Hello!
I have the following network architecture with
- 2 ISP
- 1 separate router (Fritz!Box)
- Shorewall running on Proxmox VE server
I can only access clients in subnet LAN (10.0.0.0/24) and DMZ
(10.1.0.0/24) from server 192.168.178.10 where Shorewall is running.
From any other server in subnet 192.168.178.0/24 the connection, e.g.
ssh, fails without any error message displayed.
On the router I have configured 2 static routes:
- network 10.0.0.0 / subnet mask 255.255.255.0 / gateway 192.168.178.10
- network 10.1.0.0 / subnet mask 255.255.255.0 / gateway 192.168.178.10
How can I troubleshoot this issue?
THX
Shorewall 5.0.7.2 Dump at pc4-svp - Sa 18. Jun 16:20:24 CEST 2016
Shorewall is running
State:Started (Sa 21. Mai 12:47:39 CEST 2016) from /etc/shorewall/
(/var/lib/shorewall/firewall compiled by Shorewall version 5.0.7.2)
Counters reset Sa 21. Mai 12:47:39 CEST 2016
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
417K 97M UMP_IF_in all -- vmbr2 * 0.0.0.0/0 0.0.0.0/0
3942K 1643M UMB_IF_in all -- eth0 * 0.0.0.0/0 0.0.0.0/0
52950 5287K INT_IF_in all -- vmbr0 * 0.0.0.0/0 0.0.0.0/0
0 0 vpn-fw all -- tun+ * 0.0.0.0/0 0.0.0.0/0
37123 2821K DMZ_IF_in all -- vmbr1 * 0.0.0.0/0 0.0.0.0/0
274K 144M ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix "Shorewall:INPUT:REJECT:"
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
4 240 UMP_IF_fwd all -- vmbr2 * 0.0.0.0/0 0.0.0.0/0
407K 580M UMB_IF_fwd all -- eth0 * 0.0.0.0/0 0.0.0.0/0
227K 12M INT_IF_fwd all -- vmbr0 * 0.0.0.0/0 0.0.0.0/0
0 0 vpn_frwd all -- tun+ * 0.0.0.0/0 0.0.0.0/0
0 0 DMZ_IF_fwd all -- vmbr1 * 0.0.0.0/0 0.0.0.0/0
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix "Shorewall:FORWARD:REJECT:"
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
239K 217M ACCEPT all -- * vmbr2 0.0.0.0/0 0.0.0.0/0
196K 12M ACCEPT all -- * eth0 0.0.0.0/0 0.0.0.0/0
58626 4484K INT_IF_out all -- * vmbr0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * tun+ 0.0.0.0/0 0.0.0.0/0
37123 2821K DMZ_IF_out all -- * vmbr1 0.0.0.0/0 0.0.0.0/0
274K 144M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain Broadcast (2 references)
pkts bytes target prot opt in out source destination
159K 17M DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type BROADCAST
19455 700K DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type MULTICAST
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type ANYCAST
Chain DMZ_IF_fwd (1 references)
pkts bytes target prot opt in out source destination
0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
0 0 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 dmz_frwd all -- * * 10.1.0.0/24 0.0.0.0/0
Chain DMZ_IF_in (1 references)
pkts bytes target prot opt in out source destination
37123 2821K dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:67:68
0 0 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp -- * * 0.0.0.0 0.0.0.0/0
udp dpts:67:68
37123 2821K dmz-fw all -- * * 10.1.0.0/24 0.0.0.0/0
Chain DMZ_IF_out (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:67:68
37123 2821K ACCEPT all -- * * 0.0.0.0/0 10.1.0.0/24
0 0 ACCEPT all -- * * 0.0.0.0/0
255.255.255.255
0 0 ACCEPT all -- * * 0.0.0.0/0 224.0.0.0/4
Chain Drop (1 references)
pkts bytes target prot opt in out source destination
38265 3713K all -- * * 0.0.0.0/0 0.0.0.0/0
38265 3713K Broadcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 3 code 4 /* Needed ICMP types */
30 2748 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 11 /* Needed ICMP types */
96 8417 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,445 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:137:139 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:137 dpts:1024:65535 /* SMB */
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,139,445 /* SMB */
29 2384 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1900 /* UPnP */
842 33840 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:!0x17/0x02
10 2895 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:53 /* Late DNS Replies */
Chain INT_IF_fwd (1 references)
pkts bytes target prot opt in out source destination
57074 2862K dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
169K 9275K tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
227K 12M loc_frwd all -- * * 10.0.0.0/24 0.0.0.0/0
Chain INT_IF_in (1 references)
pkts bytes target prot opt in out source destination
37136 2822K dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:67:68
15814 2465K tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp -- * * 0.0.0.0 0.0.0.0/0
udp dpts:67:68
52950 5287K ~comb1 all -- * * 10.0.0.0/24 0.0.0.0/0
Chain INT_IF_out (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:67:68
58626 4484K ACCEPT all -- * * 0.0.0.0/0 10.0.0.0/24
0 0 ACCEPT all -- * * 0.0.0.0/0
255.255.255.255
0 0 ACCEPT all -- * * 0.0.0.0/0 224.0.0.0/4
Chain Reject (10 references)
pkts bytes target prot opt in out source destination
178K 17M all -- * * 0.0.0.0/0 0.0.0.0/0
178K 17M Broadcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 3 code 4 /* Needed ICMP types */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 11 /* Needed ICMP types */
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,445 /* SMB */
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:137:139 /* SMB */
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:137 dpts:1024:65535 /* SMB */
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,139,445 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1900 /* UPnP */
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:!0x17/0x02
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:53 /* Late DNS Replies */
Chain UMB_IF_fwd (1 references)
pkts bytes target prot opt in out source destination
0 0 sfilter all -- * eth0 0.0.0.0/0 0.0.0.0/0
[goto]
1387 66964 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
1387 66964 smurfs all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
349K 573M tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
407K 580M net_frwd all -- * * 0.0.0.0/0 0.0.0.0/0
Chain UMB_IF_in (1 references)
pkts bytes target prot opt in out source destination
3653K 1302M dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
3653K 1302M smurfs all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
3612K 1298M ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:67:68
239K 332M tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
330K 345M net-fw all -- * * 0.0.0.0/0 0.0.0.0/0
Chain UMP_IF_fwd (1 references)
pkts bytes target prot opt in out source destination
4 240 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
4 240 smurfs all -- * * 192.168.178.0/24 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
4 240 smurfs all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
4 240 tcpflags tcp -- * * 192.168.178.0/24 0.0.0.0/0
4 240 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
4 240 fb_frwd all -- * * 192.168.178.0/24 0.0.0.0/0
4 240 net_frwd all -- * * 0.0.0.0/0 0.0.0.0/0
Chain UMP_IF_in (1 references)
pkts bytes target prot opt in out source destination
109K 12M dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
108K 12M smurfs all -- * * 192.168.178.0/24 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
109K 12M smurfs all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
310K 85M tcpflags tcp -- * * 192.168.178.0/24 0.0.0.0/0
310K 85M tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
416K 97M ~comb1 all -- * * 192.168.178.0/24 0.0.0.0/0
1194 415K net-fw all -- * * 0.0.0.0/0 0.0.0.0/0
Chain all-all (9 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
141K 15M Reject all -- * * 0.0.0.0/0 0.0.0.0/0
664 39756 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix "Shorewall:all-all:REJECT:"
664 39756 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain dmz-all (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain dmz-fw (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:22
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 4505,4506
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
37123 2821K Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain dmz-loc (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 10.0.0.3
tcp dpt:3306
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain dmz-net (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:53 /* DNS */
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:53 /* DNS */
0 0 ACCEPT tcp -- * * 0.0.0.0/0
130.89.148.12 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0
195.20.242.89 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0
87.230.23.19 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0
198.199.77.106 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0
134.109.228.1 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0
212.211.132.250 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0
129.143.116.113 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:11371
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:11371
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain dmz_frwd (1 references)
pkts bytes target prot opt in out source destination
0 0 dmz-all all -- * vmbr2 0.0.0.0/0
192.168.178.0/24
0 0 dmz-net all -- * eth0 0.0.0.0/0 0.0.0.0/0
0 0 dmz-net all -- * vmbr2 0.0.0.0/0 0.0.0.0/0
0 0 dmz-loc all -- * vmbr0 0.0.0.0/0 10.0.0.0/24
0 0 dmz-loc all -- * vmbr0 0.0.0.0/0 224.0.0.0/4
0 0 dmz-all all -- * tun+ 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * vmbr1 0.0.0.0/0 10.1.0.0/24
Chain dynamic (10 references)
pkts bytes target prot opt in out source destination
Chain fb-net (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 80,443 /* HTTP, HTTPS */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- * * 192.168.178.121 0.0.0.0/0
tcp dpt:5938
0 0 ACCEPT tcp -- * * 192.168.178.48 0.0.0.0/0
tcp dpt:5938
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:11371
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:11371
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain fb_frwd (1 references)
pkts bytes target prot opt in out source destination
0 0 fb-net all -- * eth0 0.0.0.0/0 0.0.0.0/0
0 0 fb-net all -- * vmbr2 0.0.0.0/0 0.0.0.0/0
0 0 all-all all -- * tun+ 0.0.0.0/0 0.0.0.0/0
0 0 ~comb0 all -- * vmbr1 0.0.0.0/0 10.1.0.0/24
0 0 ~comb0 all -- * vmbr1 0.0.0.0/0 224.0.0.0/4
Chain loc-net (2 references)
pkts bytes target prot opt in out source destination
170K 9336K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
459 27540 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 80,443,143 /* HTTP, HTTPS, IMAP */
56614 2834K ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:53 /* DNS */
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:53 /* DNS */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
1 60 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:11371
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:11371
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain loc_frwd (1 references)
pkts bytes target prot opt in out source destination
227K 12M loc-net all -- * eth0 0.0.0.0/0 0.0.0.0/0
0 0 loc-net all -- * vmbr2 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * vmbr0 0.0.0.0/0 10.0.0.0/24
0 0 all-all all -- * tun+ 0.0.0.0/0 0.0.0.0/0
0 0 ~comb0 all -- * vmbr1 0.0.0.0/0 10.1.0.0/24
0 0 ~comb0 all -- * vmbr1 0.0.0.0/0 224.0.0.0/4
Chain logdrop (0 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logflags (7 references)
pkts bytes target prot opt in out source destination
8 480 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 4 level 6 prefix "Shorewall:logflags:DROP:"
8 480 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logreject (0 references)
pkts bytes target prot opt in out source destination
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
Chain net-all (4 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
38265 3713K Drop all -- * * 0.0.0.0/0 0.0.0.0/0
36064 3247K LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix "Shorewall:net-all:DROP:"
36064 3247K DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain net-dmz (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID
203 9528 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 143,25,80,443,465,587,993
0 0 DROP icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 8 /* Ping */
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 10.1.0.4
tcp dpt:25 limit: avg 5/sec burst 10
0 0 net-all all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain net-fw (2 references)
pkts bytes target prot opt in out source destination
289K 342M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
1987 87352 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID
921 42960 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:22
454 21155 DROP icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 8 /* Ping */
38261 3713K net-all all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain net-loc (2 references)
pkts bytes target prot opt in out source destination
406K 580M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID
0 0 DROP icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 8 /* Ping */
1184 57436 ACCEPT tcp -- eth0 * 0.0.0.0/0 10.0.0.2
multiport dports 80,443 limit: avg 5/sec burst 10
4 240 net-all all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain net_frwd (2 references)
pkts bytes target prot opt in out source destination
0 0 ~comb2 all -- * vmbr2 0.0.0.0/0
192.168.178.0/24
0 0 ACCEPT all -- * eth0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * vmbr2 0.0.0.0/0 0.0.0.0/0
407K 580M net-loc all -- * vmbr0 0.0.0.0/0 10.0.0.0/24
0 0 net-loc all -- * vmbr0 0.0.0.0/0 224.0.0.0/4
0 0 ~comb2 all -- * tun+ 0.0.0.0/0 0.0.0.0/0
203 9528 net-dmz all -- * vmbr1 0.0.0.0/0 10.1.0.0/24
0 0 net-dmz all -- * vmbr1 0.0.0.0/0 224.0.0.0/4
Chain reject (19 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match src-type BROADCAST
0 0 DROP all -- * * 224.0.0.0/4 0.0.0.0/0
0 0 DROP 2 -- * * 0.0.0.0/0 0.0.0.0/0
1586 82776 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with tcp-reset
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-port-unreachable
0 0 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-unreachable
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-prohibited
Chain sfilter (2 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix "Shorewall:sfilter:DROP:"
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain sha-lh-67289397ce1ff24538d3 (0 references)
pkts bytes target prot opt in out source destination
Chain sha-rh-a548bd405956095b166d (0 references)
pkts bytes target prot opt in out source destination
Chain shorewall (0 references)
pkts bytes target prot opt in out source destination
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0
recent: SET name: %CURRENTTIME side: source mask: 255.255.255.255
Chain smurflog (2 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix "Shorewall:smurfs:DROP:"
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain smurfs (6 references)
pkts bytes target prot opt in out source destination
1194 415K RETURN all -- * * 0.0.0.0 0.0.0.0/0
0 0 smurflog all -- * * 0.0.0.0/0 0.0.0.0/0
[goto] ADDRTYPE match src-type BROADCAST
0 0 smurflog all -- * * 224.0.0.0/4 0.0.0.0/0
[goto]
Chain tcpflags (12 references)
pkts bytes target prot opt in out source destination
8 480 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x3F/0x29
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x3F/0x00
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x06/0x06
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x05/0x05
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x03/0x03
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x19/0x09
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp spt:0 flags:0x17/0x02
Chain vpn-dmz (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 143,25,80,443,465,587,993
0 0 all-all all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain vpn-fw (1 references)
pkts bytes target prot opt in out source destination
0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
0 0 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:22
0 0 all-all all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain vpn-net (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:11371
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:11371
0 0 all-all all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain vpn_frwd (1 references)
pkts bytes target prot opt in out source destination
0 0 sfilter all -- * tun+ 0.0.0.0/0 0.0.0.0/0
[goto]
0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
0 0 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 all-all all -- * vmbr2 0.0.0.0/0
192.168.178.0/24
0 0 vpn-net all -- * eth0 0.0.0.0/0 0.0.0.0/0
0 0 vpn-net all -- * vmbr2 0.0.0.0/0 0.0.0.0/0
0 0 all-all all -- * vmbr0 0.0.0.0/0 10.0.0.0/24
0 0 all-all all -- * vmbr0 0.0.0.0/0 224.0.0.0/4
0 0 vpn-dmz all -- * vmbr1 0.0.0.0/0 10.1.0.0/24
0 0 vpn-dmz all -- * vmbr1 0.0.0.0/0 224.0.0.0/4
Chain ~comb0 (4 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 143,25,80,443,465,587,993
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpts:2200:2299
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain ~comb1 (2 references)
pkts bytes target prot opt in out source destination
324K 87M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
13 780 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:2214
1 60 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:22
3757 225K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:8006
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 443,5900:5999
1 60 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 8 /* Ping */
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 4505,4506
141K 15M all-all all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain ~comb2 (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID
0 0 DROP icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 8 /* Ping */
0 0 net-all all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Log (/var/log/messages)
Jun 18 15:18:02 net-all:DROP:IN=eth0 OUT= SRC=220.136.43.29 DST=217.8.50.86
LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=24516 DF PROTO=TCP SPT=48985 DPT=23
WINDOW=14600 RES=0x00 SYN URGP=0 MARK=0x10000
Jun 18 15:22:42 net-all:DROP:IN=eth0 OUT= SRC=181.49.164.20 DST=217.8.50.86
LEN=52 TOS=0x00 PREC=0x00 TTL=108 ID=11583 DF PROTO=TCP SPT=39970 DPT=1433
WINDOW=8192 RES=0x00 SYN URGP=0 MARK=0x10000
Jun 18 15:23:53 net-all:DROP:IN=eth0 OUT= SRC=121.175.60.162 DST=217.8.50.86
LEN=58 TOS=0x00 PREC=0x00 TTL=114 ID=25563 DF PROTO=UDP SPT=18332 DPT=24016
LEN=38 MARK=0x10000
Jun 18 15:24:01 net-all:DROP:IN=eth0 OUT= SRC=190.66.58.74 DST=217.8.50.86
LEN=56 TOS=0x00 PREC=0x20 TTL=48 ID=26659 DF PROTO=TCP SPT=56130 DPT=23
WINDOW=5440 RES=0x00 SYN URGP=0 MARK=0x10000
Jun 18 15:24:45 net-all:DROP:IN=eth0 OUT= SRC=185.93.185.235 DST=217.8.50.86
LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=13055 PROTO=TCP SPT=56161 DPT=4000
WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x10000
Jun 18 15:25:47 net-all:DROP:IN=eth0 OUT= SRC=191.250.32.182 DST=217.8.50.86
LEN=52 TOS=0x00 PREC=0x00 TTL=47 ID=39486 DF PROTO=TCP SPT=60503 DPT=23
WINDOW=14600 RES=0x00 SYN URGP=0 MARK=0x10000
Jun 18 15:27:25 net-all:DROP:IN=eth0 OUT= SRC=212.122.95.211 DST=217.8.50.86
LEN=56 TOS=0x00 PREC=0x00 TTL=54 ID=38290 DF PROTO=TCP SPT=47185 DPT=23
WINDOW=5840 RES=0x00 SYN URGP=0 MARK=0x10000
Jun 18 15:32:13 net-all:DROP:IN=eth0 OUT= SRC=78.131.201.61 DST=217.8.50.86
LEN=29 TOS=0x00 PREC=0x00 TTL=54 ID=21421 DF PROTO=UDP SPT=55800 DPT=53413
LEN=9 MARK=0x10000
Jun 18 15:37:24 net-all:DROP:IN=eth0 OUT= SRC=189.207.159.185 DST=217.8.50.86
LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=14374 DF PROTO=TCP SPT=51599 DPT=23
WINDOW=14600 RES=0x00 SYN URGP=0 MARK=0x10000
Jun 18 15:39:22 net-all:DROP:IN=eth0 OUT= SRC=96.93.104.179 DST=217.8.50.86
LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=29324 DF PROTO=TCP SPT=63460 DPT=3389
WINDOW=8192 RES=0x00 SYN URGP=0 MARK=0x10000
Jun 18 15:39:25 net-all:DROP:IN=eth0 OUT= SRC=96.93.104.179 DST=217.8.50.86
LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=30486 DF PROTO=TCP SPT=63460 DPT=3389
WINDOW=8192 RES=0x00 SYN URGP=0 MARK=0x10000
Jun 18 15:45:40 net-all:DROP:IN=eth0 OUT= SRC=66.240.219.146 DST=217.8.50.86
LEN=40 TOS=0x10 PREC=0x00 TTL=113 ID=48134 PROTO=TCP SPT=20012 DPT=8889
WINDOW=42302 RES=0x00 SYN URGP=0 MARK=0x10000
Jun 18 15:48:18 net-all:DROP:IN=eth0 OUT= SRC=97.104.217.186 DST=217.8.50.86
LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=56961 DF PROTO=TCP SPT=59755 DPT=23
WINDOW=14600 RES=0x00 SYN URGP=0 MARK=0x10000
Jun 18 15:51:23 net-all:DROP:IN=eth0 OUT= SRC=179.176.172.37 DST=217.8.50.86
LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=56855 DF PROTO=TCP SPT=47900 DPT=23
WINDOW=5840 RES=0x00 SYN URGP=0 MARK=0x10000
Jun 18 15:55:44 net-all:DROP:IN=eth0 OUT= SRC=177.18.44.39 DST=217.8.50.86
LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=19157 DF PROTO=TCP SPT=51550 DPT=23
WINDOW=5840 RES=0x00 SYN URGP=0 MARK=0x10000
Jun 18 16:00:38 net-all:DROP:IN=eth0 OUT= SRC=49.205.148.34 DST=217.8.50.86
LEN=60 TOS=0x00 PREC=0x20 TTL=50 ID=20939 DF PROTO=TCP SPT=4963 DPT=23
WINDOW=5808 RES=0x00 SYN URGP=0 MARK=0x10000
Jun 18 16:05:12 net-all:DROP:IN=eth0 OUT= SRC=221.130.61.245 DST=217.8.50.86
LEN=52 TOS=0x04 PREC=0x00 TTL=47 ID=47644 DF PROTO=TCP SPT=35638 DPT=23
WINDOW=14600 RES=0x00 SYN URGP=0 MARK=0x10000
Jun 18 16:06:30 net-all:DROP:IN=eth0 OUT= SRC=176.41.147.211 DST=217.8.50.86
LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=65444 DF PROTO=TCP SPT=58918 DPT=23
WINDOW=14600 RES=0x00 SYN URGP=0 MARK=0x10000
Jun 18 16:07:23 net-all:DROP:IN=eth0 OUT= SRC=117.206.71.202 DST=217.8.50.86
LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=2962 DF PROTO=TCP SPT=49486 DPT=23
WINDOW=5840 RES=0x00 SYN URGP=0 MARK=0x10000
Jun 18 16:18:29 net-all:DROP:IN=eth0 OUT= SRC=201.53.212.109 DST=217.8.50.86
LEN=29 TOS=0x00 PREC=0x00 TTL=49 ID=50397 DF PROTO=UDP SPT=44480 DPT=53413
LEN=9 MARK=0x10000
NAT Table
Chain PREROUTING (policy ACCEPT 11 packets, 1124 bytes)
pkts bytes target prot opt in out source destination
40171 3660K UPnP all -- eth0 * 0.0.0.0/0 0.0.0.0/0
295K 21M UPnP all -- vmbr2 * 0.0.0.0/0 0.0.0.0/0
292K 21M RETURN all -- vmbr2 * 192.168.178.0/24 0.0.0.0/0
40171 3660K net_dnat all -- eth0 * 0.0.0.0/0 0.0.0.0/0
2317 503K net_dnat all -- vmbr2 * 0.0.0.0/0 0.0.0.0/0
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 2 packets, 140 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 2 packets, 140 bytes)
pkts bytes target prot opt in out source destination
130K 8136K UMB_IF_masq all -- * eth0 0.0.0.0/0 0.0.0.0/0
Chain UMB_IF_masq (1 references)
pkts bytes target prot opt in out source destination
45702 2292K SNAT all -- * * 10.0.0.0/24 0.0.0.0/0
to:217.8.50.86
0 0 SNAT all -- * * 10.1.0.0/24 0.0.0.0/0
to:217.8.50.86
Chain UPnP (2 references)
pkts bytes target prot opt in out source destination
Chain net_dnat (2 references)
pkts bytes target prot opt in out source destination
941 43260 DNAT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0
multiport dports 80,443 to:10.0.0.2
142 6424 DNAT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0
tcp dpt:25 to:10.1.0.4
Mangle Table
Chain PREROUTING (policy ACCEPT 489 packets, 110K bytes)
pkts bytes target prot opt in out source destination
5543K 2494M CONNMARK all -- * * 0.0.0.0/0 0.0.0.0/0
CONNMARK restore mask 0x30000
171K 21M routemark all -- eth0 * 0.0.0.0/0 0.0.0.0/0
mark match 0x0/0x30000
297K 22M routemark all -- vmbr2 * 0.0.0.0/0 0.0.0.0/0
mark match 0x0/0x30000
Chain INPUT (policy ACCEPT 469 packets, 108K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 20 packets, 1750 bytes)
pkts bytes target prot opt in out source destination
634K 592M MARK all -- * * 0.0.0.0/0 0.0.0.0/0
MARK and 0xfffcffff
Chain OUTPUT (policy ACCEPT 183 packets, 116K bytes)
pkts bytes target prot opt in out source destination
804K 380M CONNMARK all -- * * 0.0.0.0/0 0.0.0.0/0
CONNMARK restore mask 0x30000
Chain POSTROUTING (policy ACCEPT 203 packets, 118K bytes)
pkts bytes target prot opt in out source destination
Chain routemark (2 references)
pkts bytes target prot opt in out source destination
171K 21M MARK all -- eth0 * 0.0.0.0/0 0.0.0.0/0
MARK xset 0x10000/0x30000
297K 22M MARK all -- vmbr2 * 0.0.0.0/0 0.0.0.0/0
MARK xset 0x20000/0x30000
468K 43M CONNMARK all -- * * 0.0.0.0/0 0.0.0.0/0
mark match ! 0x0/0x30000 CONNMARK save mask 0x30000
Raw Table
Chain PREROUTING (policy ACCEPT 489 packets, 110K bytes)
pkts bytes target prot opt in out source destination
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:10080 CT helper amanda
69 3252 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:21 CT helper ftp
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1719 CT helper RAS
2 88 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:1720 CT helper Q.931
2 80 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:6667 CT helper irc
48940 3901K CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:137 CT helper netbios-ns
62 2492 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:1723 CT helper pptp
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:6566 CT helper sane
1793 788K CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:5060 CT helper sip
102 8297 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:161 CT helper snmp
40 1719 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:69 CT helper tftp
Chain OUTPUT (policy ACCEPT 182 packets, 115K bytes)
pkts bytes target prot opt in out source destination
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:10080 CT helper amanda
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:21 CT helper ftp
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1719 CT helper RAS
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:1720 CT helper Q.931
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:6667 CT helper irc
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:137 CT helper netbios-ns
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:1723 CT helper pptp
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:6566 CT helper sane
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:5060 CT helper sip
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:161 CT helper snmp
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:69 CT helper tftp
Conntrack Table (17 out of 262144)
udp 17 5 src=10.0.0.253 dst=78.42.43.41 sport=40156 dport=53
src=78.42.43.41 dst=217.8.50.86 sport=53 dport=40156 mark=65536 use=1
udp 17 11 src=217.8.50.86 dst=78.42.43.41 sport=57374 dport=53
src=78.42.43.41 dst=217.8.50.86 sport=53 dport=57374 mark=65536 use=1
udp 17 26 src=10.0.0.252 dst=78.42.43.41 sport=58821 dport=53
src=78.42.43.41 dst=217.8.50.86 sport=53 dport=58821 mark=65536 use=1
udp 17 25 src=10.0.0.2 dst=78.42.43.41 sport=36245 dport=53
src=78.42.43.41 dst=217.8.50.86 sport=53 dport=36245 [ASSURED] mark=65536 use=1
udp 17 26 src=10.0.0.252 dst=78.42.43.41 sport=47997 dport=53
src=78.42.43.41 dst=217.8.50.86 sport=53 dport=47997 mark=65536 use=1
udp 17 175 src=10.0.0.2 dst=78.42.43.41 sport=60987 dport=53
src=78.42.43.41 dst=217.8.50.86 sport=53 dport=60987 [ASSURED] mark=65536 use=1
udp 17 5 src=10.0.0.253 dst=78.42.43.41 sport=48612 dport=53
src=78.42.43.41 dst=217.8.50.86 sport=53 dport=48612 mark=65536 use=1
tcp 6 430380 ESTABLISHED src=10.0.0.1 dst=10.0.0.2 sport=56468 dport=2202
src=10.0.0.2 dst=10.0.0.1 sport=2202 dport=56468 [ASSURED] mark=0 use=1
tcp 6 428807 ESTABLISHED src=10.0.0.1 dst=10.0.0.253 sport=60490
dport=22253 src=10.0.0.253 dst=10.0.0.1 sport=22253 dport=60490 [ASSURED]
mark=0 use=1
udp 17 55 src=10.0.0.2 dst=78.42.43.41 sport=49439 dport=53
src=78.42.43.41 dst=217.8.50.86 sport=53 dport=49439 [ASSURED] mark=65536 use=1
udp 17 115 src=10.0.0.2 dst=78.42.43.41 sport=59870 dport=53
src=78.42.43.41 dst=217.8.50.86 sport=53 dport=59870 [ASSURED] mark=65536 use=1
udp 17 29 src=10.120.192.1 dst=255.255.255.255 sport=67 dport=68
[UNREPLIED] src=255.255.255.255 dst=10.120.192.1 sport=68 dport=67 mark=65536
use=1
udp 17 11 src=217.8.50.86 dst=78.42.43.41 sport=33961 dport=53
src=78.42.43.41 dst=217.8.50.86 sport=53 dport=33961 mark=65536 use=1
udp 17 85 src=10.0.0.2 dst=78.42.43.41 sport=49142 dport=53
src=78.42.43.41 dst=217.8.50.86 sport=53 dport=49142 [ASSURED] mark=65536 use=1
udp 17 145 src=10.0.0.2 dst=78.42.43.41 sport=52397 dport=53
src=78.42.43.41 dst=217.8.50.86 sport=53 dport=52397 [ASSURED] mark=65536 use=1
tcp 6 430413 ESTABLISHED src=10.0.0.1 dst=10.0.0.252 sport=56160
dport=22252 src=10.0.0.252 dst=10.0.0.1 sport=22252 dport=56160 [ASSURED]
mark=0 use=1
tcp 6 431999 ESTABLISHED src=192.168.178.49 dst=192.168.178.10 sport=55876
dport=2214 src=192.168.178.10 dst=192.168.178.49 sport=2214 dport=55876
[ASSURED] mark=131072 use=1
IP Configuration
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
default qlen 1
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
group default qlen 1000
inet 217.8.50.86/26 brd 255.255.255.255 scope global eth0
valid_lft forever preferred_lft forever
5: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
group default qlen 1000
inet 10.0.0.1/24 brd 10.0.0.255 scope global vmbr0
valid_lft forever preferred_lft forever
6: vmbr1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
group default qlen 1000
inet 10.1.0.1/24 brd 10.0.0.255 scope global vmbr1
valid_lft forever preferred_lft forever
7: vmbr2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
group default qlen 1000
inet 192.168.178.10/24 brd 192.168.178.255 scope global vmbr2
valid_lft forever preferred_lft forever
IP Stats
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode
DEFAULT group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
RX: bytes packets errors dropped overrun mcast
143987630 273743 0 0 0 0
TX: bytes packets errors dropped carrier collsns
143987630 273743 0 0 0 0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
mode DEFAULT group default qlen 1000
link/ether 74:d4:35:1a:f6:0f brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
8197327911 96457480 1078 0 0 0
TX: bytes packets errors dropped carrier collsns
32250877 426239 0 0 0 0
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master
vmbr2 state UP mode DEFAULT group default qlen 1000
link/ether 00:15:17:91:9c:b8 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
4199732058 6081909 0 2 0 679451
TX: bytes packets errors dropped carrier collsns
1456634390 4327761 0 0 0 0
4: eth2: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast master
vmbr1 state DOWN mode DEFAULT group default qlen 1000
link/ether 00:15:17:91:9c:b9 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
0 0 0 0 0 0
5: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
mode DEFAULT group default qlen 1000
link/ether fe:03:ad:be:e0:9b brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
15493283 272362 0 0 0 0
TX: bytes packets errors dropped carrier collsns
592464713 496692 0 0 0 0
6: vmbr1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
mode DEFAULT group default qlen 1000
link/ether 00:15:17:91:9c:b9 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
0 0 0 0 0 0
7: vmbr2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
mode DEFAULT group default qlen 1000
link/ether 00:15:17:91:9c:b8 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
376818502 3042405 0 1220254 0 0
TX: bytes packets errors dropped carrier collsns
220525955 242699 0 0 0 0
18: tap123i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc
pfifo_fast master vmbr2 state UNKNOWN mode DEFAULT group default qlen 1000
link/ether c2:de:fd:4f:7e:70 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
132576298 835804 0 0 0 0
TX: bytes packets errors dropped carrier collsns
1210900165 3201110 0 0 0 0
19: tap121i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc
pfifo_fast master vmbr2 state UNKNOWN mode DEFAULT group default qlen 1000
link/ether ea:7f:f7:d0:d8:fb brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
186969057 1063522 0 0 0 0
TX: bytes packets errors dropped carrier collsns
382875588 1689926 0 0 0 0
25: veth102i0@if24: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
master vmbr0 state UP mode DEFAULT group default qlen 1000
link/ether fe:03:ad:be:e0:9b brd ff:ff:ff:ff:ff:ff link-netnsid 0
RX: bytes packets errors dropped overrun mcast
3686951 57989 0 0 0 0
TX: bytes packets errors dropped carrier collsns
82434294 87570 0 0 0 0
27: veth101i0@if26: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
master vmbr0 state UP mode DEFAULT group default qlen 1000
link/ether fe:59:8e:51:59:6f brd ff:ff:ff:ff:ff:ff link-netnsid 1
RX: bytes packets errors dropped overrun mcast
3564337 56979 0 0 0 0
TX: bytes packets errors dropped carrier collsns
82359506 86803 0 0 0 0
31: veth100i0@if30: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
master vmbr0 state UP mode DEFAULT group default qlen 1000
link/ether fe:73:e2:f2:bf:cd brd ff:ff:ff:ff:ff:ff link-netnsid 2
RX: bytes packets errors dropped overrun mcast
3297693 49887 0 0 0 0
TX: bytes packets errors dropped carrier collsns
77448868 78319 0 0 0 0
Bridges
bridge name bridge id STP enabled interfaces
vmbr0 8000.fe03adbee09b no veth100i0
veth101i0
veth102i0
vmbr1 8000.001517919cb9 no eth2
vmbr2 8000.001517919cb8 no eth1
tap121i0
tap123i0
Routing Rules
0: from all lookup local
999: from all lookup main
1000: from 217.8.50.86 lookup um_business
1000: from 192.168.178.10 lookup um_private
10000: from all fwmark 0x10000/0x30000 lookup um_business
10001: from all fwmark 0x20000/0x30000 lookup um_private
11000: from 10.1.0.1 lookup um_business
32765: from all lookup balance
32767: from all lookup default
Table balance:
default via 217.8.50.65 dev eth0
Table default:
Table local:
local 217.8.50.86 dev eth0 proto kernel scope host src 217.8.50.86
local 192.168.178.10 dev vmbr2 proto kernel scope host src 192.168.178.10
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
local 10.1.0.1 dev vmbr1 proto kernel scope host src 10.1.0.1
local 10.0.0.1 dev vmbr0 proto kernel scope host src 10.0.0.1
broadcast 217.8.50.64 dev eth0 proto kernel scope link src 217.8.50.86
broadcast 217.8.50.127 dev eth0 proto kernel scope link src 217.8.50.86
broadcast 192.168.178.255 dev vmbr2 proto kernel scope link src 192.168.178.10
broadcast 192.168.178.0 dev vmbr2 proto kernel scope link src 192.168.178.10
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1
broadcast 10.1.0.255 dev vmbr1 proto kernel scope link src 10.1.0.1 linkdown
broadcast 10.1.0.0 dev vmbr1 proto kernel scope link src 10.1.0.1 linkdown
broadcast 10.0.0.255 dev vmbr1 proto kernel scope link src 10.1.0.1 linkdown
broadcast 10.0.0.255 dev vmbr0 proto kernel scope link src 10.0.0.1
broadcast 10.0.0.0 dev vmbr0 proto kernel scope link src 10.0.0.1
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1
Table main:
217.8.50.65 dev eth0 scope link src 217.8.50.86
192.168.178.1 dev vmbr2 scope link src 192.168.178.10
217.8.50.64/26 dev eth0 proto kernel scope link src 217.8.50.86
192.168.178.0/24 dev vmbr2 proto kernel scope link src 192.168.178.10
10.1.0.0/24 dev vmbr1 proto kernel scope link src 10.1.0.1 linkdown
10.0.0.0/24 dev vmbr0 proto kernel scope link src 10.0.0.1
blackhole 192.168.0.0/16
blackhole 172.16.0.0/12
blackhole 10.0.0.0/8
Table um_business:
217.8.50.65 dev eth0 scope link src 217.8.50.86
default via 217.8.50.65 dev eth0 src 217.8.50.86
Table um_private:
192.168.178.1 dev vmbr2 scope link src 192.168.178.10
default via 192.168.178.1 dev vmbr2 src 192.168.178.10
Per-IP Counters
iptaccount is not installed
NF Accounting
Events
/proc
/proc/version = Linux version 4.4.8-1-pve (root@elsa) (gcc version 4.9.2
(Debian 4.9.2-10) ) #1 SMP Tue May 17 16:14:08 CEST 2016
/proc/sys/net/ipv4/ip_forward = 1
/proc/sys/net/ipv4/icmp_echo_ignore_all = 0
/proc/sys/net/ipv4/conf/all/proxy_arp = 0
/proc/sys/net/ipv4/conf/all/arp_filter = 0
/proc/sys/net/ipv4/conf/all/arp_ignore = 0
/proc/sys/net/ipv4/conf/all/rp_filter = 0
/proc/sys/net/ipv4/conf/all/log_martians = 0
/proc/sys/net/ipv4/conf/default/proxy_arp = 0
/proc/sys/net/ipv4/conf/default/arp_filter = 0
/proc/sys/net/ipv4/conf/default/arp_ignore = 0
/proc/sys/net/ipv4/conf/default/rp_filter = 0
/proc/sys/net/ipv4/conf/default/log_martians = 1
/proc/sys/net/ipv4/conf/eth0/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth0/arp_filter = 0
/proc/sys/net/ipv4/conf/eth0/arp_ignore = 1
/proc/sys/net/ipv4/conf/eth0/rp_filter = 0
/proc/sys/net/ipv4/conf/eth0/log_martians = 1
/proc/sys/net/ipv4/conf/eth1/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth1/arp_filter = 0
/proc/sys/net/ipv4/conf/eth1/arp_ignore = 0
/proc/sys/net/ipv4/conf/eth1/rp_filter = 0
/proc/sys/net/ipv4/conf/eth1/log_martians = 1
/proc/sys/net/ipv4/conf/eth2/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth2/arp_filter = 0
/proc/sys/net/ipv4/conf/eth2/arp_ignore = 0
/proc/sys/net/ipv4/conf/eth2/rp_filter = 0
/proc/sys/net/ipv4/conf/eth2/log_martians = 1
/proc/sys/net/ipv4/conf/lo/proxy_arp = 0
/proc/sys/net/ipv4/conf/lo/arp_filter = 0
/proc/sys/net/ipv4/conf/lo/arp_ignore = 0
/proc/sys/net/ipv4/conf/lo/rp_filter = 0
/proc/sys/net/ipv4/conf/lo/log_martians = 1
/proc/sys/net/ipv4/conf/tap121i0/proxy_arp = 0
/proc/sys/net/ipv4/conf/tap121i0/arp_filter = 0
/proc/sys/net/ipv4/conf/tap121i0/arp_ignore = 0
/proc/sys/net/ipv4/conf/tap121i0/rp_filter = 0
/proc/sys/net/ipv4/conf/tap121i0/log_martians = 1
/proc/sys/net/ipv4/conf/tap123i0/proxy_arp = 0
/proc/sys/net/ipv4/conf/tap123i0/arp_filter = 0
/proc/sys/net/ipv4/conf/tap123i0/arp_ignore = 0
/proc/sys/net/ipv4/conf/tap123i0/rp_filter = 0
/proc/sys/net/ipv4/conf/tap123i0/log_martians = 1
/proc/sys/net/ipv4/conf/veth100i0/proxy_arp = 0
/proc/sys/net/ipv4/conf/veth100i0/arp_filter = 0
/proc/sys/net/ipv4/conf/veth100i0/arp_ignore = 0
/proc/sys/net/ipv4/conf/veth100i0/rp_filter = 0
/proc/sys/net/ipv4/conf/veth100i0/log_martians = 1
/proc/sys/net/ipv4/conf/veth101i0/proxy_arp = 0
/proc/sys/net/ipv4/conf/veth101i0/arp_filter = 0
/proc/sys/net/ipv4/conf/veth101i0/arp_ignore = 0
/proc/sys/net/ipv4/conf/veth101i0/rp_filter = 0
/proc/sys/net/ipv4/conf/veth101i0/log_martians = 1
/proc/sys/net/ipv4/conf/veth102i0/proxy_arp = 0
/proc/sys/net/ipv4/conf/veth102i0/arp_filter = 0
/proc/sys/net/ipv4/conf/veth102i0/arp_ignore = 0
/proc/sys/net/ipv4/conf/veth102i0/rp_filter = 0
/proc/sys/net/ipv4/conf/veth102i0/log_martians = 1
/proc/sys/net/ipv4/conf/vmbr0/proxy_arp = 0
/proc/sys/net/ipv4/conf/vmbr0/arp_filter = 0
/proc/sys/net/ipv4/conf/vmbr0/arp_ignore = 0
/proc/sys/net/ipv4/conf/vmbr0/rp_filter = 1
/proc/sys/net/ipv4/conf/vmbr0/log_martians = 1
/proc/sys/net/ipv4/conf/vmbr1/proxy_arp = 0
/proc/sys/net/ipv4/conf/vmbr1/arp_filter = 0
/proc/sys/net/ipv4/conf/vmbr1/arp_ignore = 0
/proc/sys/net/ipv4/conf/vmbr1/rp_filter = 1
/proc/sys/net/ipv4/conf/vmbr1/log_martians = 1
/proc/sys/net/ipv4/conf/vmbr2/proxy_arp = 0
/proc/sys/net/ipv4/conf/vmbr2/arp_filter = 0
/proc/sys/net/ipv4/conf/vmbr2/arp_ignore = 1
/proc/sys/net/ipv4/conf/vmbr2/rp_filter = 0
/proc/sys/net/ipv4/conf/vmbr2/log_martians = 1
ARP
? (10.0.0.2) auf 32:62:31:39:35:32 [ether] auf vmbr0
? (192.168.178.48) auf 58:94:6b:a4:2a:cc [ether] auf vmbr2
? (192.168.178.253) auf <unvollständig> auf vmbr2
? (10.0.0.253) auf 66:30:33:61:63:62 [ether] auf vmbr0
? (192.168.178.1) auf c8:0e:14:de:97:70 [ether] auf vmbr2
? (10.1.0.4) auf <unvollständig> auf vmbr1
? (10.0.0.252) auf 32:66:37:65:32:36 [ether] auf vmbr0
? (192.168.178.56) auf d8:90:e8:62:24:64 [ether] auf vmbr2
? (217.8.50.65) auf 00:01:5c:23:8e:01 [ether] auf eth0
? (192.168.178.49) auf f0:de:f1:42:30:19 [ether] auf vmbr2
Modules
ip_set 45056 2 ip_set_hash_ip,xt_set
ip_set_hash_ip 32768 0
iptable_filter 16384 1
iptable_mangle 16384 1
iptable_nat 16384 1
iptable_raw 16384 1
ip_tables 28672 4
iptable_filter,iptable_mangle,iptable_nat,iptable_raw
ipt_MASQUERADE 16384 0
ipt_REJECT 16384 4
ipt_rpfilter 16384 0
nf_conntrack 106496 32
nf_nat_ftp,nf_nat_irc,nf_nat_sip,nf_nat_amanda,xt_CT,nf_nat_snmp_basic,nf_conntrack_netbios_ns,nf_conntrack_proto_gre,xt_helper,nf_conntrack_proto_udplite,nf_nat,xt_connlimit,nf_nat_h323,nf_nat_ipv4,nf_nat_pptp,nf_nat_tftp,xt_conntrack,nf_conntrack_amanda,nf_nat_masquerade_ipv4,nf_conntrack_proto_sctp,nf_conntrack_netlink,nf_conntrack_broadcast,xt_connmark,nf_conntrack_ftp,nf_conntrack_irc,nf_conntrack_sip,nf_conntrack_h323,nf_conntrack_ipv4,nf_conntrack_pptp,nf_conntrack_sane,nf_conntrack_snmp,nf_conntrack_tftp
nf_conntrack_amanda 16384 3 nf_nat_amanda
nf_conntrack_broadcast 16384 2 nf_conntrack_netbios_ns,nf_conntrack_snmp
nf_conntrack_ftp 20480 3 nf_nat_ftp
nf_conntrack_h323 77824 5 nf_nat_h323
nf_conntrack_ipv4 16384 68
nf_conntrack_irc 16384 3 nf_nat_irc
nf_conntrack_netbios_ns 16384 2
nf_conntrack_netlink 36864 0
nf_conntrack_pptp 20480 3 nf_nat_pptp
nf_conntrack_proto_gre 16384 1 nf_conntrack_pptp
nf_conntrack_proto_sctp 20480 0
nf_conntrack_proto_udplite 16384 0
nf_conntrack_sane 16384 2
nf_conntrack_sip 28672 3 nf_nat_sip
nf_conntrack_snmp 16384 3 nf_nat_snmp_basic
nf_conntrack_tftp 16384 3 nf_nat_tftp
nf_defrag_ipv4 16384 2 xt_TPROXY,nf_conntrack_ipv4
nf_defrag_ipv6 36864 1 xt_TPROXY
nf_log_common 16384 1 nf_log_ipv4
nf_log_ipv4 16384 7
nf_nat 24576 11
nf_nat_ftp,nf_nat_irc,nf_nat_sip,nf_nat_amanda,nf_nat_proto_gre,nf_nat_h323,nf_nat_ipv4,nf_nat_pptp,nf_nat_tftp,xt_nat,nf_nat_masquerade_ipv4
nf_nat_amanda 16384 0
nf_nat_ftp 16384 0
nf_nat_h323 20480 0
nf_nat_ipv4 16384 1 iptable_nat
nf_nat_irc 16384 0
nf_nat_masquerade_ipv4 16384 1 ipt_MASQUERADE
nf_nat_pptp 16384 0
nf_nat_proto_gre 16384 1 nf_nat_pptp
nf_nat_sip 20480 0
nf_nat_snmp_basic 20480 0
nf_nat_tftp 16384 0
nf_reject_ipv4 16384 1 ipt_REJECT
xt_addrtype 16384 5
xt_AUDIT 16384 0
xt_CHECKSUM 16384 0
xt_CLASSIFY 16384 0
xt_comment 16384 27
xt_connlimit 16384 0
xt_connmark 16384 3
xt_conntrack 16384 42
xt_CT 16384 22
xt_dscp 16384 0
xt_DSCP 16384 0
xt_hashlimit 20480 0
xt_helper 16384 0
xt_iprange 16384 0
xt_length 16384 0
xt_limit 16384 2
xt_LOG 16384 7
xt_mark 16384 6
xt_multiport 16384 14
xt_nat 16384 4
xt_nfacct 16384 0
xt_NFLOG 16384 0
xt_NFQUEUE 16384 0
xt_owner 16384 0
xt_physdev 16384 0
xt_pkttype 16384 0
xt_policy 16384 0
xt_realm 16384 0
xt_recent 20480 1
xt_set 16384 0
xt_statistic 16384 0
xt_tcpmss 16384 0
xt_TCPMSS 16384 0
xt_tcpudp 16384 77
xt_time 16384 0
xt_TPROXY 20480 0
Shorewall has detected the following iptables/netfilter capabilities:
ACCOUNT Target (ACCOUNT_TARGET): Not available
Address Type Match (ADDRTYPE): Available
Amanda Helper: Available
Arptables JF (ARPTABLESJF): Not available
AUDIT Target (AUDIT_TARGET): Available
Basic Ematch (BASIC_EMATCH): Available
Basic Filter (BASIC_FILTER): Available
Capabilities Version (CAPVERSION): 50004
Checksum Target (CHECKSUM_TARGET): Available
CLASSIFY Target (CLASSIFY_TARGET): Available
Comments (COMMENTS): Available
Condition Match (CONDITION_MATCH): Not available
Connection Tracking Match (CONNTRACK_MATCH): Available
Connlimit Match (CONNLIMIT_MATCH): Available
Connmark Match (CONNMARK_MATCH): Available
CONNMARK Target (CONNMARK): Available
CT Target (CT_TARGET): Available
DSCP Match (DSCP_MATCH): Available
DSCP Target (DSCP_TARGET): Available
Enhanced Multi-port Match (EMULIPORT): Available
Extended Connection Tracking Match Support (NEW_CONNTRACK_MATCH): Available
Extended Connmark Match (XCONNMARK_MATCH): Available
Extended CONNMARK Target (XCONNMARK): Available
Extended MARK Target 2 (EXMARK): Available
Extended MARK Target (XMARK): Available
Extended Multi-port Match (XMULIPORT): Available
Extended REJECT (ENHANCED_REJECT): Available
FLOW Classifier (FLOW_FILTER): Available
FTP-0 Helper: Not available
FTP Helper: Available
fwmark route mask (FWMARK_RT_MASK): Available
Geo IP Match (GEOIP_MATCH): Not available
Goto Support (GOTO_TARGET): Available
H323 Helper: Available
Hashlimit Match (HASHLIMIT_MATCH): Available
Header Match (HEADER_MATCH): Not available
Helper Match (HELPER_MATCH): Available
Iface Match (IFACE_MATCH): Not available
IMQ Target (IMQ_TARGET): Not available
IPMARK Target (IPMARK_TARGET): Not available
IPP2P Match (IPP2P_MATCH): Not available
IP range Match(IPRANGE_MATCH): Available
Ipset Match Counters (IPSET_MATCH_COUNTERS): Available
Ipset Match (IPSET_MATCH): Available
Ipset Match Nomatch (IPSET_MATCH_NOMATCH): Available
ipset V5 (IPSET_V5): Available
iptables -S (IPTABLES_S): Available
iptables --wait option (WAIT_OPTION): Available
IRC-0 Helper: Not available
IRC Helper: Available
Kernel Version (KERNELVERSION): 40408
LOGMARK Target (LOGMARK_TARGET): Not available
LOG Target (LOG_TARGET): Available
Mangle FORWARD Chain (MANGLE_FORWARD): Available
Mark in the filter table (MARK_ANYWHERE): Available
MARK Target (MARK): Available
MASQUERADE Target (MASQUERADE_TGT): Available
Multi-port Match (MULTIPORT): Available
NAT (NAT_ENABLED): Available
Netbios_ns Helper: Available
New tos Match (NEW_TOS_MATCH): Available
NFAcct Match: Available
NFLOG Target (NFLOG_TARGET): Available
NFQUEUE Target (NFQUEUE_TARGET): Available
Owner Match (OWNER_MATCH): Available
Owner Name Match (OWNER_NAME_MATCH): Available
Packet length Match (LENGTH_MATCH): Available
Packet Mangling (MANGLE_ENABLED): Available
Packet Type Match (USEPKTTYPE): Available
Persistent SNAT (PERSISTENT_SNAT): Available
Physdev-is-bridged Support (PHYSDEV_BRIDGE): Available
Physdev Match (PHYSDEV_MATCH): Available
Policy Match (POLICY_MATCH): Available
PPTP Helper: Available
Rawpost Table (RAWPOST_TABLE): Not available
Raw Table (RAW_TABLE): Available
Realm Match (REALM_MATCH): Available
Recent Match "--reap" option (REAP_OPTION): Available
Recent Match (RECENT_MATCH): Available
Repeat match (KLUDGEFREE): Available
RPFilter Match (RPFILTER_MATCH): Available
SANE-0 Helper: Not available
SANE Helper: Available
SIP-0 Helper: Not available
SIP Helper: Available
SNMP Helper: Available
Statistic Match (STATISTIC_MATCH): Available
TARPIT Target (TARPIT_TARGET): Not available
TCPMSS Match (TCPMSS_MATCH): Available
TCPMSS Target (TCPMSS_TARGET): Available
TFTP-0 Helper: Not available
TFTP Helper: Available
Time Match (TIME_MATCH): Available
TPROXY Target (TPROXY_TARGET): Available
UDPLITE Port Redirection (UDPLITEREDIRECT): Not available
ULOG Target (ULOG_TARGET): Not available
Netid State Recv-Q Send-Q Local Address:Port Peer
Address:Port
udp UNCONN 0 0 *:68 *:*
users:(("dhclient",pid=608,fd=6))
udp UNCONN 0 0 *:111 *:*
users:(("rpcbind",pid=1117,fd=6))
udp UNCONN 0 0 *:12408 *:*
users:(("dhclient",pid=608,fd=20))
udp UNCONN 0 0 192.168.178.10:123 *:*
users:(("ntpd",pid=1419,fd=22))
udp UNCONN 0 0 10.1.0.1:123 *:*
users:(("ntpd",pid=1419,fd=21))
udp UNCONN 0 0 10.0.0.1:123 *:*
users:(("ntpd",pid=1419,fd=20))
udp UNCONN 0 0 217.8.50.86:123 *:*
users:(("ntpd",pid=1419,fd=19))
udp UNCONN 0 0 127.0.0.1:123 *:*
users:(("ntpd",pid=1419,fd=18))
udp UNCONN 0 0 *:123 *:*
users:(("ntpd",pid=1419,fd=16))
udp UNCONN 0 0 *:855 *:*
users:(("rpcbind",pid=1117,fd=7))
udp UNCONN 0 0 127.0.0.1:937 *:*
users:(("rpc.statd",pid=1185,fd=5))
udp UNCONN 0 0 *:54410 *:*
users:(("rpc.statd",pid=1185,fd=8))
udp UNCONN 0 0 *:56947 *:*
users:(("systemd-timesyn",pid=559,fd=13))
tcp LISTEN 0 128 127.0.0.1:85 *:*
users:(("pvedaemon worke",pid=19808,fd=6),("pvedaemon
worke",pid=17296,fd=6),("pvedaemon
worke",pid=8040,fd=6),("pvedaemon",pid=1896,fd=6))
tcp LISTEN 0 128 *:3128 *:*
users:(("spiceproxy work",pid=10970,fd=6),("spiceproxy",pid=10969,fd=6))
tcp LISTEN 0 128 *:58936 *:*
users:(("rpc.statd",pid=1185,fd=9))
tcp LISTEN 0 100 *:4505 *:*
users:(("salt-master",pid=3854,fd=17))
tcp LISTEN 0 100 127.0.0.1:25 *:*
users:(("master",pid=1700,fd=12))
tcp LISTEN 0 100 *:4506 *:*
users:(("salt-master",pid=3944,fd=25))
tcp LISTEN 0 128 *:8006 *:*
users:(("pveproxy worker",pid=10955,fd=6),("pveproxy
worker",pid=10954,fd=6),("pveproxy
worker",pid=10953,fd=6),("pveproxy",pid=10952,fd=6))
tcp LISTEN 0 128 *:2214 *:*
users:(("sshd",pid=1296,fd=3))
tcp LISTEN 0 1 127.0.0.1:61000 *:*
users:(("kvm",pid=25295,fd=20))
tcp LISTEN 0 5 127.0.0.1:5900 *:*
users:(("lxc-console",pid=7556,fd=4),("dtach",pid=7555,fd=4))
tcp LISTEN 0 128 *:111 *:*
users:(("rpcbind",pid=1117,fd=8))
tcp LISTEN 0 5 127.0.0.1:7634 *:*
users:(("hddtemp",pid=1488,fd=0))
tcp ESTAB 0 0 192.168.178.10:2214
192.168.178.49:55876
users:(("sshd",pid=27600,fd=3),("sshd",pid=27529,fd=3))
tcp ESTAB 0 0 10.0.0.1:60490 10.0.0.253:22253
users:(("ssh",pid=8266,fd=3))
tcp ESTAB 0 0 10.0.0.1:56468 10.0.0.2:2202
users:(("ssh",pid=20250,fd=3))
tcp ESTAB 0 0 10.0.0.1:56160 10.0.0.252:22252
users:(("ssh",pid=9450,fd=3))
Traffic Control
Device lo:
qdisc noqueue 0: root refcnt 2
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
Device eth0:
qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1
1 1
Sent 30486075 bytes 426239 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
Device eth1:
qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1
1 1
Sent 1428998437 bytes 4327762 pkt (dropped 0, overlimits 0 requeues 138)
backlog 0b 0p requeues 138
Device eth2:
qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1
1 1
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
Device vmbr0:
qdisc noqueue 0: root refcnt 2
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
Device vmbr1:
qdisc noqueue 0: root refcnt 2
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
Device vmbr2:
qdisc noqueue 0: root refcnt 2
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
Device tap123i0:
qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1
1 1
Sent 1210900165 bytes 3201110 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
Device tap121i0:
qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1
1 1
Sent 382875588 bytes 1689926 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
Device veth102i0:
qdisc noqueue 0: root refcnt 2
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
Device veth101i0:
qdisc noqueue 0: root refcnt 2
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
Device veth100i0:
qdisc noqueue 0: root refcnt 2
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
TC Filters
Device lo:
Device eth0:
Device eth1:
Device eth2:
Device vmbr0:
Device vmbr1:
Device vmbr2:
Device tap123i0:
Device tap121i0:
Device veth102i0:
Device veth101i0:
Device veth100i0:
------------------------------------------------------------------------------
Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
