thr3ads.net - Shorewall users - MultipleIP´s in one Zone [Dec 2004]

If this information is useful, please help other people find it:
Share via:
Lars Bunse
2004-Dec-30 21:15 UTC
MultipleIP´s in one Zone

Hi Tom

Here is the output of shorewall status 

Thanks

Lars

[H[2JShorewall-2.0.13 Status at  - Thu Dec 30 21:43:44 CET 2004

Counters reset Thu Dec 30 15:38:17 CET 2004

Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source
destination         
38383   11M ACCEPT     all  --  lo     *       0.0.0.0/0
0.0.0.0/0          
    0     0 DROP      !icmp --  *      *       0.0.0.0/0
0.0.0.0/0          state INVALID 
 103K   25M eth1_in    all  --  eth1   *       0.0.0.0/0
0.0.0.0/0          
 5449  631K eth0_in    all  --  eth0   *       0.0.0.0/0
0.0.0.0/0          
10372 1277K eth2_in    all  --  eth2   *       0.0.0.0/0
0.0.0.0/0          
    0     0 Reject     all  --  *      *       0.0.0.0/0
0.0.0.0/0          
    0     0 reject     all  --  *      *       0.0.0.0/0
0.0.0.0/0          

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source
destination         
    0     0 DROP      !icmp --  *      *       0.0.0.0/0
0.0.0.0/0          state INVALID 
   99  4761 eth1_fwd   all  --  eth1   *       0.0.0.0/0
0.0.0.0/0          
  736  155K eth0_fwd   all  --  eth0   *       0.0.0.0/0
0.0.0.0/0          
  579 68667 eth2_fwd   all  --  eth2   *       0.0.0.0/0
0.0.0.0/0          
    0     0 Reject     all  --  *      *       0.0.0.0/0
0.0.0.0/0          
    0     0 reject     all  --  *      *       0.0.0.0/0
0.0.0.0/0          

Chain OUTPUT (policy DROP 1 packets, 60 bytes)
 pkts bytes target     prot opt in     out     source
destination         
38383   11M ACCEPT     all  --  *      lo      0.0.0.0/0
0.0.0.0/0          
    0     0 DROP      !icmp --  *      *       0.0.0.0/0
0.0.0.0/0          state INVALID 
   36 11829 ACCEPT     udp  --  *      eth0    0.0.0.0/0
0.0.0.0/0          udp dpts:67:68 
 112K   16M fw2net     all  --  *      eth1    0.0.0.0/0
0.0.0.0/0          
 6019 4437K fw2loc     all  --  *      eth0    0.0.0.0/0
0.0.0.0/0          
12645 5282K fw2loc2    all  --  *      eth2    0.0.0.0/0
0.0.0.0/0          
    0     0 Reject     all  --  *      *       0.0.0.0/0
0.0.0.0/0          
    0     0 reject     all  --  *      *       0.0.0.0/0
0.0.0.0/0          

Chain Drop (1 references)
 pkts bytes target     prot opt in     out     source
destination         
  321 18582 RejectAuth  all  --  *      *       0.0.0.0/0
0.0.0.0/0          
  321 18582 dropBcast  all  --  *      *       0.0.0.0/0
0.0.0.0/0          
  321 18582 dropInvalid  all  --  *      *       0.0.0.0/0
0.0.0.0/0          
  134  8110 DropSMB    all  --  *      *       0.0.0.0/0
0.0.0.0/0          
  111  7008 DropUPnP   all  --  *      *       0.0.0.0/0
0.0.0.0/0          
  111  7008 dropNotSyn  all  --  *      *       0.0.0.0/0
0.0.0.0/0          
  102  6648 DropDNSrep  all  --  *      *       0.0.0.0/0
0.0.0.0/0          

Chain DropDNSrep (2 references)
 pkts bytes target     prot opt in     out     source
destination         
    0     0 DROP       udp  --  *      *       0.0.0.0/0
0.0.0.0/0          udp spt:53 

Chain DropSMB (1 references)
 pkts bytes target     prot opt in     out     source
destination         
    0     0 DROP       udp  --  *      *       0.0.0.0/0
0.0.0.0/0          udp dpt:135 
    1    78 DROP       udp  --  *      *       0.0.0.0/0
0.0.0.0/0          udp dpts:137:139 
    0     0 DROP       udp  --  *      *       0.0.0.0/0
0.0.0.0/0          udp dpt:445 
    4   192 DROP       tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          tcp dpt:135 
    2    96 DROP       tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          tcp dpt:139 
   16   736 DROP       tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          tcp dpt:445 

Chain DropUPnP (2 references)
 pkts bytes target     prot opt in     out     source
destination         
    0     0 DROP       udp  --  *      *       0.0.0.0/0
0.0.0.0/0          udp dpt:1900 

Chain Reject (4 references)
 pkts bytes target     prot opt in     out     source
destination         
   93  4464 RejectAuth  all  --  *      *       0.0.0.0/0
0.0.0.0/0          
   93  4464 dropBcast  all  --  *      *       0.0.0.0/0
0.0.0.0/0          
   93  4464 dropInvalid  all  --  *      *       0.0.0.0/0
0.0.0.0/0          
   93  4464 RejectSMB  all  --  *      *       0.0.0.0/0
0.0.0.0/0          
   93  4464 DropUPnP   all  --  *      *       0.0.0.0/0
0.0.0.0/0          
   93  4464 dropNotSyn  all  --  *      *       0.0.0.0/0
0.0.0.0/0          
   93  4464 DropDNSrep  all  --  *      *       0.0.0.0/0
0.0.0.0/0          

Chain RejectAuth (2 references)
 pkts bytes target     prot opt in     out     source
destination         
    0     0 reject     tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          tcp dpt:113 

Chain RejectSMB (1 references)
 pkts bytes target     prot opt in     out     source
destination         
    0     0 reject     udp  --  *      *       0.0.0.0/0
0.0.0.0/0          udp dpt:135 
    0     0 reject     udp  --  *      *       0.0.0.0/0
0.0.0.0/0          udp dpts:137:139 
    0     0 reject     udp  --  *      *       0.0.0.0/0
0.0.0.0/0          udp dpt:445 
    0     0 reject     tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          tcp dpt:135 
    0     0 reject     tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          tcp dpt:139 
    0     0 reject     tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          tcp dpt:445 

Chain all2all (2 references)
 pkts bytes target     prot opt in     out     source
destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0
0.0.0.0/0          state RELATED,ESTABLISHED 
   93  4464 Reject     all  --  *      *       0.0.0.0/0
0.0.0.0/0          
   93  4464 reject     all  --  *      *       0.0.0.0/0
0.0.0.0/0          

Chain dropBcast (2 references)
 pkts bytes target     prot opt in     out     source
destination         
    0     0 DROP       all  --  *      *       0.0.0.0/0
0.0.0.0/0          PKTTYPE = broadcast 
    0     0 DROP       all  --  *      *       0.0.0.0/0
0.0.0.0/0          PKTTYPE = multicast 

Chain dropInvalid (2 references)
 pkts bytes target     prot opt in     out     source
destination         
  187 10472 DROP       all  --  *      *       0.0.0.0/0
0.0.0.0/0          state INVALID 

Chain dropNotSyn (2 references)
 pkts bytes target     prot opt in     out     source
destination         
    9   360 DROP       tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          tcp flags:!0x16/0x02 

Chain dynamic (6 references)
 pkts bytes target     prot opt in     out     source
destination         

Chain eth0_fwd (1 references)
 pkts bytes target     prot opt in     out     source
destination         
  102  4896 dynamic    all  --  *      *       0.0.0.0/0
0.0.0.0/0          state INVALID,NEW 
  165  7803 loc2net    all  --  *      eth1    0.0.0.0/0
0.0.0.0/0          
    0     0 loc2loc    all  --  *      eth0    0.0.0.0/0
0.0.0.0/0          
  571  147K loc2loc2   all  --  *      eth2    0.0.0.0/0
0.0.0.0/0          

Chain eth0_in (1 references)
 pkts bytes target     prot opt in     out     source
destination         
 1382  150K dynamic    all  --  *      *       0.0.0.0/0
0.0.0.0/0          state INVALID,NEW 
   37 12139 ACCEPT     udp  --  *      *       0.0.0.0/0
0.0.0.0/0          udp dpts:67:68 
 5412  619K loc2fw     all  --  *      *       0.0.0.0/0
0.0.0.0/0          

Chain eth1_fwd (1 references)
 pkts bytes target     prot opt in     out     source
destination         
    0     0 dynamic    all  --  *      *       0.0.0.0/0
0.0.0.0/0          state INVALID,NEW 
   99  4761 net2all    all  --  *      eth0    0.0.0.0/0
0.0.0.0/0          
    0     0 net2all    all  --  *      eth2    0.0.0.0/0
0.0.0.0/0          

Chain eth1_in (1 references)
 pkts bytes target     prot opt in     out     source
destination         
  574 31090 dynamic    all  --  *      *       0.0.0.0/0
0.0.0.0/0          state INVALID,NEW 
 103K   25M net2fw     all  --  *      *       0.0.0.0/0
0.0.0.0/0          

Chain eth2_fwd (1 references)
 pkts bytes target     prot opt in     out     source
destination         
  133 13166 dynamic    all  --  *      *       0.0.0.0/0
0.0.0.0/0          state INVALID,NEW 
    0     0 all2all    all  --  *      eth1    0.0.0.0/0
0.0.0.0/0          
  579 68667 loc22loc   all  --  *      eth0    0.0.0.0/0
0.0.0.0/0          
    0     0 loc22loc2  all  --  *      eth2    0.0.0.0/0
0.0.0.0/0          

Chain eth2_in (1 references)
 pkts bytes target     prot opt in     out     source
destination         
 1381 98196 dynamic    all  --  *      *       0.0.0.0/0
0.0.0.0/0          state INVALID,NEW 
10372 1277K loc22fw    all  --  *      *       0.0.0.0/0
0.0.0.0/0          

Chain fw2loc (1 references)
 pkts bytes target     prot opt in     out     source
destination         
 5730 4405K ACCEPT     all  --  *      *       0.0.0.0/0
0.0.0.0/0          state RELATED,ESTABLISHED 
  289 31938 ACCEPT     all  --  *      *       0.0.0.0/0
0.0.0.0/0          

Chain fw2loc2 (1 references)
 pkts bytes target     prot opt in     out     source
destination         
11480 5024K ACCEPT     all  --  *      *       0.0.0.0/0
0.0.0.0/0          state RELATED,ESTABLISHED 
 1165  258K ACCEPT     all  --  *      *       0.0.0.0/0
0.0.0.0/0          

Chain fw2net (1 references)
 pkts bytes target     prot opt in     out     source
destination         
 104K   15M ACCEPT     all  --  *      *       0.0.0.0/0
0.0.0.0/0          state RELATED,ESTABLISHED 
 7246  437K ACCEPT     all  --  *      *       0.0.0.0/0
0.0.0.0/0          

Chain icmpdef (0 references)
 pkts bytes target     prot opt in     out     source
destination         

Chain loc22fw (1 references)
 pkts bytes target     prot opt in     out     source
destination         
 8991 1178K ACCEPT     all  --  *      *       0.0.0.0/0
0.0.0.0/0          state RELATED,ESTABLISHED 
 1381 98196 ACCEPT     all  --  *      *       0.0.0.0/0
0.0.0.0/0          

Chain loc22loc (1 references)
 pkts bytes target     prot opt in     out     source
destination         
  446 55501 ACCEPT     all  --  *      *       0.0.0.0/0
0.0.0.0/0          state RELATED,ESTABLISHED 
  133 13166 ACCEPT     all  --  *      *       0.0.0.0/0
0.0.0.0/0          

Chain loc22loc2 (1 references)
 pkts bytes target     prot opt in     out     source
destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0
0.0.0.0/0          state RELATED,ESTABLISHED 
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0
0.0.0.0/0          

Chain loc2fw (1 references)
 pkts bytes target     prot opt in     out     source
destination         
 4067  481K ACCEPT     all  --  *      *       0.0.0.0/0
0.0.0.0/0          state RELATED,ESTABLISHED 
 1345  138K ACCEPT     all  --  *      *       0.0.0.0/0
0.0.0.0/0          

Chain loc2loc (1 references)
 pkts bytes target     prot opt in     out     source
destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0
0.0.0.0/0          state RELATED,ESTABLISHED 
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0
0.0.0.0/0          

Chain loc2loc2 (1 references)
 pkts bytes target     prot opt in     out     source
destination         
  571  147K ACCEPT     all  --  *      *       0.0.0.0/0
0.0.0.0/0          state RELATED,ESTABLISHED 
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0
0.0.0.0/0          

Chain loc2net (1 references)
 pkts bytes target     prot opt in     out     source
destination         
   63  2907 ACCEPT     all  --  *      *       0.0.0.0/0
0.0.0.0/0          state RELATED,ESTABLISHED 
    9   432 ACCEPT     tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          multiport dports 22,110,143,443,6002 
   93  4464 all2all    all  --  *      *       0.0.0.0/0
0.0.0.0/0          

Chain net2all (3 references)
 pkts bytes target     prot opt in     out     source
destination         
   99  4761 ACCEPT     all  --  *      *       0.0.0.0/0
0.0.0.0/0          state RELATED,ESTABLISHED 
  321 18582 Drop       all  --  *      *       0.0.0.0/0
0.0.0.0/0          
  102  6648 LOG        all  --  *      *       0.0.0.0/0
0.0.0.0/0          LOG flags 0 level 6 prefix `Shorewall:net2all:DROP:''
  102  6648 DROP       all  --  *      *       0.0.0.0/0
0.0.0.0/0          

Chain net2fw (1 references)
 pkts bytes target     prot opt in     out     source
destination         
 103K   25M ACCEPT     all  --  *      *       0.0.0.0/0
0.0.0.0/0          state RELATED,ESTABLISHED 
  253 12508 ACCEPT     tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          multiport dports 22,110,143 
  321 18582 net2all    all  --  *      *       0.0.0.0/0
0.0.0.0/0          

Chain reject (11 references)
 pkts bytes target     prot opt in     out     source
destination         
    0     0 DROP       all  --  *      *       0.0.0.0/0
0.0.0.0/0          PKTTYPE = broadcast 
    0     0 DROP       all  --  *      *       0.0.0.0/0
0.0.0.0/0          PKTTYPE = multicast 
    0     0 DROP       all  --  *      *       xxx.xxx.xxx.15
0.0.0.0/0          
    0     0 DROP       all  --  *      *       192.168.9.255
0.0.0.0/0          
    0     0 DROP       all  --  *      *       172.16.1.3
0.0.0.0/0          
    0     0 DROP       all  --  *      *       255.255.255.255
0.0.0.0/0          
    0     0 DROP       all  --  *      *       224.0.0.0/4
0.0.0.0/0          
   93  4464 REJECT     tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          reject-with tcp-reset 
    0     0 REJECT     udp  --  *      *       0.0.0.0/0
0.0.0.0/0          reject-with icmp-port-unreachable 
    0     0 REJECT     icmp --  *      *       0.0.0.0/0
0.0.0.0/0          reject-with icmp-host-unreachable 
    0     0 REJECT     all  --  *      *       0.0.0.0/0
0.0.0.0/0          reject-with icmp-host-prohibited 

Chain shorewall (0 references)
 pkts bytes target     prot opt in     out     source
destination         

Chain smurfs (0 references)
 pkts bytes target     prot opt in     out     source
destination         
    0     0 LOG        all  --  *      *       xxx.xxx.xxx.15
0.0.0.0/0          LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'' 
    0     0 DROP       all  --  *      *       xxx.xxx.xxx.15
0.0.0.0/0          
    0     0 LOG        all  --  *      *       192.168.9.255
0.0.0.0/0          LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'' 
    0     0 DROP       all  --  *      *       192.168.9.255
0.0.0.0/0          
    0     0 LOG        all  --  *      *       172.16.1.3
0.0.0.0/0          LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'' 
    0     0 DROP       all  --  *      *       172.16.1.3
0.0.0.0/0          
    0     0 LOG        all  --  *      *       255.255.255.255
0.0.0.0/0          LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'' 
    0     0 DROP       all  --  *      *       255.255.255.255
0.0.0.0/0          
    0     0 LOG        all  --  *      *       224.0.0.0/4
0.0.0.0/0          LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'' 
    0     0 DROP       all  --  *      *       224.0.0.0/4
0.0.0.0/0          

Dec 30 20:07:25 net2all:DROP:IN=eth1 OUT= SRC=209.218.99.205
DST=xxx.xxx.xxx.10 LEN=48 TOS=0x10 PREC=0x00 TTL=102 ID=39093 DF PROTO=TCP
SPT=4362 DPT=21 WINDOW=64240 RES=0x00 SYN URGP=0 
Dec 30 20:07:28 net2all:DROP:IN=eth1 OUT= SRC=209.218.99.205
DST=xxx.xxx.xxx.10 LEN=48 TOS=0x10 PREC=0x00 TTL=102 ID=39668 DF PROTO=TCP
SPT=4362 DPT=21 WINDOW=64240 RES=0x00 SYN URGP=0 
Dec 30 20:14:31 net2all:DROP:IN=eth1 OUT= SRC=61.9.191.57 DST=xxx.xxx.xxx.10
LEN=84 TOS=0x00 PREC=0x00 TTL=231 ID=34079 PROTO=ICMP TYPE=8 CODE=0 ID=32790
SEQ=5127 
Dec 30 20:18:59 net2all:DROP:IN=eth1 OUT= SRC=195.179.68.195
DST=xxx.xxx.xxx.10 LEN=48 TOS=0x00 PREC=0x00 TTL=59 ID=34289 DF PROTO=TCP
SPT=47800 DPT=25 WINDOW=33580 RES=0x00 SYN URGP=0 
Dec 30 20:19:02 net2all:DROP:IN=eth1 OUT= SRC=195.179.68.195
DST=xxx.xxx.xxx.10 LEN=48 TOS=0x00 PREC=0x00 TTL=59 ID=34290 DF PROTO=TCP
SPT=47800 DPT=25 WINDOW=33580 RES=0x00 SYN URGP=0 
Dec 30 20:19:09 net2all:DROP:IN=eth1 OUT= SRC=195.179.68.195
DST=xxx.xxx.xxx.10 LEN=48 TOS=0x00 PREC=0x00 TTL=59 ID=34291 DF PROTO=TCP
SPT=47800 DPT=25 WINDOW=33580 RES=0x00 SYN URGP=0 
Dec 30 20:19:23 net2all:DROP:IN=eth1 OUT= SRC=195.179.68.195
DST=xxx.xxx.xxx.10 LEN=48 TOS=0x00 PREC=0x00 TTL=59 ID=34292 DF PROTO=TCP
SPT=47800 DPT=25 WINDOW=33580 RES=0x00 SYN URGP=0 
Dec 30 20:47:30 net2all:DROP:IN=eth1 OUT= SRC=61.9.191.57 DST=xxx.xxx.xxx.10
LEN=84 TOS=0x00 PREC=0x00 TTL=231 ID=1569 PROTO=ICMP TYPE=8 CODE=0 ID=32790
SEQ=5383 
Dec 30 21:08:17 net2all:DROP:IN=eth1 OUT= SRC=195.132.201.149
DST=xxx.xxx.xxx.10 LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=54556 DF PROTO=TCP
SPT=2288 DPT=1025 WINDOW=64240 RES=0x00 SYN URGP=0 
Dec 30 21:08:25 net2all:DROP:IN=eth1 OUT= SRC=195.132.201.149
DST=xxx.xxx.xxx.10 LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=55043 DF PROTO=TCP
SPT=2288 DPT=1025 WINDOW=64240 RES=0x00 SYN URGP=0 
Dec 30 21:16:12 net2all:DROP:IN=eth1 OUT= SRC=195.179.68.194
DST=xxx.xxx.xxx.10 LEN=48 TOS=0x00 PREC=0x00 TTL=59 ID=49315 DF PROTO=TCP
SPT=49086 DPT=25 WINDOW=33580 RES=0x00 SYN URGP=0 
Dec 30 21:16:15 net2all:DROP:IN=eth1 OUT= SRC=195.179.68.194
DST=xxx.xxx.xxx.10 LEN=48 TOS=0x00 PREC=0x00 TTL=59 ID=49316 DF PROTO=TCP
SPT=49086 DPT=25 WINDOW=33580 RES=0x00 SYN URGP=0 
Dec 30 21:16:22 net2all:DROP:IN=eth1 OUT= SRC=195.179.68.194
DST=xxx.xxx.xxx.10 LEN=48 TOS=0x00 PREC=0x00 TTL=59 ID=49317 DF PROTO=TCP
SPT=49086 DPT=25 WINDOW=33580 RES=0x00 SYN URGP=0 
Dec 30 21:16:35 net2all:DROP:IN=eth1 OUT= SRC=195.179.68.194
DST=xxx.xxx.xxx.10 LEN=48 TOS=0x00 PREC=0x00 TTL=59 ID=49318 DF PROTO=TCP
SPT=49086 DPT=25 WINDOW=33580 RES=0x00 SYN URGP=0 
Dec 30 21:19:59 net2all:DROP:IN=eth1 OUT= SRC=61.9.191.57 DST=xxx.xxx.xxx.10
LEN=84 TOS=0x00 PREC=0x00 TTL=231 ID=35106 PROTO=ICMP TYPE=8 CODE=0 ID=32790
SEQ=5639 
Dec 30 21:33:37 net2all:DROP:IN=eth1 OUT= SRC=195.179.68.194
DST=xxx.xxx.xxx.10 LEN=48 TOS=0x00 PREC=0x00 TTL=59 ID=46169 DF PROTO=TCP
SPT=52683 DPT=25 WINDOW=33580 RES=0x00 SYN URGP=0 
Dec 30 21:33:41 net2all:DROP:IN=eth1 OUT= SRC=195.179.68.194
DST=xxx.xxx.xxx.10 LEN=48 TOS=0x00 PREC=0x00 TTL=59 ID=46170 DF PROTO=TCP
SPT=52683 DPT=25 WINDOW=33580 RES=0x00 SYN URGP=0 
Dec 30 21:33:48 net2all:DROP:IN=eth1 OUT= SRC=195.179.68.194
DST=xxx.xxx.xxx.10 LEN=48 TOS=0x00 PREC=0x00 TTL=59 ID=46171 DF PROTO=TCP
SPT=52683 DPT=25 WINDOW=33580 RES=0x00 SYN URGP=0 
Dec 30 21:34:01 net2all:DROP:IN=eth1 OUT= SRC=195.179.68.194
DST=xxx.xxx.xxx.10 LEN=48 TOS=0x00 PREC=0x00 TTL=59 ID=46172 DF PROTO=TCP
SPT=52683 DPT=25 WINDOW=33580 RES=0x00 SYN URGP=0 
Dec 30 21:43:03 net2all:DROP:IN=eth1 OUT= SRC=194.185.98.225
DST=xxx.xxx.xxx.10 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=52760 DF PROTO=TCP
SPT=4043 DPT=1433 WINDOW=65535 RES=0x00 SYN URGP=0 

NAT Table

Chain PREROUTING (policy ACCEPT 2221K packets, 115M bytes)
 pkts bytes target     prot opt in     out     source
destination         

Chain POSTROUTING (policy ACCEPT 2530K packets, 117M bytes)
 pkts bytes target     prot opt in     out     source
destination         
 7200  433K eth1_masq  all  --  *      eth1    0.0.0.0/0
0.0.0.0/0          

Chain OUTPUT (policy ACCEPT 630K packets, 51M bytes)
 pkts bytes target     prot opt in     out     source
destination         

Chain eth1_masq (1 references)
 pkts bytes target     prot opt in     out     source
destination         
    9   432 MASQUERADE  all  --  *      *       192.168.9.0/24
0.0.0.0/0          

Mangle Table

Chain PREROUTING (policy ACCEPT 17M packets, 5854M bytes)
 pkts bytes target     prot opt in     out     source
destination         
 159K   39M pretos     all  --  *      *       0.0.0.0/0
0.0.0.0/0          

Chain INPUT (policy ACCEPT 15M packets, 5702M bytes)
 pkts bytes target     prot opt in     out     source
destination         

Chain FORWARD (policy ACCEPT 2312K packets, 151M bytes)
 pkts bytes target     prot opt in     out     source
destination         

Chain OUTPUT (policy ACCEPT 19M packets, 7943M bytes)
 pkts bytes target     prot opt in     out     source
destination         
 169K   37M outtos     all  --  *      *       0.0.0.0/0
0.0.0.0/0          

Chain POSTROUTING (policy ACCEPT 19M packets, 8001M bytes)
 pkts bytes target     prot opt in     out     source
destination         

Chain outtos (1 references)
 pkts bytes target     prot opt in     out     source
destination         
    0     0 TOS        tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          tcp dpt:22 TOS set 0x10 
 4382 1773K TOS        tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          tcp spt:22 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          tcp dpt:21 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          tcp spt:21 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          tcp spt:20 TOS set 0x08 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          tcp dpt:20 TOS set 0x08 

Chain pretos (1 references)
 pkts bytes target     prot opt in     out     source
destination         
 4354  377K TOS        tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          tcp dpt:22 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          tcp spt:22 TOS set 0x10 
    2    96 TOS        tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          tcp dpt:21 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          tcp spt:21 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          tcp spt:20 TOS set 0x08 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          tcp dpt:20 TOS set 0x08 

tcp      6 32 TIME_WAIT src=192.168.10.20 dst=192.168.9.18 sport=3302
dport=110 src=192.168.9.18 dst=192.168.10.20 sport=110 dport=3302 use=1 
tcp      6 113 TIME_WAIT src=xxx.xxx.xxx.10 dst=195.180.9.185 sport=12937
dport=110 src=195.180.9.185 dst=xxx.xxx.xxx.10 sport=110 dport=12937 use=1 
tcp      6 61 TIME_WAIT src=82.207.244.46 dst=xxx.xxx.xxx.10 sport=1387
dport=143 src=xxx.xxx.xxx.10 dst=82.207.244.46 sport=143 dport=1387 use=1 
tcp      6 369087 ESTABLISHED src=127.0.0.1 dst=127.0.0.1 sport=13643
dport=13642 src=127.0.0.1 dst=127.0.0.1 sport=13642 dport=13643 use=1 
tcp      6 167922 ESTABLISHED src=172.16.1.2 dst=192.168.15.20 sport=38517
dport=80 [UNREPLIED] src=192.168.15.20 dst=172.16.1.2 sport=80 dport=38517
use=1 
tcp      6 14 TIME_WAIT src=xxx.xxx.xxx.10 dst=195.180.9.185 sport=12907
dport=110 src=195.180.9.185 dst=xxx.xxx.xxx.10 sport=110 dport=12907 use=1 
tcp      6 369087 ESTABLISHED src=127.0.0.1 dst=127.0.0.1 sport=13651
dport=13650 src=127.0.0.1 dst=127.0.0.1 sport=13650 dport=13651 use=1 
tcp      6 44 TIME_WAIT src=xxx.xxx.xxx.10 dst=195.180.9.185 sport=12916
dport=110 src=195.180.9.185 dst=xxx.xxx.xxx.10 sport=110 dport=12916 use=1 
tcp      6 54 TIME_WAIT src=xxx.xxx.xxx.10 dst=195.180.9.185 sport=12919
dport=110 src=195.180.9.185 dst=xxx.xxx.xxx.10 sport=110 dport=12919 use=1 
udp      17 133 src=127.0.0.1 dst=127.0.0.1 sport=8429 dport=53
src=127.0.0.1 dst=127.0.0.1 sport=53 dport=8429 [ASSURED] use=1 
tcp      6 150148 ESTABLISHED src=192.168.9.246 dst=192.168.9.18 sport=1306
dport=143 src=192.168.9.18 dst=192.168.9.246 sport=143 dport=1306 use=1 
tcp      6 116 TIME_WAIT src=xxx.xxx.xxx.10 dst=195.180.9.185 sport=12938
dport=110 src=195.180.9.185 dst=xxx.xxx.xxx.10 sport=110 dport=12938 use=1 
tcp      6 80 TIME_WAIT src=xxx.xxx.xxx.10 dst=195.180.9.185 sport=12927
dport=110 src=195.180.9.185 dst=xxx.xxx.xxx.10 sport=110 dport=12927 use=1 
tcp      6 110 TIME_WAIT src=xxx.xxx.xxx.10 dst=195.180.9.185 sport=12936
dport=110 src=195.180.9.185 dst=xxx.xxx.xxx.10 sport=110 dport=12936 use=1 
tcp      6 77 TIME_WAIT src=xxx.xxx.xxx.10 dst=195.180.9.185 sport=12926
dport=110 src=195.180.9.185 dst=xxx.xxx.xxx.10 sport=110 dport=12926 use=1 
tcp      6 100 TIME_WAIT src=xxx.xxx.xxx.10 dst=195.180.9.185 sport=12933
dport=110 src=195.180.9.185 dst=xxx.xxx.xxx.10 sport=110 dport=12933 use=1 
tcp      6 431999 ESTABLISHED src=82.207.244.46 dst=xxx.xxx.xxx.10
sport=1257 dport=22 src=xxx.xxx.xxx.10 dst=82.207.244.46 sport=22 dport=1257
use=1 
tcp      6 83 TIME_WAIT src=xxx.xxx.xxx.10 dst=195.180.9.185 sport=12928
dport=110 src=195.180.9.185 dst=xxx.xxx.xxx.10 sport=110 dport=12928 use=1 
tcp      6 93 TIME_WAIT src=xxx.xxx.xxx.10 dst=195.180.9.185 sport=12931
dport=110 src=195.180.9.185 dst=xxx.xxx.xxx.10 sport=110 dport=12931 use=1 
tcp      6 431961 ESTABLISHED src=82.207.244.46 dst=xxx.xxx.xxx.10
sport=1305 dport=143 src=xxx.xxx.xxx.10 dst=82.207.244.46 sport=143
dport=1305 use=1 
udp      17 30 src=127.0.0.1 dst=127.0.0.1 sport=8428 dport=53 src=127.0.0.1
dst=127.0.0.1 sport=53 dport=8428 [ASSURED] use=1 
tcp      6 431962 ESTABLISHED src=82.207.244.46 dst=xxx.xxx.xxx.10
sport=1398 dport=143 src=xxx.xxx.xxx.10 dst=82.207.244.46 sport=143
dport=1398 use=1 
tcp      6 369087 ESTABLISHED src=127.0.0.1 dst=127.0.0.1 sport=13647
dport=13646 src=127.0.0.1 dst=127.0.0.1 sport=13646 dport=13647 use=1 
tcp      6 57 TIME_WAIT src=xxx.xxx.xxx.10 dst=195.180.9.185 sport=12920
dport=110 src=195.180.9.185 dst=xxx.xxx.xxx.10 sport=110 dport=12920 use=1 
tcp      6 17 TIME_WAIT src=xxx.xxx.xxx.10 dst=195.180.9.185 sport=12908
dport=110 src=195.180.9.185 dst=xxx.xxx.xxx.10 sport=110 dport=12908 use=1 
udp      17 176 src=127.0.0.1 dst=127.0.0.1 sport=8430 dport=53
src=127.0.0.1 dst=127.0.0.1 sport=53 dport=8430 [ASSURED] use=1 
udp      17 136 src=192.168.11.10 dst=192.168.9.100 sport=137 dport=137
src=192.168.9.100 dst=192.168.11.10 sport=137 dport=137 [ASSURED] use=1 
tcp      6 24 TIME_WAIT src=xxx.xxx.xxx.10 dst=195.180.9.185 sport=12910
dport=110 src=195.180.9.185 dst=xxx.xxx.xxx.10 sport=110 dport=12910 use=1 
tcp      6 4 TIME_WAIT src=xxx.xxx.xxx.10 dst=195.180.9.185 sport=12904
dport=110 src=195.180.9.185 dst=xxx.xxx.xxx.10 sport=110 dport=12904 use=1 
tcp      6 167520 ESTABLISHED src=172.16.1.2 dst=192.168.15.20 sport=43025
dport=80 [UNREPLIED] src=192.168.15.20 dst=172.16.1.2 sport=80 dport=43025
use=1 
tcp      6 97 TIME_WAIT src=xxx.xxx.xxx.10 dst=195.180.9.185 sport=12932
dport=110 src=195.180.9.185 dst=xxx.xxx.xxx.10 sport=110 dport=12932 use=1 
tcp      6 67 TIME_WAIT src=xxx.xxx.xxx.10 dst=195.180.9.185 sport=12923
dport=110 src=195.180.9.185 dst=xxx.xxx.xxx.10 sport=110 dport=12923 use=1 
tcp      6 87 TIME_WAIT src=xxx.xxx.xxx.10 dst=195.180.9.185 sport=12929
dport=110 src=195.180.9.185 dst=xxx.xxx.xxx.10 sport=110 dport=12929 use=1 
tcp      6 167527 ESTABLISHED src=172.16.1.2 dst=192.168.15.20 sport=43026
dport=80 [UNREPLIED] src=192.168.15.20 dst=172.16.1.2 sport=80 dport=43026
use=1 
tcp      6 50 TIME_WAIT src=xxx.xxx.xxx.10 dst=195.180.9.185 sport=12918
dport=110 src=195.180.9.185 dst=xxx.xxx.xxx.10 sport=110 dport=12918 use=1 
tcp      6 21 TIME_WAIT src=xxx.xxx.xxx.10 dst=195.180.9.185 sport=12909
dport=110 src=195.180.9.185 dst=xxx.xxx.xxx.10 sport=110 dport=12909 use=1 
tcp      6 90 TIME_WAIT src=xxx.xxx.xxx.10 dst=195.180.9.185 sport=12930
dport=110 src=195.180.9.185 dst=xxx.xxx.xxx.10 sport=110 dport=12930 use=1 
tcp      6 167886 ESTABLISHED src=172.16.1.2 dst=192.168.15.20 sport=44612
dport=80 [UNREPLIED] src=192.168.15.20 dst=172.16.1.2 sport=80 dport=44612
use=1 
udp      17 110 src=192.168.9.100 dst=192.168.9.18 sport=137 dport=137
src=192.168.9.18 dst=192.168.9.100 sport=137 dport=137 [ASSURED] use=1 
tcp      6 73 TIME_WAIT src=xxx.xxx.xxx.10 dst=195.180.9.185 sport=12925
dport=110 src=195.180.9.185 dst=xxx.xxx.xxx.10 sport=110 dport=12925 use=1 
tcp      6 11 TIME_WAIT src=xxx.xxx.xxx.10 dst=195.180.9.185 sport=12906
dport=110 src=195.180.9.185 dst=xxx.xxx.xxx.10 sport=110 dport=12906 use=1 
tcp      6 35 TIME_WAIT src=192.168.9.100 dst=192.168.9.18 sport=4614
dport=139 src=192.168.9.18 dst=192.168.9.100 sport=139 dport=4614 use=1 
tcp      6 107 TIME_WAIT src=xxx.xxx.xxx.10 dst=195.180.9.185 sport=12935
dport=110 src=195.180.9.185 dst=xxx.xxx.xxx.10 sport=110 dport=12935 use=1 
tcp      6 41 TIME_WAIT src=xxx.xxx.xxx.10 dst=195.180.9.185 sport=12915
dport=110 src=195.180.9.185 dst=xxx.xxx.xxx.10 sport=110 dport=12915 use=1 
tcp      6 78 TIME_WAIT src=192.168.11.10 dst=192.168.9.18 sport=1229
dport=139 src=192.168.9.18 dst=192.168.11.10 sport=139 dport=1229 use=1 
tcp      6 64 TIME_WAIT src=xxx.xxx.xxx.10 dst=195.180.9.185 sport=12922
dport=110 src=195.180.9.185 dst=xxx.xxx.xxx.10 sport=110 dport=12922 use=1 
tcp      6 369087 ESTABLISHED src=127.0.0.1 dst=127.0.0.1 sport=13649
dport=13648 src=127.0.0.1 dst=127.0.0.1 sport=13648 dport=13649 use=1 
tcp      6 27 TIME_WAIT src=xxx.xxx.xxx.10 dst=195.180.9.185 sport=12911
dport=110 src=195.180.9.185 dst=xxx.xxx.xxx.10 sport=110 dport=12911 use=1 
tcp      6 167880 ESTABLISHED src=172.16.1.2 dst=192.168.15.20 sport=44616
dport=80 [UNREPLIED] src=192.168.15.20 dst=172.16.1.2 sport=80 dport=44616
use=1 
tcp      6 136997 ESTABLISHED src=192.168.15.20 dst=192.168.9.100 sport=1257
dport=5631 src=192.168.9.100 dst=192.168.9.18 sport=5631 dport=1257 use=1 
tcp      6 167562 ESTABLISHED src=172.16.1.2 dst=192.168.15.20 sport=42637
dport=80 [UNREPLIED] src=192.168.15.20 dst=172.16.1.2 sport=80 dport=42637
use=1 
tcp      6 103 TIME_WAIT src=xxx.xxx.xxx.10 dst=195.180.9.185 sport=12934
dport=110 src=195.180.9.185 dst=xxx.xxx.xxx.10 sport=110 dport=12934 use=1 
tcp      6 60 TIME_WAIT src=xxx.xxx.xxx.10 dst=195.180.9.185 sport=12921
dport=110 src=195.180.9.185 dst=xxx.xxx.xxx.10 sport=110 dport=12921 use=1 
tcp      6 194202 ESTABLISHED src=172.16.1.2 dst=192.168.10.20 sport=51549
dport=80 [UNREPLIED] src=192.168.10.20 dst=172.16.1.2 sport=80 dport=51549
use=1 
tcp      6 427858 ESTABLISHED src=xxx.xxx.xxx.10 dst=80.226.252.192
sport=143 dport=3119 src=80.226.252.192 dst=xxx.xxx.xxx.10 sport=3119
dport=143 use=1 
tcp      6 431961 ESTABLISHED src=82.207.244.46 dst=xxx.xxx.xxx.10
sport=1399 dport=143 src=xxx.xxx.xxx.10 dst=82.207.244.46 sport=143
dport=1399 use=1 
tcp      6 37 TIME_WAIT src=xxx.xxx.xxx.10 dst=195.180.9.185 sport=12914
dport=110 src=195.180.9.185 dst=xxx.xxx.xxx.10 sport=110 dport=12914 use=1 
tcp      6 167916 ESTABLISHED src=172.16.1.2 dst=192.168.15.20 sport=38521
dport=80 [UNREPLIED] src=192.168.15.20 dst=172.16.1.2 sport=80 dport=38521
use=1 
tcp      6 34 TIME_WAIT src=xxx.xxx.xxx.10 dst=195.180.9.185 sport=12913
dport=110 src=195.180.9.185 dst=xxx.xxx.xxx.10 sport=110 dport=12913 use=1 
tcp      6 70 TIME_WAIT src=xxx.xxx.xxx.10 dst=195.180.9.185 sport=12924
dport=110 src=195.180.9.185 dst=xxx.xxx.xxx.10 sport=110 dport=12924 use=1 
tcp      6 47 TIME_WAIT src=xxx.xxx.xxx.10 dst=195.180.9.185 sport=12917
dport=110 src=195.180.9.185 dst=xxx.xxx.xxx.10 sport=110 dport=12917 use=1 
tcp      6 331374 ESTABLISHED src=80.226.242.168 dst=xxx.xxx.xxx.10
sport=1067 dport=143 src=xxx.xxx.xxx.10 dst=80.226.242.168 sport=143
dport=1067 use=1 
tcp      6 167568 ESTABLISHED src=172.16.1.2 dst=192.168.15.20 sport=42638
dport=80 [UNREPLIED] src=192.168.15.20 dst=172.16.1.2 sport=80 dport=42638
use=1 
tcp      6 348773 ESTABLISHED src=80.226.251.241 dst=xxx.xxx.xxx.10
sport=1091 dport=143 src=xxx.xxx.xxx.10 dst=80.226.251.241 sport=143
dport=1091 use=1 
tcp      6 431961 ESTABLISHED src=82.207.244.46 dst=xxx.xxx.xxx.10
sport=1351 dport=143 src=xxx.xxx.xxx.10 dst=82.207.244.46 sport=143
dport=1351 use=1 
tcp      6 369087 ESTABLISHED src=127.0.0.1 dst=127.0.0.1 sport=13645
dport=13644 src=127.0.0.1 dst=127.0.0.1 sport=13644 dport=13645 use=1 
tcp      6 194196 ESTABLISHED src=172.16.1.2 dst=192.168.10.20 sport=51548
dport=80 [UNREPLIED] src=192.168.10.20 dst=172.16.1.2 sport=80 dport=51548
use=1 

IP Configuration

1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
    inet6 ::1/128 scope host 
2: sit0@NONE: <NOARP> mtu 1480 qdisc noop 
    link/sit 0.0.0.0 brd 0.0.0.0
3: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
    link/ether 00:0a:e4:09:d7:67 brd ff:ff:ff:ff:ff:ff
    inet 192.168.9.18/24 brd 192.168.9.255 scope global eth0
    inet6 fe80::20a:e4ff:fe09:d767/64 scope link 
4: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
    link/ether XX:XX:XX:XX:XX:XX brd ff:ff:ff:ff:ff:ff
    inet xxx.xxx.xxx.10/29 brd xxx.xxx.xxx.15 scope global eth1
    inet6 XXXX::XXX:XXXX:XXXX:XXX/64 scope link 
5: eth2: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
    link/ether 00:00:cb:69:00:a8 brd ff:ff:ff:ff:ff:ff
    inet 172.16.1.2/30 brd 172.16.1.3 scope global eth2
    inet6 fe80::200:cbff:fe69:a8/64 scope link 

Bridges

bridge name	bridge id		STP enabled	interfaces

/proc

   /proc/sys/net/ipv4/ip_forward = 1
   /proc/sys/net/ipv4/conf/all/proxy_arp = 0
   /proc/sys/net/ipv4/conf/all/arp_filter = 0
   /proc/sys/net/ipv4/conf/all/rp_filter = 1
   /proc/sys/net/ipv4/conf/default/proxy_arp = 0
   /proc/sys/net/ipv4/conf/default/arp_filter = 0
   /proc/sys/net/ipv4/conf/default/rp_filter = 1
   /proc/sys/net/ipv4/conf/eth0/proxy_arp = 0
   /proc/sys/net/ipv4/conf/eth0/arp_filter = 0
   /proc/sys/net/ipv4/conf/eth0/rp_filter = 1
   /proc/sys/net/ipv4/conf/eth1/proxy_arp = 0
   /proc/sys/net/ipv4/conf/eth1/arp_filter = 0
   /proc/sys/net/ipv4/conf/eth1/rp_filter = 1
   /proc/sys/net/ipv4/conf/eth2/proxy_arp = 0
   /proc/sys/net/ipv4/conf/eth2/arp_filter = 0
   /proc/sys/net/ipv4/conf/eth2/rp_filter = 1
   /proc/sys/net/ipv4/conf/lo/proxy_arp = 0
   /proc/sys/net/ipv4/conf/lo/arp_filter = 0
   /proc/sys/net/ipv4/conf/lo/rp_filter = 1

Routing Rules

0:	from all lookup local 
32766:	from all lookup main 
32767:	from all lookup default 

Table local:

local 192.168.9.18 dev eth0  proto kernel  scope host  src 192.168.9.18 
broadcast 127.255.255.255 dev lo  proto kernel  scope link  src 127.0.0.1 
broadcast 192.168.9.0 dev eth0  proto kernel  scope link  src 192.168.9.18 
broadcast xxx.xxx.xxx.8 dev eth1  proto kernel  scope link  src
xxx.xxx.xxx.10 
local xxx.xxx.xxx.10 dev eth1  proto kernel  scope host  src xxx.xxx.xxx.10 
broadcast 192.168.9.255 dev eth0  proto kernel  scope link  src 192.168.9.18

broadcast 172.16.1.0 dev eth2  proto kernel  scope link  src 172.16.1.2 
broadcast 127.0.0.0 dev lo  proto kernel  scope link  src 127.0.0.1 
broadcast 172.16.1.3 dev eth2  proto kernel  scope link  src 172.16.1.2 
broadcast xxx.xxx.xxx.15 dev eth1  proto kernel  scope link  src
xxx.xxx.xxx.10 
local 127.0.0.1 dev lo  proto kernel  scope host  src 127.0.0.1 
local 172.16.1.2 dev eth2  proto kernel  scope host  src 172.16.1.2 
local 127.0.0.0/8 dev lo  proto kernel  scope host  src 127.0.0.1 

Table main:

172.16.1.0/30 dev eth2  proto kernel  scope link  src 172.16.1.2 
xxx.xxx.xxx.8/29 dev eth1  proto kernel  scope link  src xxx.xxx.xxx.10 
192.168.16.0/24 via 172.16.1.1 dev eth2 
192.168.99.0/24 via 172.16.1.1 dev eth2 
192.168.15.0/24 via 172.16.1.1 dev eth2 
192.168.14.0/24 via 172.16.1.1 dev eth2 
192.168.13.0/24 via 172.16.1.1 dev eth2 
192.168.12.0/24 via 172.16.1.1 dev eth2 
192.168.11.0/24 via 172.16.1.1 dev eth2 
192.168.10.0/24 via 172.16.1.1 dev eth2 
192.168.9.0/24 dev eth0  proto kernel  scope link  src 192.168.9.18 
default via xxx.xxx.xxx.9 dev eth1 

Table default:
 
 


Agentur
V&V Medien
Lars Bunse
Müggenburg 40a
42277 Wuppertal
Tel:0202/7995300
http://www.vvmedien.com <http://www.vvmedien.com/> 
PGP-Verschlüsselung : http://pgp.vvmedien.com <http://pgp.vvmedien.com/>
Apparently Analagous Threads

Search for more reasonably related threads
Shorewall users - Dec 2004 - MultipleIP´s in one Zone

MultipleIP´s in one Zone

Apparently Analagous Threads

Wisdom of the Ancients
