Currently I have shorewal 2.2 installed om my debian 2.6.8 kernel. The firewall
machine can access the internet via a ethernet modem fine. The firewall can ping
the local network. The local network can ping the firewall server, see the samba
files. Howeven teh local network cannot access the internet through the firewall
Any suggestions?
Rob van Overbruggen
Settings and stats:
Server:
Eth1 : alcatel home modem
Eth0 : internal network (hub + 1 computer)
****************************************************88
Interfaces:
net ppp0 - routefilter,tcpflags
loc eth0 192.168.1.1
modem eth1 192.168.1.255 dhcp
Masq
#INTERFACE SUBNET ADDRESS PROTO PORT(S) IPSEC
eth1 eth0
Policy:
loc net ACCEPT
fw net ACCEPT
net all DROP info
all all REJECT info
Rules:
# Accept DNS connections from the firewall to the network
#
ACCEPT fw net tcp 53
ACCEPT fw net udp 53
#
# Accept SSH connections from the local network for administration
#
ACCEPT loc fw tcp 22
#
# Allow Ping To And From Firewall
#
ACCEPT loc fw icmp 8
ACCEPT net fw icmp 8
ACCEPT fw loc icmp
ACCEPT fw net icmp
AllowSMB fw loc
AllowSMB loc fw
AllowWeb net fw
AllowWeb loc fw
Conf
CLAMPMSS=yes
IP_FORWARDING=on
--
?? Your kernel must # have CONFIG_IP_NF_TARGET_TCPMSS set. : Deze setting
kan ik niet vinden in mijn debian 2.6 kernel ??
-------------------------
horewall-2.2.3 Status at ziggy - Sun May 29 07:46:31 CEST 2005
Counters reset Sun May 29 07:43:39 CEST 2005
Chain INPUT (policy DROP 5 packets, 244 bytes)
pkts bytes target prot opt in out source destination
410 42869 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
397 240K ppp0_in all -- ppp0 * 0.0.0.0/0 0.0.0.0/0
32 2116 eth0_in all -- eth0 * 0.0.0.0/0 0.0.0.0/0
482 260K eth1_in all -- eth1 * 0.0.0.0/0 0.0.0.0/0
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix
`Shorewall:INPUT:REJECT:''
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
12 576 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS
clamp to PMTU
0 0 ppp0_fwd all -- ppp0 * 0.0.0.0/0 0.0.0.0/0
12 576 eth0_fwd all -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 eth1_fwd all -- eth1 * 0.0.0.0/0 0.0.0.0/0
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix
`Shorewall:FORWARD:REJECT:''
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
410 42869 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp -- * eth1 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68
364 41726 fw2net all -- * ppp0 0.0.0.0/0 0.0.0.0/0
20 1740 fw2loc all -- * eth0 0.0.0.0/0 0.0.0.0/0
798 70693 fw2modem all -- * eth1 0.0.0.0/0 0.0.0.0/0
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix
`Shorewall:OUTPUT:REJECT:''
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
Chain AllowICMPs (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 code 4
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 11
Chain AllowSMB (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 135,445
12 936 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:137:139
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:137 dpts:1024:65535
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 135,139,445
Chain AllowWeb (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
Chain Drop (1 references)
pkts bytes target prot opt in out source destination
81 4164 RejectAuth all -- * * 0.0.0.0/0 0.0.0.0/0
81 4164 dropBcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 AllowICMPs icmp -- * * 0.0.0.0/0 0.0.0.0/0
81 4164 dropInvalid all -- * * 0.0.0.0/0 0.0.0.0/0
81 4164 DropSMB all -- * * 0.0.0.0/0 0.0.0.0/0
81 4164 DropUPnP all -- * * 0.0.0.0/0 0.0.0.0/0
81 4164 dropNotSyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
79 4084 DropDNSrep all -- * * 0.0.0.0/0 0.0.0.0/0
Chain DropDNSrep (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:53
Chain DropSMB (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:135
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:137:139
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:445
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:135
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:139
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:445
Chain DropUPnP (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1900
Chain Reject (4 references)
pkts bytes target prot opt in out source destination
20 1180 RejectAuth all -- * * 0.0.0.0/0 0.0.0.0/0
20 1180 dropBcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 AllowICMPs icmp -- * * 0.0.0.0/0 0.0.0.0/0
20 1180 dropInvalid all -- * * 0.0.0.0/0 0.0.0.0/0
20 1180 RejectSMB all -- * * 0.0.0.0/0 0.0.0.0/0
20 1180 DropUPnP all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 dropNotSyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
20 1180 DropDNSrep all -- * * 0.0.0.0/0 0.0.0.0/0
Chain RejectAuth (2 references)
pkts bytes target prot opt in out source destination
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:113
Chain RejectSMB (1 references)
pkts bytes target prot opt in out source destination
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:135
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:137:139
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:445
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:135
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:139
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:445
Chain all2all (7 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
20 1180 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
20 1180 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix
`Shorewall:all2all:REJECT:''
20 1180 reject all -- * * 0.0.0.0/0 0.0.0.0/0
Chain dropBcast (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 PKTTYPE = broadcast
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 PKTTYPE = multicast
Chain dropInvalid (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
Chain dropNotSyn (2 references)
pkts bytes target prot opt in out source destination
2 80 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x16/0x02
Chain dynamic (6 references)
pkts bytes target prot opt in out source destination
Chain eth0_fwd (1 references)
pkts bytes target prot opt in out source destination
12 576 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID,NEW
12 576 loc2net all -- * ppp0 0.0.0.0/0 0.0.0.0/0
0 0 all2all all -- * eth1 0.0.0.0/0 0.0.0.0/0
Chain eth0_in (1 references)
pkts bytes target prot opt in out source destination
32 2116 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID,NEW
32 2116 loc2fw all -- * * 0.0.0.0/0 0.0.0.0/0
Chain eth1_fwd (1 references)
pkts bytes target prot opt in out source destination
0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID,NEW
0 0 all2all all -- * ppp0 0.0.0.0/0 0.0.0.0/0
0 0 all2all all -- * eth0 0.0.0.0/0 0.0.0.0/0
Chain eth1_in (1 references)
pkts bytes target prot opt in out source destination
0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID,NEW
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68
482 260K modem2fw all -- * * 0.0.0.0/0 0.0.0.0/0
Chain fw2loc (1 references)
pkts bytes target prot opt in out source destination
20 1740 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 AllowSMB all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 all2all all -- * * 0.0.0.0/0 0.0.0.0/0
Chain fw2modem (1 references)
pkts bytes target prot opt in out source destination
797 70633 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT 47 -- * * 0.0.0.0/0 10.0.0.138
1 60 ACCEPT tcp -- * * 0.0.0.0/0 10.0.0.138 tcp dpt:1723
0 0 all2all all -- * * 0.0.0.0/0 0.0.0.0/0
Chain fw2net (1 references)
pkts bytes target prot opt in out source destination
310 38539 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
34 1987 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
20 1200 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain icmpdef (0 references)
pkts bytes target prot opt in out source destination
Chain loc2fw (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8
32 2116 AllowSMB all -- * * 0.0.0.0/0 0.0.0.0/0
20 1180 AllowWeb all -- * * 0.0.0.0/0 0.0.0.0/0
20 1180 all2all all -- * * 0.0.0.0/0 0.0.0.0/0
Chain loc2net (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
12 576 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logflags (5 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 4 level 6 prefix
`Shorewall:logflags:DROP:''
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain modem2fw (1 references)
pkts bytes target prot opt in out source destination
482 260K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT 47 -- * * 10.0.0.138 0.0.0.0/0
0 0 all2all all -- * * 0.0.0.0/0 0.0.0.0/0
Chain net2all (3 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
81 4164 Drop all -- * * 0.0.0.0/0 0.0.0.0/0
79 4084 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix
`Shorewall:net2all:DROP:''
79 4084 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain net2fw (1 references)
pkts bytes target prot opt in out source destination
316 236K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8
81 4164 AllowWeb all -- * * 0.0.0.0/0 0.0.0.0/0
81 4164 net2all all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ppp0_fwd (1 references)
pkts bytes target prot opt in out source destination
0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID,NEW
0 0 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 net2all all -- * eth0 0.0.0.0/0 0.0.0.0/0
0 0 net2all all -- * eth1 0.0.0.0/0 0.0.0.0/0
Chain ppp0_in (1 references)
pkts bytes target prot opt in out source destination
81 4164 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID,NEW
341 236K tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
397 240K net2fw all -- * * 0.0.0.0/0 0.0.0.0/0
Chain reject (11 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 PKTTYPE = broadcast
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 PKTTYPE = multicast
0 0 DROP all -- * * 192.168.1.1 0.0.0.0/0
0 0 DROP all -- * * 192.168.1.255 0.0.0.0/0
0 0 DROP all -- * * 255.255.255.255 0.0.0.0/0
0 0 DROP all -- * * 224.0.0.0/4 0.0.0.0/0
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset
20 1180 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with
icmp-port-unreachable
0 0 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-unreachable
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain shorewall (0 references)
pkts bytes target prot opt in out source destination
Chain smurfs (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 192.168.1.1 0.0.0.0/0 LOG flags 0 level 6 prefix
`Shorewall:smurfs:DROP:''
0 0 DROP all -- * * 192.168.1.1 0.0.0.0/0
0 0 LOG all -- * * 192.168.1.255 0.0.0.0/0 LOG flags 0 level 6 prefix
`Shorewall:smurfs:DROP:''
0 0 DROP all -- * * 192.168.1.255 0.0.0.0/0
0 0 LOG all -- * * 255.255.255.255 0.0.0.0/0 LOG flags 0 level 6 prefix
`Shorewall:smurfs:DROP:''
0 0 DROP all -- * * 255.255.255.255 0.0.0.0/0
0 0 LOG all -- * * 224.0.0.0/4 0.0.0.0/0 LOG flags 0 level 6 prefix
`Shorewall:smurfs:DROP:''
0 0 DROP all -- * * 224.0.0.0/4 0.0.0.0/0
Chain tcpflags (2 references)
pkts bytes target prot opt in out source destination
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x29
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x06
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x03/0x03
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:0 flags:0x16/0x02
May 29 07:45:52 net2all:DROP:IN=ppp0 OUT= SRC=84.60.144.46 DST=62.59.114.79
LEN=60 TOS=0x00 PREC=0x00 TTL=57 ID=12981 DF PROTO=TCP SPT=50892 DPT=4662
WINDOW=5840 RES=0x00 SYN URGP=0
May 29 07:45:53 net2all:DROP:IN=ppp0 OUT= SRC=172.202.35.195
DST=62.59.114.79 LEN=48 TOS=0x00 PREC=0x00 TTL=116 ID=1735 DF PROTO=TCP
SPT=3788 DPT=4662 WINDOW=65535 RES=0x00 SYN URGP=0
May 29 07:45:55 net2all:DROP:IN=ppp0 OUT= SRC=84.60.144.46 DST=62.59.114.79
LEN=60 TOS=0x00 PREC=0x00 TTL=57 ID=12982 DF PROTO=TCP SPT=50892 DPT=4662
WINDOW=5840 RES=0x00 SYN URGP=0
May 29 07:45:56 net2all:DROP:IN=ppp0 OUT= SRC=60.234.132.224
DST=62.59.114.79 LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=40 DF PROTO=TCP
SPT=54192 DPT=4662 WINDOW=64240 RES=0x00 SYN URGP=0
May 29 07:45:58 net2all:DROP:IN=ppp0 OUT= SRC=83.237.7.6 DST=62.59.114.79
LEN=48 TOS=0x00 PREC=0x00 TTL=116 ID=52291 DF PROTO=TCP SPT=18599 DPT=4662
WINDOW=65535 RES=0x00 SYN URGP=0
May 29 07:46:00 net2all:DROP:IN=ppp0 OUT= SRC=60.234.132.224
DST=62.59.114.79 LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=107 DF PROTO=TCP
SPT=54192 DPT=4662 WINDOW=64240 RES=0x00 SYN URGP=0
May 29 07:46:00 net2all:DROP:IN=ppp0 OUT= SRC=84.171.251.46 DST=62.59.114.79
LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=22446 DF PROTO=TCP SPT=4625 DPT=4662
WINDOW=64240 RES=0x00 SYN URGP=0
May 29 07:46:02 net2all:DROP:IN=ppp0 OUT= SRC=84.60.144.46 DST=62.59.114.79
LEN=60 TOS=0x00 PREC=0x00 TTL=57 ID=12983 DF PROTO=TCP SPT=50892 DPT=4662
WINDOW=5840 RES=0x00 SYN URGP=0
May 29 07:46:04 net2all:DROP:IN=ppp0 OUT= SRC=83.237.7.6 DST=62.59.114.79
LEN=48 TOS=0x00 PREC=0x00 TTL=116 ID=52583 DF PROTO=TCP SPT=18599 DPT=4662
WINDOW=65535 RES=0x00 SYN URGP=0
May 29 07:46:05 all2all:REJECT:IN=eth0 OUT= SRC=192.168.1.105
DST=192.168.1.1 LEN=59 TOS=0x00 PREC=0x00 TTL=128 ID=10974 PROTO=UDP
SPT=3023 DPT=53 LEN=39
May 29 07:46:06 all2all:REJECT:IN=eth0 OUT= SRC=192.168.1.105
DST=192.168.1.1 LEN=59 TOS=0x00 PREC=0x00 TTL=128 ID=10997 PROTO=UDP
SPT=3023 DPT=53 LEN=39
May 29 07:46:06 net2all:DROP:IN=ppp0 OUT= SRC=60.234.132.224
DST=62.59.114.79 LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=265 DF PROTO=TCP
SPT=54192 DPT=4662 WINDOW=64240 RES=0x00 SYN URGP=0
May 29 07:46:07 all2all:REJECT:IN=eth0 OUT= SRC=192.168.1.105
DST=192.168.1.1 LEN=59 TOS=0x00 PREC=0x00 TTL=128 ID=11020 PROTO=UDP
SPT=3023 DPT=53 LEN=39
May 29 07:46:07 net2all:DROP:IN=ppp0 OUT= SRC=62.15.113.251 DST=62.59.114.79
LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=3142 DF PROTO=TCP SPT=1062 DPT=4662
WINDOW=65535 RES=0x00 SYN URGP=0
May 29 07:46:09 all2all:REJECT:IN=eth0 OUT= SRC=192.168.1.105
DST=192.168.1.1 LEN=59 TOS=0x00 PREC=0x00 TTL=128 ID=11063 PROTO=UDP
SPT=3023 DPT=53 LEN=39
May 29 07:46:09 net2all:DROP:IN=ppp0 OUT= SRC=84.171.251.46 DST=62.59.114.79
LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=23458 DF PROTO=TCP SPT=4625 DPT=4662
WINDOW=64240 RES=0x00 SYN URGP=0
May 29 07:46:10 net2all:DROP:IN=ppp0 OUT= SRC=62.15.113.251 DST=62.59.114.79
LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=3252 DF PROTO=TCP SPT=1062 DPT=4662
WINDOW=65535 RES=0x00 SYN URGP=0
May 29 07:46:13 all2all:REJECT:IN=eth0 OUT= SRC=192.168.1.105
DST=192.168.1.1 LEN=59 TOS=0x00 PREC=0x00 TTL=128 ID=11146 PROTO=UDP
SPT=3023 DPT=53 LEN=39
May 29 07:46:14 net2all:DROP:IN=ppp0 OUT= SRC=84.60.144.46 DST=62.59.114.79
LEN=60 TOS=0x00 PREC=0x00 TTL=57 ID=12984 DF PROTO=TCP SPT=50892 DPT=4662
WINDOW=5840 RES=0x00 SYN URGP=0
May 29 07:46:16 net2all:DROP:IN=ppp0 OUT= SRC=62.15.113.251 DST=62.59.114.79
LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=3506 DF PROTO=TCP SPT=1062 DPT=4662
WINDOW=65535 RES=0x00 SYN URGP=0
NAT Table
Chain PREROUTING (policy ACCEPT 321 packets, 17177 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 151 packets, 9048 bytes)
pkts bytes target prot opt in out source destination
1 60 eth1_masq all -- * eth1 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 145 packets, 9162 bytes)
pkts bytes target prot opt in out source destination
Chain eth1_masq (1 references)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE all -- * * 192.168.1.0/24 0.0.0.0/0
Mangle Table
Chain PREROUTING (policy ACCEPT 3965 packets, 917K bytes)
pkts bytes target prot opt in out source destination
1856 602K pretos all -- * * 0.0.0.0/0 0.0.0.0/0
Chain INPUT (policy ACCEPT 3941 packets, 916K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 24 packets, 1152 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 4309 packets, 417K bytes)
pkts bytes target prot opt in out source destination
2114 214K outtos all -- * * 0.0.0.0/0 0.0.0.0/0
Chain POSTROUTING (policy ACCEPT 4333 packets, 418K bytes)
pkts bytes target prot opt in out source destination
Chain outtos (1 references)
pkts bytes target prot opt in out source destination
Chain pretos (1 references)
pkts bytes target prot opt in out source destination
udp 17 113 src=62.59.114.79 dst=62.58.50.5 sport=32846 dport=53
src=62.58.50.5 dst=62.59.114.79 sport=53 dport=32846 [ASSURED] use=1
udp 17 112 src=62.59.114.79 dst=62.58.50.5 sport=32832 dport=53
src=62.58.50.5 dst=62.59.114.79 sport=53 dport=32832 [ASSURED] use=1
udp 17 114 src=62.59.114.79 dst=62.58.50.5 sport=32854 dport=53
src=62.58.50.5 dst=62.59.114.79 sport=53 dport=32854 [ASSURED] use=1
udp 17 19 src=192.168.1.105 dst=192.168.1.255 sport=137 dport=137
[UNREPLIED] src=192.168.1.255 dst=192.168.1.105 sport=137 dport=137 use=1
tcp 6 119 SYN_SENT src=192.168.1.105 dst=216.239.59.103 sport=4151 dport=80
[UNREPLIED] src=216.239.59.103 dst=192.168.1.105 sport=80 dport=4151 use=1
tcp 6 4 CLOSE src=62.59.114.79 dst=212.3.243.138 sport=32825 dport=80
src=212.3.243.138 dst=62.59.114.79 sport=80 dport=32825 [ASSURED] use=1
tcp 6 114 TIME_WAIT src=62.59.114.79 dst=62.69.168.12 sport=32813 dport=80
src=62.69.168.12 dst=62.59.114.79 sport=80 dport=32813 [ASSURED] use=1
tcp 6 5 CLOSE src=62.59.114.79 dst=212.3.243.138 sport=32826 dport=80
src=212.3.243.138 dst=62.59.114.79 sport=80 dport=32826 [ASSURED] use=1
udp 17 110 src=62.59.114.79 dst=62.58.50.5 sport=32819 dport=53
src=62.58.50.5 dst=62.59.114.79 sport=53 dport=32819 [ASSURED] use=1
tcp 6 52 TIME_WAIT src=62.59.114.79 dst=80.79.33.133 sport=32816 dport=80
src=80.79.33.133 dst=62.59.114.79 sport=80 dport=32816 [ASSURED] use=1
tcp 6 43 SYN_SENT src=192.168.1.105 dst=216.239.59.99 sport=4149 dport=80
[UNREPLIED] src=216.239.59.99 dst=192.168.1.105 sport=80 dport=4149 use=1
tcp 6 53 TIME_WAIT src=62.59.114.79 dst=62.69.168.12 sport=32820 dport=80
src=62.69.168.12 dst=62.59.114.79 sport=80 dport=32820 [ASSURED] use=1
tcp 6 5 CLOSE src=62.59.114.79 dst=212.3.243.138 sport=32828 dport=80
src=212.3.243.138 dst=62.59.114.79 sport=80 dport=32828 [ASSURED] use=1
tcp 6 53 TIME_WAIT src=62.59.114.79 dst=212.3.243.138 sport=32819 dport=80
src=212.3.243.138 dst=62.59.114.79 sport=80 dport=32819 [ASSURED] use=1
tcp 6 431985 ESTABLISHED src=10.0.0.150 dst=10.0.0.138 sport=32812
dport=1723 src=10.0.0.138 dst=10.0.0.150 sport=1723 dport=32812 [ASSURED]
use=1
tcp 6 54 TIME_WAIT src=62.59.114.79 dst=62.26.220.5 sport=32829 dport=80
src=62.26.220.5 dst=62.59.114.79 sport=80 dport=32829 [ASSURED] use=1
tcp 6 53 TIME_WAIT src=62.59.114.79 dst=62.26.220.5 sport=32827 dport=80
src=62.26.220.5 dst=62.59.114.79 sport=80 dport=32827 [ASSURED] use=1
tcp 6 113 TIME_WAIT src=62.59.114.79 dst=62.69.168.12 sport=32823 dport=80
src=62.69.168.12 dst=62.59.114.79 sport=80 dport=32823 [ASSURED] use=1
tcp 6 431999 ESTABLISHED src=192.168.1.1 dst=192.168.1.1 sport=32833
dport=10000 src=192.168.1.1 dst=192.168.1.1 sport=10000 dport=32833
[ASSURED] use=1
udp 17 110 src=62.59.114.79 dst=62.58.50.5 sport=32818 dport=53
src=62.58.50.5 dst=62.59.114.79 sport=53 dport=32818 [ASSURED] use=1
udp 17 111 src=62.59.114.79 dst=62.58.50.5 sport=32822 dport=53
src=62.58.50.5 dst=62.59.114.79 sport=53 dport=32822 [ASSURED] use=1
udp 17 114 src=62.59.114.79 dst=62.58.50.5 sport=32855 dport=53
src=62.58.50.5 dst=62.59.114.79 sport=53 dport=32855 [ASSURED] use=1
udp 17 112 src=62.59.114.79 dst=62.58.50.5 sport=32823 dport=53
src=62.58.50.5 dst=62.59.114.79 sport=53 dport=32823 [ASSURED] use=1
udp 17 108 src=127.0.0.1 dst=127.0.0.1 sport=32769 dport=32769 src=127.0.0.1
dst=127.0.0.1 sport=32769 dport=32769 [ASSURED] use=1
tcp 6 113 TIME_WAIT src=62.59.114.79 dst=62.69.168.12 sport=32822 dport=80
src=62.69.168.12 dst=62.59.114.79 sport=80 dport=32822 [ASSURED] use=1
tcp 6 54 TIME_WAIT src=62.59.114.79 dst=195.154.195.154 sport=32830 dport=80
src=195.154.195.154 dst=62.59.114.79 sport=80 dport=32830 [ASSURED] use=1
udp 17 113 src=62.59.114.79 dst=62.58.50.5 sport=32848 dport=53
src=62.58.50.5 dst=62.59.114.79 sport=53 dport=32848 [ASSURED] use=1
unknown 47 599 src=10.0.0.150 dst=10.0.0.138 src=10.0.0.138 dst=10.0.0.150
use=1
tcp 6 52 TIME_WAIT src=62.59.114.79 dst=212.3.243.138 sport=32814 dport=80
src=212.3.243.138 dst=62.59.114.79 sport=80 dport=32814 [ASSURED] use=1
udp 17 178 src=62.59.114.79 dst=62.58.50.5 sport=32856 dport=53
src=62.58.50.5 dst=62.59.114.79 sport=53 dport=32856 [ASSURED] use=1
udp 17 111 src=62.59.114.79 dst=62.58.50.5 sport=32820 dport=53
src=62.58.50.5 dst=62.59.114.79 sport=53 dport=32820 [ASSURED] use=1
udp 17 112 src=62.59.114.79 dst=62.58.50.5 sport=32840 dport=53
src=62.58.50.5 dst=62.59.114.79 sport=53 dport=32840 [ASSURED] use=1
tcp 6 114 TIME_WAIT src=62.59.114.79 dst=62.69.168.12 sport=32817 dport=80
src=62.69.168.12 dst=62.59.114.79 sport=80 dport=32817 [ASSURED] use=1
tcp 6 5 SYN_SENT src=192.168.1.105 dst=216.239.59.104 sport=4148 dport=80
[UNREPLIED] src=216.239.59.104 dst=192.168.1.105 sport=80 dport=4148 use=1
tcp 6 53 TIME_WAIT src=62.59.114.79 dst=62.69.168.12 sport=32821 dport=80
src=62.69.168.12 dst=62.59.114.79 sport=80 dport=32821 [ASSURED] use=1
tcp 6 53 TIME_WAIT src=62.59.114.79 dst=62.69.168.12 sport=32815 dport=80
src=62.69.168.12 dst=62.59.114.79 sport=80 dport=32815 [ASSURED] use=1
tcp 6 114 TIME_WAIT src=62.59.114.79 dst=62.69.168.12 sport=32824 dport=80
src=62.69.168.12 dst=62.59.114.79 sport=80 dport=32824 [ASSURED] use=1
tcp 6 54 TIME_WAIT src=62.59.114.79 dst=62.26.220.5 sport=32832 dport=80
src=62.26.220.5 dst=62.59.114.79 sport=80 dport=32832 [ASSURED] use=1
udp 17 113 src=62.59.114.79 dst=62.58.50.5 sport=32847 dport=53
src=62.58.50.5 dst=62.59.114.79 sport=53 dport=32847 [ASSURED] use=1
tcp 6 52 TIME_WAIT src=62.59.114.79 dst=212.3.243.138 sport=32818 dport=80
src=212.3.243.138 dst=62.59.114.79 sport=80 dport=32818 [ASSURED] use=1
udp 17 112 src=62.59.114.79 dst=62.58.50.5 sport=32841 dport=53
src=62.58.50.5 dst=62.59.114.79 sport=53 dport=32841 [ASSURED] use=1
IP Configuration
1: lo: mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:00:1c:d1:2b:a7 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.1/24 brd 192.168.1.255 scope global eth0
inet6 fe80::200:1cff:fed1:2ba7/64 scope link
valid_lft forever preferred_lft forever
3: eth1: mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:50:bf:12:92:b2 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.150/24 brd 255.255.255.0 scope global eth1
inet6 fe80::250:bfff:fe12:92b2/64 scope link
valid_lft forever preferred_lft forever
4: sit0: mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0
6: ppp0: mtu 1500 qdisc pfifo_fast qlen 3
link/ppp
inet 62.59.114.79 peer 62.58.222.90/32 scope global ppp0
IP Stats
1: lo: mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
RX: bytes packets errors dropped overrun mcast
270687 2401 0 0 0 0
TX: bytes packets errors dropped carrier collsns
270687 2401 0 0 0 0
2: eth0: mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:00:1c:d1:2b:a7 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
11851 144 0 0 0 0
TX: bytes packets errors dropped carrier collsns
17289 144 0 0 0 0
3: eth1: mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:50:bf:12:92:b2 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
397878 1274 0 0 0 0
TX: bytes packets errors dropped carrier collsns
178275 1747 0 0 0 8
4: sit0: mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
0 0 0 0 0 0
6: ppp0: mtu 1500 qdisc pfifo_fast qlen 3
link/ppp
RX: bytes packets errors dropped overrun mcast
240393 400 0 0 0 0
TX: bytes packets errors dropped carrier collsns
42348 380 0 0 0 0
/proc
/proc/sys/net/ipv4/ip_forward = 1
/proc/sys/net/ipv4/icmp_echo_ignore_all = 0
/proc/sys/net/ipv4/conf/all/proxy_arp = 0
/proc/sys/net/ipv4/conf/all/arp_filter = 0
/proc/sys/net/ipv4/conf/all/rp_filter = 1
/proc/sys/net/ipv4/conf/all/log_martians = 0
/proc/sys/net/ipv4/conf/default/proxy_arp = 0
/proc/sys/net/ipv4/conf/default/arp_filter = 0
/proc/sys/net/ipv4/conf/default/rp_filter = 1
/proc/sys/net/ipv4/conf/default/log_martians = 0
/proc/sys/net/ipv4/conf/eth0/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth0/arp_filter = 0
/proc/sys/net/ipv4/conf/eth0/rp_filter = 0
/proc/sys/net/ipv4/conf/eth0/log_martians = 0
/proc/sys/net/ipv4/conf/eth1/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth1/arp_filter = 0
/proc/sys/net/ipv4/conf/eth1/rp_filter = 0
/proc/sys/net/ipv4/conf/eth1/log_martians = 0
/proc/sys/net/ipv4/conf/lo/proxy_arp = 0
/proc/sys/net/ipv4/conf/lo/arp_filter = 0
/proc/sys/net/ipv4/conf/lo/rp_filter = 0
/proc/sys/net/ipv4/conf/lo/log_martians = 0
/proc/sys/net/ipv4/conf/ppp0/proxy_arp = 0
/proc/sys/net/ipv4/conf/ppp0/arp_filter = 0
/proc/sys/net/ipv4/conf/ppp0/rp_filter = 1
/proc/sys/net/ipv4/conf/ppp0/log_martians = 0
Routing Rules
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
Table local:
local 192.168.1.1 dev eth0 proto kernel scope host src 192.168.1.1
broadcast 192.168.1.0 dev eth0 proto kernel scope link src 192.168.1.1
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
broadcast 10.0.0.0 dev eth1 proto kernel scope link src 10.0.0.150
local 10.0.0.150 dev eth1 proto kernel scope host src 10.0.0.150
broadcast 192.168.1.255 dev eth0 proto kernel scope link src 192.168.1.1
broadcast 255.255.255.0 dev eth1 proto kernel scope link src 10.0.0.150
local 62.59.114.79 dev ppp0 proto kernel scope host src 62.59.114.79
broadcast 10.0.0.255 dev eth1 proto kernel scope link src 10.0.0.150
broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1
Table main:
62.58.222.90 dev ppp0 proto kernel scope link src 62.59.114.79
10.0.0.0/24 dev eth1 proto kernel scope link src 10.0.0.150
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.1
default via 62.58.222.90 dev ppp0
Table default:
ARP
? (192.168.1.105) at 00:0C:6E:D7:65:D1 [ether] on eth0
? (10.0.0.138) at 00:90:D0:39:56:A7 [ether] on eth1
Modules
ipt_MASQUERADE 3968 1
ipt_REJECT 6528 4
ipt_LOG 6272 10
ipt_TCPMSS 4480 1
ipt_state 2304 16
ipt_pkttype 2048 4
ipt_recent 10252 0
ipt_iprange 2048 0
ipt_physdev 2320 0
ipt_multiport 2304 2
ipt_conntrack 2816 0
ip_nat_irc 4464 0
ip_nat_tftp 3696 0
ip_nat_ftp 4976 0
ip_conntrack_irc 71600 1 ip_nat_irc
ip_conntrack_tftp 3888 0
ip_conntrack_ftp 72240 1 ip_nat_ftp
ip_conntrack 32520 10
ipt_MASQUERADE,ipt_state,ipt_conntrack,ip_nat_irc,ip_nat_tftp,ip_nat_ftp,ipt
able_nat,ip_conntrack_irc,ip_conntrack_tftp,ip_conntrack_ftp
ip_tables 16896 14
ipt_MASQUERADE,ipt_REJECT,ipt_LOG,ipt_TCPMSS,ipt_state,ipt_pkttype,ipt_recen
t,ipt_iprange,ipt_physdev,ipt_multiport,ipt_conntrack,iptable_mangle,iptable
_nat,iptable_filter