.0.1 sport=2200 dport=44614 [ASSURED] mark=0 use=1
udp 17 18 src=10.0.0.2 dst=78.42.43.41 sport=56874 dport=53 [UNREPLIED]
src=78.42.43.41 dst=10.0.0.2 sport=53 dport=56874 mark=0 use=1
udp 17 18 src=10.0.0.2 dst=78.42.43.41 sport=60875 dport=53
src=78.42.43.41 dst=217.8.50.86 sport=53 dport=60875 mark=65536 use=1
udp 17 13 src=10.0.0.2 dst=82.212.62.41 sport=46404 dport=53
src=82.212.62.41 dst=217.8.50.86 sport=53 dport=46404 [ASSURED] mark=65536 use=1
tcp 6 431956 ESTABLISHED src=10.0.0.1 dst=10.0.0.2 sport=44370 dport=2200
src=10.0.0.2 dst=10.0.0.1 sport=2200 dport=44370 [ASSURED] mark=0 use=1
udp 17 0 src=10.1.0.1 dst=10.1.0.255 sport=123 dport=123 [UNREPLIED]
src=10.1.0.255 dst=10.1.0.1 sport=123 dport=123 mark=0 use=1
udp 17 16 src=217.8.50.86 dst=78.42.43.41 sport=43099 dport=53
src=78.42.43.41 dst=217.8.50.86 sport=53 dport=43099 mark=65536 use=1
udp 17 8 src=10.0.0.2 dst=78.42.43.41 sport=39152 dport=53 src=78.42.43.41
dst=217.8.50.86 sport=53 dport=39152 [ASSURED] mark=65536 use=1
IP Configuration
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
default
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
group default qlen 1000
inet 217.8.50.86/26 brd 255.255.255.255 scope global eth0
valid_lft forever preferred_lft forever
5: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
group default
inet 10.0.0.1/24 brd 10.0.0.255 scope global vmbr0
valid_lft forever preferred_lft forever
6: vmbr1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
group default
inet 10.1.0.1/24 brd 10.0.0.255 scope global vmbr1
valid_lft forever preferred_lft forever
7: vmbr2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
group default
inet 192.168.178.14/24 brd 192.168.178.255 scope global vmbr2
valid_lft forever preferred_lft forever
IP Stats
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode
DEFAULT group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
RX: bytes packets errors dropped overrun mcast
107464032 112463 0 0 0 0
TX: bytes packets errors dropped carrier collsns
107464032 112463 0 0 0 0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
mode DEFAULT group default qlen 1000
link/ether 74:d4:35:1a:f6:0f brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
1515383842 15540239 0 0 0 0
TX: bytes packets errors dropped carrier collsns
8955434 113552 0 0 0 0
3: eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast master
vmbr1 state DOWN mode DEFAULT group default qlen 1000
link/ether 00:15:17:91:9c:b8 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
0 0 0 0 0 0
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master
vmbr2 state UP mode DEFAULT group default qlen 1000
link/ether 00:15:17:91:9c:b9 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
296192291 1296313 0 0 0 158902
TX: bytes packets errors dropped carrier collsns
570411952 1128834 0 0 0 0
5: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
mode DEFAULT group default
link/ether fe:07:04:d6:d7:6a brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
11313589 140440 0 0 0 0
TX: bytes packets errors dropped carrier collsns
239101298 194781 0 0 0 0
6: vmbr1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
mode DEFAULT group default
link/ether 00:15:17:91:9c:b8 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
0 0 0 0 0 0
7: vmbr2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
mode DEFAULT group default
link/ether 00:15:17:91:9c:b9 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
168977735 1119930 0 291276 0 0
TX: bytes packets errors dropped carrier collsns
199453233 292637 0 0 0 0
10: tap121i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc
pfifo_fast master vmbr2 state UNKNOWN mode DEFAULT group default qlen 500
link/ether de:fc:9f:35:8c:05 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
361304333 769532 0 0 0 0
TX: bytes packets errors dropped carrier collsns
185144022 871114 0 0 0 0
20: veth100i0@if19: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
master vmbr0 state UP mode DEFAULT group default qlen 1000
link/ether fe:07:04:d6:d7:6a brd ff:ff:ff:ff:ff:ff link-netnsid 0
RX: bytes packets errors dropped overrun mcast
8484386 91852 0 0 0 0
TX: bytes packets errors dropped carrier collsns
140680379 116576 0 0 0 0
Bridges
bridge name bridge id STP enabled interfaces
vmbr0 8000.fe0704d6d76a no veth100i0
vmbr1 8000.001517919cb8 no eth1
vmbr2 8000.001517919cb9 no eth2
tap121i0
Routing Rules
0: from all lookup local
999: from all lookup main
1000: from 217.8.50.86 lookup um_business
1000: from 192.168.178.14 lookup um_private
10000: from all fwmark 0x10000/0x30000 lookup um_business
10001: from all fwmark 0x20000/0x30000 lookup um_private
11000: from 10.1.0.1 lookup um_business
20000: from 217.8.50.86 lookup um_business
20000: from 192.168.178.14 lookup um_private
32765: from all lookup balance
32767: from all lookup default
Table balance:
default nexthop via 217.8.50.65 dev eth0 weight 1 nexthop via 192.168.178.1 dev
vmbr2 weight 1
Table default:
Table local:
local 217.8.50.86 dev eth0 proto kernel scope host src 217.8.50.86
local 192.168.178.14 dev vmbr2 proto kernel scope host src 192.168.178.14
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
local 10.1.0.1 dev vmbr1 proto kernel scope host src 10.1.0.1
local 10.0.0.1 dev vmbr0 proto kernel scope host src 10.0.0.1
broadcast 217.8.50.64 dev eth0 proto kernel scope link src 217.8.50.86
broadcast 217.8.50.127 dev eth0 proto kernel scope link src 217.8.50.86
broadcast 192.168.178.255 dev vmbr2 proto kernel scope link src 192.168.178.14
broadcast 192.168.178.0 dev vmbr2 proto kernel scope link src 192.168.178.14
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1
broadcast 10.1.0.255 dev vmbr1 proto kernel scope link src 10.1.0.1 linkdown
broadcast 10.1.0.0 dev vmbr1 proto kernel scope link src 10.1.0.1 linkdown
broadcast 10.0.0.255 dev vmbr1 proto kernel scope link src 10.1.0.1 linkdown
broadcast 10.0.0.255 dev vmbr0 proto kernel scope link src 10.0.0.1
broadcast 10.0.0.0 dev vmbr0 proto kernel scope link src 10.0.0.1
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1
Table main:
217.8.50.65 dev eth0 scope link src 217.8.50.86
192.168.178.1 dev vmbr2 scope link src 192.168.178.14
217.8.50.64/26 dev eth0 proto kernel scope link src 217.8.50.86
192.168.178.0/24 dev vmbr2 proto kernel scope link src 192.168.178.14
10.1.0.0/24 dev vmbr1 proto kernel scope link src 10.1.0.1 linkdown
10.0.0.0/24 dev vmbr0 proto kernel scope link src 10.0.0.1
blackhole 192.168.0.0/16
blackhole 172.16.0.0/12
blackhole 10.0.0.0/8
Table um_business:
217.8.50.65 dev eth0 scope link src 217.8.50.86
default via 217.8.50.65 dev eth0 src 217.8.50.86
Table um_private:
192.168.178.1 dev vmbr2 scope link src 192.168.178.14
default via 192.168.178.1 dev vmbr2 src 192.168.178.14
Per-IP Counters
iptaccount is not installed
NF Accounting
Events
/proc
/proc/version = Linux version 4.2.8-1-pve (root@elsa) (gcc version 4.9.2
(Debian 4.9.2-10) ) #1 SMP Sat Mar 19 10:44:29 CET 2016
/proc/sys/net/ipv4/ip_forward = 1
/proc/sys/net/ipv4/icmp_echo_ignore_all = 0
/proc/sys/net/ipv4/conf/all/proxy_arp = 0
/proc/sys/net/ipv4/conf/all/arp_filter = 0
/proc/sys/net/ipv4/conf/all/arp_ignore = 0
/proc/sys/net/ipv4/conf/all/rp_filter = 0
/proc/sys/net/ipv4/conf/all/log_martians = 0
/proc/sys/net/ipv4/conf/default/proxy_arp = 0
/proc/sys/net/ipv4/conf/default/arp_filter = 0
/proc/sys/net/ipv4/conf/default/arp_ignore = 0
/proc/sys/net/ipv4/conf/default/rp_filter = 0
/proc/sys/net/ipv4/conf/default/log_martians = 1
/proc/sys/net/ipv4/conf/eth0/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth0/arp_filter = 0
/proc/sys/net/ipv4/conf/eth0/arp_ignore = 1
/proc/sys/net/ipv4/conf/eth0/rp_filter = 0
/proc/sys/net/ipv4/conf/eth0/log_martians = 1
/proc/sys/net/ipv4/conf/eth1/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth1/arp_filter = 0
/proc/sys/net/ipv4/conf/eth1/arp_ignore = 0
/proc/sys/net/ipv4/conf/eth1/rp_filter = 0
/proc/sys/net/ipv4/conf/eth1/log_martians = 1
/proc/sys/net/ipv4/conf/eth2/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth2/arp_filter = 0
/proc/sys/net/ipv4/conf/eth2/arp_ignore = 0
/proc/sys/net/ipv4/conf/eth2/rp_filter = 0
/proc/sys/net/ipv4/conf/eth2/log_martians = 1
/proc/sys/net/ipv4/conf/lo/proxy_arp = 0
/proc/sys/net/ipv4/conf/lo/arp_filter = 0
/proc/sys/net/ipv4/conf/lo/arp_ignore = 0
/proc/sys/net/ipv4/conf/lo/rp_filter = 0
/proc/sys/net/ipv4/conf/lo/log_martians = 1
/proc/sys/net/ipv4/conf/tap121i0/proxy_arp = 0
/proc/sys/net/ipv4/conf/tap121i0/arp_filter = 0
/proc/sys/net/ipv4/conf/tap121i0/arp_ignore = 0
/proc/sys/net/ipv4/conf/tap121i0/rp_filter = 0
/proc/sys/net/ipv4/conf/tap121i0/log_martians = 1
/proc/sys/net/ipv4/conf/veth100i0/proxy_arp = 0
/proc/sys/net/ipv4/conf/veth100i0/arp_filter = 0
/proc/sys/net/ipv4/conf/veth100i0/arp_ignore = 0
/proc/sys/net/ipv4/conf/veth100i0/rp_filter = 0
/proc/sys/net/ipv4/conf/veth100i0/log_martians = 1
/proc/sys/net/ipv4/conf/vmbr0/proxy_arp = 0
/proc/sys/net/ipv4/conf/vmbr0/arp_filter = 0
/proc/sys/net/ipv4/conf/vmbr0/arp_ignore = 0
/proc/sys/net/ipv4/conf/vmbr0/rp_filter = 1
/proc/sys/net/ipv4/conf/vmbr0/log_martians = 1
/proc/sys/net/ipv4/conf/vmbr1/proxy_arp = 0
/proc/sys/net/ipv4/conf/vmbr1/arp_filter = 0
/proc/sys/net/ipv4/conf/vmbr1/arp_ignore = 0
/proc/sys/net/ipv4/conf/vmbr1/rp_filter = 1
/proc/sys/net/ipv4/conf/vmbr1/log_martians = 1
/proc/sys/net/ipv4/conf/vmbr2/proxy_arp = 0
/proc/sys/net/ipv4/conf/vmbr2/arp_filter = 0
/proc/sys/net/ipv4/conf/vmbr2/arp_ignore = 1
/proc/sys/net/ipv4/conf/vmbr2/rp_filter = 0
/proc/sys/net/ipv4/conf/vmbr2/log_martians = 1
ARP
? (192.168.178.1) auf c8:0e:14:de:97:70 [ether] auf vmbr2
? (192.168.178.44) auf <unvollständig> auf vmbr2
? (192.168.178.53) auf <unvollständig> auf vmbr2
? (217.8.50.65) auf 00:01:5c:23:8e:01 [ether] auf eth0
? (10.1.0.4) auf <unvollständig> auf vmbr1
? (10.0.0.2) auf 66:37:62:61:62:62 [ether] auf vmbr0
? (192.168.178.48) auf 58:94:6b:a4:2a:cc [ether] auf vmbr2
Modules
ip_set 45056 2 ip_set_hash_ip,xt_set
ip_set_hash_ip 32768 0
iptable_filter 16384 1
iptable_mangle 16384 1
iptable_nat 16384 1
iptable_raw 16384 1
ip_tables 28672 4
iptable_filter,iptable_mangle,iptable_nat,iptable_raw
ipt_MASQUERADE 16384 0
ipt_REJECT 16384 4
ipt_rpfilter 16384 0
nf_conntrack 106496 32
nf_nat_ftp,nf_nat_irc,nf_nat_sip,nf_nat_amanda,xt_CT,nf_nat_snmp_basic,nf_conntrack_netbios_ns,nf_conntrack_proto_gre,xt_helper,nf_conntrack_proto_udplite,nf_nat,xt_connlimit,nf_nat_h323,nf_nat_ipv4,nf_nat_pptp,nf_nat_tftp,xt_conntrack,nf_conntrack_amanda,nf_nat_masquerade_ipv4,nf_conntrack_proto_sctp,nf_conntrack_netlink,nf_conntrack_broadcast,xt_connmark,nf_conntrack_ftp,nf_conntrack_irc,nf_conntrack_sip,nf_conntrack_h323,nf_conntrack_ipv4,nf_conntrack_pptp,nf_conntrack_sane,nf_conntrack_snmp,nf_conntrack_tftp
nf_conntrack_amanda 16384 3 nf_nat_amanda
nf_conntrack_broadcast 16384 2 nf_conntrack_netbios_ns,nf_conntrack_snmp
nf_conntrack_ftp 20480 3 nf_nat_ftp
nf_conntrack_h323 77824 5 nf_nat_h323
nf_conntrack_ipv4 20480 67
nf_conntrack_irc 16384 3 nf_nat_irc
nf_conntrack_netbios_ns 16384 2
nf_conntrack_netlink 36864 0
nf_conntrack_pptp 20480 3 nf_nat_pptp
nf_conntrack_proto_gre 16384 1 nf_conntrack_pptp
nf_conntrack_proto_sctp 20480 0
nf_conntrack_proto_udplite 16384 0
nf_conntrack_sane 16384 2
nf_conntrack_sip 28672 3 nf_nat_sip
nf_conntrack_snmp 16384 3 nf_nat_snmp_basic
nf_conntrack_tftp 16384 3 nf_nat_tftp
nf_defrag_ipv4 16384 2 xt_TPROXY,nf_conntrack_ipv4
nf_defrag_ipv6 36864 1 xt_TPROXY
nf_log_common 16384 1 nf_log_ipv4
nf_log_ipv4 16384 7
nf_nat 24576 11
nf_nat_ftp,nf_nat_irc,nf_nat_sip,nf_nat_amanda,nf_nat_proto_gre,nf_nat_h323,nf_nat_ipv4,nf_nat_pptp,nf_nat_tftp,xt_nat,nf_nat_masquerade_ipv4
nf_nat_amanda 16384 0
nf_nat_ftp 16384 0
nf_nat_h323 20480 0
nf_nat_ipv4 16384 1 iptable_nat
nf_nat_irc 16384 0
nf_nat_masquerade_ipv4 16384 1 ipt_MASQUERADE
nf_nat_pptp 16384 0
nf_nat_proto_gre 16384 1 nf_nat_pptp
nf_nat_sip 20480 0
nf_nat_snmp_basic 20480 0
nf_nat_tftp 16384 0
nf_reject_ipv4 16384 1 ipt_REJECT
xt_addrtype 16384 5
xt_AUDIT 16384 0
xt_CHECKSUM 16384 0
xt_CLASSIFY 16384 0
xt_comment 16384 27
xt_connlimit 16384 0
xt_connmark 16384 3
xt_conntrack 16384 41
xt_CT 16384 22
xt_dscp 16384 0
xt_DSCP 16384 0
xt_hashlimit 20480 0
xt_helper 16384 0
xt_iprange 16384 0
xt_length 16384 0
xt_limit 16384 2
xt_LOG 16384 7
xt_mark 16384 6
xt_multiport 16384 14
xt_nat 16384 4
xt_nfacct 16384 0
xt_NFLOG 16384 0
xt_NFQUEUE 16384 0
xt_owner 16384 0
xt_physdev 16384 0
xt_pkttype 16384 0
xt_policy 16384 0
xt_realm 16384 0
xt_recent 20480 1
xt_set 16384 0
xt_statistic 16384 0
xt_tcpmss 16384 0
xt_TCPMSS 16384 0
xt_tcpudp 16384 69
xt_time 16384 0
xt_TPROXY 20480 0
Shorewall has detected the following iptables/netfilter capabilities:
ACCOUNT Target (ACCOUNT_TARGET): Not available
Address Type Match (ADDRTYPE): Available
Amanda Helper: Available
Arptables JF (ARPTABLESJF): Not available
AUDIT Target (AUDIT_TARGET): Available
Basic Ematch (BASIC_EMATCH): Available
Basic Filter (BASIC_FILTER): Available
Capabilities Version (CAPVERSION): 50004
Checksum Target (CHECKSUM_TARGET): Available
CLASSIFY Target (CLASSIFY_TARGET): Available
Comments (COMMENTS): Available
Condition Match (CONDITION_MATCH): Not available
Connection Tracking Match (CONNTRACK_MATCH): Available
Connlimit Match (CONNLIMIT_MATCH): Available
Connmark Match (CONNMARK_MATCH): Available
CONNMARK Target (CONNMARK): Available
CT Target (CT_TARGET): Available
DSCP Match (DSCP_MATCH): Available
DSCP Target (DSCP_TARGET): Available
Enhanced Multi-port Match (EMULIPORT): Available
Extended Connection Tracking Match Support (NEW_CONNTRACK_MATCH): Available
Extended Connmark Match (XCONNMARK_MATCH): Available
Extended CONNMARK Target (XCONNMARK): Available
Extended MARK Target 2 (EXMARK): Available
Extended MARK Target (XMARK): Available
Extended Multi-port Match (XMULIPORT): Available
Extended REJECT (ENHANCED_REJECT): Available
FLOW Classifier (FLOW_FILTER): Available
FTP-0 Helper: Not available
FTP Helper: Available
fwmark route mask (FWMARK_RT_MASK): Available
Geo IP Match (GEOIP_MATCH): Not available
Goto Support (GOTO_TARGET): Available
H323 Helper: Available
Hashlimit Match (HASHLIMIT_MATCH): Available
Header Match (HEADER_MATCH): Not available
Helper Match (HELPER_MATCH): Available
Iface Match (IFACE_MATCH): Not available
IMQ Target (IMQ_TARGET): Not available
IPMARK Target (IPMARK_TARGET): Not available
IPP2P Match (IPP2P_MATCH): Not available
IP range Match(IPRANGE_MATCH): Available
Ipset Match Counters (IPSET_MATCH_COUNTERS): Available
Ipset Match (IPSET_MATCH): Available
Ipset Match Nomatch (IPSET_MATCH_NOMATCH): Available
ipset V5 (IPSET_V5): Available
iptables -S (IPTABLES_S): Available
iptables --wait option (WAIT_OPTION): Available
IRC-0 Helper: Not available
IRC Helper: Available
Kernel Version (KERNELVERSION): 40208
LOGMARK Target (LOGMARK_TARGET): Not available
LOG Target (LOG_TARGET): Available
Mangle FORWARD Chain (MANGLE_FORWARD): Available
Mark in the filter table (MARK_ANYWHERE): Available
MARK Target (MARK): Available
MASQUERADE Target (MASQUERADE_TGT): Available
Multi-port Match (MULTIPORT): Available
NAT (NAT_ENABLED): Available
Netbios_ns Helper: Available
New tos Match (NEW_TOS_MATCH): Available
NFAcct Match: Available
NFLOG Target (NFLOG_TARGET): Available
NFQUEUE Target (NFQUEUE_TARGET): Available
Owner Match (OWNER_MATCH): Available
Owner Name Match (OWNER_NAME_MATCH): Available
Packet length Match (LENGTH_MATCH): Available
Packet Mangling (MANGLE_ENABLED): Available
Packet Type Match (USEPKTTYPE): Available
Persistent SNAT (PERSISTENT_SNAT): Available
Physdev-is-bridged Support (PHYSDEV_BRIDGE): Available
Physdev Match (PHYSDEV_MATCH): Available
Policy Match (POLICY_MATCH): Available
PPTP Helper: Available
Rawpost Table (RAWPOST_TABLE): Not available
Raw Table (RAW_TABLE): Available
Realm Match (REALM_MATCH): Available
Recent Match "--reap" option (REAP_OPTION): Available
Recent Match (RECENT_MATCH): Available
Repeat match (KLUDGEFREE): Available
RPFilter Match (RPFILTER_MATCH): Available
SANE-0 Helper: Not available
SANE Helper: Available
SIP-0 Helper: Not available
SIP Helper: Available
SNMP Helper: Available
Statistic Match (STATISTIC_MATCH): Available
TARPIT Target (TARPIT_TARGET): Not available
TCPMSS Match (TCPMSS_MATCH): Available
TCPMSS Target (TCPMSS_TARGET): Available
TFTP-0 Helper: Not available
TFTP Helper: Available
Time Match (TIME_MATCH): Available
TPROXY Target (TPROXY_TARGET): Available
UDPLITE Port Redirection (UDPLITEREDIRECT): Not available
ULOG Target (ULOG_TARGET): Not available
Netid State Recv-Q Send-Q Local Address:Port Peer
Address:Port
udp UNCONN 0 0 *:799 *:*
users:(("rpcbind",pid=1059,fd=7))
udp UNCONN 0 0 127.0.0.1:895 *:*
users:(("rpc.statd",pid=1143,fd=5))
udp UNCONN 0 0 *:46241 *:*
users:(("rpc.statd",pid=1143,fd=8))
udp UNCONN 0 0 *:60489 *:*
users:(("systemd-timesyn",pid=494,fd=13))
udp UNCONN 0 0 *:23852 *:*
users:(("dhclient",pid=552,fd=20))
udp UNCONN 0 0 *:68 *:*
users:(("dhclient",pid=552,fd=6))
udp UNCONN 0 0 *:111 *:*
users:(("rpcbind",pid=1059,fd=6))
udp UNCONN 0 0 192.168.178.14:123 *:*
users:(("ntpd",pid=4032,fd=22))
udp UNCONN 0 0 10.1.0.1:123 *:*
users:(("ntpd",pid=4032,fd=21))
udp UNCONN 0 0 10.0.0.1:123 *:*
users:(("ntpd",pid=4032,fd=20))
udp UNCONN 0 0 217.8.50.86:123 *:*
users:(("ntpd",pid=4032,fd=19))
udp UNCONN 0 0 127.0.0.1:123 *:*
users:(("ntpd",pid=4032,fd=18))
udp UNCONN 0 0 *:123 *:*
users:(("ntpd",pid=4032,fd=16))
tcp LISTEN 0 128 *:3128 *:*
users:(("spiceproxy work",pid=8821,fd=6),("spiceproxy",pid=8820,fd=6))
tcp LISTEN 0 100 10.0.0.1:4505 *:*
users:(("salt-master",pid=1828,fd=14))
tcp LISTEN 0 100 127.0.0.1:25 *:*
users:(("master",pid=1595,fd=12))
tcp LISTEN 0 100 10.0.0.1:4506 *:*
users:(("salt-master",pid=1836,fd=22))
tcp LISTEN 0 128 *:57244 *:*
users:(("rpc.statd",pid=1143,fd=9))
tcp LISTEN 0 128 *:8006 *:*
users:(("pveproxy worker",pid=27451,fd=6),("pveproxy
worker",pid=24041,fd=6),("pveproxy
worker",pid=21022,fd=6),("pveproxy",pid=8805,fd=6))
tcp LISTEN 0 128 *:2214 *:*
users:(("sshd",pid=1229,fd=3))
tcp LISTEN 0 128 *:111 *:*
users:(("rpcbind",pid=1059,fd=8))
tcp LISTEN 0 5 127.0.0.1:7634 *:*
users:(("hddtemp",pid=1398,fd=0))
tcp LISTEN 0 128 127.0.0.1:85 *:*
users:(("pvedaemon worke",pid=18579,fd=6),("pvedaemon
worke",pid=11267,fd=6),("pvedaemon
worke",pid=7405,fd=6),("pvedaemon",pid=1807,fd=6))
tcp ESTAB 0 0 10.0.0.1:44614 10.0.0.2:2200
users:(("ssh",pid=10089,fd=3))
tcp ESTAB 0 0 192.168.178.14:2214
192.168.178.48:35368
users:(("sshd",pid=25823,fd=3),("sshd",pid=25816,fd=3))
tcp ESTAB 0 0 10.0.0.1:44370 10.0.0.2:2200
users:(("ssh",pid=22258,fd=3))
Traffic Control
Device eth0:
qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1
1 1
Sent 8484390 bytes 113552 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
Device eth1:
qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1
1 1
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
Device eth2:
qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1
1 1
Sent 565101576 bytes 1128834 pkt (dropped 0, overlimits 0 requeues 45)
backlog 0b 0p requeues 45
Device tap121i0:
qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1
1 1
Sent 185144022 bytes 871114 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
Device veth100i0:
qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1
1 1
Sent 142175741 bytes 139233 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
TC Filters
Device eth0:
Device eth1:
Device eth2:
Device tap121i0:
Device veth100i0:
------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
