Hello,
I am posting a dump file.
Regards
Ian
Le 19/06/2017 à 04:21, Tom Eastep a écrit :
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 06/18/2017 02:09 PM, Ian Jones wrote:
Tom,
thanks for your help. See below.
There's nothing in 'shorewall show log' other than dropped
packets (none from the external peers).
Look at your system log -- conntrack overflows aren't shown by
'shorewall show log'
- -Tom
- --
Tom Eastep \ Q: What do you get when you cross a mobster with
Shoreline, \ an international standard?
Washington, USA \ A: Someone who makes you an offer you can't
http://shorewall.org \ understand
\_______________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJZRzUzAAoJEJbms/JCOk0QkVkQAKfu1xCYsCCHseb+viebY4aZ
XQf1QBrUeMZ40XEKQcolFJvXoXocPqApEAwkmCeF0Z8UeiPzEdT/L3GBHiL/FwwO
o621jzJiQxxED8lO7+Zw3QBwfJxqWwkgoCE7sCV43jtgxC0d89PZJvRawxOa94v5
XZ3StUZL2bFSllu0In5abU0bYdMkGb/ULBxae98s+vLHi1q2m4zmd+fa2wE0YOlz
iMhN1fDNsElM6+AohjY3xKvHG3Sf7XEXgN1cEQeqG+/kgbv8q/KLxy1ChpOubMOc
12vHkIa0DEmZKfvf0usfbmGEBuySm5S0D2Cbxx4OlGA4i4/+5ddSmoPPlfFLQpcn
rAUATukPKMKldG5syrkkQnLUg0ZeY2spQ/0MgUHq4KaY2Io+M31X0YrvzvbaE3pq
nIGwghkv9iTQsP9l6WvLIAm4zgFvA2Cybg8F3wYWyreA26S53oT/FonaGlptzppZ
22d+AtnkcZ/Vk+Tdma0p9+YoiyFKgrhJNQstLQBdAs9SeQB454IgIylVbXO+BGIA
PWOzYBCN0g7fmbLXmIzFMzW0B4oWIz+om4X1osvgTO+6TehTFvjvTc5m2NJ6B0/H
EPiKTZ6iFPzwCq9oL/gB0VkPKwJwfV77thFcYREOZUiu+D4Behbm625wSCg+zuyc
08yp+mo3/XQvvWQhLDe+
=ViOl
-----END PGP SIGNATURE-----
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
Shorewall 4.6.4.3 Dump at jonas - Sun Jun 18 23:16:03 EDT 2017
Shorewall is running
State:Started (Sun Jun 18 14:04:42 EDT 2017) from /etc/shorewall/
(/var/lib/shorewall/firewall compiled by Shorewall version 4.6.4.3)
Counters reset Sun Jun 18 14:04:42 EDT 2017
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
6203 1505K net-fw all -- eth-ext0 * 0.0.0.0/0 0.0.0.0/0
184K 42M loc-fw all -- eth-intern * 0.0.0.0/0
0.0.0.0/0
11810 3691K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix "Shorewall:INPUT:REJECT:"
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
90321 54M net_frwd all -- eth-ext0 * 0.0.0.0/0 0.0.0.0/0
83850 24M loc_frwd all -- eth-intern * 0.0.0.0/0
0.0.0.0/0
3 600 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
3 600 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix "Shorewall:FORWARD:REJECT:"
3 600 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
5892 497K fw-net all -- * eth-ext0 0.0.0.0/0 0.0.0.0/0
131K 33M fw-loc all -- * eth-intern 0.0.0.0/0
0.0.0.0/0
11810 3691K ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain Broadcast (2 references)
pkts bytes target prot opt in out source destination
276 45682 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type BROADCAST
260 9360 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type MULTICAST
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type ANYCAST
Chain Drop (2 references)
pkts bytes target prot opt in out source destination
1132 81933 all -- * * 0.0.0.0/0 0.0.0.0/0
1132 81933 Broadcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 3 code 4 /* Needed ICMP types */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 11 /* Needed ICMP types */
5 367 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,445 /* SMB */
1 78 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:137:139 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:137 dpts:1024:65535 /* SMB */
26 1272 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,139,445 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1900 /* UPnP */
1 552 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:!0x17/0x02
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:53 /* Late DNS Replies */
Chain Reject (2 references)
pkts bytes target prot opt in out source destination
3 600 all -- * * 0.0.0.0/0 0.0.0.0/0
3 600 Broadcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 3 code 4 /* Needed ICMP types */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 11 /* Needed ICMP types */
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,445 /* SMB */
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:137:139 /* SMB */
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:137 dpts:1024:65535 /* SMB */
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,139,445 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1900 /* UPnP */
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:!0x17/0x02
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:53 /* Late DNS Replies */
Chain dynamic (4 references)
pkts bytes target prot opt in out source destination
Chain fw-loc (1 references)
pkts bytes target prot opt in out source destination
130K 33M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
754 63891 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain fw-net (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:67:68
208 31286 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
5236 407K ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:53 /* DNS */
3 180 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:53 /* DNS */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
445 58526 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain loc-fw (1 references)
pkts bytes target prot opt in out source destination
5489 463K dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
5489 463K smurfs all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
178K 41M tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
178K 41M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
1 48 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:22 /* SSH */
113 9492 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 8 /* Ping */
5375 454K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain loc-net (1 references)
pkts bytes target prot opt in out source destination
83134 24M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
716 278K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain loc_frwd (1 references)
pkts bytes target prot opt in out source destination
716 278K dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
716 278K smurfs all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
10827 563K tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
83850 24M loc-net all -- * eth-ext0 0.0.0.0/0 0.0.0.0/0
Chain logdrop (0 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logflags (5 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 4 level 6 prefix "Shorewall:logflags:DROP:"
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logreject (0 references)
pkts bytes target prot opt in out source destination
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
Chain net-fw (1 references)
pkts bytes target prot opt in out source destination
1144 82419 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
1144 82419 smurfs all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:67:68
597 28334 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
5059 1423K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
10 416 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID
2 70 DROP icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 8 /* Ping */
1132 81933 Drop all -- * * 0.0.0.0/0 0.0.0.0/0
563 24622 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix "Shorewall:net-fw:DROP:"
563 24622 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain net-loc (1 references)
pkts bytes target prot opt in out source destination
90287 54M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
27 11111 ACCEPT udp -- * * 0.0.0.0/0
192.168.71.8 udp dpt:5060 ctorigdstport 5060 /* SIP */
1 40 ACCEPT tcp -- * * 0.0.0.0/0
192.168.71.8 tcp dpt:5060 ctorigdstport 5060 /* SIP */
3 600 ACCEPT udp -- * * 0.0.0.0/0
192.168.71.8 udp dpts:10000:10020
0 0 ACCEPT udp -- * * 0.0.0.0/0
192.168.71.8 udp dpt:3478 ctorigdstport 3478
0 0 ACCEPT udp -- * * 0.0.0.0/0
192.168.71.8 udp dpt:4569 ctorigdstport 4569
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID
0 0 Drop all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix "Shorewall:net-loc:DROP:"
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain net_frwd (1 references)
pkts bytes target prot opt in out source destination
31 11751 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
31 11751 smurfs all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
20677 34M tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
90318 54M net-loc all -- * eth-intern 0.0.0.0/0
0.0.0.0/0
Chain reject (7 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match src-type BROADCAST
0 0 DROP all -- * * 224.0.0.0/4 0.0.0.0/0
0 0 DROP 2 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with tcp-reset
3 600 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-port-unreachable
0 0 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-unreachable
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-prohibited
Chain shorewall (0 references)
pkts bytes target prot opt in out source destination
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0
recent: SET name: %CURRENTTIME side: source mask: 255.255.255.255
Chain smurflog (2 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix "Shorewall:smurfs:DROP:"
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain smurfs (4 references)
pkts bytes target prot opt in out source destination
541 21359 RETURN all -- * * 0.0.0.0 0.0.0.0/0
0 0 smurflog all -- * * 0.0.0.0/0 0.0.0.0/0
[goto] ADDRTYPE match src-type BROADCAST
0 0 smurflog all -- * * 224.0.0.0/4 0.0.0.0/0
[goto]
Chain tcpflags (4 references)
pkts bytes target prot opt in out source destination
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x3F/0x29
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x3F/0x00
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x06/0x06
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x03/0x03
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp spt:0 flags:0x17/0x02
Log (/var/log/messages)
Jun 18 23:00:48 net-fw:DROP:IN=eth-ext0 OUT= SRC=164.52.0.136 DST=xx.xx.xx.xx
LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=35345 DPT=7777
WINDOW=65535 RES=0x00 SYN URGP=0
Jun 18 23:01:26 net-fw:DROP:IN=eth-ext0 OUT= SRC=163.172.197.169
DST=xx.xx.xx.xx LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=4137 DF PROTO=TCP
SPT=14270 DPT=8081 WINDOW=512 RES=0x00 SYN URGP=0
Jun 18 23:02:30 net-fw:DROP:IN=eth-ext0 OUT= SRC=100.11.209.97 DST=xx.xx.xx.xx
LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=58688 PROTO=TCP SPT=18761 DPT=9000
WINDOW=14600 RES=0x00 SYN URGP=0
Jun 18 23:02:52 net-fw:DROP:IN=eth-ext0 OUT= SRC=164.52.0.134 DST=xx.xx.xx.xx
LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=59199 DPT=83
WINDOW=65535 RES=0x00 SYN URGP=0
Jun 18 23:02:52 net-fw:DROP:IN=eth-ext0 OUT= SRC=164.52.0.134 DST=xx.xx.xx.xx
LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=59200 DPT=83
WINDOW=65535 RES=0x00 SYN URGP=0
Jun 18 23:03:56 net-fw:DROP:IN=eth-ext0 OUT= SRC=14.157.101.203 DST=xx.xx.xx.xx
LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=4902 PROTO=TCP SPT=50577 DPT=23
WINDOW=57777 RES=0x00 SYN URGP=0
Jun 18 23:04:40 net-fw:DROP:IN=eth-ext0 OUT= SRC=164.52.0.138 DST=xx.xx.xx.xx
LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=32977 DPT=20547
WINDOW=65535 RES=0x00 SYN URGP=0
Jun 18 23:04:40 net-fw:DROP:IN=eth-ext0 OUT= SRC=164.52.0.138 DST=xx.xx.xx.xx
LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=32976 DPT=20547
WINDOW=65535 RES=0x00 SYN URGP=0
Jun 18 23:05:34 net-fw:DROP:IN=eth-ext0 OUT= SRC=122.114.240.129
DST=xx.xx.xx.xx LEN=40 TOS=0x00 PREC=0x00 TTL=231 ID=53793 PROTO=TCP SPT=42166
DPT=1433 WINDOW=1024 RES=0x00 SYN URGP=0
Jun 18 23:05:46 net-fw:DROP:IN=eth-ext0 OUT= SRC=24.98.36.18 DST=xx.xx.xx.xx
LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=30296 PROTO=TCP SPT=49113 DPT=23
WINDOW=14600 RES=0x00 SYN URGP=0
Jun 18 23:07:16 net-fw:DROP:IN=eth-ext0 OUT= SRC=123.176.34.37 DST=xx.xx.xx.xx
LEN=40 TOS=0x00 PREC=0x00 TTL=39 ID=41821 PROTO=TCP SPT=22156 DPT=23
WINDOW=41828 RES=0x00 SYN URGP=0
Jun 18 23:07:23 net-fw:DROP:IN=eth-ext0 OUT= SRC=164.52.0.131 DST=xx.xx.xx.xx
LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=37014 DPT=161
WINDOW=65535 RES=0x00 SYN URGP=0
Jun 18 23:07:23 net-fw:DROP:IN=eth-ext0 OUT= SRC=164.52.0.131 DST=xx.xx.xx.xx
LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=37015 DPT=161
WINDOW=65535 RES=0x00 SYN URGP=0
Jun 18 23:11:10 net-fw:DROP:IN=eth-ext0 OUT= SRC=91.223.133.13 DST=xx.xx.xx.xx
LEN=40 TOS=0x08 PREC=0x20 TTL=233 ID=40983 PROTO=TCP SPT=57651 DPT=338
WINDOW=1024 RES=0x00 SYN URGP=0
Jun 18 23:12:26 net-fw:DROP:IN=eth-ext0 OUT= SRC=179.219.6.249 DST=xx.xx.xx.xx
LEN=40 TOS=0x00 PREC=0x00 TTL=47 ID=26492 PROTO=TCP SPT=15472 DPT=23
WINDOW=2624 RES=0x00 SYN URGP=0
Jun 18 23:12:31 net-fw:DROP:IN=eth-ext0 OUT= SRC=49.84.196.67 DST=xx.xx.xx.xx
LEN=40 TOS=0x00 PREC=0x00 TTL=43 ID=12030 PROTO=TCP SPT=44454 DPT=23
WINDOW=34187 RES=0x00 SYN URGP=0
Jun 18 23:13:10 net-fw:DROP:IN=eth-ext0 OUT= SRC=103.79.143.108 DST=xx.xx.xx.xx
LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=5377 PROTO=TCP SPT=48434 DPT=22
WINDOW=1024 RES=0x00 SYN URGP=0
Jun 18 23:13:13 net-fw:DROP:IN=eth-ext0 OUT= SRC=123.207.8.52 DST=xx.xx.xx.xx
LEN=40 TOS=0x00 PREC=0x00 TTL=230 ID=38678 PROTO=TCP SPT=42596 DPT=1433
WINDOW=1024 RES=0x00 SYN URGP=0
Jun 18 23:14:03 net-fw:DROP:IN=eth-ext0 OUT= SRC=218.62.46.139 DST=xx.xx.xx.xx
LEN=40 TOS=0x00 PREC=0x00 TTL=229 ID=18278 PROTO=TCP SPT=56708 DPT=1433
WINDOW=1024 RES=0x00 SYN URGP=0
Jun 18 23:14:09 net-fw:DROP:IN=eth-ext0 OUT= SRC=212.129.3.166 DST=xx.xx.xx.xx
LEN=52 TOS=0x02 PREC=0x00 TTL=112 ID=17609 DF PROTO=TCP SPT=50899 DPT=22
WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
NAT Table
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
969 67984 net_dnat all -- eth-ext0 * 0.0.0.0/0 0.0.0.0/0
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
5796 479K eth-ext0_masq all -- * eth-ext0 0.0.0.0/0
0.0.0.0/0
Chain eth-ext0_masq (1 references)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE all -- * * 10.0.0.0/8 0.0.0.0/0
0 0 MASQUERADE all -- * * 169.254.0.0/16 0.0.0.0/0
0 0 MASQUERADE all -- * * 172.16.0.0/12 0.0.0.0/0
312 42474 MASQUERADE all -- * * 192.168.0.0/16 0.0.0.0/0
Chain net_dnat (1 references)
pkts bytes target prot opt in out source destination
25 10514 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:5060 /* SIP */ to:192.168.71.8:5060
1 40 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:5060 /* SIP */ to:192.168.71.8:5060
2 400 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:10000:10020 to:192.168.71.8:10000-10020
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:3478 to:192.168.71.8:3478
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:4569 to:192.168.71.8:4569
Mangle Table
Chain PREROUTING (policy ACCEPT 86 packets, 39385 bytes)
pkts bytes target prot opt in out source destination
391K 127M tcpre all -- * * 0.0.0.0/0 0.0.0.0/0
Chain INPUT (policy ACCEPT 21 packets, 1300 bytes)
pkts bytes target prot opt in out source destination
202K 47M tcin all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT 65 packets, 38085 bytes)
pkts bytes target prot opt in out source destination
174K 78M MARK all -- * * 0.0.0.0/0 0.0.0.0/0
MARK and 0xffffff00
174K 78M tcfor all -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 43 packets, 18484 bytes)
pkts bytes target prot opt in out source destination
149K 37M tcout all -- * * 0.0.0.0/0 0.0.0.0/0
Chain POSTROUTING (policy ACCEPT 108 packets, 56569 bytes)
pkts bytes target prot opt in out source destination
324K 115M tcpost all -- * * 0.0.0.0/0 0.0.0.0/0
Chain tcfor (1 references)
pkts bytes target prot opt in out source destination
Chain tcin (1 references)
pkts bytes target prot opt in out source destination
Chain tcout (1 references)
pkts bytes target prot opt in out source destination
Chain tcpost (1 references)
pkts bytes target prot opt in out source destination
Chain tcpre (1 references)
pkts bytes target prot opt in out source destination
Raw Table
Chain PREROUTING (policy ACCEPT 87 packets, 39486 bytes)
pkts bytes target prot opt in out source destination
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:10080 CT helper amanda
7 304 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:21 CT helper ftp
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1719 CT helper RAS
1 40 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:1720 CT helper Q.931
1 40 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:6667 CT helper irc
885 73038 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:137 CT helper netbios-ns
2 80 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:1723 CT helper pptp
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:6566 CT helper sane
38384 19M CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:5060 CT helper sip
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:161 CT helper snmp
1 42 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:69 CT helper tftp
Chain OUTPUT (policy ACCEPT 43 packets, 18484 bytes)
pkts bytes target prot opt in out source destination
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:10080 CT helper amanda
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:21 CT helper ftp
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1719 CT helper RAS
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:1720 CT helper Q.931
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:6667 CT helper irc
248 21576 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:137 CT helper netbios-ns
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:1723 CT helper pptp
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:6566 CT helper sane
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:5060 CT helper sip
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:161 CT helper snmp
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:69 CT helper tftp
Conntrack Table (54 out of 65536)
tcp 6 431458 ESTABLISHED src=192.168.71.30 dst=192.168.71.7 sport=58013
dport=3306 src=192.168.71.7 dst=192.168.71.30 sport=3306 dport=58013 [ASSURED]
mark=0 use=2
tcp 6 431393 ESTABLISHED src=192.168.71.30 dst=192.168.71.6 sport=57117
dport=389 src=192.168.71.6 dst=192.168.71.30 sport=389 dport=57117 [ASSURED]
mark=0 use=2
udp 17 3599 src=90.125.15.174 dst=xx.xx.xx.xx sport=5060 dport=5060
src=192.168.71.8 dst=90.125.15.174 sport=5060 dport=5060 [ASSURED] mark=0 use=2
tcp 6 429807 ESTABLISHED src=127.0.0.1 dst=127.0.0.1 sport=57052 dport=389
src=127.0.0.1 dst=127.0.0.1 sport=389 dport=57052 [ASSURED] mark=0 use=2
udp 17 3596 src=69.216.245.69 dst=xx.xx.xx.xx sport=11060 dport=5060
src=192.168.71.8 dst=69.216.245.69 sport=5060 dport=11060 [ASSURED] mark=0 use=2
udp 17 16 src=192.168.71.30 dst=192.168.71.255 sport=123 dport=123
[UNREPLIED] src=192.168.71.255 dst=192.168.71.30 sport=123 dport=123 mark=0
use=2
tcp 6 428717 ESTABLISHED src=127.0.0.1 dst=127.0.0.1 sport=57051 dport=389
src=127.0.0.1 dst=127.0.0.1 sport=389 dport=57051 [ASSURED] mark=0 use=2
udp 17 1 src=192.168.71.6 dst=192.168.71.255 sport=123 dport=123
[UNREPLIED] src=192.168.71.255 dst=192.168.71.6 sport=123 dport=123 mark=0 use=2
tcp 6 431786 ESTABLISHED src=127.0.0.1 dst=127.0.0.1 sport=40113
dport=11211 src=127.0.0.1 dst=127.0.0.1 sport=11211 dport=40113 [ASSURED]
mark=0 use=2
unknown 2 522 src=0.0.0.0 dst=224.0.0.1 [UNREPLIED] src=224.0.0.1 dst=0.0.0.0
mark=0 use=2
tcp 6 431796 ESTABLISHED src=192.168.71.7 dst=192.168.71.30 sport=48081
dport=3306 src=192.168.71.30 dst=192.168.71.7 sport=3306 dport=48081 [ASSURED]
mark=0 use=2
tcp 6 431393 ESTABLISHED src=192.168.71.6 dst=192.168.71.30 sport=48629
dport=389 src=192.168.71.30 dst=192.168.71.6 sport=389 dport=48629 [ASSURED]
mark=0 use=2
tcp 6 431797 ESTABLISHED src=127.0.0.1 dst=127.0.0.1 sport=40000
dport=11211 src=127.0.0.1 dst=127.0.0.1 sport=11211 dport=40000 [ASSURED]
mark=0 use=2
tcp 6 299 ESTABLISHED src=192.168.71.36 dst=192.168.71.30 sport=3045
dport=22 src=192.168.71.30 dst=192.168.71.36 sport=22 dport=3045 [ASSURED]
mark=0 use=2
tcp 6 431994 ESTABLISHED src=127.0.0.1 dst=127.0.0.1 sport=57047 dport=389
src=127.0.0.1 dst=127.0.0.1 sport=389 dport=57047 [ASSURED] mark=0 use=2
tcp 6 428139 ESTABLISHED src=127.0.0.1 dst=127.0.0.1 sport=57045 dport=389
src=127.0.0.1 dst=127.0.0.1 sport=389 dport=57045 [ASSURED] mark=0 use=2
udp 17 3599 src=8.17.32.12 dst=xx.xx.xx.xx sport=5060 dport=5060
src=192.168.71.8 dst=8.17.32.12 sport=5060 dport=5060 [ASSURED] mark=0 use=2
udp 17 3596 src=192.168.71.8 dst=109.176.95.130 sport=5060 dport=5060
[UNREPLIED] src=109.176.95.130 dst=xx.xx.xx.xx sport=5060 dport=5060 mark=0
use=2
udp 17 150 src=192.168.71.8 dst=77.240.56.70 sport=4569 dport=4569
src=77.240.56.70 dst=xx.xx.xx.xx sport=4569 dport=4569 [ASSURED] mark=0 use=2
udp 17 3595 src=192.168.71.8 dst=162.254.144.173 sport=5060 dport=5060
src=162.254.144.173 dst=xx.xx.xx.xx sport=5060 dport=5060 [ASSURED] mark=0 use=2
udp 17 3599 src=90.125.15.174 dst=xx.xx.xx.xx sport=5338 dport=5060
src=192.168.71.8 dst=90.125.15.174 sport=5060 dport=5338 [ASSURED] mark=0 use=2
udp 17 2522 src=94.23.212.19 dst=xx.xx.xx.xx sport=5229 dport=5060
[UNREPLIED] src=192.168.71.8 dst=94.23.212.19 sport=5060 dport=5229 mark=0 use=2
tcp 6 431819 ESTABLISHED src=127.0.0.1 dst=127.0.0.1 sport=57046 dport=389
src=127.0.0.1 dst=127.0.0.1 sport=389 dport=57046 [ASSURED] mark=0 use=2
udp 17 22 src=192.168.71.36 dst=192.168.71.30 sport=57012 dport=53
src=192.168.71.30 dst=192.168.71.36 sport=53 dport=57012 mark=0 use=2
udp 17 3598 src=192.168.71.8 dst=216.120.237.24 sport=5060 dport=5060
src=216.120.237.24 dst=xx.xx.xx.xx sport=5060 dport=5060 [ASSURED] mark=0 use=2
udp 17 179 src=90.125.15.174 dst=xx.xx.xx.xx sport=10032 dport=5060
src=192.168.71.8 dst=90.125.15.174 sport=5060 dport=10032 [ASSURED] mark=0 use=2
udp 17 179 src=69.216.245.69 dst=xx.xx.xx.xx sport=4569 dport=4569
src=192.168.71.8 dst=69.216.245.69 sport=4569 dport=4569 [ASSURED] mark=0 use=2
udp 17 3599 src=213.215.45.230 dst=xx.xx.xx.xx sport=5060 dport=5060
src=192.168.71.8 dst=213.215.45.230 sport=5060 dport=5060 [ASSURED] mark=0 use=2
udp 17 179 src=69.216.245.69 dst=xx.xx.xx.xx sport=11020 dport=5060
src=192.168.71.8 dst=69.216.245.69 sport=5060 dport=11020 [ASSURED] mark=0 use=2
udp 17 1228 src=195.154.185.103 dst=xx.xx.xx.xx sport=5105 dport=5060
[UNREPLIED] src=192.168.71.8 dst=195.154.185.103 sport=5060 dport=5105 mark=0
use=2
udp 17 3514 src=192.168.71.8 dst=198.8.63.63 sport=5060 dport=5060
src=198.8.63.63 dst=xx.xx.xx.xx sport=5060 dport=5060 [ASSURED] mark=0 use=2
udp 17 22 src=xx.xx.xx.xx dst=80.10.201.224 sport=26380 dport=53
src=80.10.201.224 dst=xx.xx.xx.xx sport=53 dport=26380 mark=0 use=2
IP Configuration
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
default
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eth-intern: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UP group default qlen 1000
inet 192.168.71.30/24 brd 192.168.71.255 scope global eth-intern
valid_lft forever preferred_lft forever
4: eth-ext0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc prio state UP
group default qlen 1000
inet xx.xx.xx.xx/29 brd xx.xx.xx.xx scope global eth-ext0
valid_lft forever preferred_lft forever
IP Stats
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode
DEFAULT group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
RX: bytes packets errors dropped overrun mcast
5502293 19145 0 0 0 0
TX: bytes packets errors dropped carrier collsns
5502293 19145 0 0 0 0
2: eth-intern: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UP mode DEFAULT group default qlen 1000
link/ether 4c:cc:6a:24:8f:be brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
86033221 323574 0 4 0 0
TX: bytes packets errors dropped carrier collsns
98805710 249773 0 0 0 0
3: eth-ext1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT
group default qlen 1000
link/ether 00:26:55:d4:a5:f4 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
0 0 0 0 0 0
4: eth-ext0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc prio state UP
mode DEFAULT group default qlen 1000
link/ether 00:26:55:d4:a5:f5 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
67603010 147267 0 0 0 16188
TX: bytes packets errors dropped carrier collsns
38244771 118889 0 0 0 0
Routing Rules
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
Table default:
Table local:
local xx.xx.xx.xx dev eth-ext0 proto kernel scope host src xx.xx.xx.xx
local 192.168.71.30 dev eth-intern proto kernel scope host src 192.168.71.30
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
broadcast xx.xx.xx.96 dev eth-ext0 proto kernel scope link src xx.xx.xx.xx
broadcast xx.xx.xx.xx dev eth-ext0 proto kernel scope link src xx.xx.xx.xx
broadcast 192.168.71.255 dev eth-intern proto kernel scope link src
192.168.71.30
broadcast 192.168.71.0 dev eth-intern proto kernel scope link src 192.168.71.30
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1
Table main:
xx.xx.xx.96/29 dev eth-ext0 proto kernel scope link src xx.xx.xx.xx
192.168.71.0/24 dev eth-intern proto kernel scope link src 192.168.71.30
10.0.0.0/8 via 192.168.71.6 dev eth-intern
default via xx.xx.xx.97 dev eth-ext0
Per-IP Counters
iptaccount is not installed
NF Accounting
Events
/proc
/proc/version = Linux version 3.16.0-4-amd64
([email protected]) (gcc version 4.8.4 (Debian 4.8.4-1) ) #1 SMP
Debian 3.16.43-2 (2017-04-30)
/proc/sys/net/ipv4/ip_forward = 1
/proc/sys/net/ipv4/icmp_echo_ignore_all = 0
/proc/sys/net/ipv4/conf/all/proxy_arp = 0
/proc/sys/net/ipv4/conf/all/arp_filter = 0
/proc/sys/net/ipv4/conf/all/arp_ignore = 0
/proc/sys/net/ipv4/conf/all/rp_filter = 1
/proc/sys/net/ipv4/conf/all/log_martians = 0
/proc/sys/net/ipv4/conf/default/proxy_arp = 0
/proc/sys/net/ipv4/conf/default/arp_filter = 0
/proc/sys/net/ipv4/conf/default/arp_ignore = 0
/proc/sys/net/ipv4/conf/default/rp_filter = 1
/proc/sys/net/ipv4/conf/default/log_martians = 1
/proc/sys/net/ipv4/conf/eth-ext0/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth-ext0/arp_filter = 0
/proc/sys/net/ipv4/conf/eth-ext0/arp_ignore = 0
/proc/sys/net/ipv4/conf/eth-ext0/rp_filter = 1
/proc/sys/net/ipv4/conf/eth-ext0/log_martians = 1
/proc/sys/net/ipv4/conf/eth-ext1/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth-ext1/arp_filter = 0
/proc/sys/net/ipv4/conf/eth-ext1/arp_ignore = 0
/proc/sys/net/ipv4/conf/eth-ext1/rp_filter = 1
/proc/sys/net/ipv4/conf/eth-ext1/log_martians = 1
/proc/sys/net/ipv4/conf/eth-intern/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth-intern/arp_filter = 0
/proc/sys/net/ipv4/conf/eth-intern/arp_ignore = 0
/proc/sys/net/ipv4/conf/eth-intern/rp_filter = 1
/proc/sys/net/ipv4/conf/eth-intern/log_martians = 1
/proc/sys/net/ipv4/conf/lo/proxy_arp = 0
/proc/sys/net/ipv4/conf/lo/arp_filter = 0
/proc/sys/net/ipv4/conf/lo/arp_ignore = 0
/proc/sys/net/ipv4/conf/lo/rp_filter = 1
/proc/sys/net/ipv4/conf/lo/log_martians = 1
ARP
? (192.168.71.16) at 00:0e:08:d6:29:36 [ether] on eth-intern
? (192.168.71.39) at ac:9b:0a:26:8c:57 [ether] on eth-intern
? (192.168.71.41) at 10:40:f3:dc:7d:3d [ether] on eth-intern
? (192.168.71.6) at 68:05:ca:0e:c7:80 [ether] on eth-intern
? (192.168.71.19) at 00:0e:08:df:4e:d8 [ether] on eth-intern
? (192.168.71.8) at 00:1b:21:72:1e:b2 [ether] on eth-intern
? (192.168.71.38) at bc:20:a4:7d:c7:d8 [ether] on eth-intern
? (192.168.71.18) at 00:0e:08:df:49:eb [ether] on eth-intern
? (192.168.71.142) at a0:3b:e3:c2:f4:9e [ether] on eth-intern
? (192.168.71.10) at 00:0e:08:df:4e:df [ether] on eth-intern
? (192.168.71.45) at 00:0f:ff:1c:d8:67 [ether] on eth-intern
? (xx.xx.xx.97) at 5c:e3:0e:4b:60:69 [ether] on eth-ext0
? (192.168.71.32) at 1c:b7:2c:4e:8a:cd [ether] on eth-intern
? (192.168.71.42) at 3c:15:c2:d0:3b:9e [ether] on eth-intern
? (192.168.71.149) at ac:63:be:32:29:77 [ether] on eth-intern
? (192.168.71.254) at 00:19:30:11:e7:8a [ether] on eth-intern
? (192.168.71.17) at 00:0e:08:d6:29:37 [ether] on eth-intern
? (192.168.71.36) at 48:45:20:58:f3:18 [ether] on eth-intern
? (192.168.71.7) at 68:05:ca:10:70:cd [ether] on eth-intern
Modules
iptable_filter 12536 1
iptable_mangle 12536 1
iptable_nat 12646 1
iptable_raw 12524 1
ip_tables 21711 4
iptable_filter,iptable_mangle,iptable_nat,iptable_raw
ipt_MASQUERADE 12594 4
ipt_REJECT 12465 4
ipt_rpfilter 12468 0
ipt_ULOG 12819 0
nf_conntrack 87424 33
nf_nat_ftp,nf_nat_irc,nf_nat_sip,nf_nat_amanda,xt_CT,nf_nat_snmp_basic,nf_conntrack_netbios_ns,nf_conntrack_proto_gre,xt_helper,ipt_MASQUERADE,nf_conntrack_proto_udplite,nf_nat,xt_connlimit,nf_nat_h323,nf_nat_ipv4,nf_nat_pptp,nf_nat_tftp,xt_conntrack,nf_conntrack_amanda,nf_conntrack_proto_sctp,nf_conntrack_netlink,nf_conntrack_broadcast,xt_connmark,nf_conntrack_ftp,nf_conntrack_irc,nf_conntrack_sip,iptable_nat,nf_conntrack_h323,nf_conntrack_ipv4,nf_conntrack_pptp,nf_conntrack_sane,nf_conntrack_snmp,nf_conntrack_tftp
nf_conntrack_amanda 12437 3 nf_nat_amanda
nf_conntrack_broadcast 12365 2 nf_conntrack_netbios_ns,nf_conntrack_snmp
nf_conntrack_ftp 16783 3 nf_nat_ftp
nf_conntrack_h323 58618 5 nf_nat_h323
nf_conntrack_ipv4 18448 45
nf_conntrack_irc 12427 3 nf_nat_irc
nf_conntrack_netbios_ns 12445 2
nf_conntrack_netlink 35433 0
nf_conntrack_pptp 12619 3 nf_nat_pptp
nf_conntrack_proto_gre 13024 1 nf_conntrack_pptp
nf_conntrack_proto_sctp 17268 0
nf_conntrack_proto_udplite 12931 0
nf_conntrack_sane 12428 2
nf_conntrack_sip 26053 3 nf_nat_sip
nf_conntrack_snmp 12443 3 nf_nat_snmp_basic
nf_conntrack_tftp 12433 3 nf_nat_tftp
nf_defrag_ipv4 12483 2 xt_TPROXY,nf_conntrack_ipv4
nf_defrag_ipv6 33358 1 xt_TPROXY
nf_nat 18241 12
nf_nat_ftp,nf_nat_irc,nf_nat_sip,nf_nat_amanda,ipt_MASQUERADE,nf_nat_proto_gre,nf_nat_h323,nf_nat_ipv4,nf_nat_pptp,nf_nat_tftp,xt_nat,iptable_nat
nf_nat_amanda 12424 0
nf_nat_ftp 12460 0
nf_nat_h323 16935 0
nf_nat_ipv4 12912 1 iptable_nat
nf_nat_irc 12454 0
nf_nat_pptp 12562 0
nf_nat_proto_gre 12517 1 nf_nat_pptp
nf_nat_sip 17053 0
nf_nat_snmp_basic 16904 0
nf_nat_tftp 12422 0
xt_addrtype 12557 5
xt_AUDIT 12603 0
xt_CHECKSUM 12471 0
xt_CLASSIFY 12429 0
xt_comment 12427 25
xt_connlimit 12667 0
xt_connmark 12637 0
xt_conntrack 12681 22
xt_CT 12842 22
xt_dscp 12523 0
xt_DSCP 12555 0
xt_hashlimit 17246 0
xt_helper 12507 0
xt_iprange 12464 0
xt_length 12460 0
xt_LOG 17171 6
xt_mark 12453 1
xt_multiport 12518 4
xt_nat 12601 5
xt_nfacct 12512 0
xt_NFLOG 12462 0
xt_NFQUEUE 12582 0
xt_owner 12459 0
xt_physdev 12468 0
xt_pkttype 12427 0
xt_policy 12506 0
xt_realm 12423 0
xt_recent 17246 1
xt_statistic 12519 0
xt_tcpmss 12425 0
xt_tcpudp 12527 52
xt_time 12459 0
xt_TPROXY 16767 0
Shorewall has detected the following iptables/netfilter capabilities:
ACCOUNT Target (ACCOUNT_TARGET): Not available
Address Type Match (ADDRTYPE): Available
Amanda Helper: Available
Arptables JF: Not available
AUDIT Target (AUDIT_TARGET): Available
Basic Ematch (BASIC_EMATCH): Available
Basic Filter (BASIC_FILTER): Available
Capabilities Version (CAPVERSION): 40600
Checksum Target: Available
CLASSIFY Target (CLASSIFY_TARGET): Available
Comments (COMMENTS): Available
Condition Match (CONDITION_MATCH): Not available
Connection Tracking Match (CONNTRACK_MATCH): Available
Connlimit Match (CONNLIMIT_MATCH): Available
Connmark Match (CONNMARK_MATCH): Available
CONNMARK Target (CONNMARK): Available
CT Target (CT_TARGET): Available
DSCP Match (DSCP_MATCH): Available
DSCP Target (DSCP_TARGET): Available
Enhanced Multi-port Match (EMULIPORT): Available
Extended Connection Tracking Match Support (NEW_CONNTRACK_MATCH): Available
Extended Connmark Match (XCONNMARK_MATCH): Available
Extended CONNMARK Target (XCONNMARK): Available
Extended MARK Target 2 (EXMARK): Available
Extended MARK Target (XMARK): Available
Extended Multi-port Match (XMULIPORT): Available
Extended REJECT (ENHANCED_REJECT): Available
FLOW Classifier (FLOW_FILTER): Available
FTP-0 Helper: Not available
FTP Helper: Available
fwmark route mask (FWMARK_RT_MASK): Available
Geo IP match: Not available
Goto Support (GOTO_TARGET): Available
H323 Helper: Available
Hashlimit Match (HASHLIMIT_MATCH): Available
Header Match (HEADER_MATCH): Not available
Helper Match (HELPER_MATCH): Available
IMQ Target (IMQ_TARGET): Not available
IPMARK Target (IPMARK_TARGET): Not available
IPP2P Match (IPP2P_MATCH): Not available
IP range Match(IPRANGE_MATCH): Available
ipset V5 (IPSET_V5): Not available
iptables -S (IPTABLES_S): Available
IRC-0 Helper: Not available
IRC Helper: Available
Kernel Version (KERNELVERSION): 31600
LOGMARK Target (LOGMARK_TARGET): Not available
LOG Target (LOG_TARGET): Available
Mangle FORWARD Chain (MANGLE_FORWARD): Available
Mark in the filter table (MARK_ANYWHERE): Available
MARK Target (MARK): Available
MASQUERADE Target: Available
Multi-port Match (MULTIPORT): Available
NAT (NAT_ENABLED): Available
Netbios_ns Helper: Available
New tos Match: Available
NFAcct match: Available
NFLOG Target (NFLOG_TARGET): Available
NFQUEUE Target (NFQUEUE_TARGET): Available
Owner Match (OWNER_MATCH): Available
Owner Name Match (OWNER_NAME_MATCH): Available
Packet length Match (LENGTH_MATCH): Available
Packet Mangling (MANGLE_ENABLED): Available
Packet Type Match (USEPKTTYPE): Available
Persistent SNAT (PERSISTENT_SNAT): Available
Physdev-is-bridged Support (PHYSDEV_BRIDGE): Available
Physdev Match (PHYSDEV_MATCH): Available
Policy Match (POLICY_MATCH): Available
PPTP Helper: Available
Rawpost Table (RAWPOST_TABLE): Not available
Raw Table (RAW_TABLE): Available
Realm Match (REALM_MATCH): Available
Recent Match "--reap" option (REAP_OPTION): Available
Recent Match (RECENT_MATCH): Available
Repeat match (KLUDGEFREE): Available
RPFilter match: Available
SANE-0 Helper: Not available
SANE Helper: Available
SIP-0 Helper: Not available
SIP Helper: Available
SNMP Helper: Available
Statistic Match (STATISTIC_MATCH): Available
TCPMSS Match (TCPMSS_MATCH): Available
TFTP-0 Helper: Not available
TFTP Helper: Available
Time Match (TIME_MATCH): Available
TPROXY Target (TPROXY_TARGET): Available
UDPLITE Port Redirection: Not available
ULOG Target (ULOG_TARGET): Available
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
udp UNCONN 0 0 127.0.0.1:11211 *:*
users:(("memcached",pid=1047,fd=30),("memcached",pid=1047,fd=29),("memcached",pid=1047,fd=28),("memcached",pid=1047,fd=27))
udp UNCONN 0 0 xx.xx.xx.xx:53 *:*
users:(("named",pid=1046,fd=543),("named",pid=1046,fd=542),("named",pid=1046,fd=541),("named",pid=1046,fd=540),("named",pid=1046,fd=539),("named",pid=1046,fd=538),("named",pid=1046,fd=537),("named",pid=1046,fd=536))
udp UNCONN 0 0 192.168.71.30:53 *:*
users:(("named",pid=1046,fd=535),("named",pid=1046,fd=534),("named",pid=1046,fd=533),("named",pid=1046,fd=532),("named",pid=1046,fd=531),("named",pid=1046,fd=530),("named",pid=1046,fd=529),("named",pid=1046,fd=528))
udp UNCONN 0 0 127.0.0.1:53 *:*
users:(("named",pid=1046,fd=527),("named",pid=1046,fd=526),("named",pid=1046,fd=525),("named",pid=1046,fd=524),("named",pid=1046,fd=523),("named",pid=1046,fd=522),("named",pid=1046,fd=521),("named",pid=1046,fd=520))
udp UNCONN 0 0 *:111 *:*
users:(("rpcbind",pid=749,fd=6))
udp UNCONN 0 0 xx.xx.xx.xx:123 *:*
users:(("ntpd",pid=1130,fd=20))
udp UNCONN 0 0 192.168.71.30:123 *:*
users:(("ntpd",pid=1130,fd=19))
udp UNCONN 0 0 127.0.0.1:123 *:*
users:(("ntpd",pid=1130,fd=18))
udp UNCONN 0 0 *:123 *:*
users:(("ntpd",pid=1130,fd=16))
udp UNCONN 0 0 xx.xx.xx.xx:137 *:*
users:(("nmbd",pid=1785,fd=23))
udp UNCONN 0 0 xx.xx.xx.xx:137 *:*
users:(("nmbd",pid=1785,fd=22))
udp UNCONN 0 0 192.168.71.255:137 *:*
users:(("nmbd",pid=1785,fd=19))
udp UNCONN 0 0 192.168.71.30:137 *:*
users:(("nmbd",pid=1785,fd=18))
udp UNCONN 0 0 *:137 *:*
users:(("nmbd",pid=1785,fd=16))
udp UNCONN 0 0 xx.xx.xx.xx:138 *:*
users:(("nmbd",pid=1785,fd=25))
udp UNCONN 0 0 xx.xx.xx.xx:138 *:*
users:(("nmbd",pid=1785,fd=24))
udp UNCONN 0 0 192.168.71.255:138 *:*
users:(("nmbd",pid=1785,fd=21))
udp UNCONN 0 0 192.168.71.30:138 *:*
users:(("nmbd",pid=1785,fd=20))
udp UNCONN 0 0 *:138 *:*
users:(("nmbd",pid=1785,fd=17))
udp UNCONN 0 0 *:922 *:*
users:(("rpcbind",pid=749,fd=7))
udp UNCONN 0 0 127.0.0.1:937 *:*
users:(("rpc.statd",pid=761,fd=5))
udp UNCONN 0 0 *:52316 *:*
users:(("rpc.statd",pid=761,fd=8))
tcp LISTEN 0 10 xx.xx.xx.xx:53 *:*
users:(("named",pid=1046,fd=26))
tcp LISTEN 0 10 192.168.71.30:53 *:*
users:(("named",pid=1046,fd=22))
tcp LISTEN 0 10 127.0.0.1:53 *:*
users:(("named",pid=1046,fd=21))
tcp LISTEN 0 128 *:22 *:*
users:(("sshd",pid=1044,fd=3))
tcp LISTEN 0 100 *:25 *:*
users:(("master",pid=2074,fd=12))
tcp LISTEN 0 128 127.0.0.1:953 *:*
users:(("named",pid=1046,fd=24))
tcp LISTEN 0 128 *:636 *:*
users:(("slapd",pid=1720,fd=11))
tcp LISTEN 0 50 *:445 *:*
users:(("smbd",pid=1795,fd=36))
tcp LISTEN 0 5 *:3551 *:*
users:(("apcupsd",pid=1132,fd=4))
tcp LISTEN 0 5 127.0.0.1:20000 *:*
users:(("sogod",pid=1765,fd=4),("sogod",pid=1764,fd=4),("sogod",pid=1763,fd=4),("sogod",pid=1747,fd=4))
tcp LISTEN 0 5 127.0.0.1:3552 *:*
users:(("apcupsd",pid=1211,fd=5))
tcp LISTEN 0 128 *:56868 *:*
users:(("rpc.statd",pid=761,fd=9))
tcp LISTEN 0 128 *:389 *:*
users:(("slapd",pid=1720,fd=9))
tcp LISTEN 0 50 *:3306 *:*
users:(("mysqld",pid=1718,fd=13))
tcp LISTEN 0 50 *:139 *:*
users:(("smbd",pid=1795,fd=37))
tcp LISTEN 0 128 127.0.0.1:11211 *:*
users:(("memcached",pid=1047,fd=26))
tcp LISTEN 0 128 *:111 *:*
users:(("rpcbind",pid=749,fd=8))
tcp ESTAB 0 0 192.168.71.30:22 192.168.71.36:3045
users:(("sshd",pid=2163,fd=3))
tcp ESTAB 0 0 127.0.0.1:57051 127.0.0.1:389
users:(("nslcd",pid=1735,fd=9))
tcp ESTAB 0 0 127.0.0.1:57047 127.0.0.1:389
users:(("nslcd",pid=1735,fd=11))
tcp ESTAB 0 0 127.0.0.1:389 127.0.0.1:57046
users:(("slapd",pid=1720,fd=23))
tcp ESTAB 0 0 192.168.71.30:57117 192.168.71.6:389
users:(("slapd",pid=1720,fd=15))
tcp CLOSE-WAIT 1 0 127.0.0.1:43398 127.0.0.1:20000
users:(("apache2",pid=12402,fd=19))
tcp CLOSE-WAIT 0 0 127.0.0.1:43396 127.0.0.1:20000
users:(("apache2",pid=8765,fd=19))
tcp ESTAB 0 0 127.0.0.1:40000 127.0.0.1:11211
users:(("sogod",pid=1765,fd=8))
tcp ESTAB 0 0 127.0.0.1:40113 127.0.0.1:11211
users:(("sogod",pid=1764,fd=8))
tcp ESTAB 0 0 127.0.0.1:57052 127.0.0.1:389
users:(("nslcd",pid=1735,fd=14))
tcp ESTAB 0 0 127.0.0.1:389 127.0.0.1:57045
users:(("slapd",pid=1720,fd=20))
tcp ESTAB 0 0 192.168.71.30:3306 192.168.71.7:48081
users:(("mysqld",pid=1718,fd=45))
tcp CLOSE-WAIT 1 0 127.0.0.1:43381 127.0.0.1:20000
users:(("apache2",pid=1893,fd=19))
tcp CLOSE-WAIT 0 0 127.0.0.1:43327 127.0.0.1:20000
users:(("apache2",pid=1895,fd=19))
tcp ESTAB 0 0 127.0.0.1:11211 127.0.0.1:40113
users:(("memcached",pid=1047,fd=32))
tcp ESTAB 0 0 127.0.0.1:57045 127.0.0.1:389
users:(("nslcd",pid=1735,fd=12))
tcp ESTAB 0 0 127.0.0.1:389 127.0.0.1:57051
users:(("slapd",pid=1720,fd=21))
tcp ESTAB 0 0 192.168.71.30:58013 192.168.71.7:3306
users:(("mysqld",pid=1718,fd=51))
tcp ESTAB 0 0 127.0.0.1:389 127.0.0.1:57047
users:(("slapd",pid=1720,fd=22))
tcp ESTAB 0 0 127.0.0.1:57046 127.0.0.1:389
users:(("nslcd",pid=1735,fd=5))
tcp ESTAB 0 0 127.0.0.1:389 127.0.0.1:57052
users:(("slapd",pid=1720,fd=24))
tcp ESTAB 0 0 127.0.0.1:11211 127.0.0.1:40000
users:(("memcached",pid=1047,fd=31))
tcp ESTAB 0 0 192.168.71.30:389 192.168.71.6:48629
users:(("slapd",pid=1720,fd=18))
Traffic Control
Device eth-intern:
qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1
1 1
Sent 98805710 bytes 249773 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
Device eth-ext0:
qdisc prio 1: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
Sent 26476267 bytes 94138 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
qdisc sfq 11: parent 1:1 limit 127p quantum 1875b depth 127 flows 127/1024
divisor 1024 perturb 10sec
Sent 755162 bytes 11140 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
qdisc sfq 12: parent 1:2 limit 127p quantum 1875b depth 127 flows 127/1024
divisor 1024 perturb 10sec
Sent 25716866 bytes 82989 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
qdisc sfq 13: parent 1:3 limit 127p quantum 1875b depth 127 flows 127/1024
divisor 1024 perturb 10sec
Sent 4239 bytes 9 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
class prio 1:1 parent 1: leaf 11:
Sent 755162 bytes 11140 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
class prio 1:2 parent 1: leaf 12:
Sent 25716866 bytes 82989 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
class prio 1:3 parent 1: leaf 13:
Sent 4239 bytes 9 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
TC Filters
Device eth-intern:
Device eth-ext0:
filter parent 1: protocol all pref 1 u32
filter parent 1: protocol all pref 1 u32 fh 800: ht divisor 1
filter parent 1: protocol all pref 1 u32 fh 800::800 order 2048 key ht 800 bkt
0 flowid 1:1
match 00060000/00ff0000 at 8
match 05000000/0f00ffc0 at 0
match 00100000/00ff0000 at 32
filter parent 1: protocol all pref 1 u32 fh 800::801 order 2049 key ht 800 bkt
0 flowid 1:1
match 00000600/0000ff00 at 4
match 05000000/0f00ffc0 at 0
match 00100000/00ff0000 at 32
filter parent 1: protocol all pref 17 fw
filter parent 1: protocol all pref 17 fw handle 0x1 classid 1:1
filter parent 1: protocol all pref 18 fw
filter parent 1: protocol all pref 18 fw handle 0x2 classid 1:2
filter parent 1: protocol all pref 19 fw
filter parent 1: protocol all pref 19 fw handle 0x3 classid 1:3
Node 11:
filter protocol all pref 1 flow
filter protocol all pref 1 flow handle 0xb hash keys nfct-src divisor 1024
baseclass 11:1
Node 12:
filter protocol all pref 1 flow
filter protocol all pref 1 flow handle 0xc hash keys nfct-src divisor 1024
baseclass 12:1
Node 13:
filter protocol all pref 1 flow
filter protocol all pref 1 flow handle 0xd hash keys nfct-src divisor 1024
baseclass 13:1
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
