[Shorewall-users] shorewall problem following power outage
ether bunny
ethrbunny at hotmail.com
Fri Oct 10 04:29:23 PDT 2003
Is this 'status' any more informative?
(sorry for the confusion - im using a linksys router to get past the
firewall machine - it might not have been properly connected when I asked
for the previous status).
The fact is that using this linksys box I can connect to the net - this
seems like my network connection is ok.. could I have a faulty NIC?
>From: Tom Eastep <teastep at shorewall.net>
>To: Shorewall Users Mailing List <shorewall-users at lists.shorewall.net>
>CC: ether bunny <ethrbunny at hotmail.com>
>Subject: Re: [Shorewall-users] shorewall problem following power outage
>Date: 09 Oct 2003 15:25:32 -0700
>MIME-Version: 1.0
>Received: from lists.shorewall.net ([206.124.146.177]) by
>mc12-f32.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Thu, 9 Oct 2003
>15:35:16 -0700
>Received: from wookie.shorewall.net (wookie.shorewall.net
>[192.168.1.3])(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256
>bits))(No client certificate requested)by lists.shorewall.net (Postfix)
>with ESMTPid 8D8AD33F35; Thu, 9 Oct 2003 15:25:33 -0700 (PDT)
>X-Message-Info: JGTYoYF78jGbp9xMFRJbDDCh66YuJ1VS
>In-Reply-To: <Law9-F34xyPyF1BcI3E000006bf at hotmail.com>
>References: <Law9-F34xyPyF1BcI3E000006bf at hotmail.com>
>Organization: Message-Id: <1065738332.25240.107.camel at wookie.shorewall.net>
>X-Mailer: Ximian Evolution 1.2.2 (1.2.2-5) Return-Path:
>teastep at shorewall.net
>X-OriginalArrivalTime: 09 Oct 2003 22:35:17.0395 (UTC)
>FILETIME=[9D30C630:01C38EB5]
>
>On Thu, 2003-10-09 at 15:14, ether bunny wrote:
> > 1K pardons
> >
> > (policy)
> > net all DROP info
> > all all REJECT info
> >
> >
> > (interface)
> > net eth0 155.229.27.255
> > loc eth1 192.168.1.231
> > dmz eth2 192.168.100.1
> > #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
> >
> > shorewall status > status.out (attached)
> >
>
>It looks like your default gateway is returning "net unreachable" to any
>connection attempt through it.
>
>-Tom
>--
>Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
>Shoreline, \ http://shorewall.net
>Washington USA \ teastep at shorewall.net
>
>
_________________________________________________________________
Get a FREE computer virus scan online from McAfee.
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
-------------- next part --------------
�[H�[2JShorewall-1.4.2 Status at graendal - Thu Oct 9 09:32:27 PDT 2003
Counters reset Thu Oct 9 07:38:44 PDT 2003
Chain INPUT (policy DROP 2 packets, 128 bytes)
pkts bytes target prot opt in out source
destination
0 0 DROP !icmp -- * * 0.0.0.0/0
0.0.0.0/0 state INVALID
399 45360 ACCEPT all -- lo * 0.0.0.0/0
0.0.0.0/0
64 7028 eth0_in all -- eth0 * 0.0.0.0/0
0.0.0.0/0
2581 186K eth1_in all -- eth1 * 0.0.0.0/0 0.0.0.0/0
40 9660 eth2_in all -- eth2 * 0.0.0.0/0
0.0.0.0/0
0 0 common all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:INPUT:REJECT:'
0 0 reject all -- * * 0.0.0.0/0
0.0.0.0/0
Chain FORWARD (policy DROP 1 packets, 60 bytes)
pkts bytes target prot opt in out source
destination
0 0 DROP !icmp -- * * 0.0.0.0/0
0.0.0.0/0 state INVALID
94 8308 eth0_fwd all -- eth0 * 0.0.0.0/0
0.0.0.0/0
680 48189 eth1_fwd all -- eth1 * 0.0.0.0/0
0.0.0.0/0
1329 101K eth2_fwd all -- eth2 * 0.0.0.0/0 0.0.0.0/0
0 0 common all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:FORWARD:REJECT:'
0 0 reject all -- * * 0.0.0.0/0
0.0.0.0/0
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 DROP !icmp -- * * 0.0.0.0/0
0.0.0.0/0 state INVALID
399 45360 ACCEPT all -- * lo 0.0.0.0/0
0.0.0.0/0
37 3108 fw2net all -- * eth0 0.0.0.0/0
0.0.0.0/0
2674 1257K fw2loc all -- * eth1 0.0.0.0/0 0.0.0.0/0
541 57280 fw2dmz all -- * eth2 0.0.0.0/0
0.0.0.0/0
0 0 common all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:OUTPUT:REJECT:'
0 0 reject all -- * * 0.0.0.0/0
0.0.0.0/0
Chain all2all (8 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW tcp flags:!0x16/0x02
208 28286 common all -- * * 0.0.0.0/0
0.0.0.0/0
122 11647 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:all2all:REJECT:'
122 11647 reject all -- * * 0.0.0.0/0
0.0.0.0/0
Chain common (5 references)
pkts bytes target prot opt in out source
destination
60 5694 icmpdef icmp -- * * 0.0.0.0/0
0.0.0.0/0
29 6517 reject udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpts:137:139
0 0 reject udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:445
0 0 reject tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:139
0 0 reject tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:445
0 0 reject tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:135
0 0 DROP udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:1900
2 152 DROP all -- * * 0.0.0.0/0
255.255.255.255
0 0 DROP all -- * * 0.0.0.0/0
224.0.0.0/4
0 0 reject tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:113
2 110 DROP udp -- * * 0.0.0.0/0
0.0.0.0/0 udp spt:53 state NEW
0 0 DROP all -- * * 0.0.0.0/0
155.229.27.255
0 0 DROP all -- * * 0.0.0.0/0
192.168.1.231
0 0 DROP all -- * * 0.0.0.0/0
192.168.100.1
Chain dmz2fw (1 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW tcp flags:!0x16/0x02
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 8
40 9660 all2all all -- * * 0.0.0.0/0
0.0.0.0/0
Chain dmz2loc (1 references)
pkts bytes target prot opt in out source
destination
721 54519 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW tcp flags:!0x16/0x02
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 8
0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW udp dpt:123
0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW udp dpt:53
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW tcp dpt:53
16 1688 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW udp dpt:975
50 3000 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW tcp dpt:978
378 31752 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW udp dpt:111
0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW udp dpt:977
157 9420 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW tcp dpt:111
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW tcp dpt:980
0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW udp dpt:32772
0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW udp dpt:2049
0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW udp dpt:32769
0 0 all2all all -- * * 0.0.0.0/0
0.0.0.0/0
Chain dmz2net (1 references)
pkts bytes target prot opt in out source
destination
6 330 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW tcp flags:!0x16/0x02
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW tcp dpt:53
1 72 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW udp dpt:53
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 8
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW tcp dpt:25
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 25
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW tcp dpt:80
0 0 all2all all -- * * 0.0.0.0/0
0.0.0.0/0
Chain dynamic (6 references)
pkts bytes target prot opt in out source
destination
Chain eth0_fwd (1 references)
pkts bytes target prot opt in out source
destination
94 8308 dynamic all -- * * 0.0.0.0/0
0.0.0.0/0
9 1904 net2loc all -- * eth1 0.0.0.0/0
0.0.0.0/0
85 6404 net2dmz all -- * eth2 0.0.0.0/0
0.0.0.0/0
Chain eth0_in (1 references)
pkts bytes target prot opt in out source
destination
64 7028 dynamic all -- * * 0.0.0.0/0
0.0.0.0/0
64 7028 net2fw all -- * * 0.0.0.0/0
0.0.0.0/0
Chain eth1_fwd (1 references)
pkts bytes target prot opt in out source
destination
680 48189 dynamic all -- * * 0.0.0.0/0
0.0.0.0/0
9 515 loc2net all -- * eth0 0.0.0.0/0
0.0.0.0/0
671 47674 loc2dmz all -- * eth2 0.0.0.0/0
0.0.0.0/0
Chain eth1_in (1 references)
pkts bytes target prot opt in out source
destination
2581 186K dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
2581 186K loc2fw all -- * * 0.0.0.0/0 0.0.0.0/0
Chain eth2_fwd (1 references)
pkts bytes target prot opt in out source
destination
1329 101K dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
7 402 dmz2net all -- * eth0 0.0.0.0/0
0.0.0.0/0
1322 100K dmz2loc all -- * eth1 0.0.0.0/0 0.0.0.0/0
Chain eth2_in (1 references)
pkts bytes target prot opt in out source
destination
40 9660 dynamic all -- * * 0.0.0.0/0
0.0.0.0/0
40 9660 dmz2fw all -- * * 0.0.0.0/0
0.0.0.0/0
Chain fw2dmz (1 references)
pkts bytes target prot opt in out source
destination
531 56176 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW tcp flags:!0x16/0x02
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 8
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW tcp dpt:22
10 1104 all2all all -- * * 0.0.0.0/0
0.0.0.0/0
Chain fw2loc (1 references)
pkts bytes target prot opt in out source
destination
2091 1206K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW tcp flags:!0x16/0x02
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 8
0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW udp dpt:123
14 890 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW udp dpt:53
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW tcp dpt:53
28 3140 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW udp dpt:975
7 420 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW tcp dpt:978
419 35196 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW udp dpt:111
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW tcp dpt:111
0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW udp dpt:32773
0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW udp dpt:2049
0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW udp dpt:977
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW tcp dpt:980
3 180 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW tcp dpt:22
112 10543 all2all all -- * * 0.0.0.0/0
0.0.0.0/0
Chain fw2net (1 references)
pkts bytes target prot opt in out source
destination
37 3108 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW tcp flags:!0x16/0x02
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW tcp dpt:53
0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW udp dpt:53
0 0 all2all all -- * * 0.0.0.0/0
0.0.0.0/0
Chain icmpdef (1 references)
pkts bytes target prot opt in out source
destination
Chain loc2dmz (1 references)
pkts bytes target prot opt in out source
destination
668 47446 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW tcp flags:!0x16/0x02
1 60 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW tcp dpt:22
2 168 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 8
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW tcp dpt:25
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW tcp dpt:110
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 25
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW tcp dpt:10000
0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW udp dpt:111
0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW udp dpt:977
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW tcp dpt:111
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW tcp dpt:980
0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW udp dpt:32772
0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW udp dpt:2049
0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW udp dpt:32769
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW tcp dpt:22
0 0 ACCEPT tcp -- * * 0.0.0.0/0
192.168.100.10 state NEW tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0
192.168.100.10 state NEW tcp dpt:443
0 0 ACCEPT tcp -- * * 0.0.0.0/0
192.168.100.10 state NEW tcp dpt:8080
0 0 ACCEPT tcp -- * * 192.168.1.0/24
192.168.100.10 state NEW tcp dpt:21
0 0 all2all all -- * * 0.0.0.0/0
0.0.0.0/0
Chain loc2fw (1 references)
pkts bytes target prot opt in out source
destination
2529 178K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW tcp flags:!0x16/0x02
3 168 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW tcp dpt:22
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 8
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW tcp dpt:10000
3 408 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW udp dpt:111
46 6979 all2all all -- * * 0.0.0.0/0
0.0.0.0/0
Chain loc2net (1 references)
pkts bytes target prot opt in out source
destination
7 395 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW tcp flags:!0x16/0x02
0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW udp dpt:123
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW tcp dpt:443
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW tcp dpt:53
2 120 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW udp dpt:53
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0
Chain net2all (3 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW tcp flags:!0x16/0x02
16 3352 common all -- * * 0.0.0.0/0
0.0.0.0/0
1 404 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:net2all:DROP:'
1 404 DROP all -- * * 0.0.0.0/0
0.0.0.0/0
Chain net2dmz (1 references)
pkts bytes target prot opt in out source
destination
56 4160 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW tcp flags:!0x16/0x02
7 644 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 8
7 364 ACCEPT tcp -- * * 0.0.0.0/0
192.168.100.2 state NEW tcp dpt:25
0 0 ACCEPT tcp -- * * 0.0.0.0/0
192.168.100.2 state NEW tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0
192.168.100.2 state NEW tcp dpt:53
8 544 ACCEPT udp -- * * 0.0.0.0/0
192.168.100.2 state NEW udp dpt:53
6 288 ACCEPT tcp -- * * 0.0.0.0/0
192.168.100.10 state NEW tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0
192.168.100.10 state NEW tcp dpt:443
0 0 ACCEPT tcp -- * * 0.0.0.0/0
192.168.100.10 state NEW tcp dpt:8080
0 0 ACCEPT tcp -- * * 0.0.0.0/0
192.168.100.10 state NEW tcp dpt:21
1 404 net2all all -- * * 0.0.0.0/0
0.0.0.0/0
Chain net2fw (1 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW tcp flags:!0x16/0x02
46 3936 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 8
3 144 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW tcp dpt:22
15 2948 net2all all -- * * 0.0.0.0/0
0.0.0.0/0
Chain net2loc (1 references)
pkts bytes target prot opt in out source
destination
9 1904 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW tcp flags:!0x16/0x02
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 8
0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW udp dpt:123
0 0 ACCEPT tcp -- * * 0.0.0.0/0
192.168.1.202 state NEW tcp dpt:8080
0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW udp dpt:9000
0 0 net2all all -- * * 0.0.0.0/0
0.0.0.0/0
Chain newnotsyn (14 references)
pkts bytes target prot opt in out source
destination
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0
Chain reject (10 references)
pkts bytes target prot opt in out source
destination
0 0 REJECT tcp -- * * 0.0.0.0/0
0.0.0.0/0 reject-with tcp-reset
206 28176 REJECT all -- * * 0.0.0.0/0
0.0.0.0/0 reject-with icmp-port-unreachable
Chain shorewall (0 references)
pkts bytes target prot opt in out source
destination
Oct 9 08:32:54 all2all:REJECT:IN= OUT=eth1 SRC=192.168.1.231
DST=192.168.1.200 LEN=84 TOS=0x00 PREC=0xC0 TTL=64 ID=37083 PROTO=ICMP
TYPE=3 CODE=0 [SRC=192.168.1.200 DST=192.36.148.17 LEN=56 TOS=0x00 PREC=0x00
TTL=64 ID=0 DF PROTO=UDP SPT=32770 DPT=53 LEN=36 ]
Oct 9 08:32:56 all2all:REJECT:IN= OUT=eth1 SRC=192.168.1.231
DST=192.168.1.200 LEN=102 TOS=0x00 PREC=0xC0 TTL=64 ID=37084 PROTO=ICMP
TYPE=3 CODE=0 [SRC=192.168.1.200 DST=202.12.27.33 LEN=74 TOS=0x00 PREC=0x00
TTL=64 ID=0 DF PROTO=UDP SPT=32770 DPT=53 LEN=54 ]
Oct 9 08:33:00 all2all:REJECT:IN= OUT=eth1 SRC=192.168.1.231
DST=192.168.1.200 LEN=84 TOS=0x00 PREC=0xC0 TTL=64 ID=37085 PROTO=ICMP
TYPE=3 CODE=0 [SRC=192.168.1.200 DST=198.41.0.10 LEN=56 TOS=0x00 PREC=0x00
TTL=64 ID=0 DF PROTO=UDP SPT=32770 DPT=53 LEN=36 ]
Oct 9 08:33:02 all2all:REJECT:IN= OUT=eth1 SRC=192.168.1.231
DST=192.168.1.200 LEN=102 TOS=0x00 PREC=0xC0 TTL=64 ID=37086 PROTO=ICMP
TYPE=3 CODE=0 [SRC=192.168.1.200 DST=198.41.0.4 LEN=74 TOS=0x00 PREC=0x00
TTL=64 ID=0 DF PROTO=UDP SPT=32770 DPT=53 LEN=54 ]
Oct 9 08:33:06 all2all:REJECT:IN= OUT=eth1 SRC=192.168.1.231
DST=192.168.1.200 LEN=84 TOS=0x00 PREC=0xC0 TTL=64 ID=37087 PROTO=ICMP
TYPE=3 CODE=0 [SRC=192.168.1.200 DST=202.12.27.33 LEN=56 TOS=0x00 PREC=0x00
TTL=64 ID=0 DF PROTO=UDP SPT=32770 DPT=53 LEN=36 ]
Oct 9 08:33:08 all2all:REJECT:IN= OUT=eth1 SRC=192.168.1.231
DST=192.168.1.200 LEN=102 TOS=0x00 PREC=0xC0 TTL=64 ID=37088 PROTO=ICMP
TYPE=3 CODE=0 [SRC=192.168.1.200 DST=192.203.230.10 LEN=74 TOS=0x00
PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=32770 DPT=53 LEN=54 ]
Oct 9 08:33:12 all2all:REJECT:IN= OUT=eth1 SRC=192.168.1.231
DST=192.168.1.200 LEN=84 TOS=0x00 PREC=0xC0 TTL=64 ID=37089 PROTO=ICMP
TYPE=3 CODE=0 [SRC=192.168.1.200 DST=198.41.0.4 LEN=56 TOS=0x00 PREC=0x00
TTL=64 ID=0 DF PROTO=UDP SPT=32770 DPT=53 LEN=36 ]
Oct 9 08:33:18 all2all:REJECT:IN= OUT=eth1 SRC=192.168.1.231
DST=192.168.1.200 LEN=84 TOS=0x00 PREC=0xC0 TTL=64 ID=37094 PROTO=ICMP
TYPE=3 CODE=0 [SRC=192.168.1.200 DST=192.203.230.10 LEN=56 TOS=0x00
PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=32770 DPT=53 LEN=36 ]
Oct 9 09:07:28 all2all:REJECT:IN= OUT=eth1 SRC=192.168.1.231
DST=192.168.1.200 LEN=113 TOS=0x00 PREC=0xC0 TTL=64 ID=55640 PROTO=ICMP
TYPE=3 CODE=0 [SRC=192.168.1.200 DST=198.41.0.4 LEN=85 TOS=0x00 PREC=0x00
TTL=64 ID=0 DF PROTO=UDP SPT=32770 DPT=53 LEN=65 ]
Oct 9 09:07:34 all2all:REJECT:IN= OUT=eth1 SRC=192.168.1.231
DST=192.168.1.200 LEN=113 TOS=0x00 PREC=0xC0 TTL=64 ID=55641 PROTO=ICMP
TYPE=3 CODE=0 [SRC=192.168.1.200 DST=192.203.230.10 LEN=85 TOS=0x00
PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=32770 DPT=53 LEN=65 ]
Oct 9 09:07:38 all2all:REJECT:IN= OUT=eth1 SRC=192.168.1.231
DST=192.168.1.200 LEN=95 TOS=0x00 PREC=0xC0 TTL=64 ID=55642 PROTO=ICMP
TYPE=3 CODE=0 [SRC=192.168.1.200 DST=198.41.0.4 LEN=67 TOS=0x00 PREC=0x00
TTL=64 ID=0 DF PROTO=UDP SPT=32770 DPT=53 LEN=47 ]
Oct 9 09:07:40 all2all:REJECT:IN= OUT=eth1 SRC=192.168.1.231
DST=192.168.1.200 LEN=113 TOS=0x00 PREC=0xC0 TTL=64 ID=55643 PROTO=ICMP
TYPE=3 CODE=0 [SRC=192.168.1.200 DST=128.63.2.53 LEN=85 TOS=0x00 PREC=0x00
TTL=64 ID=0 DF PROTO=UDP SPT=32770 DPT=53 LEN=65 ]
Oct 9 09:07:44 all2all:REJECT:IN= OUT=eth1 SRC=192.168.1.231
DST=192.168.1.200 LEN=95 TOS=0x00 PREC=0xC0 TTL=64 ID=55644 PROTO=ICMP
TYPE=3 CODE=0 [SRC=192.168.1.200 DST=192.203.230.10 LEN=67 TOS=0x00
PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=32770 DPT=53 LEN=47 ]
Oct 9 09:07:46 all2all:REJECT:IN= OUT=eth1 SRC=192.168.1.231
DST=192.168.1.200 LEN=102 TOS=0x00 PREC=0xC0 TTL=64 ID=55645 PROTO=ICMP
TYPE=3 CODE=0 [SRC=192.168.1.200 DST=192.33.4.12 LEN=74 TOS=0x00 PREC=0x00
TTL=64 ID=0 DF PROTO=UDP SPT=32770 DPT=53 LEN=54 ]
Oct 9 09:07:50 all2all:REJECT:IN= OUT=eth1 SRC=192.168.1.231
DST=192.168.1.200 LEN=95 TOS=0x00 PREC=0xC0 TTL=64 ID=55646 PROTO=ICMP
TYPE=3 CODE=0 [SRC=192.168.1.200 DST=128.63.2.53 LEN=67 TOS=0x00 PREC=0x00
TTL=64 ID=0 DF PROTO=UDP SPT=32770 DPT=53 LEN=47 ]
Oct 9 09:07:52 all2all:REJECT:IN= OUT=eth1 SRC=192.168.1.231
DST=192.168.1.200 LEN=102 TOS=0x00 PREC=0xC0 TTL=64 ID=55647 PROTO=ICMP
TYPE=3 CODE=0 [SRC=192.168.1.200 DST=192.5.5.241 LEN=74 TOS=0x00 PREC=0x00
TTL=64 ID=0 DF PROTO=UDP SPT=32770 DPT=53 LEN=54 ]
Oct 9 09:07:56 all2all:REJECT:IN= OUT=eth1 SRC=192.168.1.231
DST=192.168.1.200 LEN=84 TOS=0x00 PREC=0xC0 TTL=64 ID=55648 PROTO=ICMP
TYPE=3 CODE=0 [SRC=192.168.1.200 DST=192.33.4.12 LEN=56 TOS=0x00 PREC=0x00
TTL=64 ID=0 DF PROTO=UDP SPT=32770 DPT=53 LEN=36 ]
Oct 9 09:07:58 all2all:REJECT:IN= OUT=eth1 SRC=192.168.1.231
DST=192.168.1.200 LEN=102 TOS=0x00 PREC=0xC0 TTL=64 ID=55649 PROTO=ICMP
TYPE=3 CODE=0 [SRC=192.168.1.200 DST=192.112.36.4 LEN=74 TOS=0x00 PREC=0x00
TTL=64 ID=0 DF PROTO=UDP SPT=32770 DPT=53 LEN=54 ]
Oct 9 09:08:02 all2all:REJECT:IN= OUT=eth1 SRC=192.168.1.231
DST=192.168.1.200 LEN=84 TOS=0x00 PREC=0xC0 TTL=64 ID=55651 PROTO=ICMP
TYPE=3 CODE=0 [SRC=192.168.1.200 DST=192.5.5.241 LEN=56 TOS=0x00 PREC=0x00
TTL=64 ID=0 DF PROTO=UDP SPT=32770 DPT=53 LEN=36 ]
Oct 9 09:08:04 all2all:REJECT:IN= OUT=eth1 SRC=192.168.1.231
DST=192.168.1.200 LEN=102 TOS=0x00 PREC=0xC0 TTL=64 ID=55652 PROTO=ICMP
TYPE=3 CODE=0 [SRC=192.168.1.200 DST=193.0.14.129 LEN=74 TOS=0x00 PREC=0x00
TTL=64 ID=0 DF PROTO=UDP SPT=32770 DPT=53 LEN=54 ]
NAT Table
Chain PREROUTING (policy ACCEPT 2268 packets, 218K bytes)
pkts bytes target prot opt in out source
destination
677 75541 eth0_in all -- eth0 * 0.0.0.0/0
0.0.0.0/0
663 74205 net_dnat all -- eth0 * 0.0.0.0/0
0.0.0.0/0
169 15310 loc_dnat all -- eth1 * 0.0.0.0/0
0.0.0.0/0
Chain POSTROUTING (policy ACCEPT 1208 packets, 95791 bytes)
pkts bytes target prot opt in out source
destination
3 192 eth0_out all -- * eth0 0.0.0.0/0
0.0.0.0/0
2 120 eth0_masq all -- * eth0 0.0.0.0/0
0.0.0.0/0
Chain OUTPUT (policy ACCEPT 511 packets, 43420 bytes)
pkts bytes target prot opt in out source
destination
Chain eth0_in (1 references)
pkts bytes target prot opt in out source
destination
14 1336 DNAT all -- * * 0.0.0.0/0
155.229.27.54 to:192.168.100.10
Chain eth0_masq (1 references)
pkts bytes target prot opt in out source
destination
2 120 MASQUERADE all -- * * 192.168.1.0/24
0.0.0.0/0
0 0 MASQUERADE all -- * * 192.168.100.0/24
0.0.0.0/0
0 0 SNAT all -- * * 192.168.1.0/24
0.0.0.0/0 to:155.229.27.55
Chain eth0_out (1 references)
pkts bytes target prot opt in out source
destination
1 72 SNAT all -- * * 192.168.100.10
0.0.0.0/0 to:155.229.27.54
Chain loc_dnat (1 references)
pkts bytes target prot opt in out source
destination
0 0 DNAT tcp -- * * 0.0.0.0/0
155.229.27.54 tcp dpt:80 to:192.168.100.10
0 0 DNAT tcp -- * * 0.0.0.0/0
155.229.27.54 tcp dpt:443 to:192.168.100.10
0 0 DNAT tcp -- * * 0.0.0.0/0
155.229.27.54 tcp dpt:8080 to:192.168.100.10
0 0 DNAT tcp -- * * 192.168.1.0/24
155.229.27.54 tcp dpt:21 to:192.168.100.10
Chain net_dnat (1 references)
pkts bytes target prot opt in out source
destination
7 364 DNAT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:25 to:192.168.100.2
0 0 DNAT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:80 to:192.168.100.2
0 0 DNAT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:635 to:192.168.1.202:8080
0 0 DNAT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:53 to:192.168.100.2
6 407 DNAT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:53 to:192.168.100.2
0 0 DNAT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:21 to:192.168.100.10
Mangle Table
Chain PREROUTING (policy ACCEPT 8374 packets, 678K bytes)
pkts bytes target prot opt in out source
destination
5972 485K pretos all -- * * 0.0.0.0/0 0.0.0.0/0
Chain INPUT (policy ACCEPT 4112 packets, 332K bytes)
pkts bytes target prot opt in out source
destination
Chain FORWARD (policy ACCEPT 3000 packets, 229K bytes)
pkts bytes target prot opt in out source
destination
Chain OUTPUT (policy ACCEPT 4622 packets, 1473K bytes)
pkts bytes target prot opt in out source
destination
3652 1363K outtos all -- * * 0.0.0.0/0 0.0.0.0/0
Chain POSTROUTING (policy ACCEPT 7255 packets, 1668K bytes)
pkts bytes target prot opt in out source
destination
Chain outtos (1 references)
pkts bytes target prot opt in out source
destination
763 976K TOS tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:22 TOS set 0x10
1168 216K TOS tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp spt:22 TOS set 0x10
Chain pretos (1 references)
pkts bytes target prot opt in out source
destination
1806 130K TOS tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:22 TOS set 0x10
726 55544 TOS tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp spt:22 TOS set 0x10
2904 209K TOS tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0
TOS set 0x00
tcp 6 431999 ESTABLISHED src=192.168.1.102 dst=192.168.1.231
sport=32788 dport=22 src=192.168.1.231 dst=192.168.1.102 sport=22
dport=32788 [ASSURED] use=1
udp 17 167 src=192.168.1.231 dst=192.168.1.200 sport=32772 dport=975
src=192.168.1.200 dst=192.168.1.231 sport=975 dport=32772 [ASSURED] use=1
tcp 6 425856 ESTABLISHED src=192.168.1.102 dst=192.168.100.10
sport=32787 dport=22 src=192.168.100.10 dst=192.168.1.102 sport=22
dport=32787 [ASSURED] use=1
udp 17 17 src=192.168.1.231 dst=192.168.1.200 sport=911 dport=111
src=192.168.1.200 dst=192.168.1.231 sport=111 dport=911 use=1
udp 17 17 src=192.168.1.231 dst=192.168.1.200 sport=912 dport=111
src=192.168.1.200 dst=192.168.1.231 sport=111 dport=912 use=1
udp 17 26 src=192.168.1.231 dst=192.168.1.200 sport=990 dport=975
src=192.168.1.200 dst=192.168.1.231 sport=975 dport=990 use=1
udp 17 26 src=192.168.1.231 dst=192.168.1.200 sport=991 dport=975
src=192.168.1.200 dst=192.168.1.231 sport=975 dport=991 use=1
udp 17 150 src=192.168.100.2 dst=192.168.1.200 sport=33125 dport=975
src=192.168.1.200 dst=192.168.100.2 sport=975 dport=33125 [ASSURED] use=1
tcp 6 10 SYN_SENT src=192.168.100.2 dst=192.168.1.200 sport=804
dport=111 [UNREPLIED] src=192.168.1.200 dst=192.168.100.2 sport=111
dport=804 use=1
tcp 6 69 SYN_SENT src=192.168.100.2 dst=192.168.1.200 sport=806
dport=111 [UNREPLIED] src=192.168.1.200 dst=192.168.100.2 sport=111
dport=806 use=1
udp 17 0 src=192.168.100.2 dst=192.168.1.200 sport=732 dport=111
src=192.168.1.200 dst=192.168.100.2 sport=111 dport=732 use=1
udp 17 0 src=192.168.100.2 dst=192.168.1.200 sport=733 dport=111
src=192.168.1.200 dst=192.168.100.2 sport=111 dport=733 use=1
udp 17 20 src=192.168.100.2 dst=192.168.1.200 sport=734 dport=975
src=192.168.1.200 dst=192.168.100.2 sport=975 dport=734 use=1
tcp 6 425669 ESTABLISHED src=192.168.1.101 dst=192.168.1.231 sport=3122
dport=22 src=192.168.1.231 dst=192.168.1.101 sport=22 dport=3122 [ASSURED]
use=1
tcp 6 428165 ESTABLISHED src=192.168.1.101 dst=192.168.1.231 sport=3221
dport=22 src=192.168.1.231 dst=192.168.1.101 sport=22 dport=3221 [ASSURED]
use=1
More information about the Shorewall-users
mailing list