Hi list!
Today I'm writing here since me and my colleague are trying to implement
a solution as summarized here:
- Raspberry Pi (debian-like arm distro)
- Shorewall installed
- Softether vpn installed, with internal dhcp for vpn clients (vpn zone)
- LAN + Wireless in bridge (loc zone)
- UMTS/4g dongle connected on USB, detected as net interface
(net zone)
We now managed to reach the raspberry (aka shorewall host) via vpn but
it seems that forward chain is not working as expected, maybe for a
mis-configured file? (vpn clients cannot reach the loc zone)
192.168.8.1 is the private-side ip of the 4g dongle (net zone)
192.168.31.0/24 is the loc zone (eth0 bridged with wlan0)
Attached files are shorewall dump and softether config
The reason why we chose softether is that we need a cloud-vpn solution
since our provider doesn't provide as a public ip at the sim side but
they're connected with a private nat-ed ip on the router side, so an
openvpn server or similar listening on the wan ip cannot be a solution.
Many thanks for any of your hints!
(And please, be patient with my poor english :) )
Nice sunday,
Nick
--
+---------------------+
| Linux User #554252 |
+---------------------+
# Software Configuration File
# ---------------------------
#
# You may edit this file when the VPN Server / Client / Bridge program is not
running.
#
# In prior to edit this file manually by your text editor,
# shutdown the VPN Server / Client / Bridge background service.
# Otherwise, all changes will be lost.
#
declare root
{
uint ConfigRevision 312
bool IPsecMessageDisplayed false
string Region IT
bool VgsMessageDisplayed false
declare DDnsClient
{
bool Disabled false
byte Key
string LocalHostname raspberrypi
string ProxyHostName $
uint ProxyPort 0
uint ProxyType 0
string ProxyUsername $
}
declare IPsec
{
bool EtherIP_IPsec true
string IPsec_Secret 123456789
string L2TP_DefaultHub VPN
bool L2TP_IPsec true
bool L2TP_Raw true
declare EtherIP_IDSettingsList
{
}
}
declare ListenerList
{
declare Listener0
{
bool DisableDos false
bool Enabled true
uint Port 443
}
declare Listener1
{
bool DisableDos false
bool Enabled true
uint Port 992
}
declare Listener2
{
bool DisableDos false
bool Enabled true
uint Port 1194
}
declare Listener3
{
bool DisableDos false
bool Enabled true
uint Port 5555
}
}
declare LocalBridgeList
{
bool DoNotDisableOffloading false
declare LocalBridge0
{
string DeviceName vpntap
string HubName VPN
bool LimitBroadcast false
bool MonitorMode false
bool NoPromiscuousMode false
string TapMacAddress 5E-C5-A2-3F-6A-7F
bool TapMode true
}
}
declare ServerConfiguration
{
bool AcceptOnlyTls true
uint64 AutoDeleteCheckDiskFreeSpaceMin 104857600
uint AutoDeleteCheckIntervalSecs 300
uint AutoSaveConfigSpan 300
bool BackupConfigOnlyWhenModified true
string CipherName AES128-SHA
uint CurrentBuild 9678
bool DisableCoreDumpOnUnix false
bool DisableDeadLockCheck false
bool DisableDosProction false
bool DisableGetHostNameWhenAcceptTcp false
bool DisableIntelAesAcceleration false
bool DisableIPv6Listener false
bool DisableNatTraversal false
bool DisableOpenVPNServer false
bool DisableSessionReconnect false
bool DisableSSTPServer false
bool DontBackupConfig false
bool EnableVpnAzure true
bool EnableVpnOverDns false
bool EnableVpnOverIcmp false
byte HashedPassword LuqtmTn4az6KYd95fc1reAED4EA=
string KeepConnectHost keepalive.softether.org
uint KeepConnectInterval 50
uint KeepConnectPort 80
uint KeepConnectProtocol 1
uint64 LoggerMaxLogSize 1073741823
uint MaxConcurrentDnsClientThreads 64
uint MaxConnectionsPerIP 256
uint MaxUnestablishedConnections 1000
bool NoHighPriorityProcess false
bool NoLinuxArpFilter false
bool NoSendSignature false
string OpenVPNDefaultClientOption
dev-type$20tun,link-mtu$201500,tun-mtu$201500,cipher$20AES-128-CBC,auth$20SHA1,keysize$20128,key-method$202,tls-client
string OpenVPN_UdpPortList 1194
bool SaveDebugLog false
byte ServerCert
byte ServerKey
uint ServerLogSwitchType 4
uint ServerType 0
bool StrictSyslogDatetimeFormat false
bool Tls_Disable1_0 false
bool Tls_Disable1_1 false
bool Tls_Disable1_2 false
bool UseKeepConnect true
bool UseWebTimePage false
bool UseWebUI false
declare GlobalParams
{
uint FIFO_BUDGET 1000000
uint HUB_ARP_SEND_INTERVAL 5000
uint IP_TABLE_EXPIRE_TIME 60000
uint IP_TABLE_EXPIRE_TIME_DHCP 300000
uint MAC_TABLE_EXPIRE_TIME 600000
uint MAX_BUFFERING_PACKET_SIZE 480000
uint MAX_HUB_LINKS 1024
uint MAX_IP_TABLES 65536
uint MAX_MAC_TABLES 65536
uint MAX_SEND_SOCKET_QUEUE_NUM 128
uint MAX_SEND_SOCKET_QUEUE_SIZE 320000
uint MAX_STORED_QUEUE_NUM 384
uint MEM_FIFO_REALLOC_MEM_SIZE 65536
uint MIN_SEND_SOCKET_QUEUE_SIZE 80000
uint QUEUE_BUDGET 1024
uint SELECT_TIME 256
uint SELECT_TIME_FOR_NAT 30
uint STORM_CHECK_SPAN 500
uint STORM_DISCARD_VALUE_END 1024
uint STORM_DISCARD_VALUE_START 3
}
declare ServerTraffic
{
declare RecvTraffic
{
uint64 BroadcastBytes 1198903270
uint64 BroadcastCount 12531106
uint64 UnicastBytes 8759529998
uint64 UnicastCount 23067400
}
declare SendTraffic
{
uint64 BroadcastBytes 1956112175
uint64 BroadcastCount 17800378
uint64 UnicastBytes 8241748641
uint64 UnicastCount 19555968
}
}
declare SyslogSettings
{
string HostName $
uint Port 0
uint SaveType 0
}
}
declare VirtualHUB
{
declare VPN
{
uint64 CreatedTime 1570234253123
byte HashedPassword
uint64 LastCommTime 1601707654823
uint64 LastLoginTime 1601529500313
uint NumLogin 568
bool Online true
bool RadiusConvertAllMsChapv2AuthRequestToEap false
string RadiusRealm $
uint RadiusRetryInterval 0
uint RadiusServerPort 1812
string RadiusSuffixFilter $
bool RadiusUsePeapInsteadOfEap false
byte SecurePassword
uint Type 0
declare AccessList
{
}
declare AdminOption
{
uint allow_hub_admin_change_option 0
uint deny_bridge 0
uint deny_change_user_password 0
uint deny_empty_password 0
uint deny_hub_admin_change_ext_option 0
uint deny_qos 0
uint deny_routing 0
uint max_accesslists 0
uint max_bitrates_download 0
uint max_bitrates_upload 0
uint max_groups 0
uint max_multilogins_per_user 0
uint max_sessions 0
uint max_sessions_bridge 0
uint max_sessions_client 0
uint max_sessions_client_bridge_apply 0
uint max_users 0
uint no_access_list_include_file 0
uint no_cascade 0
uint no_change_access_control_list 0
uint no_change_access_list 0
uint no_change_admin_password 0
uint no_change_cert_list 0
uint no_change_crl_list 0
uint no_change_groups 0
uint no_change_log_config 0
uint no_change_log_switch_type 0
uint no_change_msg 0
uint no_change_users 0
uint no_delay_jitter_packet_loss 0
uint no_delete_iptable 0
uint no_delete_mactable 0
uint no_disconnect_session 0
uint no_enum_session 0
uint no_offline 0
uint no_online 0
uint no_query_session 0
uint no_read_log_file 0
uint no_securenat 0
uint no_securenat_enabledhcp 0
uint no_securenat_enablenat 0
}
declare CascadeList
{
}
declare LogSetting
{
uint PacketLogSwitchType 4
uint PACKET_LOG_ARP 0
uint PACKET_LOG_DHCP 1
uint PACKET_LOG_ETHERNET 0
uint PACKET_LOG_ICMP 0
uint PACKET_LOG_IP 0
uint PACKET_LOG_TCP 0
uint PACKET_LOG_TCP_CONN 1
uint PACKET_LOG_UDP 0
bool SavePacketLog true
bool SaveSecurityLog true
uint SecurityLogSwitchType 4
}
declare Message
{
}
declare Option
{
uint AccessListIncludeFileCacheLifetime 30
uint AdjustTcpMssValue 0
bool ApplyIPv4AccessListOnArpPacket false
bool AssignVLanIdByRadiusAttribute false
bool BroadcastLimiterStrictMode false
uint BroadcastStormDetectionThreshold 0
uint ClientMinimumRequiredBuild 0
bool DenyAllRadiusLoginWithNoVlanAssign false
uint DetectDormantSessionInterval 0
bool DisableAdjustTcpMss false
bool DisableCheckMacOnLocalBridge false
bool DisableCorrectIpOffloadChecksum false
bool DisableHttpParsing false
bool DisableIPParsing false
bool DisableIpRawModeSecureNAT false
bool DisableKernelModeSecureNAT false
bool DisableUdpAcceleration false
bool DisableUdpFilterForLocalBridgeNic false
bool DisableUserModeSecureNAT false
bool DoNotSaveHeavySecurityLogs false
bool DropArpInPrivacyFilterMode true
bool DropBroadcastsInPrivacyFilterMode true
bool FilterBPDU false
bool FilterIPv4 false
bool FilterIPv6 false
bool FilterNonIP false
bool FilterOSPF false
bool FilterPPPoE false
uint FloodingSendQueueBufferQuota 33554432
bool ManageOnlyLocalUnicastIPv6 true
bool ManageOnlyPrivateIP true
uint MaxLoggedPacketsPerMinute 0
uint MaxSession 0
bool NoArpPolling false
bool NoDhcpPacketLogOutsideHub true
bool NoEnum false
bool NoIpTable false
bool NoIPv4PacketLog false
bool NoIPv6AddrPolling false
bool NoIPv6DefaultRouterInRAWhenIPv6 true
bool NoIPv6PacketLog false
bool NoLookBPDUBridgeId false
bool NoMacAddressLog true
bool NoManageVlanId false
bool NoPhysicalIPOnPacketLog false
bool NoSpinLockForPacketDelay false
bool RemoveDefGwOnDhcpForLocalhost true
uint RequiredClientId 0
uint SecureNAT_MaxDnsSessionsPerIp 0
uint SecureNAT_MaxIcmpSessionsPerIp 0
uint SecureNAT_MaxTcpSessionsPerIp 0
uint SecureNAT_MaxTcpSynSentPerIp 0
uint SecureNAT_MaxUdpSessionsPerIp 0
bool SecureNAT_RandomizeAssignIp false
bool SuppressClientUpdateNotification false
bool UseHubNameAsDhcpUserClassOption false
bool UseHubNameAsRadiusNasId false
string VlanTypeId 0x8100
bool YieldAfterStorePacket false
}
declare SecureNAT
{
bool Disabled false
bool SaveLog true
declare VirtualDhcpServer
{
string DhcpDnsServerAddress 192.168.30.1
string DhcpDnsServerAddress2 0.0.0.0
string DhcpDomainName fritz.box
bool DhcpEnabled true
uint DhcpExpireTimeSpan 7200
string DhcpGatewayAddress 192.168.30.1
string DhcpLeaseIPEnd 192.168.30.200
string DhcpLeaseIPStart 192.168.30.10
string DhcpPushRoutes $
string DhcpSubnetMask 255.255.255.0
}
declare VirtualHost
{
string VirtualHostIp 192.168.30.1
string VirtualHostIpSubnetMask
255.255.255.0
string VirtualHostMacAddress
5E-65-B7-18-F7-F9
}
declare VirtualRouter
{
bool NatEnabled true
uint NatMtu 1500
uint NatTcpTimeout 1800
uint NatUdpTimeout 60
}
}
declare SecurityAccountDatabase
{
declare CertList
{
}
declare CrlList
{
}
declare GroupList
{
}
declare IPAccessControlList
{
}
declare UserList
{
declare test
{
byte AuthNtLmSecureHash
byte AuthPassword
uint AuthType 1
uint64 CreatedTime 1572763805568
uint64 ExpireTime 0
uint64 LastLoginTime
1601529500313
string Note $
uint NumLogin 547
string RealName $
uint64 UpdatedTime 1574086741004
declare Traffic
{
declare RecvTraffic
{
uint64
BroadcastBytes 21248056
uint64
BroadcastCount 316782
uint64
UnicastBytes 5732038794
uint64
UnicastCount 4791434
}
declare SendTraffic
{
uint64
BroadcastBytes 2826670
uint64
BroadcastCount 9093
uint64
UnicastBytes 223368756
uint64
UnicastCount 2823070
}
}
}
}
}
declare Traffic
{
declare RecvTraffic
{
uint64 BroadcastBytes 1198903270
uint64 BroadcastCount 12531106
uint64 UnicastBytes 8759531352
uint64 UnicastCount 23067401
}
declare SendTraffic
{
uint64 BroadcastBytes 1956112175
uint64 BroadcastCount 17800378
uint64 UnicastBytes 8241749995
uint64 UnicastCount 19555969
}
}
}
}
declare VirtualLayer3SwitchList
{
}
}
Shorewall 5.0.15.6 Dump at raspberrypi - Sat 3 Oct 17:45:13 CEST 2020
Shorewall is running
State:Started Thu 1 Oct 16:17:15 CEST 2020 from /etc/shorewall/
(/var/lib/shorewall/firewall compiled Sun 27 Sep 15:40:58 CEST 2020 by
Shorewall version 5.0.15.6)
Counters reset Thu 1 Oct 16:17:15 CEST 2020
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
355K 30M net-fw all -- eth1 * 0.0.0.0/0 0.0.0.0/0
868K 1234M ~comb2 all -- eth0 * 0.0.0.0/0 0.0.0.0/0
1925K 77M ~comb2 all -- wlan0 * 0.0.0.0/0 0.0.0.0/0
34288 2265K vpn-fw all -- tap_vpntap * 0.0.0.0/0
0.0.0.0/0
322K 30M ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix "Shorewall:INPUT:REJECT:"
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
1484 77040 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:0x06/0x02 TCPMSS clamp to PMTU
66711 82M net_frwd all -- eth1 * 0.0.0.0/0 0.0.0.0/0
62052 12M ~comb1 all -- eth0 * 0.0.0.0/0 0.0.0.0/0
36042 3863K ~comb1 all -- wlan0 * 0.0.0.0/0 0.0.0.0/0
0 0 vpn_frwd all -- tap_vpntap * 0.0.0.0/0
0.0.0.0/0
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix "Shorewall:FORWARD:REJECT:"
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
3210K 9920M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
654K 44M fw-net all -- * eth1 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * eth0 0.0.0.0/0 0.0.0.0/0
3 712 ACCEPT all -- * wlan0 0.0.0.0/0 0.0.0.0/0
8 1478 fw-vpn all -- * tap_vpntap 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix "Shorewall:OUTPUT:REJECT:"
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain Broadcast (2 references)
pkts bytes target prot opt in out source destination
34308 2269K DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type BROADCAST
8 1478 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type MULTICAST
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type ANYCAST
Chain Drop (2 references)
pkts bytes target prot opt in out source destination
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 3 code 4 /* Needed ICMP types */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 11 /* Needed ICMP types */
0 0 Broadcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,445 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:137:139 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:137 dpts:1024:65535 /* SMB */
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,139,445 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1900 /* UPnP */
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:!0x17/0x02
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:53 /* Late DNS Replies */
Chain Reject (8 references)
pkts bytes target prot opt in out source destination
356K 23M all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 3 code 4 /* Needed ICMP types */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 11 /* Needed ICMP types */
356K 23M Broadcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] multiport dports 135,445 /* SMB */
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] udp dpts:137:139 /* SMB */
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] udp spt:137 dpts:1024:65535 /* SMB */
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] multiport dports 135,139,445 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1900 /* UPnP */
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:!0x17/0x02
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:53 /* Late DNS Replies */
Chain dynamic (6 references)
pkts bytes target prot opt in out source destination
Chain fw-net (1 references)
pkts bytes target prot opt in out source destination
5 1640 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:67:68
2 120 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:443
330K 23M ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:53 /* Regole base connettività internet */
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:53 /* Regole base connettività internet */
167 12692 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:123 /* Regole base connettività internet */
920 55200 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 80,443,143,993,587,465 /* Regole base connettività
internet */
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:33434:33524 /* Networking e diagnostica */
1 84 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 8 /* Networking e diagnostica */
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:43 /* Networking e diagnostica */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 8 limit: avg 1/sec burst 5 /* Networking e diagnostica */
322K 21M Reject all -- * * 0.0.0.0/0 0.0.0.0/0
322K 21M LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix "Shorewall:fw-net:REJECT:"
322K 21M reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain fw-vpn (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:67:68
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 8 /* Regole VPN */
8 1478 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix "Shorewall:fw-vpn:REJECT:"
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain loc-fw (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spts:67:68 dpts:67:68 /* Regole base connettività internet */
115 6892 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:21 /* Server FTP locale */
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp spt:20 /* Server FTP locale */
1 52 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:22 /* Server SSH locale */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 8 /* Server SSH locale */
53 10066 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix "Shorewall:loc-fw:ACCEPT:"
53 10066 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain loc-net (1 references)
pkts bytes target prot opt in out source destination
55428 3357K ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:53 /* Regole base connettività internet */
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:53 /* Regole base connettività internet */
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:123 /* Regole base connettività internet */
743 38487 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 80,443 /* Regole base connettività internet */
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:33434:33524 /* Networking e diagnostica */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 8 /* Networking e diagnostica */
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:43 /* Networking e diagnostica */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 8 limit: avg 1/sec burst 5 /* Networking e diagnostica */
5 260 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
5 260 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix "Shorewall:loc-net:REJECT:"
5 260 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain loc_frwd (1 references)
pkts bytes target prot opt in out source destination
56176 3396K loc-net all -- * eth1 0.0.0.0/0 0.0.0.0/0
26 1352 ACCEPT all -- * eth0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * wlan0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * tap_vpntap 0.0.0.0/0
0.0.0.0/0 /* Regole VPN */
Chain logdrop (0 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logflags (7 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 4 level 6 prefix "Shorewall:logflags:DROP:"
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logreject (0 references)
pkts bytes target prot opt in out source destination
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
Chain net-fw (1 references)
pkts bytes target prot opt in out source destination
2 80 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
355K 30M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
2 80 smurfs all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:67:68
2 80 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:443
2 80 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID
0 0 Drop all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain net_frwd (1 references)
pkts bytes target prot opt in out source destination
0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
66711 82M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 smurfs all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
0 0 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ~comb0 all -- * eth0 0.0.0.0/0 0.0.0.0/0
0 0 ~comb0 all -- * wlan0 0.0.0.0/0 0.0.0.0/0
0 0 ~comb0 all -- * tap_vpntap 0.0.0.0/0
0.0.0.0/0
Chain reject (13 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match src-type BROADCAST
0 0 DROP all -- * * 224.0.0.0/4 0.0.0.0/0
0 0 DROP 2 -- * * 0.0.0.0/0 0.0.0.0/0
5 260 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with tcp-reset
322K 21M REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-port-unreachable
0 0 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-unreachable
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-prohibited
Chain sha-lh-813265f80ae338cdf60c (0 references)
pkts bytes target prot opt in out source destination
Chain sha-rh-9bf4339cf028549fd23e (0 references)
pkts bytes target prot opt in out source destination
Chain shorewall (0 references)
pkts bytes target prot opt in out source destination
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0
recent: SET name: %CURRENTTIME side: source mask: 255.255.255.255
Chain smurflog (2 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix "Shorewall:smurfs:DROP:"
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain smurfs (6 references)
pkts bytes target prot opt in out source destination
4 1366 RETURN all -- * * 0.0.0.0 0.0.0.0/0
0 0 smurflog all -- * * 0.0.0.0/0 0.0.0.0/0
[goto] ADDRTYPE match src-type BROADCAST
0 0 smurflog all -- * * 224.0.0.0/4 0.0.0.0/0
[goto]
Chain tcpflags (6 references)
pkts bytes target prot opt in out source destination
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x3F/0x29
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x3F/0x00
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x06/0x06
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x05/0x05
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x03/0x03
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x19/0x09
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp spt:0 flags:0x17/0x02
Chain vpn-fw (1 references)
pkts bytes target prot opt in out source destination
34284 2265K dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
4 268 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
34284 2265K smurfs all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
6 1971 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:67:68
0 0 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ~log0 tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp dpt:22 /* Regole VPN */
1 60 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 8 /* Regole VPN */
34277 2263K Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix "Shorewall:vpn-fw:REJECT:"
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain vpn-net (1 references)
pkts bytes target prot opt in out source destination
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix "Shorewall:vpn-net:REJECT:"
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain vpn_frwd (1 references)
pkts bytes target prot opt in out source destination
0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 smurfs all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
0 0 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 vpn-net all -- * eth1 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * eth0 0.0.0.0/0 0.0.0.0/0
/* Regole VPN */
0 0 ACCEPT all -- * wlan0 0.0.0.0/0 0.0.0.0/0
/* Regole VPN */
Chain ~comb0 (3 references)
pkts bytes target prot opt in out source destination
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID
0 0 Drop all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ~comb1 (2 references)
pkts bytes target prot opt in out source destination
56202 3397K dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
41892 13M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
56202 3397K smurfs all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
774 40099 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
56202 3397K loc_frwd all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ~comb2 (2 references)
pkts bytes target prot opt in out source destination
179 20310 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
2793K 1311M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
179 20310 smurfs all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
10 3300 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:67:68
127 7516 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
169 17010 loc-fw all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ~log0 (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
/* Regole VPN */ LOG flags 0 level 6 prefix "Shorewall:vpn-fw:ACCEPT:"
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
/* Regole VPN */
Log (/var/log/messages)
Oct 3 17:45:02 fw-net:REJECT:IN= OUT=eth1 SRC=192.168.8.100 DST=130.158.6.56
LEN=65 TOS=0x00 PREC=0x00 TTL=64 ID=23259 DF PROTO=UDP SPT=37082 DPT=80 LEN=45
Oct 3 17:45:03 fw-net:REJECT:IN= OUT=eth1 SRC=192.168.8.100 DST=130.158.6.56
LEN=65 TOS=0x00 PREC=0x00 TTL=64 ID=23304 DF PROTO=UDP SPT=45043 DPT=80 LEN=45
Oct 3 17:45:03 fw-net:REJECT:IN= OUT=eth1 SRC=192.168.8.100 DST=130.158.6.56
LEN=65 TOS=0x00 PREC=0x00 TTL=64 ID=23346 DF PROTO=UDP SPT=53941 DPT=80 LEN=45
Oct 3 17:45:04 fw-net:REJECT:IN= OUT=eth1 SRC=192.168.8.100 DST=130.158.6.56
LEN=65 TOS=0x00 PREC=0x00 TTL=64 ID=23366 DF PROTO=UDP SPT=39826 DPT=80 LEN=45
Oct 3 17:45:04 fw-net:REJECT:IN= OUT=eth1 SRC=192.168.8.100 DST=130.158.6.56
LEN=65 TOS=0x00 PREC=0x00 TTL=64 ID=23413 DF PROTO=UDP SPT=58229 DPT=80 LEN=45
Oct 3 17:45:05 fw-net:REJECT:IN= OUT=eth1 SRC=192.168.8.100 DST=130.158.6.56
LEN=65 TOS=0x00 PREC=0x00 TTL=64 ID=23444 DF PROTO=UDP SPT=39378 DPT=80 LEN=45
Oct 3 17:45:05 fw-net:REJECT:IN= OUT=eth1 SRC=192.168.8.100 DST=130.158.6.56
LEN=65 TOS=0x00 PREC=0x00 TTL=64 ID=23459 DF PROTO=UDP SPT=32984 DPT=80 LEN=45
Oct 3 17:45:06 fw-net:REJECT:IN= OUT=eth1 SRC=192.168.8.100 DST=130.158.6.56
LEN=65 TOS=0x00 PREC=0x00 TTL=64 ID=23482 DF PROTO=UDP SPT=40920 DPT=80 LEN=45
Oct 3 17:45:06 fw-net:REJECT:IN= OUT=eth1 SRC=192.168.8.100 DST=130.158.6.56
LEN=65 TOS=0x00 PREC=0x00 TTL=64 ID=23516 DF PROTO=UDP SPT=38635 DPT=80 LEN=45
Oct 3 17:45:07 fw-net:REJECT:IN= OUT=eth1 SRC=192.168.8.100 DST=130.158.6.56
LEN=65 TOS=0x00 PREC=0x00 TTL=64 ID=23559 DF PROTO=UDP SPT=39480 DPT=80 LEN=45
Oct 3 17:45:07 fw-net:REJECT:IN= OUT=eth1 SRC=192.168.8.100 DST=130.158.6.56
LEN=65 TOS=0x00 PREC=0x00 TTL=64 ID=23602 DF PROTO=UDP SPT=50048 DPT=80 LEN=45
Oct 3 17:45:08 fw-net:REJECT:IN= OUT=eth1 SRC=192.168.8.100 DST=130.158.6.56
LEN=65 TOS=0x00 PREC=0x00 TTL=64 ID=23631 DF PROTO=UDP SPT=54907 DPT=80 LEN=45
Oct 3 17:45:09 fw-net:REJECT:IN= OUT=eth1 SRC=192.168.8.100 DST=130.158.6.56
LEN=65 TOS=0x00 PREC=0x00 TTL=64 ID=23647 DF PROTO=UDP SPT=33300 DPT=80 LEN=45
Oct 3 17:45:09 fw-net:REJECT:IN= OUT=eth1 SRC=192.168.8.100 DST=130.158.6.56
LEN=65 TOS=0x00 PREC=0x00 TTL=64 ID=23671 DF PROTO=UDP SPT=55262 DPT=80 LEN=45
Oct 3 17:45:10 fw-net:REJECT:IN= OUT=eth1 SRC=192.168.8.100 DST=130.158.6.56
LEN=65 TOS=0x00 PREC=0x00 TTL=64 ID=23718 DF PROTO=UDP SPT=33174 DPT=80 LEN=45
Oct 3 17:45:10 fw-net:REJECT:IN= OUT=eth1 SRC=192.168.8.100 DST=130.158.6.56
LEN=65 TOS=0x00 PREC=0x00 TTL=64 ID=23739 DF PROTO=UDP SPT=48189 DPT=80 LEN=45
Oct 3 17:45:11 fw-net:REJECT:IN= OUT=eth1 SRC=192.168.8.100 DST=130.158.6.56
LEN=65 TOS=0x00 PREC=0x00 TTL=64 ID=23741 DF PROTO=UDP SPT=37926 DPT=80 LEN=45
Oct 3 17:45:11 fw-net:REJECT:IN= OUT=eth1 SRC=192.168.8.100 DST=130.158.6.56
LEN=65 TOS=0x00 PREC=0x00 TTL=64 ID=23800 DF PROTO=UDP SPT=39836 DPT=80 LEN=45
Oct 3 17:45:12 fw-net:REJECT:IN= OUT=eth1 SRC=192.168.8.100 DST=130.158.6.56
LEN=65 TOS=0x00 PREC=0x00 TTL=64 ID=23830 DF PROTO=UDP SPT=44574 DPT=80 LEN=45
Oct 3 17:45:12 fw-net:REJECT:IN= OUT=eth1 SRC=192.168.8.100 DST=130.158.6.56
LEN=65 TOS=0x00 PREC=0x00 TTL=64 ID=23876 DF PROTO=UDP SPT=35643 DPT=80 LEN=45
NAT Table
Chain PREROUTING (policy ACCEPT 1909 packets, 286K bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 169 packets, 9153 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 4135 packets, 278K bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 2558 packets, 174K bytes)
pkts bytes target prot opt in out source destination
1333 80389 MASQUERADE all -- * eth1 192.168.31.0/24 0.0.0.0/0
Mangle Table
Chain PREROUTING (policy ACCEPT 489K packets, 36M bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 462K packets, 19M bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 26497 packets, 17M bytes)
pkts bytes target prot opt in out source destination
165K 98M MARK all -- * * 0.0.0.0/0 0.0.0.0/0
MARK and 0xffffff00
Chain OUTPUT (policy ACCEPT 574K packets, 2326M bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 598K packets, 2342M bytes)
pkts bytes target prot opt in out source destination
Raw Table
Chain PREROUTING (policy ACCEPT 489K packets, 36M bytes)
pkts bytes target prot opt in out source destination
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:10080 CT helper amanda
5002 295K CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:21 CT helper ftp
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1719 CT helper RAS
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:1720 CT helper Q.931
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:6667 CT helper irc
2 156 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:137 CT helper netbios-ns
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:1723 CT helper pptp
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:6566 CT helper sane
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:5060 CT helper sip
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:161 CT helper snmp
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:69 CT helper tftp
Chain OUTPUT (policy ACCEPT 574K packets, 2325M bytes)
pkts bytes target prot opt in out source destination
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:10080 CT helper amanda
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:21 CT helper ftp
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1719 CT helper RAS
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:1720 CT helper Q.931
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:6667 CT helper irc
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:137 CT helper netbios-ns
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:1723 CT helper pptp
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:6566 CT helper sane
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:5060 CT helper sip
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:161 CT helper snmp
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:69 CT helper tftp
Conntrack Table (131 out of 61440)
ipv4 2 udp 17 19 src=192.168.8.100 dst=192.168.8.1 sport=49824
dport=53 src=192.168.8.1 dst=192.168.8.100 sport=53 dport=49824 mark=0 zone=0
use=2
ipv4 2 udp 17 21 src=192.168.32.103 dst=192.168.8.1 sport=50248
dport=53 [UNREPLIED] src=192.168.8.1 dst=192.168.32.103 sport=53 dport=50248
mark=0 zone=0 use=2
ipv4 2 udp 17 3 src=192.168.8.100 dst=192.168.8.1 sport=42472 dport=53
src=192.168.8.1 dst=192.168.8.100 sport=53 dport=42472 mark=0 zone=0 use=2
ipv4 2 udp 17 2 src=192.168.8.100 dst=192.168.8.1 sport=52461 dport=53
src=192.168.8.1 dst=192.168.8.100 sport=53 dport=52461 mark=0 zone=0 use=2
ipv4 2 udp 17 9 src=192.168.8.100 dst=192.168.8.1 sport=53393 dport=53
src=192.168.8.1 dst=192.168.8.100 sport=53 dport=53393 mark=0 zone=0 use=2
ipv4 2 tcp 6 431530 ESTABLISHED src=192.168.31.106 dst=40.67.254.36
sport=49888 dport=443 src=40.67.254.36 dst=192.168.8.100 sport=443 dport=49888
[ASSURED] mark=0 zone=0 use=2
ipv4 2 udp 17 11 src=192.168.8.100 dst=192.168.8.1 sport=43031
dport=53 src=192.168.8.1 dst=192.168.8.100 sport=53 dport=43031 mark=0 zone=0
use=2
ipv4 2 udp 17 13 src=192.168.8.100 dst=192.168.8.1 sport=50659
dport=53 src=192.168.8.1 dst=192.168.8.100 sport=53 dport=50659 mark=0 zone=0
use=2
ipv4 2 udp 17 29 src=192.168.8.100 dst=192.168.8.1 sport=42554
dport=53 src=192.168.8.1 dst=192.168.8.100 sport=53 dport=42554 mark=0 zone=0
use=2
ipv4 2 udp 17 29 src=192.168.8.100 dst=192.168.8.1 sport=48993
dport=53 src=192.168.8.1 dst=192.168.8.100 sport=53 dport=48993 mark=0 zone=0
use=2
ipv4 2 udp 17 28 src=192.168.8.100 dst=192.168.8.1 sport=45445
dport=53 src=192.168.8.1 dst=192.168.8.100 sport=53 dport=45445 mark=0 zone=0
use=2
ipv4 2 udp 17 8 src=192.168.8.100 dst=192.168.8.1 sport=53705 dport=53
src=192.168.8.1 dst=192.168.8.100 sport=53 dport=53705 mark=0 zone=0 use=2
ipv4 2 udp 17 1 src=192.168.32.103 dst=192.168.8.1 sport=54139
dport=53 [UNREPLIED] src=192.168.8.1 dst=192.168.32.103 sport=53 dport=54139
mark=0 zone=0 use=2
ipv4 2 tcp 6 1 CLOSE src=192.168.31.106 dst=104.16.51.111 sport=51045
dport=443 src=104.16.51.111 dst=192.168.8.100 sport=443 dport=51045 [ASSURED]
mark=0 zone=0 use=2
ipv4 2 tcp 6 97 TIME_WAIT src=192.168.31.106 dst=216.58.206.66
sport=51043 dport=443 src=216.58.206.66 dst=192.168.8.100 sport=443 dport=51043
[ASSURED] mark=0 zone=0 use=2
ipv4 2 udp 17 9 src=192.168.31.106 dst=192.168.8.1 sport=65111
dport=53 src=192.168.8.1 dst=192.168.8.100 sport=53 dport=65111 mark=0 zone=0
use=2
ipv4 2 tcp 6 114 TIME_WAIT src=192.168.31.106 dst=104.16.53.111
sport=51079 dport=443 src=104.16.53.111 dst=192.168.8.100 sport=443 dport=51079
[ASSURED] mark=0 zone=0 use=2
ipv4 2 udp 17 160 src=192.168.31.106 dst=192.168.8.1 sport=58553
dport=53 src=192.168.8.1 dst=192.168.8.100 sport=53 dport=58553 [ASSURED]
mark=0 zone=0 use=2
ipv4 2 udp 17 24 src=192.168.8.100 dst=192.168.8.1 sport=38718
dport=53 src=192.168.8.1 dst=192.168.8.100 sport=53 dport=38718 mark=0 zone=0
use=2
ipv4 2 tcp 6 431999 ESTABLISHED src=192.168.31.106 dst=192.168.32.20
sport=50620 dport=22 src=192.168.32.20 dst=192.168.31.106 sport=22 dport=50620
[ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 1 CLOSE src=192.168.31.106 dst=216.58.205.68 sport=51033
dport=443 src=216.58.205.68 dst=192.168.8.100 sport=443 dport=51033 [ASSURED]
mark=0 zone=0 use=2
ipv4 2 udp 17 17 src=192.168.8.100 dst=192.168.8.1 sport=54651
dport=53 src=192.168.8.1 dst=192.168.8.100 sport=53 dport=54651 mark=0 zone=0
use=2
ipv4 2 udp 17 10 src=192.168.8.100 dst=192.168.8.1 sport=54242
dport=53 src=192.168.8.1 dst=192.168.8.100 sport=53 dport=54242 mark=0 zone=0
use=2
ipv4 2 tcp 6 24 TIME_WAIT src=192.168.31.106 dst=52.155.169.137
sport=51086 dport=443 src=52.155.169.137 dst=192.168.8.100 sport=443
dport=51086 [ASSURED] mark=0 zone=0 use=2
ipv4 2 udp 17 12 src=192.168.8.100 dst=192.168.8.1 sport=59509
dport=53 src=192.168.8.1 dst=192.168.8.100 sport=53 dport=59509 mark=0 zone=0
use=2
ipv4 2 tcp 6 37 TIME_WAIT src=192.168.8.100 dst=130.158.75.46
sport=52038 dport=80 src=130.158.75.46 dst=192.168.8.100 sport=80 dport=52038
[ASSURED] mark=0 zone=0 use=2
ipv4 2 udp 17 28 src=192.168.8.100 dst=192.168.8.1 sport=53742
dport=53 src=192.168.8.1 dst=192.168.8.100 sport=53 dport=53742 mark=0 zone=0
use=2
ipv4 2 tcp 6 102877 ESTABLISHED src=192.168.31.106 dst=40.67.251.132
sport=49869 dport=443 src=40.67.251.132 dst=192.168.8.100 sport=443 dport=49869
[ASSURED] mark=0 zone=0 use=2
ipv4 2 udp 17 1 src=192.168.8.100 dst=192.168.8.1 sport=46920 dport=53
src=192.168.8.1 dst=192.168.8.100 sport=53 dport=46920 mark=0 zone=0 use=2
ipv4 2 udp 17 5 src=192.168.8.100 dst=192.168.8.1 sport=53858 dport=53
src=192.168.8.1 dst=192.168.8.100 sport=53 dport=53858 mark=0 zone=0 use=2
ipv4 2 udp 17 26 src=192.168.32.103 dst=192.168.8.1 sport=44442
dport=53 [UNREPLIED] src=192.168.8.1 dst=192.168.32.103 sport=53 dport=44442
mark=0 zone=0 use=2
ipv4 2 udp 17 26 src=192.168.8.100 dst=192.168.8.1 sport=52676
dport=53 src=192.168.8.1 dst=192.168.8.100 sport=53 dport=52676 mark=0 zone=0
use=2
ipv4 2 udp 17 0 src=192.168.32.103 dst=192.168.8.1 sport=43305
dport=53 [UNREPLIED] src=192.168.8.1 dst=192.168.32.103 sport=53 dport=43305
mark=0 zone=0 use=2
ipv4 2 tcp 6 431995 ESTABLISHED src=192.168.31.106 dst=192.168.32.103
sport=51088 dport=80 src=192.168.32.103 dst=192.168.31.106 sport=80 dport=51088
[ASSURED] mark=0 zone=0 use=2
ipv4 2 udp 17 16 src=192.168.8.100 dst=192.168.8.1 sport=37253
dport=53 src=192.168.8.1 dst=192.168.8.100 sport=53 dport=37253 mark=0 zone=0
use=2
ipv4 2 tcp 6 116 TIME_WAIT src=192.168.31.106 dst=104.18.70.113
sport=51047 dport=443 src=104.18.70.113 dst=192.168.8.100 sport=443 dport=51047
[ASSURED] mark=0 zone=0 use=2
ipv4 2 udp 17 21 src=192.168.8.100 dst=192.168.8.1 sport=57767
dport=53 src=192.168.8.1 dst=192.168.8.100 sport=53 dport=57767 mark=0 zone=0
use=2
ipv4 2 udp 17 32 src=192.168.8.100 dst=192.168.8.1 sport=38273
dport=53 src=192.168.8.1 dst=192.168.8.100 sport=53 dport=38273 [ASSURED]
mark=0 zone=0 use=2
ipv4 2 tcp 6 431987 ESTABLISHED src=192.168.8.100 dst=130.158.6.124
sport=50760 dport=443 src=130.158.6.124 dst=192.168.8.100 sport=443 dport=50760
[ASSURED] mark=0 zone=0 use=2
ipv4 2 udp 17 10 src=192.168.8.100 dst=192.168.8.1 sport=54156
dport=53 src=192.168.8.1 dst=192.168.8.100 sport=53 dport=54156 mark=0 zone=0
use=2
ipv4 2 tcp 6 1 CLOSE src=192.168.31.106 dst=216.58.208.136 sport=51054
dport=443 src=216.58.208.136 dst=192.168.8.100 sport=443 dport=51054 [ASSURED]
mark=0 zone=0 use=2
ipv4 2 tcp 6 102412 ESTABLISHED src=192.168.31.100 dst=172.253.118.188
sport=42338 dport=443 src=172.253.118.188 dst=192.168.8.100 sport=443
dport=42338 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 96 TIME_WAIT src=192.168.31.106 dst=216.58.206.66
sport=51041 dport=443 src=216.58.206.66 dst=192.168.8.100 sport=443 dport=51041
[ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431991 ESTABLISHED src=192.168.31.106 dst=192.168.32.103
sport=51087 dport=80 src=192.168.32.103 dst=192.168.31.106 sport=80 dport=51087
[ASSURED] mark=0 zone=0 use=2
ipv4 2 udp 17 83 src=192.168.31.106 dst=192.168.8.1 sport=51576
dport=53 src=192.168.8.1 dst=192.168.8.100 sport=53 dport=51576 [ASSURED]
mark=0 zone=0 use=2
ipv4 2 udp 17 6 src=192.168.8.100 dst=192.168.8.1 sport=43858 dport=53
src=192.168.8.1 dst=192.168.8.100 sport=53 dport=43858 mark=0 zone=0 use=2
ipv4 2 udp 17 16 src=192.168.32.103 dst=192.168.8.1 sport=41277
dport=53 [UNREPLIED] src=192.168.8.1 dst=192.168.32.103 sport=53 dport=41277
mark=0 zone=0 use=2
ipv4 2 udp 17 25 src=192.168.8.100 dst=192.168.8.1 sport=34897
dport=53 src=192.168.8.1 dst=192.168.8.100 sport=53 dport=34897 mark=0 zone=0
use=2
ipv4 2 udp 17 12 src=192.168.8.100 dst=192.168.8.1 sport=34972
dport=53 src=192.168.8.1 dst=192.168.8.100 sport=53 dport=34972 mark=0 zone=0
use=2
ipv4 2 tcp 6 108 TIME_WAIT src=192.168.31.106 dst=104.18.71.113
sport=51056 dport=443 src=104.18.71.113 dst=192.168.8.100 sport=443 dport=51056
[ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431969 ESTABLISHED src=192.168.31.106 dst=2.22.32.162
sport=51032 dport=443 src=2.22.32.162 dst=192.168.8.100 sport=443 dport=51032
[ASSURED] mark=0 zone=0 use=2
ipv4 2 udp 17 6 src=192.168.8.100 dst=192.168.8.1 sport=39570 dport=53
src=192.168.8.1 dst=192.168.8.100 sport=53 dport=39570 mark=0 zone=0 use=2
ipv4 2 udp 17 162 src=192.168.8.100 dst=130.158.6.116 sport=58776
dport=5004 src=130.158.6.116 dst=192.168.8.100 sport=5004 dport=58776 [ASSURED]
mark=0 zone=0 use=2
ipv4 2 udp 17 9 src=192.168.31.106 dst=192.168.8.1 sport=56328
dport=53 src=192.168.8.1 dst=192.168.8.100 sport=53 dport=56328 mark=0 zone=0
use=2
ipv4 2 tcp 6 87 TIME_WAIT src=192.168.31.106 dst=192.168.32.20
sport=51089 dport=26969 src=192.168.32.20 dst=192.168.31.106 sport=26969
dport=51089 [ASSURED] mark=0 zone=0 use=2
ipv4 2 udp 17 8 src=192.168.8.100 dst=192.168.8.1 sport=37389 dport=53
src=192.168.8.1 dst=192.168.8.100 sport=53 dport=37389 mark=0 zone=0 use=2
ipv4 2 udp 17 18 src=192.168.8.100 dst=192.168.8.1 sport=53207
dport=53 src=192.168.8.1 dst=192.168.8.100 sport=53 dport=53207 mark=0 zone=0
use=2
ipv4 2 tcp 6 431980 ESTABLISHED src=192.168.31.106 dst=204.79.197.200
sport=51090 dport=443 src=204.79.197.200 dst=192.168.8.100 sport=443
dport=51090 [ASSURED] mark=0 zone=0 use=2
ipv4 2 udp 17 20 src=192.168.8.100 dst=192.168.8.1 sport=49860
dport=53 src=192.168.8.1 dst=192.168.8.100 sport=53 dport=49860 mark=0 zone=0
use=2
ipv4 2 udp 17 11 src=192.168.8.100 dst=192.168.8.1 sport=60966
dport=53 src=192.168.8.1 dst=192.168.8.100 sport=53 dport=60966 mark=0 zone=0
use=2
ipv4 2 udp 17 23 src=192.168.8.100 dst=192.168.8.1 sport=37572
dport=53 src=192.168.8.1 dst=192.168.8.100 sport=53 dport=37572 mark=0 zone=0
use=2
ipv4 2 udp 17 2 src=192.168.8.100 dst=192.168.8.1 sport=42163 dport=53
src=192.168.8.1 dst=192.168.8.100 sport=53 dport=42163 mark=0 zone=0 use=2
ipv4 2 udp 17 25 src=192.168.32.103 dst=192.168.8.1 sport=53573
dport=53 [UNREPLIED] src=192.168.8.1 dst=192.168.32.103 sport=53 dport=53573
mark=0 zone=0 use=2
ipv4 2 tcp 6 431980 ESTABLISHED src=192.168.31.106 dst=104.18.25.243
sport=51091 dport=80 src=104.18.25.243 dst=192.168.8.100 sport=80 dport=51091
[ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 0 CLOSE src=192.168.31.106 dst=216.58.205.67 sport=51076
dport=443 src=216.58.205.67 dst=192.168.8.100 sport=443 dport=51076 [ASSURED]
mark=0 zone=0 use=2
ipv4 2 udp 17 4 src=192.168.8.100 dst=192.168.8.1 sport=60733 dport=53
src=192.168.8.1 dst=192.168.8.100 sport=53 dport=60733 mark=0 zone=0 use=2
ipv4 2 udp 17 5 src=192.168.8.100 dst=192.168.8.1 sport=47247 dport=53
src=192.168.8.1 dst=192.168.8.100 sport=53 dport=47247 mark=0 zone=0 use=2
ipv4 2 udp 17 164 src=192.168.8.100 dst=192.168.8.1 sport=47998
dport=53 src=192.168.8.1 dst=192.168.8.100 sport=53 dport=47998 [ASSURED]
mark=0 zone=0 use=2
ipv4 2 udp 17 5 src=192.168.32.103 dst=192.168.8.1 sport=44985
dport=53 [UNREPLIED] src=192.168.8.1 dst=192.168.32.103 sport=53 dport=44985
mark=0 zone=0 use=2
ipv4 2 udp 17 26 src=192.168.8.100 dst=192.168.8.1 sport=41592
dport=53 src=192.168.8.1 dst=192.168.8.100 sport=53 dport=41592 mark=0 zone=0
use=2
ipv4 2 tcp 6 431947 ESTABLISHED src=192.168.31.106 dst=54.70.97.159
sport=50667 dport=443 src=54.70.97.159 dst=192.168.8.100 sport=443 dport=50667
[ASSURED] mark=0 zone=0 use=2
ipv4 2 udp 17 6 src=192.168.32.103 dst=192.168.8.1 sport=49965
dport=53 [UNREPLIED] src=192.168.8.1 dst=192.168.32.103 sport=53 dport=49965
mark=0 zone=0 use=2
ipv4 2 udp 17 13 src=192.168.8.100 dst=192.168.8.1 sport=44890
dport=53 src=192.168.8.1 dst=192.168.8.100 sport=53 dport=44890 mark=0 zone=0
use=2
ipv4 2 udp 17 20 src=192.168.32.103 dst=192.168.8.1 sport=33960
dport=53 [UNREPLIED] src=192.168.8.1 dst=192.168.32.103 sport=53 dport=33960
mark=0 zone=0 use=2
ipv4 2 udp 17 22 src=192.168.8.100 dst=192.168.8.1 sport=54425
dport=53 src=192.168.8.1 dst=192.168.8.100 sport=53 dport=54425 mark=0 zone=0
use=2
ipv4 2 tcp 6 103035 ESTABLISHED src=192.168.31.100 dst=108.177.97.188
sport=54062 dport=443 src=108.177.97.188 dst=192.168.8.100 sport=443
dport=54062 [ASSURED] mark=0 zone=0 use=2
ipv4 2 udp 17 24 src=192.168.8.100 dst=192.168.8.1 sport=48097
dport=53 src=192.168.8.1 dst=192.168.8.100 sport=53 dport=48097 mark=0 zone=0
use=2
ipv4 2 udp 17 129 src=192.168.8.100 dst=193.204.114.232 sport=123
dport=123 src=193.204.114.232 dst=192.168.8.100 sport=123 dport=123 [ASSURED]
mark=0 zone=0 use=2
ipv4 2 udp 17 10 src=192.168.32.103 dst=192.168.8.1 sport=52736
dport=53 [UNREPLIED] src=192.168.8.1 dst=192.168.32.103 sport=53 dport=52736
mark=0 zone=0 use=2
ipv4 2 udp 17 7 src=192.168.8.100 dst=192.168.8.1 sport=37804 dport=53
src=192.168.8.1 dst=192.168.8.100 sport=53 dport=37804 mark=0 zone=0 use=2
ipv4 2 udp 17 25 src=192.168.8.100 dst=192.168.8.1 sport=38887
dport=53 src=192.168.8.1 dst=192.168.8.100 sport=53 dport=38887 mark=0 zone=0
use=2
ipv4 2 udp 17 20 src=192.168.8.100 dst=192.168.8.1 sport=45089
dport=53 src=192.168.8.1 dst=192.168.8.100 sport=53 dport=45089 mark=0 zone=0
use=2
ipv4 2 udp 17 18 src=192.168.8.100 dst=192.168.8.1 sport=43435
dport=53 src=192.168.8.1 dst=192.168.8.100 sport=53 dport=43435 mark=0 zone=0
use=2
ipv4 2 tcp 6 108 TIME_WAIT src=192.168.31.106 dst=216.58.208.138
sport=51072 dport=443 src=216.58.208.138 dst=192.168.8.100 sport=443
dport=51072 [ASSURED] mark=0 zone=0 use=2
ipv4 2 udp 17 22 src=192.168.8.100 dst=192.168.8.1 sport=53897
dport=53 src=192.168.8.1 dst=192.168.8.100 sport=53 dport=53897 mark=0 zone=0
use=2
ipv4 2 udp 17 3 src=192.168.8.100 dst=192.168.8.1 sport=38992 dport=53
src=192.168.8.1 dst=192.168.8.100 sport=53 dport=38992 mark=0 zone=0 use=2
ipv4 2 udp 17 17 src=192.168.8.100 dst=192.168.8.1 sport=34735
dport=53 src=192.168.8.1 dst=192.168.8.100 sport=53 dport=34735 mark=0 zone=0
use=2
ipv4 2 tcp 6 431996 ESTABLISHED src=192.168.31.106 dst=192.168.32.20
sport=49778 dport=21 src=192.168.32.20 dst=192.168.31.106 sport=21 dport=49778
[ASSURED] mark=0 zone=0 use=3
ipv4 2 udp 17 15 src=192.168.8.100 dst=192.168.8.1 sport=56033
dport=53 src=192.168.8.1 dst=192.168.8.100 sport=53 dport=56033 mark=0 zone=0
use=2
ipv4 2 udp 17 15 src=192.168.8.100 dst=192.168.8.1 sport=35471
dport=53 src=192.168.8.1 dst=192.168.8.100 sport=53 dport=35471 mark=0 zone=0
use=2
ipv4 2 tcp 6 108 TIME_WAIT src=192.168.31.106 dst=104.16.53.111
sport=51053 dport=443 src=104.16.53.111 dst=192.168.8.100 sport=443 dport=51053
[ASSURED] mark=0 zone=0 use=2
IP Configuration
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
default qlen 1000
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UP group default qlen 1000
inet 192.168.32.20/24 brd 192.168.32.255 scope global eth0
valid_lft forever preferred_lft forever
3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
group default qlen 1000
inet 192.168.31.20/24 brd 192.168.31.255 scope global wlan0
valid_lft forever preferred_lft forever
4: eth1: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UP group default qlen 1000
inet 192.168.8.100/24 brd 192.168.8.255 scope global eth1
valid_lft forever preferred_lft forever
16: tap_vpntap: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UNKNOWN group default qlen 1000
inet 192.168.30.254/24 scope global tap_vpntap
valid_lft forever preferred_lft forever
IP Stats
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode
DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
RX: bytes packets errors dropped overrun mcast
90367234 971591 0 0 0 0
TX: bytes packets errors dropped carrier collsns
90367234 971591 0 0 0 0
2: eth0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UP mode DEFAULT group default qlen 1000
link/ether b8:27:eb:47:8a:54 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
11070505491 7958414 18 9 0 0
TX: bytes packets errors dropped carrier collsns
310805711 3979956 0 0 0 0
3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
mode DEFAULT group default qlen 1000
link/ether b8:27:eb:12:df:01 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
177940986 3990194 0 0 0 507
TX: bytes packets errors dropped carrier collsns
3550477906 13583833 0 0 0 0
4: eth1: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UP mode DEFAULT group default qlen 1000
link/ether 0c:5b:8f:27:9a:64 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
775780061 1896905 0 0 0 0
TX: bytes packets errors dropped carrier collsns
284478605 1677162 0 0 0 0
16: tap_vpntap: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UNKNOWN mode DEFAULT group default qlen 1000
link/ether 5e:c5:a2:3f:6a:7f brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
7149819 103038 0 0 0 0
TX: bytes packets errors dropped carrier collsns
7109602 85838 0 0 0 0
Bridges
bridge name bridge id STP enabled interfaces
Routing Rules
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
Table default:
Table local:
local 192.168.8.100 dev eth1 proto kernel scope host src 192.168.8.100
local 192.168.32.20 dev eth0 proto kernel scope host src 192.168.32.20
local 192.168.31.20 dev wlan0 proto kernel scope host src 192.168.31.20
local 192.168.30.254 dev tap_vpntap proto kernel scope host src 192.168.30.254
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
broadcast 192.168.8.255 dev eth1 proto kernel scope link src 192.168.8.100
broadcast 192.168.8.0 dev eth1 proto kernel scope link src 192.168.8.100
broadcast 192.168.32.255 dev eth0 proto kernel scope link src 192.168.32.20
broadcast 192.168.32.0 dev eth0 proto kernel scope link src 192.168.32.20
broadcast 192.168.31.255 dev wlan0 proto kernel scope link src 192.168.31.20
broadcast 192.168.31.0 dev wlan0 proto kernel scope link src 192.168.31.20
broadcast 192.168.30.255 dev tap_vpntap proto kernel scope link src
192.168.30.254
broadcast 192.168.30.0 dev tap_vpntap proto kernel scope link src 192.168.30.254
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1
Table main:
192.168.8.0/24 dev eth1 proto kernel scope link src 192.168.8.100
192.168.32.0/24 dev eth0 proto kernel scope link src 192.168.32.20
192.168.31.0/24 dev wlan0 proto kernel scope link src 192.168.31.20
192.168.30.0/24 dev tap_vpntap proto kernel scope link src 192.168.30.254
default via 192.168.8.1 dev eth1
Per-IP Counters
iptaccount is not installed
NF Accounting
No NF Accounting defined (nfacct not found)
Events
PFKEY SPD
PFKEY SAD
/proc
/proc/version = Linux version 4.19.66-v7+ (dom@buildbot) (gcc version 4.9.3
(crosstool-NG crosstool-ng-1.22.0-88-g8460611)) #1253 SMP Thu Aug 15 11:49:46
BST 2019
/proc/sys/net/ipv4/ip_forward = 1
/proc/sys/net/ipv4/icmp_echo_ignore_all = 0
/proc/sys/net/ipv4/conf/all/proxy_arp = 0
/proc/sys/net/ipv4/conf/all/arp_filter = 1
/proc/sys/net/ipv4/conf/all/arp_ignore = 0
/proc/sys/net/ipv4/conf/all/rp_filter = 0
/proc/sys/net/ipv4/conf/all/log_martians = 0
/proc/sys/net/ipv4/conf/default/proxy_arp = 0
/proc/sys/net/ipv4/conf/default/arp_filter = 0
/proc/sys/net/ipv4/conf/default/arp_ignore = 0
/proc/sys/net/ipv4/conf/default/rp_filter = 0
/proc/sys/net/ipv4/conf/default/log_martians = 1
/proc/sys/net/ipv4/conf/eth0/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth0/arp_filter = 0
/proc/sys/net/ipv4/conf/eth0/arp_ignore = 0
/proc/sys/net/ipv4/conf/eth0/rp_filter = 1
/proc/sys/net/ipv4/conf/eth0/log_martians = 1
/proc/sys/net/ipv4/conf/eth1/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth1/arp_filter = 0
/proc/sys/net/ipv4/conf/eth1/arp_ignore = 0
/proc/sys/net/ipv4/conf/eth1/rp_filter = 1
/proc/sys/net/ipv4/conf/eth1/log_martians = 1
/proc/sys/net/ipv4/conf/lo/proxy_arp = 0
/proc/sys/net/ipv4/conf/lo/arp_filter = 0
/proc/sys/net/ipv4/conf/lo/arp_ignore = 0
/proc/sys/net/ipv4/conf/lo/rp_filter = 0
/proc/sys/net/ipv4/conf/lo/log_martians = 1
/proc/sys/net/ipv4/conf/tap_vpntap/proxy_arp = 0
/proc/sys/net/ipv4/conf/tap_vpntap/arp_filter = 0
/proc/sys/net/ipv4/conf/tap_vpntap/arp_ignore = 0
/proc/sys/net/ipv4/conf/tap_vpntap/rp_filter = 1
/proc/sys/net/ipv4/conf/tap_vpntap/log_martians = 1
/proc/sys/net/ipv4/conf/wlan0/proxy_arp = 0
/proc/sys/net/ipv4/conf/wlan0/arp_filter = 0
/proc/sys/net/ipv4/conf/wlan0/arp_ignore = 0
/proc/sys/net/ipv4/conf/wlan0/rp_filter = 1
/proc/sys/net/ipv4/conf/wlan0/log_martians = 1
ARP
? (54.213.37.69) at <incomplete> on eth1
? (192.168.32.103) at ec:71:db:67:33:80 [ether] on eth0
? (91.228.166.14) at <incomplete> on eth0
? (216.58.208.170) at <incomplete> on eth1
? (104.83.142.13) at <incomplete> on eth1
? (20.190.3.175) at <incomplete> on eth1
? (38.90.226.13) at <incomplete> on eth1
? (34.218.161.49) at <incomplete> on eth1
? (192.168.31.100) at <incomplete> on wlan0
? (192.168.31.106) at 60:f2:62:0e:54:57 [ether] on wlan0
? (104.83.142.13) at <incomplete> on eth0
? (216.58.208.138) at <incomplete> on eth1
? (91.228.166.14) at <incomplete> on eth1
? (216.58.209.42) at <incomplete> on eth1
? (38.90.226.13) at <incomplete> on eth0
? (130.158.6.123) at <incomplete> on eth0
? (13.83.149.67) at <incomplete> on eth0
? (130.158.6.123) at <incomplete> on eth1
? (192.168.30.10) at <incomplete> on tap_vpntap
? (130.158.6.116) at <incomplete> on eth0
? (13.83.149.67) at <incomplete> on eth1
? (216.58.205.74) at <incomplete> on eth0
? (130.158.6.116) at <incomplete> on eth1
? (216.58.198.10) at <incomplete> on eth0
? (52.250.46.232) at <incomplete> on eth1
? (172.217.21.74) at <incomplete> on eth0
? (130.158.6.56) at <incomplete> on eth0
? (192.168.8.101) at <incomplete> on eth1
? (192.168.8.1) at 00:0d:87:8e:4b:ac [ether] on eth1
? (216.58.206.74) at <incomplete> on eth0
Modules
iptable_filter 16384 1
iptable_mangle 16384 1
iptable_nat 16384 1
iptable_raw 16384 1
ip_tables 24576 15
iptable_mangle,iptable_filter,iptable_raw,iptable_nat
ipt_MASQUERADE 16384 1
ipt_REJECT 16384 4
ipt_rpfilter 16384 0
nf_conncount 20480 1 xt_connlimit
nf_conntrack 135168 31
nf_nat_pptp,nf_conntrack_sip,nf_conntrack_snmp,nf_conncount,nf_conntrack_irc,xt_nat,nf_nat_h323,nf_conntrack_ftp,nf_nat_snmp_basic,nf_nat_sip,nf_conntrack_tftp,ipt_MASQUERADE,nf_nat_irc,xt_connmark,nf_conntrack_pptp,nf_conntrack_amanda,xt_helper,nf_conntrack_broadcast,nf_nat_ftp,nf_conntrack_sane,nf_nat_amanda,xt_connlimit,nf_conntrack_netlink,nf_conntrack_netbios_ns,nf_conntrack_proto_gre,xt_CT,nf_conntrack_h323,xt_conntrack,nf_nat_ipv4,nf_nat_tftp,nf_nat
nf_conntrack_amanda 16384 3 nf_nat_amanda
nf_conntrack_broadcast 16384 2 nf_conntrack_snmp,nf_conntrack_netbios_ns
nf_conntrack_ftp 16384 3 nf_nat_ftp
nf_conntrack_h323 57344 5 nf_nat_h323
nf_conntrack_irc 16384 3 nf_nat_irc
nf_conntrack_netbios_ns 16384 2
nf_conntrack_netlink 40960 0
nf_conntrack_pptp 16384 3 nf_nat_pptp
nf_conntrack_proto_gre 16384 1 nf_conntrack_pptp
nf_conntrack_sane 16384 2
nf_conntrack_sip 32768 3 nf_nat_sip
nf_conntrack_snmp 16384 3 nf_nat_snmp_basic
nf_conntrack_tftp 16384 3 nf_nat_tftp
nf_defrag_ipv4 16384 2 nf_conntrack,xt_TPROXY
nf_defrag_ipv6 20480 2 nf_conntrack,xt_TPROXY
nf_log_common 16384 1 nf_log_ipv4
nf_log_ipv4 16384 12
nf_nat 36864 10
nf_nat_pptp,nf_nat_proto_gre,xt_nat,nf_nat_h323,nf_nat_sip,nf_nat_irc,nf_nat_ftp,nf_nat_amanda,nf_nat_ipv4,nf_nat_tftp
nf_nat_amanda 16384 0
nf_nat_ftp 16384 0
nf_nat_h323 20480 0
nf_nat_ipv4 16384 2 ipt_MASQUERADE,iptable_nat
nf_nat_irc 16384 0
nf_nat_pptp 16384 0
nf_nat_proto_gre 16384 1 nf_nat_pptp
nf_nat_sip 20480 0
nf_nat_snmp_basic 16384 0
nf_nat_tftp 16384 0
nf_reject_ipv4 16384 1 ipt_REJECT
nf_tproxy_ipv4 16384 1 xt_TPROXY
nf_tproxy_ipv6 16384 1 xt_TPROXY
xt_addrtype 16384 5
xt_CHECKSUM 16384 0
xt_CLASSIFY 16384 0
xt_comment 16384 45
xt_connlimit 16384 0
xt_connmark 16384 0
xt_conntrack 16384 23
xt_CT 16384 22
xt_dscp 16384 0
xt_DSCP 16384 0
xt_hashlimit 24576 0
xt_helper 16384 0
xt_iprange 16384 0
xt_length 16384 0
xt_limit 16384 2
xt_LOG 16384 12
xt_mark 16384 1
xt_multiport 16384 6
xt_nat 16384 0
xt_NFLOG 16384 0
xt_NFQUEUE 16384 0
xt_owner 16384 0
xt_physdev 16384 0
xt_pkttype 16384 0
xt_policy 16384 0
xt_realm 16384 0
xt_recent 20480 1
xt_statistic 16384 0
xt_tcpmss 16384 0
xt_TCPMSS 16384 1
xt_tcpudp 16384 62
xt_time 16384 0
xt_TPROXY 16384 0
Shorewall has detected the following iptables/netfilter capabilities:
ACCOUNT Target (ACCOUNT_TARGET): Not available
Address Type Match (ADDRTYPE): Available
Amanda Helper: Available
Arptables JF (ARPTABLESJF): Not available
AUDIT Target (AUDIT_TARGET): Not available
Basic Ematch (BASIC_EMATCH): Available
Basic Filter (BASIC_FILTER): Available
Capabilities Version (CAPVERSION): 50004
Checksum Target (CHECKSUM_TARGET): Available
CLASSIFY Target (CLASSIFY_TARGET): Available
Comments (COMMENTS): Available
Condition Match (CONDITION_MATCH): Not available
Connection Tracking Match (CONNTRACK_MATCH): Available
Connlimit Match (CONNLIMIT_MATCH): Available
Connmark Match (CONNMARK_MATCH): Available
CONNMARK Target (CONNMARK): Available
CT Target (CT_TARGET): Available
DSCP Match (DSCP_MATCH): Available
DSCP Target (DSCP_TARGET): Available
Enhanced Multi-port Match (EMULIPORT): Available
Extended Connection Tracking Match Support (NEW_CONNTRACK_MATCH): Available
Extended Connmark Match (XCONNMARK_MATCH): Available
Extended CONNMARK Target (XCONNMARK): Available
Extended MARK Target 2 (EXMARK): Available
Extended MARK Target (XMARK): Available
Extended Multi-port Match (XMULIPORT): Available
Extended REJECT (ENHANCED_REJECT): Available
FLOW Classifier (FLOW_FILTER): Available
FTP-0 Helper: Not available
FTP Helper: Available
fwmark route mask (FWMARK_RT_MASK): Available
Geo IP Match (GEOIP_MATCH): Not available
Goto Support (GOTO_TARGET): Available
H323 Helper: Available
Hashlimit Match (HASHLIMIT_MATCH): Available
Header Match (HEADER_MATCH): Not available
Helper Match (HELPER_MATCH): Available
Iface Match (IFACE_MATCH): Not available
IMQ Target (IMQ_TARGET): Not available
IPMARK Target (IPMARK_TARGET): Not available
IPP2P Match (IPP2P_MATCH): Not available
IP range Match(IPRANGE_MATCH): Available
ipset V5 (IPSET_V5): Not available
iptables -S (IPTABLES_S): Available
iptables --wait option (WAIT_OPTION): Available
IRC-0 Helper: Not available
IRC Helper: Available
Kernel Version (KERNELVERSION): 41966
LOGMARK Target (LOGMARK_TARGET): Not available
LOG Target (LOG_TARGET): Available
Mangle FORWARD Chain (MANGLE_FORWARD): Available
Mark in the filter table (MARK_ANYWHERE): Available
MARK Target (MARK): Available
MASQUERADE Target (MASQUERADE_TGT): Available
Multi-port Match (MULTIPORT): Available
NAT (NAT_ENABLED): Available
Netbios_ns Helper: Available
New tos Match (NEW_TOS_MATCH): Available
NFAcct Match: Not available
NFLOG Target (NFLOG_TARGET): Available
NFQUEUE Target (NFQUEUE_TARGET): Available
Owner Match (OWNER_MATCH): Available
Owner Name Match (OWNER_NAME_MATCH): Available
Packet length Match (LENGTH_MATCH): Available
Packet Mangling (MANGLE_ENABLED): Available
Packet Type Match (USEPKTTYPE): Available
Persistent SNAT (PERSISTENT_SNAT): Available
Physdev-is-bridged Support (PHYSDEV_BRIDGE): Available
Physdev Match (PHYSDEV_MATCH): Available
Policy Match (POLICY_MATCH): Available
PPTP Helper: Available
Rawpost Table (RAWPOST_TABLE): Not available
Raw Table (RAW_TABLE): Available
Realm Match (REALM_MATCH): Available
Recent Match "--reap" option (REAP_OPTION): Available
Recent Match (RECENT_MATCH): Available
Repeat match (KLUDGEFREE): Available
RPFilter Match (RPFILTER_MATCH): Available
SANE-0 Helper: Not available
SANE Helper: Available
SIP-0 Helper: Not available
SIP Helper: Available
SNMP Helper: Available
Statistic Match (STATISTIC_MATCH): Available
TARPIT Target (TARPIT_TARGET): Not available
TCPMSS Match (TCPMSS_MATCH): Available
TCPMSS Target (TCPMSS_TARGET): Available
TFTP-0 Helper: Not available
TFTP Helper: Available
Time Match (TIME_MATCH): Available
TPROXY Target (TPROXY_TARGET): Available
UDPLITE Port Redirection (UDPLITEREDIRECT): Not available
ULOG Target (ULOG_TARGET): Not available
Netid State Recv-Q Send-Q Local Address:Port Peer
Address:Port
tcp LISTEN 0 128 *:992 *:*
users:(("vpnserver",pid=17682,fd=41))
tcp LISTEN 0 128 *:1194 *:*
users:(("vpnserver",pid=17682,fd=43))
tcp LISTEN 0 128 *:5555 *:*
users:(("vpnserver",pid=17682,fd=49))
tcp LISTEN 0 32 *:21 *:*
users:(("vsftpd",pid=560,fd=3))
tcp LISTEN 0 128 *:22 *:*
users:(("sshd",pid=641,fd=3))
tcp LISTEN 0 128 *:443 *:*
users:(("vpnserver",pid=17682,fd=37))
tcp ESTAB 0 0 192.168.32.20:22
192.168.31.106:50620
users:(("sshd",pid=21986,fd=3),("sshd",pid=21971,fd=3))
tcp ESTAB 0 0 192.168.8.100:50760
130.158.6.124:443 users:(("vpnserver",pid=17682,fd=53))
tcp ESTAB 0 0 192.168.32.20:21
192.168.31.106:49778
users:(("vsftpd",pid=21889,fd=2),("vsftpd",pid=21889,fd=1),("vsftpd",pid=21889,fd=0),("vsftpd",pid=21882,fd=2),("vsftpd",pid=21882,fd=1),("vsftpd",pid=21882,fd=0))
tcp TIME-WAIT 0 0 192.168.32.20:26969
192.168.31.106:51089
Traffic Control
Device lo:
qdisc noqueue 0: root refcnt 2
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
Device eth0:
qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1
1 1
Sent 263142223 bytes 3979956 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
Device wlan0:
qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1
1 1
Sent 20404334460 bytes 13583836 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
Device eth1:
qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1
1 1
Sent 284477045 bytes 1677169 pkt (dropped 0, overlimits 0 requeues 3)
backlog 0b 0p requeues 3
Device tap_vpntap:
qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1
1 1
Sent 7109602 bytes 85838 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
TC Filters
Device lo:
Device eth0:
Device wlan0:
Device eth1:
Device tap_vpntap:
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
