[Shorewall-newbies] Shorewall 1.4.8 Debian setup problems

Alex Martin shorewall at rettc.com
Sat Dec 13 03:33:56 PST 2003


Hello,
Without box b online, and with the masq file like so: "eth0 eth1"
Does shorewall start up fine?

Does eth1 have a static ip?

If the above answers are yes, I believe that you have an ip conflict. 
Check you ip's and netmasks of both box a and b.

OR, with after running "shorewall clear" (to remove all iptables 
entries) can you communicate normally between A and B with B online?

You should learn the "ip" utility:
$ ip addr show

What does the above command say about eth1 when box b is not online?

Also,
Do you have "dhcp" and "rfc1918" set as options for eth0 in the 
interfaces file?

Alex Martin
http://www.rettc.com




Michel D'Astous wrote:

> Hi,
> 
> I'm having problems to setup my firewall with shorewall, here are the details:
> fresh install of Debian Sarge
> linux 2.4.23 compiled with options explained on http://shorewall.net/kernel.htm
> 2 ethernet cards well detected by kernel.
> 
> Network setup: box A (firewall) connected to a modem-cable(DHCP) on interface
> eth0 and connected to box B (cross-over cable) on interface eth1.
> 
> Setup based on Two-interface HOWTO and Sample config-files v1.4.8.
> 
> The problems:
> When lauching /etc/init.d/shorewall start, I get (box B online):
> 
> Masqueraded Subnets and Hosts:
>    Error: Unable to determine the routes through interface eth1
> 
> So I modified /etc/shorewall/masq from:
> eth0                    eth1
> to:
> eth0                  192.168.1.0/24
> 
> and shorewall started fine.
> 
> But I don't see any ip address when running `ifconfig eth1` and i dont know how
> to test my network.
> 
>>From this point, what should i do?
> Could you tell me how to configure my linux box B to connect box A?
> 
> File joined: status.txt
> 
> Thanks in advance!
> --
> Michel D'Astous
> mdastous at cqmail.net
> 
> 
> ------------------------------------------------------------------------
> 
> Shorewall-1.4.8 Status at fw - Fri Dec 12 18:58:02 EST 2003
> 
> Counters reset Fri Dec 12 18:53:07 EST 2003
> 
> Chain INPUT (policy DROP 5 packets, 1600 bytes)
>  pkts bytes target     prot opt in     out     source               destination         
>     0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
>     0     0 DROP      !icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID 
>   267  133K eth0_in    all  --  eth0   *       0.0.0.0/0            0.0.0.0/0           
>     0     0 eth1_in    all  --  eth1   *       0.0.0.0/0            0.0.0.0/0           
>     0     0 common     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
>     0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:INPUT:REJECT:' 
>     0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
> 
> Chain FORWARD (policy DROP 0 packets, 0 bytes)
>  pkts bytes target     prot opt in     out     source               destination         
>     0     0 DROP      !icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID 
>     0     0 eth0_fwd   all  --  eth0   *       0.0.0.0/0            0.0.0.0/0           
>     0     0 eth1_fwd   all  --  eth1   *       0.0.0.0/0            0.0.0.0/0           
>     0     0 common     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
>     0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:FORWARD:REJECT:' 
>     0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
> 
> Chain OUTPUT (policy DROP 0 packets, 0 bytes)
>  pkts bytes target     prot opt in     out     source               destination         
>     0     0 ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0           
>     0     0 DROP      !icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID 
>     0     0 ACCEPT     udp  --  *      eth0    0.0.0.0/0            0.0.0.0/0           udp dpts:67:68 
>   153 12288 fw2net     all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           
>     0     0 fw2loc     all  --  *      eth1    0.0.0.0/0            0.0.0.0/0           
>     0     0 common     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
>     0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:OUTPUT:REJECT:' 
>     0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
> 
> Chain all2all (2 references)
>  pkts bytes target     prot opt in     out     source               destination         
>     0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
>     0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp flags:!0x16/0x02 
>     0     0 common     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
>     0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:all2all:REJECT:' 
>     0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
> 
> Chain common (5 references)
>  pkts bytes target     prot opt in     out     source               destination         
>     0     0 icmpdef    icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
>     0     0 reject     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:135 
>     0     0 reject     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpts:137:139 
>     0     0 reject     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:445 
>     0     0 reject     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:139 
>     0     0 reject     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:445 
>     0     0 reject     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:135 
>     0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:1900 
>     0     0 DROP       all  --  *      *       0.0.0.0/0            255.255.255.255     
>     0     0 DROP       all  --  *      *       0.0.0.0/0            224.0.0.0/4         
>     0     0 reject     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:113 
>     0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:53 state NEW 
>     0     0 DROP       all  --  *      *       0.0.0.0/0            255.255.255.255     
> 
> Chain dynamic (4 references)
>  pkts bytes target     prot opt in     out     source               destination         
> 
> Chain eth0_fwd (1 references)
>  pkts bytes target     prot opt in     out     source               destination         
>     0     0 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW 
>     0     0 rfc1918    all  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW 
>     0     0 net2all    all  --  *      eth1    0.0.0.0/0            0.0.0.0/0           
> 
> Chain eth0_in (1 references)
>  pkts bytes target     prot opt in     out     source               destination         
>   163 54079 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW 
>   139 52243 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpts:67:68 
>    24  1836 rfc1918    all  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW 
>   123 80344 net2fw     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
> 
> Chain eth1_fwd (1 references)
>  pkts bytes target     prot opt in     out     source               destination         
>     0     0 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW 
>     0     0 loc2net    all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           
> 
> Chain eth1_in (1 references)
>  pkts bytes target     prot opt in     out     source               destination         
>     0     0 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW 
>     0     0 loc2fw     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
> 
> Chain fw2loc (1 references)
>  pkts bytes target     prot opt in     out     source               destination         
>     0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
>     0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp flags:!0x16/0x02 
>     0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 8 
>     0     0 all2all    all  --  *      *       0.0.0.0/0            0.0.0.0/0           
> 
> Chain fw2net (1 references)
>  pkts bytes target     prot opt in     out     source               destination         
>   113  9141 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
>     0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp flags:!0x16/0x02 
>     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:53 
>     1    63 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW udp dpt:53 
>    31  2604 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 8 
>     8   480 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
> 
> Chain icmpdef (1 references)
>  pkts bytes target     prot opt in     out     source               destination         
> 
> Chain loc2fw (1 references)
>  pkts bytes target     prot opt in     out     source               destination         
>     0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
>     0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp flags:!0x16/0x02 
>     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22 
>     0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 8 
>     0     0 all2all    all  --  *      *       0.0.0.0/0            0.0.0.0/0           
> 
> Chain loc2net (1 references)
>  pkts bytes target     prot opt in     out     source               destination         
>     0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
>     0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp flags:!0x16/0x02 
>     0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
> 
> Chain logdrop (58 references)
>  pkts bytes target     prot opt in     out     source               destination         
>     5   140 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:logdrop:DROP:' 
>     5   140 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           
> 
> Chain net2all (2 references)
>  pkts bytes target     prot opt in     out     source               destination         
>     0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
>     0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp flags:!0x16/0x02 
>     0     0 common     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
>     0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:net2all:DROP:' 
>     0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           
> 
> Chain net2fw (1 references)
>  pkts bytes target     prot opt in     out     source               destination         
>   104 78648 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
>     1    40 newnotsyn  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp flags:!0x16/0x02 
>    18  1656 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 8 
>     0     0 net2all    all  --  *      *       0.0.0.0/0            0.0.0.0/0           
> 
> Chain newnotsyn (7 references)
>  pkts bytes target     prot opt in     out     source               destination         
>     1    40 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:newnotsyn:DROP:' 
>     1    40 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           
> 
> Chain reject (11 references)
>  pkts bytes target     prot opt in     out     source               destination         
>     0     0 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with tcp-reset 
>     0     0 REJECT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable 
>     0     0 REJECT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-unreachable 
>     0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 
> 
> Chain rfc1918 (2 references)
>  pkts bytes target     prot opt in     out     source               destination         
>     0     0 RETURN     all  --  *      *       255.255.255.255      0.0.0.0/0           
>     0     0 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctorigdst 255.255.255.255 
>     0     0 DROP       all  --  *      *       169.254.0.0/16       0.0.0.0/0           
>     0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctorigdst 169.254.0.0/16 
>     0     0 logdrop    all  --  *      *       172.16.0.0/12        0.0.0.0/0           
>     0     0 logdrop    all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctorigdst 172.16.0.0/12 
>     0     0 logdrop    all  --  *      *       192.0.2.0/24         0.0.0.0/0           
>     0     0 logdrop    all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctorigdst 192.0.2.0/24 
>     0     0 logdrop    all  --  *      *       192.168.0.0/16       0.0.0.0/0           
>     0     0 logdrop    all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctorigdst 192.168.0.0/16 
>     0     0 logdrop    all  --  *      *       0.0.0.0/7            0.0.0.0/0           
>     0     0 logdrop    all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctorigdst 0.0.0.0/7 
>     0     0 logdrop    all  --  *      *       2.0.0.0/8            0.0.0.0/0           
>     0     0 logdrop    all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctorigdst 2.0.0.0/8 
>     0     0 logdrop    all  --  *      *       5.0.0.0/8            0.0.0.0/0           
>     0     0 logdrop    all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctorigdst 5.0.0.0/8 
>     0     0 logdrop    all  --  *      *       7.0.0.0/8            0.0.0.0/0           
>     0     0 logdrop    all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctorigdst 7.0.0.0/8 
>     5   140 logdrop    all  --  *      *       10.0.0.0/8           0.0.0.0/0           
>     0     0 logdrop    all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctorigdst 10.0.0.0/8 
>     0     0 logdrop    all  --  *      *       23.0.0.0/8           0.0.0.0/0           
>     0     0 logdrop    all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctorigdst 23.0.0.0/8 
>     0     0 logdrop    all  --  *      *       27.0.0.0/8           0.0.0.0/0           
>     0     0 logdrop    all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctorigdst 27.0.0.0/8 
>     0     0 logdrop    all  --  *      *       31.0.0.0/8           0.0.0.0/0           
>     0     0 logdrop    all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctorigdst 31.0.0.0/8 
>     0     0 logdrop    all  --  *      *       36.0.0.0/7           0.0.0.0/0           
>     0     0 logdrop    all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctorigdst 36.0.0.0/7 
>     0     0 logdrop    all  --  *      *       39.0.0.0/8           0.0.0.0/0           
>     0     0 logdrop    all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctorigdst 39.0.0.0/8 
>     0     0 logdrop    all  --  *      *       41.0.0.0/8           0.0.0.0/0           
>     0     0 logdrop    all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctorigdst 41.0.0.0/8 
>     0     0 logdrop    all  --  *      *       42.0.0.0/8           0.0.0.0/0           
>     0     0 logdrop    all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctorigdst 42.0.0.0/8 
>     0     0 logdrop    all  --  *      *       49.0.0.0/8           0.0.0.0/0           
>     0     0 logdrop    all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctorigdst 49.0.0.0/8 
>     0     0 logdrop    all  --  *      *       50.0.0.0/8           0.0.0.0/0           
>     0     0 logdrop    all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctorigdst 50.0.0.0/8 
>     0     0 logdrop    all  --  *      *       58.0.0.0/7           0.0.0.0/0           
>     0     0 logdrop    all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctorigdst 58.0.0.0/7 
>     0     0 logdrop    all  --  *      *       70.0.0.0/7           0.0.0.0/0           
>     0     0 logdrop    all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctorigdst 70.0.0.0/7 
>     0     0 logdrop    all  --  *      *       72.0.0.0/5           0.0.0.0/0           
>     0     0 logdrop    all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctorigdst 72.0.0.0/5 
>     0     0 logdrop    all  --  *      *       83.0.0.0/8           0.0.0.0/0           
>     0     0 logdrop    all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctorigdst 83.0.0.0/8 
>     0     0 logdrop    all  --  *      *       84.0.0.0/6           0.0.0.0/0           
>     0     0 logdrop    all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctorigdst 84.0.0.0/6 
>     0     0 logdrop    all  --  *      *       88.0.0.0/5           0.0.0.0/0           
>     0     0 logdrop    all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctorigdst 88.0.0.0/5 
>     0     0 logdrop    all  --  *      *       96.0.0.0/3           0.0.0.0/0           
>     0     0 logdrop    all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctorigdst 96.0.0.0/3 
>     0     0 logdrop    all  --  *      *       127.0.0.0/8          0.0.0.0/0           
>     0     0 logdrop    all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctorigdst 127.0.0.0/8 
>     0     0 logdrop    all  --  *      *       197.0.0.0/8          0.0.0.0/0           
>     0     0 logdrop    all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctorigdst 197.0.0.0/8 
>     0     0 logdrop    all  --  *      *       198.18.0.0/15        0.0.0.0/0           
>     0     0 logdrop    all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctorigdst 198.18.0.0/15 
>     0     0 logdrop    all  --  *      *       223.0.0.0/8          0.0.0.0/0           
>     0     0 logdrop    all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctorigdst 223.0.0.0/8 
>     0     0 logdrop    all  --  *      *       240.0.0.0/4          0.0.0.0/0           
>     0     0 logdrop    all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctorigdst 240.0.0.0/4 
> 
> Chain shorewall (0 references)
>  pkts bytes target     prot opt in     out     source               destination         
> 
> Dec 12 18:09:38 net2all:DROP:IN=eth0 OUT= SRC=66.130.171.179 DST=66.130.132.35 LEN=48 TOS=0x00 PREC=0x00 TTL=122 ID=11396 DF PROTO=TCP SPT=2028 DPT=80 WINDOW=16384 RES=0x00 SYN URGP=0 
> Dec 12 18:10:31 logdrop:DROP:IN=eth0 OUT= SRC=10.32.0.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0xC0 TTL=1 ID=57865 PROTO=2 
> Dec 12 18:11:32 logdrop:DROP:IN=eth0 OUT= SRC=10.32.0.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0xC0 TTL=1 ID=59308 PROTO=2 
> Dec 12 18:43:50 logdrop:DROP:IN=eth0 OUT= SRC=10.32.0.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0xC0 TTL=1 ID=40315 PROTO=2 
> Dec 12 18:44:26 newnotsyn:DROP:IN=eth0 OUT= SRC=66.130.254.47 DST=66.130.132.35 LEN=40 TOS=0x00 PREC=0x00 TTL=124 ID=33852 PROTO=TCP SPT=1025 DPT=1568 WINDOW=0 RES=0x00 ACK RST URGP=0 
> Dec 12 18:44:51 logdrop:DROP:IN=eth0 OUT= SRC=10.32.0.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0xC0 TTL=1 ID=41795 PROTO=2 
> Dec 12 18:45:51 logdrop:DROP:IN=eth0 OUT= SRC=10.32.0.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0xC0 TTL=1 ID=43184 PROTO=2 
> Dec 12 18:46:52 logdrop:DROP:IN=eth0 OUT= SRC=10.32.0.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0xC0 TTL=1 ID=44680 PROTO=2 
> Dec 12 18:47:53 logdrop:DROP:IN=eth0 OUT= SRC=10.32.0.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0xC0 TTL=1 ID=45971 PROTO=2 
> Dec 12 18:48:53 logdrop:DROP:IN=eth0 OUT= SRC=10.32.0.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0xC0 TTL=1 ID=47304 PROTO=2 
> Dec 12 18:49:54 logdrop:DROP:IN=eth0 OUT= SRC=10.32.0.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0xC0 TTL=1 ID=48645 PROTO=2 
> Dec 12 18:50:54 logdrop:DROP:IN=eth0 OUT= SRC=10.32.0.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0xC0 TTL=1 ID=49987 PROTO=2 
> Dec 12 18:51:55 logdrop:DROP:IN=eth0 OUT= SRC=10.32.0.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0xC0 TTL=1 ID=51302 PROTO=2 
> Dec 12 18:52:56 logdrop:DROP:IN=eth0 OUT= SRC=10.32.0.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0xC0 TTL=1 ID=52787 PROTO=2 
> Dec 12 18:53:42 newnotsyn:DROP:IN=eth0 OUT= SRC=66.130.254.47 DST=66.130.132.35 LEN=40 TOS=0x00 PREC=0x00 TTL=124 ID=8517 PROTO=TCP SPT=1025 DPT=1740 WINDOW=0 RES=0x00 ACK RST URGP=0 
> Dec 12 18:53:56 logdrop:DROP:IN=eth0 OUT= SRC=10.32.0.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0xC0 TTL=1 ID=55110 PROTO=2 
> Dec 12 18:54:56 logdrop:DROP:IN=eth0 OUT= SRC=10.32.0.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0xC0 TTL=1 ID=56617 PROTO=2 
> Dec 12 18:55:57 logdrop:DROP:IN=eth0 OUT= SRC=10.32.0.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0xC0 TTL=1 ID=57993 PROTO=2 
> Dec 12 18:56:57 logdrop:DROP:IN=eth0 OUT= SRC=10.32.0.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0xC0 TTL=1 ID=59354 PROTO=2 
> Dec 12 18:57:57 logdrop:DROP:IN=eth0 OUT= SRC=10.32.0.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0xC0 TTL=1 ID=60752 PROTO=2 
> 
> NAT Table
> 
> Chain PREROUTING (policy ACCEPT 271 packets, 45616 bytes)
>  pkts bytes target     prot opt in     out     source               destination         
> 
> Chain POSTROUTING (policy ACCEPT 82 packets, 6765 bytes)
>  pkts bytes target     prot opt in     out     source               destination         
>    20  1467 eth0_masq  all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           
> 
> Chain OUTPUT (policy ACCEPT 82 packets, 6765 bytes)
>  pkts bytes target     prot opt in     out     source               destination         
> 
> Chain eth0_masq (1 references)
>  pkts bytes target     prot opt in     out     source               destination         
>     0     0 MASQUERADE  all  --  *      *       192.168.1.0/24       0.0.0.0/0           
> 
> Mangle Table
> 
> Chain PREROUTING (policy ACCEPT 1290 packets, 452K bytes)
>  pkts bytes target     prot opt in     out     source               destination         
>   277  133K pretos     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
> 
> Chain INPUT (policy ACCEPT 1131 packets, 414K bytes)
>  pkts bytes target     prot opt in     out     source               destination         
> 
> Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
>  pkts bytes target     prot opt in     out     source               destination         
> 
> Chain OUTPUT (policy ACCEPT 393 packets, 37382 bytes)
>  pkts bytes target     prot opt in     out     source               destination         
>   153 12288 outtos     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
> 
> Chain POSTROUTING (policy ACCEPT 393 packets, 37382 bytes)
>  pkts bytes target     prot opt in     out     source               destination         
> 
> Chain outtos (1 references)
>  pkts bytes target     prot opt in     out     source               destination         
>     0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:22 TOS set 0x10 
>     0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:22 TOS set 0x10 
>     0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:21 TOS set 0x10 
>     0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:21 TOS set 0x10 
>     0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:20 TOS set 0x08 
>     0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:20 TOS set 0x08 
> 
> Chain pretos (1 references)
>  pkts bytes target     prot opt in     out     source               destination         
>     0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:22 TOS set 0x10 
>     0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:22 TOS set 0x10 
>     0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:21 TOS set 0x10 
>     0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:21 TOS set 0x10 
>     0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:20 TOS set 0x08 
>     0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:20 TOS set 0x08 
> 
> udp      17 30 src=66.130.132.35 dst=24.200.241.6 sport=1032 dport=53 src=24.200.241.6 dst=66.130.132.35 sport=53 dport=1032 [ASSURED] use=1 
> udp      17 29 src=10.32.0.1 dst=255.255.255.255 sport=67 dport=68 [UNREPLIED] src=255.255.255.255 dst=10.32.0.1 sport=68 dport=67 use=1 
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Shorewall-newbies mailing list
> Post: Shorewall-newbies at lists.shorewall.net
> Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-newbies
> Support: http://www.shorewall.net/support.htm
> FAQ: http://www.shorewall.net/FAQ.htm



More information about the Shorewall-newbies mailing list