Here are the file contents between Begin and End information.
BEGIN INFORMATION
TOS
########################################################################
######
#SOURCE DEST PROTOCOL SOURCE PORTS DEST PORTS
TOS
net loc tcp domain
- 16
net loc udp domain
- 16
loc net tcp domain
- 16
loc net udp domain
- 16
net loc tcp smtp
smtp 8
net loc tcp pop3
pop3 8
net loc tcp 80
80 8
net loc tcp 88
88 8
net loc tcp 21
21 16
net loc tcp 20
20 8
net net tcp ssh
ssh 16
loc $FW tcp 137:139
137:139 0
loc $FW udp 137:139
137:139 0
$FW loc tcp 137:139
137:139 0
$FW loc udp 137:139
137:139 0
net loc tcp 1723
1723 0
# The next series allows for Remote Admin of Appliance Firewalls
#all all tcp 88 88 8
#all all tcp 1080 1080 8
#LAST LINE -- Add your entries above -- DO NOT REMOVE
INTERFACES
########################################################################
######
#ZONE INTERFACE BROADCAST OPTIONS
net eth0 detect tcpflags,dhcp,norfc1918
loc eth1 detect
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
POLICY
########################################################################
#######
#SOURCE DEST POLICY
LOG LIMIT:BURST
#
LEVEL
loc net ACCEPT -
loc fw ACCEPT -
# If you want remove access to the Internet from your Firewall
# comment the next line
# Net to firewall and local
net fw ACCEPT -
net loc ACCEPT -
# Firewall to anaywhere
fw loc ACCEPT -
fw net ACCEPT -
#
# THE FOLLOWING POLICY MUST BE LAST
#
all all REJECT -
#LAST LINE -- DO NOT REMOVE
RULES
########################################################################
############################
#ACTION SOURCE DEST PROTO DEST
SOURCE ORIGINAL RATE USER/
# send services to servers via DNAT
# NOTE: the second hyphen (-) is for Multiple outside NICS
DNAT net loc:192.168.1.254 tcp
smtp -
DNAT net loc:192.168.1.254 tcp
pop3 -
DNAT net loc:192.168.1.254 tcp
www,ftp-data,ftp
DNAT net loc:192.168.1.254 tcp
1723 -
DNAT net loc:192.168.1.254 gre
- -
DNAT net loc:192.168.1.2
tcp 10000 -
# From NETWORK TO FW, accept SSH, Webmin (100000), FTP and Samba
(137-139)
#
ACCEPT net loc
tcp 53
ACCEPT net loc
udp 53
ACCEPT loc fw
tcp ssh
ACCEPT fw loc
tcp 21
# RDG - webmin access
ACCEPT loc fw
tcp 10000
# Let SMB request to the FW
ACCEPT loc fw
tcp 137
ACCEPT loc fw
udp 137
ACCEPT loc fw
tcp 139
ACCEPT loc fw
udp 139
# Let the FW show SMB
ACCEPT fw loc
tcp 137
ACCEPT fw loc
tcp 137
ACCEPT fw loc
tcp 139
ACCEPT fw loc
tcp 139
# Allow traffic from NET to FW and ICMP
#
ACCEPT loc fw
icmp - -
ACCEPT fw loc
icmp - -
ACCEPT fw net
icmp - -
# Accept PPTP
ACCEPT net loc
tcp 1723 1723
# Accept Remote firewall (dlink etc) from LAN TO WEB
#
ACCEPT net loc
tcp 88 88
ACCEPT net loc
tcp 8080 8080
ACCEPT net loc
tcp 1080 1080
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
STATUS
[H[2JShorewall-2.0.2f Status at ppi-fw1.paladinsurvey.ca - Wed Dec 29
14:50:13 MST 2004
Counters reset Wed Dec 29 14:48:42 MST 2004
Chain INPUT (policy DROP 1 packets, 48 bytes)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- lo * 0.0.0.0/0
0.0.0.0/0
0 0 DROP !icmp -- * * 0.0.0.0/0
0.0.0.0/0 state INVALID
0 0 eth0_in all -- eth0 * 0.0.0.0/0
0.0.0.0/0
186 12408 eth1_in all -- eth1 * 0.0.0.0/0
0.0.0.0/0
0 0 Reject all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 reject all -- * * 0.0.0.0/0
0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 DROP !icmp -- * * 0.0.0.0/0
0.0.0.0/0 state INVALID
0 0 eth0_fwd all -- eth0 * 0.0.0.0/0
0.0.0.0/0
0 0 eth1_fwd all -- eth1 * 0.0.0.0/0
0.0.0.0/0
0 0 Reject all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 reject all -- * * 0.0.0.0/0
0.0.0.0/0
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * lo 0.0.0.0/0
0.0.0.0/0
0 0 DROP !icmp -- * * 0.0.0.0/0
0.0.0.0/0 state INVALID
0 0 ACCEPT udp -- * eth0 0.0.0.0/0
0.0.0.0/0 udp dpts:67:68
0 0 fw2net all -- * eth0 0.0.0.0/0
0.0.0.0/0
144 10454 fw2loc all -- * eth1 0.0.0.0/0
0.0.0.0/0
0 0 Reject all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 reject all -- * * 0.0.0.0/0
0.0.0.0/0
Chain Drop (0 references)
pkts bytes target prot opt in out source
destination
0 0 RejectAuth all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 dropBcast all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 DropSMB all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 DropUPnP all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 dropNonSyn all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 DropDNSrep all -- * * 0.0.0.0/0
0.0.0.0/0
Chain DropDNSrep (2 references)
pkts bytes target prot opt in out source
destination
0 0 DROP udp -- * * 0.0.0.0/0
0.0.0.0/0 udp spt:53
Chain DropSMB (1 references)
pkts bytes target prot opt in out source
destination
0 0 DROP udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:135
0 0 DROP udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpts:137:139
0 0 DROP udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:445
0 0 DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:135
0 0 DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:139
0 0 DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:445
Chain DropUPnP (2 references)
pkts bytes target prot opt in out source
destination
0 0 DROP udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:1900
Chain Reject (4 references)
pkts bytes target prot opt in out source
destination
0 0 RejectAuth all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 dropBcast all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 RejectSMB all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 DropUPnP all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 dropNonSyn all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 DropDNSrep all -- * * 0.0.0.0/0
0.0.0.0/0
Chain RejectAuth (2 references)
pkts bytes target prot opt in out source
destination
0 0 reject tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:113
Chain RejectSMB (1 references)
pkts bytes target prot opt in out source
destination
0 0 reject udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:135
0 0 reject udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpts:137:139
0 0 reject udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:445
0 0 reject tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:135
0 0 reject tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:139
0 0 reject tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:445
Chain all2all (0 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 Reject all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 reject all -- * * 0.0.0.0/0
0.0.0.0/0
Chain dropBcast (2 references)
pkts bytes target prot opt in out source
destination
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0 PKTTYPE = broadcast
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0 PKTTYPE = multicast
Chain dropNonSyn (2 references)
pkts bytes target prot opt in out source
destination
0 0 DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:!0x16/0x02
Chain dynamic (4 references)
pkts bytes target prot opt in out source
destination
Chain eth0_fwd (1 references)
pkts bytes target prot opt in out source
destination
0 0 dynamic all -- * * 0.0.0.0/0
0.0.0.0/0 state NEW
0 0 norfc1918 all -- * * 0.0.0.0/0
0.0.0.0/0 state NEW
0 0 tcpflags tcp -- * * 0.0.0.0/0
0.0.0.0/0
0 0 net2loc all -- * eth1 0.0.0.0/0
0.0.0.0/0
Chain eth0_in (1 references)
pkts bytes target prot opt in out source
destination
0 0 dynamic all -- * * 0.0.0.0/0
0.0.0.0/0 state NEW
0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpts:67:68
0 0 norfc1918 all -- * * 0.0.0.0/0
0.0.0.0/0 state NEW
0 0 tcpflags tcp -- * * 0.0.0.0/0
0.0.0.0/0
0 0 net2fw all -- * * 0.0.0.0/0
0.0.0.0/0
Chain eth1_fwd (1 references)
pkts bytes target prot opt in out source
destination
0 0 dynamic all -- * * 0.0.0.0/0
0.0.0.0/0 state NEW
0 0 loc2net all -- * eth0 0.0.0.0/0
0.0.0.0/0
Chain eth1_in (1 references)
pkts bytes target prot opt in out source
destination
28 3396 dynamic all -- * * 0.0.0.0/0
0.0.0.0/0 state NEW
186 12408 loc2fw all -- * * 0.0.0.0/0
0.0.0.0/0
Chain fw2loc (1 references)
pkts bytes target prot opt in out source
destination
121 7799 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:21
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:137
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:137
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:139
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:139
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0
23 2655 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0
Chain fw2net (1 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0
Chain icmpdef (0 references)
pkts bytes target prot opt in out source
destination
Chain loc2fw (1 references)
pkts bytes target prot opt in out source
destination
158 9012 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
1 48 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:22
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:10000
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:137
21 1998 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:137
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:139
0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:139
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0
6 1350 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0
Chain loc2net (1 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0
Chain logflags (5 references)
pkts bytes target prot opt in out source
destination
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 4 level 6 prefix
`Shorewall:logflags:DROP:''
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0
Chain net2fw (1 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0
Chain net2loc (1 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0
192.168.1.254 tcp dpt:25
0 0 ACCEPT tcp -- * * 0.0.0.0/0
192.168.1.254 tcp dpt:110
0 0 ACCEPT tcp -- * * 0.0.0.0/0
192.168.1.254 multiport dports 80,20,21
0 0 ACCEPT tcp -- * * 0.0.0.0/0
192.168.1.254 tcp dpt:1723
0 0 ACCEPT 47 -- * * 0.0.0.0/0
192.168.1.254
0 0 ACCEPT tcp -- * * 0.0.0.0/0
192.168.1.2 tcp dpt:10000
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:53
0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:53
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp spt:1723 dpt:1723
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp spt:88 dpt:88
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp spt:8080 dpt:8080
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp spt:1080 dpt:1080
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0
Chain norfc1918 (2 references)
pkts bytes target prot opt in out source
destination
0 0 rfc1918 all -- * * 172.16.0.0/12
0.0.0.0/0
0 0 rfc1918 all -- * * 0.0.0.0/0
0.0.0.0/0 ctorigdst 172.16.0.0/12
0 0 rfc1918 all -- * * 192.168.0.0/16
0.0.0.0/0
0 0 rfc1918 all -- * * 0.0.0.0/0
0.0.0.0/0 ctorigdst 192.168.0.0/16
0 0 rfc1918 all -- * * 10.0.0.0/8
0.0.0.0/0
0 0 rfc1918 all -- * * 0.0.0.0/0
0.0.0.0/0 ctorigdst 10.0.0.0/8
Chain reject (11 references)
pkts bytes target prot opt in out source
destination
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0 PKTTYPE = broadcast
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0 PKTTYPE = multicast
0 0 DROP all -- * * 142.179.159.255
0.0.0.0/0
0 0 DROP all -- * * 192.168.1.255
0.0.0.0/0
0 0 DROP all -- * * 255.255.255.255
0.0.0.0/0
0 0 DROP all -- * * 224.0.0.0/4
0.0.0.0/0
0 0 REJECT tcp -- * * 0.0.0.0/0
0.0.0.0/0 reject-with tcp-reset
0 0 REJECT udp -- * * 0.0.0.0/0
0.0.0.0/0 reject-with icmp-port-unreachable
0 0 REJECT icmp -- * * 0.0.0.0/0
0.0.0.0/0 reject-with icmp-host-unreachable
0 0 REJECT all -- * * 0.0.0.0/0
0.0.0.0/0 reject-with icmp-host-prohibited
Chain rfc1918 (6 references)
pkts bytes target prot opt in out source
destination
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:rfc1918:DROP:''
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0
Chain shorewall (0 references)
pkts bytes target prot opt in out source
destination
Chain smurfs (0 references)
pkts bytes target prot opt in out source
destination
0 0 LOG all -- * * 142.179.159.255
0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:''
0 0 DROP all -- * * 142.179.159.255
0.0.0.0/0
0 0 LOG all -- * * 192.168.1.255
0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:''
0 0 DROP all -- * * 192.168.1.255
0.0.0.0/0
0 0 LOG all -- * * 255.255.255.255
0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:''
0 0 DROP all -- * * 255.255.255.255
0.0.0.0/0
0 0 LOG all -- * * 224.0.0.0/4
0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:''
0 0 DROP all -- * * 224.0.0.0/4
0.0.0.0/0
Chain tcpflags (2 references)
pkts bytes target prot opt in out source
destination
0 0 logflags tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x3F/0x29
0 0 logflags tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x3F/0x00
0 0 logflags tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x06/0x06
0 0 logflags tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x03/0x03
0 0 logflags tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp spt:0 flags:0x16/0x02
Oct 13 13:27:31 FORWARD:REJECT:IN=eth0 OUT=eth0 SRC=172.16.1.254
DST=192.168.1.254 LEN=72 TOS=0x00 PREC=0x00 TTL=127 ID=774 PROTO=UDP
SPT=1086 DPT=53 LEN=52
Oct 13 13:27:39 FORWARD:REJECT:IN=eth0 OUT=eth0 SRC=172.16.1.254
DST=192.168.1.254 LEN=67 TOS=0x00 PREC=0x00 TTL=127 ID=775 PROTO=UDP
SPT=1087 DPT=53 LEN=47
Oct 13 13:27:40 FORWARD:REJECT:IN=eth0 OUT=eth0 SRC=172.16.1.254
DST=192.168.1.254 LEN=67 TOS=0x00 PREC=0x00 TTL=127 ID=776 PROTO=UDP
SPT=1087 DPT=53 LEN=47
Oct 13 13:27:42 FORWARD:REJECT:IN=eth0 OUT=eth0 SRC=172.16.1.254
DST=192.168.1.254 LEN=67 TOS=0x00 PREC=0x00 TTL=127 ID=777 PROTO=UDP
SPT=1087 DPT=53 LEN=47
Oct 13 13:27:44 FORWARD:REJECT:IN=eth0 OUT=eth0 SRC=172.16.1.254
DST=192.168.1.254 LEN=67 TOS=0x00 PREC=0x00 TTL=127 ID=778 PROTO=UDP
SPT=1087 DPT=53 LEN=47
Oct 13 13:27:44 FORWARD:REJECT:IN=eth0 OUT=eth0 SRC=172.16.1.254
DST=192.168.1.254 LEN=67 TOS=0x00 PREC=0x00 TTL=127 ID=779 PROTO=UDP
SPT=1087 DPT=53 LEN=47
Oct 13 13:27:48 FORWARD:REJECT:IN=eth0 OUT=eth0 SRC=172.16.1.254
DST=192.168.1.254 LEN=67 TOS=0x00 PREC=0x00 TTL=127 ID=780 PROTO=UDP
SPT=1087 DPT=53 LEN=47
Oct 13 13:27:48 FORWARD:REJECT:IN=eth0 OUT=eth0 SRC=172.16.1.254
DST=192.168.1.254 LEN=67 TOS=0x00 PREC=0x00 TTL=127 ID=781 PROTO=UDP
SPT=1087 DPT=53 LEN=47
Oct 13 13:42:17 FORWARD:REJECT:IN=eth1 OUT=eth1 SRC=172.16.1.254
DST=172.16.1.254 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=886 DF PROTO=TCP
SPT=1094 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0
Oct 13 13:51:48 FORWARD:REJECT:IN=eth0 OUT=eth0 SRC=172.16.1.254
DST=209.115.152.130 LEN=72 TOS=0x00 PREC=0x00 TTL=127 ID=65 PROTO=UDP
SPT=1032 DPT=53 LEN=52
Oct 13 13:51:48 FORWARD:REJECT:IN=eth0 OUT=eth0 SRC=172.16.1.254
DST=209.115.152.130 LEN=72 TOS=0x00 PREC=0x00 TTL=127 ID=66 PROTO=UDP
SPT=1032 DPT=53 LEN=52
Oct 13 13:51:48 FORWARD:REJECT:IN=eth0 OUT=eth0 SRC=172.16.1.254
DST=216.123.198.243 LEN=72 TOS=0x00 PREC=0x00 TTL=127 ID=67 PROTO=UDP
SPT=1032 DPT=53 LEN=52
Oct 13 13:51:48 FORWARD:REJECT:IN=eth0 OUT=eth0 SRC=172.16.1.254
DST=209.115.152.130 LEN=72 TOS=0x00 PREC=0x00 TTL=127 ID=68 PROTO=UDP
SPT=1032 DPT=53 LEN=52
Oct 13 13:51:52 FORWARD:REJECT:IN=eth0 OUT=eth0 SRC=172.16.1.254
DST=216.123.198.243 LEN=72 TOS=0x00 PREC=0x00 TTL=127 ID=69 PROTO=UDP
SPT=1032 DPT=53 LEN=52
Oct 13 13:51:52 FORWARD:REJECT:IN=eth0 OUT=eth0 SRC=172.16.1.254
DST=209.115.152.130 LEN=72 TOS=0x00 PREC=0x00 TTL=127 ID=70 PROTO=UDP
SPT=1032 DPT=53 LEN=52
Oct 15 11:52:08 FORWARD:REJECT:IN=eth1 OUT=eth1 SRC=192.168.1.254
DST=192.168.1.254 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=23082 DF
PROTO=TCP SPT=2426 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0
Oct 15 12:45:20 FORWARD:REJECT:IN=eth0 OUT=eth0 SRC=80.235.136.134
DST=198.53.129.153 LEN=60 TOS=0x00 PREC=0x00 TTL=108 ID=1061 PROTO=UDP
SPT=6346 DPT=6348 LEN=40
Oct 15 12:45:24 FORWARD:REJECT:IN=eth0 OUT=eth0 SRC=80.235.136.134
DST=198.53.129.153 LEN=60 TOS=0x00 PREC=0x00 TTL=108 ID=1245 PROTO=UDP
SPT=6348 DPT=6348 LEN=40
Oct 15 12:46:02 FORWARD:REJECT:IN=eth0 OUT=eth0 SRC=67.165.23.150
DST=198.53.129.153 LEN=60 TOS=0x00 PREC=0x00 TTL=42 ID=3764 PROTO=UDP
SPT=6346 DPT=6346 LEN=40
Oct 15 12:55:30 FORWARD:REJECT:IN=eth0 OUT=eth0 SRC=64.231.86.130
DST=198.53.129.153 LEN=60 TOS=0x00 PREC=0x00 TTL=108 ID=10013 PROTO=UDP
SPT=6346 DPT=6346 LEN=40
NAT Table
Chain PREROUTING (policy ACCEPT 71 packets, 21409 bytes)
pkts bytes target prot opt in out source
destination
0 0 net_dnat all -- eth0 * 0.0.0.0/0
0.0.0.0/0
Chain POSTROUTING (policy ACCEPT 4 packets, 831 bytes)
pkts bytes target prot opt in out source
destination
Chain OUTPUT (policy ACCEPT 4 packets, 831 bytes)
pkts bytes target prot opt in out source
destination
Chain net_dnat (1 references)
pkts bytes target prot opt in out source
destination
0 0 DNAT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:25 to:192.168.1.254
0 0 DNAT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:110 to:192.168.1.254
0 0 DNAT tcp -- * * 0.0.0.0/0
0.0.0.0/0 multiport dports 80,20,21 to:192.168.1.254
0 0 DNAT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:1723 to:192.168.1.254
0 0 DNAT 47 -- * * 0.0.0.0/0
0.0.0.0/0 to:192.168.1.254
0 0 DNAT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:10000 to:192.168.1.2
Mangle Table
Chain PREROUTING (policy ACCEPT 256 packets, 33276 bytes)
pkts bytes target prot opt in out source
destination
255 33228 pretos all -- * * 0.0.0.0/0
0.0.0.0/0
Chain INPUT (policy ACCEPT 191 packets, 12656 bytes)
pkts bytes target prot opt in out source
destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
Chain OUTPUT (policy ACCEPT 147 packets, 10614 bytes)
pkts bytes target prot opt in out source
destination
147 10614 outtos all -- * * 0.0.0.0/0
0.0.0.0/0
Chain POSTROUTING (policy ACCEPT 170 packets, 13269 bytes)
pkts bytes target prot opt in out source
destination
Chain outtos (1 references)
pkts bytes target prot opt in out source
destination
0 0 TOS tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp spts:137:139 dpts:137:139 TOS set 0x00
23 2655 TOS udp -- * * 0.0.0.0/0
0.0.0.0/0 udp spts:137:139 dpts:137:139 TOS set 0x00
Chain pretos (1 references)
pkts bytes target prot opt in out source
destination
0 0 TOS tcp -- eth0 * 0.0.0.0/0
0.0.0.0/0 tcp spt:53 TOS set 0x10
0 0 TOS udp -- eth0 * 0.0.0.0/0
0.0.0.0/0 udp spt:53 TOS set 0x10
0 0 TOS tcp -- eth1 * 0.0.0.0/0
0.0.0.0/0 tcp spt:53 TOS set 0x10
0 0 TOS udp -- eth1 * 0.0.0.0/0
0.0.0.0/0 udp spt:53 TOS set 0x10
0 0 TOS tcp -- eth0 * 0.0.0.0/0
0.0.0.0/0 tcp spt:25 dpt:25 TOS set 0x08
0 0 TOS tcp -- eth0 * 0.0.0.0/0
0.0.0.0/0 tcp spt:110 dpt:110 TOS set 0x08
0 0 TOS tcp -- eth0 * 0.0.0.0/0
0.0.0.0/0 tcp spt:80 dpt:80 TOS set 0x08
0 0 TOS tcp -- eth0 * 0.0.0.0/0
0.0.0.0/0 tcp spt:88 dpt:88 TOS set 0x08
0 0 TOS tcp -- eth0 * 0.0.0.0/0
0.0.0.0/0 tcp spt:21 dpt:21 TOS set 0x10
0 0 TOS tcp -- eth0 * 0.0.0.0/0
0.0.0.0/0 tcp spt:20 dpt:20 TOS set 0x08
0 0 TOS tcp -- eth0 * 0.0.0.0/0
0.0.0.0/0 tcp spt:22 dpt:22 TOS set 0x10
0 0 TOS tcp -- eth0 * 0.0.0.0/0
0.0.0.0/0 tcp spt:1723 dpt:1723 TOS set 0x00
udp 17 10 src=192.168.1.254 dst=192.168.1.255 sport=138 dport=138
[UNREPLIED] src=192.168.1.255 dst=192.168.1.254 sport=138 dport=138
use=1
tcp 6 431999 ESTABLISHED src=192.168.1.254 dst=192.168.1.2
sport=7317 dport=22 src=192.168.1.2 dst=192.168.1.254 sport=22
dport=7317 [ASSURED] use=1
udp 17 10 src=192.168.1.2 dst=192.168.1.255 sport=138 dport=138
[UNREPLIED] src=192.168.1.255 dst=192.168.1.2 sport=138 dport=138 use=1
END INFORMATION
Richard Gutery
mentor ITS
_____
From: Richard Gutery
[mailto:shorewall-users-bounces@lists.shorewall.net] On Behalf Of
Richard Gutery
Sent: Wednesday, December 29, 2004 3:25 PM
To: Mailing List for Shorewall Users
Subject: RE: [Shorewall-users] DHCP
Sorry Tom, were the files from etc/shorewall dir, I just assumed
(bad...) that there would be no problem.
I''m resending in text format using windows notepad??? They will also
open in kEdit and Kate and Edipad Pro (Linux and Windows)
If there still is a problem, please let me knwo which format is
acceptable.
Richard
-----Original Message-----
From: Tom Eastep [mailto:teastep@shorewall.net]
Sent: Wed 12/29/2004 3:13 PM
To: Shorewall Users
Cc:
Subject: RE: [Shorewall-users] DHCP
On Wed, 2004-12-29 at 15:01 -0700, Richard Gutery wrote:
> Hi Tom, sorry for the delay. Please find attached the
followng:
>
> TOS, RULES, INTERFACES, POLICY and Output of shorewall status.
>
> I really appreciate the help on this. Shorewall is an
excellent prodcut and until this DHCP issue, I''ve never had problems
(okay a few itty bitty ones).
Please send the information in a Unix-friendly format -- not
application/ms-tnef (or give me some clue how to read the %$#@
attachment -- the KDE TNEF viewer can''t seem to deal with it).
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented
fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
_______________________________________________
Shorewall-users mailing list
Post: Shorewall-users@lists.shorewall.net
Subscribe/Unsubscribe:
https://lists.shorewall.net/mailman/listinfo/shorewall-users
Support: http://www.shorewall.net/support.htm
FAQ: http://www.shorewall.net/FAQ.htm