[Shorewall-newbies] Shorewall 1.4.8 Debian setup problems

Michel D'Astous mdastous at cqmail.net
Sat Dec 13 00:23:39 PST 2003


Hi,

I'm having problems to setup my firewall with shorewall, here are the details:
fresh install of Debian Sarge
linux 2.4.23 compiled with options explained on http://shorewall.net/kernel.htm
2 ethernet cards well detected by kernel.

Network setup: box A (firewall) connected to a modem-cable(DHCP) on interface
eth0 and connected to box B (cross-over cable) on interface eth1.

Setup based on Two-interface HOWTO and Sample config-files v1.4.8.

The problems:
When lauching /etc/init.d/shorewall start, I get (box B online):

Masqueraded Subnets and Hosts:
   Error: Unable to determine the routes through interface eth1

So I modified /etc/shorewall/masq from:
eth0                    eth1
to:
eth0                  192.168.1.0/24

and shorewall started fine.

But I don't see any ip address when running `ifconfig eth1` and i dont know how
to test my network.

>From this point, what should i do?
Could you tell me how to configure my linux box B to connect box A?

File joined: status.txt

Thanks in advance!
--
Michel D'Astous
mdastous at cqmail.net
-------------- next part --------------
Shorewall-1.4.8 Status at fw - Fri Dec 12 18:58:02 EST 2003

Counters reset Fri Dec 12 18:53:07 EST 2003

Chain INPUT (policy DROP 5 packets, 1600 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
    0     0 DROP      !icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID 
  267  133K eth0_in    all  --  eth0   *       0.0.0.0/0            0.0.0.0/0           
    0     0 eth1_in    all  --  eth1   *       0.0.0.0/0            0.0.0.0/0           
    0     0 common     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:INPUT:REJECT:' 
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP      !icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID 
    0     0 eth0_fwd   all  --  eth0   *       0.0.0.0/0            0.0.0.0/0           
    0     0 eth1_fwd   all  --  eth1   *       0.0.0.0/0            0.0.0.0/0           
    0     0 common     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:FORWARD:REJECT:' 
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0           
    0     0 DROP      !icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID 
    0     0 ACCEPT     udp  --  *      eth0    0.0.0.0/0            0.0.0.0/0           udp dpts:67:68 
  153 12288 fw2net     all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           
    0     0 fw2loc     all  --  *      eth1    0.0.0.0/0            0.0.0.0/0           
    0     0 common     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:OUTPUT:REJECT:' 
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain all2all (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp flags:!0x16/0x02 
    0     0 common     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:all2all:REJECT:' 
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain common (5 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 icmpdef    icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 reject     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:135 
    0     0 reject     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpts:137:139 
    0     0 reject     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:445 
    0     0 reject     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:139 
    0     0 reject     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:445 
    0     0 reject     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:135 
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:1900 
    0     0 DROP       all  --  *      *       0.0.0.0/0            255.255.255.255     
    0     0 DROP       all  --  *      *       0.0.0.0/0            224.0.0.0/4         
    0     0 reject     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:113 
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:53 state NEW 
    0     0 DROP       all  --  *      *       0.0.0.0/0            255.255.255.255     

Chain dynamic (4 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain eth0_fwd (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW 
    0     0 rfc1918    all  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW 
    0     0 net2all    all  --  *      eth1    0.0.0.0/0            0.0.0.0/0           

Chain eth0_in (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  163 54079 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW 
  139 52243 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpts:67:68 
   24  1836 rfc1918    all  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW 
  123 80344 net2fw     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain eth1_fwd (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW 
    0     0 loc2net    all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           

Chain eth1_in (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW 
    0     0 loc2fw     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain fw2loc (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp flags:!0x16/0x02 
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 8 
    0     0 all2all    all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain fw2net (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  113  9141 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp flags:!0x16/0x02 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:53 
    1    63 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW udp dpt:53 
   31  2604 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 8 
    8   480 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain icmpdef (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain loc2fw (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp flags:!0x16/0x02 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22 
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 8 
    0     0 all2all    all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain loc2net (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp flags:!0x16/0x02 
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain logdrop (58 references)
 pkts bytes target     prot opt in     out     source               destination         
    5   140 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:logdrop:DROP:' 
    5   140 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain net2all (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp flags:!0x16/0x02 
    0     0 common     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:net2all:DROP:' 
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain net2fw (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  104 78648 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    1    40 newnotsyn  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp flags:!0x16/0x02 
   18  1656 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 8 
    0     0 net2all    all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain newnotsyn (7 references)
 pkts bytes target     prot opt in     out     source               destination         
    1    40 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:newnotsyn:DROP:' 
    1    40 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain reject (11 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with tcp-reset 
    0     0 REJECT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable 
    0     0 REJECT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-unreachable 
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain rfc1918 (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 RETURN     all  --  *      *       255.255.255.255      0.0.0.0/0           
    0     0 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctorigdst 255.255.255.255 
    0     0 DROP       all  --  *      *       169.254.0.0/16       0.0.0.0/0           
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctorigdst 169.254.0.0/16 
    0     0 logdrop    all  --  *      *       172.16.0.0/12        0.0.0.0/0           
    0     0 logdrop    all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctorigdst 172.16.0.0/12 
    0     0 logdrop    all  --  *      *       192.0.2.0/24         0.0.0.0/0           
    0     0 logdrop    all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctorigdst 192.0.2.0/24 
    0     0 logdrop    all  --  *      *       192.168.0.0/16       0.0.0.0/0           
    0     0 logdrop    all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctorigdst 192.168.0.0/16 
    0     0 logdrop    all  --  *      *       0.0.0.0/7            0.0.0.0/0           
    0     0 logdrop    all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctorigdst 0.0.0.0/7 
    0     0 logdrop    all  --  *      *       2.0.0.0/8            0.0.0.0/0           
    0     0 logdrop    all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctorigdst 2.0.0.0/8 
    0     0 logdrop    all  --  *      *       5.0.0.0/8            0.0.0.0/0           
    0     0 logdrop    all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctorigdst 5.0.0.0/8 
    0     0 logdrop    all  --  *      *       7.0.0.0/8            0.0.0.0/0           
    0     0 logdrop    all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctorigdst 7.0.0.0/8 
    5   140 logdrop    all  --  *      *       10.0.0.0/8           0.0.0.0/0           
    0     0 logdrop    all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctorigdst 10.0.0.0/8 
    0     0 logdrop    all  --  *      *       23.0.0.0/8           0.0.0.0/0           
    0     0 logdrop    all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctorigdst 23.0.0.0/8 
    0     0 logdrop    all  --  *      *       27.0.0.0/8           0.0.0.0/0           
    0     0 logdrop    all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctorigdst 27.0.0.0/8 
    0     0 logdrop    all  --  *      *       31.0.0.0/8           0.0.0.0/0           
    0     0 logdrop    all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctorigdst 31.0.0.0/8 
    0     0 logdrop    all  --  *      *       36.0.0.0/7           0.0.0.0/0           
    0     0 logdrop    all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctorigdst 36.0.0.0/7 
    0     0 logdrop    all  --  *      *       39.0.0.0/8           0.0.0.0/0           
    0     0 logdrop    all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctorigdst 39.0.0.0/8 
    0     0 logdrop    all  --  *      *       41.0.0.0/8           0.0.0.0/0           
    0     0 logdrop    all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctorigdst 41.0.0.0/8 
    0     0 logdrop    all  --  *      *       42.0.0.0/8           0.0.0.0/0           
    0     0 logdrop    all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctorigdst 42.0.0.0/8 
    0     0 logdrop    all  --  *      *       49.0.0.0/8           0.0.0.0/0           
    0     0 logdrop    all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctorigdst 49.0.0.0/8 
    0     0 logdrop    all  --  *      *       50.0.0.0/8           0.0.0.0/0           
    0     0 logdrop    all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctorigdst 50.0.0.0/8 
    0     0 logdrop    all  --  *      *       58.0.0.0/7           0.0.0.0/0           
    0     0 logdrop    all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctorigdst 58.0.0.0/7 
    0     0 logdrop    all  --  *      *       70.0.0.0/7           0.0.0.0/0           
    0     0 logdrop    all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctorigdst 70.0.0.0/7 
    0     0 logdrop    all  --  *      *       72.0.0.0/5           0.0.0.0/0           
    0     0 logdrop    all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctorigdst 72.0.0.0/5 
    0     0 logdrop    all  --  *      *       83.0.0.0/8           0.0.0.0/0           
    0     0 logdrop    all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctorigdst 83.0.0.0/8 
    0     0 logdrop    all  --  *      *       84.0.0.0/6           0.0.0.0/0           
    0     0 logdrop    all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctorigdst 84.0.0.0/6 
    0     0 logdrop    all  --  *      *       88.0.0.0/5           0.0.0.0/0           
    0     0 logdrop    all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctorigdst 88.0.0.0/5 
    0     0 logdrop    all  --  *      *       96.0.0.0/3           0.0.0.0/0           
    0     0 logdrop    all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctorigdst 96.0.0.0/3 
    0     0 logdrop    all  --  *      *       127.0.0.0/8          0.0.0.0/0           
    0     0 logdrop    all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctorigdst 127.0.0.0/8 
    0     0 logdrop    all  --  *      *       197.0.0.0/8          0.0.0.0/0           
    0     0 logdrop    all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctorigdst 197.0.0.0/8 
    0     0 logdrop    all  --  *      *       198.18.0.0/15        0.0.0.0/0           
    0     0 logdrop    all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctorigdst 198.18.0.0/15 
    0     0 logdrop    all  --  *      *       223.0.0.0/8          0.0.0.0/0           
    0     0 logdrop    all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctorigdst 223.0.0.0/8 
    0     0 logdrop    all  --  *      *       240.0.0.0/4          0.0.0.0/0           
    0     0 logdrop    all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctorigdst 240.0.0.0/4 

Chain shorewall (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Dec 12 18:09:38 net2all:DROP:IN=eth0 OUT= SRC=66.130.171.179 DST=66.130.132.35 LEN=48 TOS=0x00 PREC=0x00 TTL=122 ID=11396 DF PROTO=TCP SPT=2028 DPT=80 WINDOW=16384 RES=0x00 SYN URGP=0 
Dec 12 18:10:31 logdrop:DROP:IN=eth0 OUT= SRC=10.32.0.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0xC0 TTL=1 ID=57865 PROTO=2 
Dec 12 18:11:32 logdrop:DROP:IN=eth0 OUT= SRC=10.32.0.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0xC0 TTL=1 ID=59308 PROTO=2 
Dec 12 18:43:50 logdrop:DROP:IN=eth0 OUT= SRC=10.32.0.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0xC0 TTL=1 ID=40315 PROTO=2 
Dec 12 18:44:26 newnotsyn:DROP:IN=eth0 OUT= SRC=66.130.254.47 DST=66.130.132.35 LEN=40 TOS=0x00 PREC=0x00 TTL=124 ID=33852 PROTO=TCP SPT=1025 DPT=1568 WINDOW=0 RES=0x00 ACK RST URGP=0 
Dec 12 18:44:51 logdrop:DROP:IN=eth0 OUT= SRC=10.32.0.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0xC0 TTL=1 ID=41795 PROTO=2 
Dec 12 18:45:51 logdrop:DROP:IN=eth0 OUT= SRC=10.32.0.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0xC0 TTL=1 ID=43184 PROTO=2 
Dec 12 18:46:52 logdrop:DROP:IN=eth0 OUT= SRC=10.32.0.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0xC0 TTL=1 ID=44680 PROTO=2 
Dec 12 18:47:53 logdrop:DROP:IN=eth0 OUT= SRC=10.32.0.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0xC0 TTL=1 ID=45971 PROTO=2 
Dec 12 18:48:53 logdrop:DROP:IN=eth0 OUT= SRC=10.32.0.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0xC0 TTL=1 ID=47304 PROTO=2 
Dec 12 18:49:54 logdrop:DROP:IN=eth0 OUT= SRC=10.32.0.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0xC0 TTL=1 ID=48645 PROTO=2 
Dec 12 18:50:54 logdrop:DROP:IN=eth0 OUT= SRC=10.32.0.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0xC0 TTL=1 ID=49987 PROTO=2 
Dec 12 18:51:55 logdrop:DROP:IN=eth0 OUT= SRC=10.32.0.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0xC0 TTL=1 ID=51302 PROTO=2 
Dec 12 18:52:56 logdrop:DROP:IN=eth0 OUT= SRC=10.32.0.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0xC0 TTL=1 ID=52787 PROTO=2 
Dec 12 18:53:42 newnotsyn:DROP:IN=eth0 OUT= SRC=66.130.254.47 DST=66.130.132.35 LEN=40 TOS=0x00 PREC=0x00 TTL=124 ID=8517 PROTO=TCP SPT=1025 DPT=1740 WINDOW=0 RES=0x00 ACK RST URGP=0 
Dec 12 18:53:56 logdrop:DROP:IN=eth0 OUT= SRC=10.32.0.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0xC0 TTL=1 ID=55110 PROTO=2 
Dec 12 18:54:56 logdrop:DROP:IN=eth0 OUT= SRC=10.32.0.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0xC0 TTL=1 ID=56617 PROTO=2 
Dec 12 18:55:57 logdrop:DROP:IN=eth0 OUT= SRC=10.32.0.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0xC0 TTL=1 ID=57993 PROTO=2 
Dec 12 18:56:57 logdrop:DROP:IN=eth0 OUT= SRC=10.32.0.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0xC0 TTL=1 ID=59354 PROTO=2 
Dec 12 18:57:57 logdrop:DROP:IN=eth0 OUT= SRC=10.32.0.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0xC0 TTL=1 ID=60752 PROTO=2 

NAT Table

Chain PREROUTING (policy ACCEPT 271 packets, 45616 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 82 packets, 6765 bytes)
 pkts bytes target     prot opt in     out     source               destination         
   20  1467 eth0_masq  all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 82 packets, 6765 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain eth0_masq (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 MASQUERADE  all  --  *      *       192.168.1.0/24       0.0.0.0/0           

Mangle Table

Chain PREROUTING (policy ACCEPT 1290 packets, 452K bytes)
 pkts bytes target     prot opt in     out     source               destination         
  277  133K pretos     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain INPUT (policy ACCEPT 1131 packets, 414K bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 393 packets, 37382 bytes)
 pkts bytes target     prot opt in     out     source               destination         
  153 12288 outtos     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain POSTROUTING (policy ACCEPT 393 packets, 37382 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain outtos (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:22 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:22 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:21 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:21 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:20 TOS set 0x08 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:20 TOS set 0x08 

Chain pretos (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:22 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:22 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:21 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:21 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:20 TOS set 0x08 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:20 TOS set 0x08 

udp      17 30 src=66.130.132.35 dst=24.200.241.6 sport=1032 dport=53 src=24.200.241.6 dst=66.130.132.35 sport=53 dport=1032 [ASSURED] use=1 
udp      17 29 src=10.32.0.1 dst=255.255.255.255 sport=67 dport=68 [UNREPLIED] src=255.255.255.255 dst=10.32.0.1 sport=68 dport=67 use=1 


More information about the Shorewall-newbies mailing list