thr3ads.net - Shorewall users - [Shorewall-users] Rdate error message [Jul 2002]

If this information is useful, please help other people find it:
Share via:

Godfried Duodu

2002-Jul-30 13:26 UTC

[Shorewall-users] Rdate error message

This is a MIME message. If you are reading this text, you may want to 
consider changing to a mail reader or gateway that understands how to 
properly handle MIME multipart messages.

--=_99C5EF1E.FA9B87D7
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

Tom, I have attached the output of "shorewall status" to help diagnose
why I am getting "connection refused" error message. I have allowed
ntp access for the FW to the Net.




--=_99C5EF1E.FA9B87D7
Content-Type: text/plain
Content-Disposition: attachment; filename="SHORWALL.TXT"

[H[JShorewall-1.3.5a Status at router - Tue Jul 30 05:28:17 CDT 2002

Counters reset Tue Jul 30 05:23:54 CDT 2002

Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    7   433 ACCEPT     ah   --  lo     *       0.0.0.0/0            0.0.0.0/0
   12  3570 eth0_in    ah   --  eth0   *       0.0.0.0/0            0.0.0.0/0
    0     0 eth1_in    ah   --  eth1   *       0.0.0.0/0            0.0.0.0/0
    4   471 eth2_in    ah   --  eth2   *       0.0.0.0/0            0.0.0.0/0
    0     0 common     ah   --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 LOG        ah   --  *      *       0.0.0.0/0            0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:INPUT:REJECT:''
    0     0 reject     ah   --  *      *       0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
  100 81326 eth0_fwd   ah   --  eth0   *       0.0.0.0/0            0.0.0.0/0
    0     0 eth1_fwd   ah   --  eth1   *       0.0.0.0/0            0.0.0.0/0
   89 11291 eth2_fwd   ah   --  eth2   *       0.0.0.0/0            0.0.0.0/0
    0     0 common     ah   --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 LOG        ah   --  *      *       0.0.0.0/0            0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:FORWARD:REJECT:''
    0     0 reject     ah   --  *      *       0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    7   433 ACCEPT     ah   --  *      lo      0.0.0.0/0            0.0.0.0/0
    9  1062 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW,RELATED,ESTABLISHED
    0     0 ACCEPT     udp  --  *      eth0    0.0.0.0/0            0.0.0.0/0   
udp dpts:67:68
    9   569 fw2net     ah   --  *      eth0    0.0.0.0/0            0.0.0.0/0
    0     0 all2all    ah   --  *      eth1    0.0.0.0/0           
192.168.0.64/26
    0     0 all2all    ah   --  *      eth1    0.0.0.0/0            0.0.0.0/0
    0     0 fw2dmz     ah   --  *      eth2    0.0.0.0/0           
192.168.0.128/26
    0     0 fw2dmz     ah   --  *      eth2    0.0.0.0/0            0.0.0.0/0
    0     0 common     ah   --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 LOG        ah   --  *      *       0.0.0.0/0            0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:OUTPUT:REJECT:''
    0     0 reject     ah   --  *      *       0.0.0.0/0            0.0.0.0/0

Chain all2all (9 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     ah   --  *      *       0.0.0.0/0            0.0.0.0/0   
state RELATED,ESTABLISHED
    6   591 common     ah   --  *      *       0.0.0.0/0            0.0.0.0/0
    2   120 LOG        ah   --  *      *       0.0.0.0/0            0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:all2all:REJECT:''
    2   120 reject     ah   --  *      *       0.0.0.0/0            0.0.0.0/0

Chain blacklst (2 references)
 pkts bytes target     prot opt in     out     source               destination

Chain common (5 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 icmpdef    icmp --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
state INVALID
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp flags:0x10/0x10
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp flags:0x04/0x04
    4   471 REJECT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0   
udp dpts:137:139 reject-with icmp-port-unreachable
    0     0 REJECT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0   
udp dpt:445 reject-with icmp-port-unreachable
    0     0 reject     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp dpt:135
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0   
udp dpt:1900
    0     0 DROP       ah   --  *      *       0.0.0.0/0           
255.255.255.255
    0     0 DROP       ah   --  *      *       0.0.0.0/0            224.0.0.0/4
    0     0 reject     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp dpt:113
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0   
udp spt:53 state NEW
    0     0 DROP       ah   --  *      *       0.0.0.0/0           
255.255.255.255
    0     0 DROP       ah   --  *      *       0.0.0.0/0           
192.168.0.127
    0     0 DROP       ah   --  *      *       0.0.0.0/0           
192.168.0.191

Chain dmz2dmz (0 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     ah   --  *      *       0.0.0.0/0            0.0.0.0/0   
state RELATED,ESTABLISHED
    0     0 all2all    ah   --  *      *       0.0.0.0/0            0.0.0.0/0

Chain dmz2loc (4 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     ah   --  *      *       0.0.0.0/0            0.0.0.0/0   
state RELATED,ESTABLISHED
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW tcp dpt:25
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW tcp dpt:113
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW tcp dpt:110
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0   
icmp type 8
    9   810 ACCEPT     ah   --  *      *       0.0.0.0/0            0.0.0.0/0

Chain dmz2net (2 references)
 pkts bytes target     prot opt in     out     source               destination
   75 10214 ACCEPT     ah   --  *      *       0.0.0.0/0            0.0.0.0/0   
state RELATED,ESTABLISHED
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW tcp dpt:53
    1    75 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW udp dpt:53
    0     0 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW tcp dpt:6667 LOG flags 0 level 6 prefix
`Shorewall:dmz2net:REJECT:''
    0     0 reject     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW tcp dpt:6667
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW udp dpt:53
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW tcp dpt:53
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW tcp dpt:25
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW tcp dpt:113
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW tcp dpt:80
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW tcp dpt:7
    4   192 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW tcp dpt:443
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW tcp dpt:43
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW tcp dpt:110
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW udp dpt:123
    0     0 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW tcp spt:20 dpts:1024:65535 LOG flags 0 level 6 prefix
`Shorewall:dmz2net:ACCEPT:''
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW tcp spt:20 dpts:1024:65535
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0   
icmp type 8
    0     0 ACCEPT     ah   --  *      *       0.0.0.0/0            0.0.0.0/0

Chain dynamic (6 references)
 pkts bytes target     prot opt in     out     source               destination

Chain eth0_fwd (1 references)
 pkts bytes target     prot opt in     out     source               destination
  100 81326 dynamic    ah   --  *      *       0.0.0.0/0            0.0.0.0/0
  100 81326 rfc1918    ah   --  *      *       0.0.0.0/0            0.0.0.0/0
  100 81326 blacklst   ah   --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 net2loc    ah   --  *      eth1    0.0.0.0/0           
192.168.0.64/26
    0     0 net2loc    ah   --  *      eth1    0.0.0.0/0            0.0.0.0/0
  100 81326 net2dmz    ah   --  *      eth2    0.0.0.0/0           
192.168.0.128/26
    0     0 net2dmz    ah   --  *      eth2    0.0.0.0/0            0.0.0.0/0

Chain eth0_in (1 references)
 pkts bytes target     prot opt in     out     source               destination
   12  3570 dynamic    ah   --  *      *       0.0.0.0/0            0.0.0.0/0
   12  3570 rfc1918    ah   --  *      *       0.0.0.0/0            0.0.0.0/0
    7  1880 blacklst   ah   --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0   
udp dpts:67:68
    0     0 DROP       icmp --  *      *       0.0.0.0/0            0.0.0.0/0   
icmp type 8
    7  1880 net2fw     ah   --  *      *       0.0.0.0/0            0.0.0.0/0

Chain eth1_fwd (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 dynamic    ah   --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 loc2net    ah   --  *      eth0    192.168.0.64/26      0.0.0.0/0
    0     0 loc2net    ah   --  *      eth0    0.0.0.0/0            0.0.0.0/0
    0     0 loc2dmz    ah   --  *      eth2    192.168.0.64/26     
192.168.0.128/26
    0     0 loc2dmz    ah   --  *      eth2    192.168.0.64/26      0.0.0.0/0
    0     0 loc2dmz    ah   --  *      eth2    0.0.0.0/0           
192.168.0.128/26
    0     0 loc2dmz    ah   --  *      eth2    0.0.0.0/0            0.0.0.0/0

Chain eth1_in (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 dynamic    ah   --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0   
icmp type 8
    0     0 loc2fw     ah   --  *      *       192.168.0.64/26      0.0.0.0/0
    0     0 loc2fw     ah   --  *      *       0.0.0.0/0            0.0.0.0/0

Chain eth2_fwd (1 references)
 pkts bytes target     prot opt in     out     source               destination
   89 11291 dynamic    ah   --  *      *       0.0.0.0/0            0.0.0.0/0
   80 10481 dmz2net    ah   --  *      eth0    192.168.0.128/26     0.0.0.0/0
    0     0 dmz2net    ah   --  *      eth0    0.0.0.0/0            0.0.0.0/0
    9   810 dmz2loc    ah   --  *      eth1    192.168.0.128/26    
192.168.0.64/26
    0     0 dmz2loc    ah   --  *      eth1    192.168.0.128/26     0.0.0.0/0
    0     0 dmz2loc    ah   --  *      eth1    0.0.0.0/0           
192.168.0.64/26
    0     0 dmz2loc    ah   --  *      eth1    0.0.0.0/0            0.0.0.0/0

Chain eth2_in (1 references)
 pkts bytes target     prot opt in     out     source               destination
    4   471 dynamic    ah   --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0   
icmp type 8
    4   471 all2all    ah   --  *      *       192.168.0.128/26     0.0.0.0/0
    0     0 all2all    ah   --  *      *       0.0.0.0/0            0.0.0.0/0

Chain fw2dmz (2 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     ah   --  *      *       0.0.0.0/0            0.0.0.0/0   
state RELATED,ESTABLISHED
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW udp dpt:53
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW tcp dpt:53
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW tcp dpt:22
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW tcp dpt:21
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW tcp dpt:25
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW tcp dpt:80
    0     0 all2all    ah   --  *      *       0.0.0.0/0            0.0.0.0/0

Chain fw2net (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     ah   --  *      *       0.0.0.0/0            0.0.0.0/0   
state RELATED,ESTABLISHED
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW tcp dpt:53
    7   449 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW udp dpt:53
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW udp dpt:123
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW udp dpt:53
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW tcp dpt:53
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW tcp dpt:80
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW tcp dpt:443
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW tcp dpt:43
    2   120 all2all    ah   --  *      *       0.0.0.0/0            0.0.0.0/0

Chain icmpdef (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0   
icmp type 0
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0   
icmp type 4
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0   
icmp type 3
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0   
icmp type 11
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0   
icmp type 12

Chain loc2dmz (4 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     ah   --  *      *       0.0.0.0/0            0.0.0.0/0   
state RELATED,ESTABLISHED
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW tcp dpt:22
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW udp dpt:53
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW tcp dpt:53
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW tcp dpt:25
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW tcp dpt:22
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW tcp dpt:113
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW tcp dpt:37
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW tcp dpt:143
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW tcp dpt:443
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW tcp dpt:80
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW tcp dpt:21
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW tcp dpt:110
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW tcp dpt:2401
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0   
icmp type 8
    0     0 ACCEPT     ah   --  *      *       0.0.0.0/0            0.0.0.0/0

Chain loc2fw (2 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     ah   --  *      *       0.0.0.0/0            0.0.0.0/0   
state RELATED,ESTABLISHED
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW tcp dpt:22
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW tcp dpt:37
    0     0 all2all    ah   --  *      *       0.0.0.0/0            0.0.0.0/0

Chain loc2loc (0 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     ah   --  *      *       0.0.0.0/0            0.0.0.0/0   
state RELATED,ESTABLISHED
    0     0 all2all    ah   --  *      *       0.0.0.0/0            0.0.0.0/0

Chain loc2net (2 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     ah   --  *      *       0.0.0.0/0            0.0.0.0/0   
state RELATED,ESTABLISHED
    0     0 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW tcp dpt:6667 LOG flags 0 level 6 prefix
`Shorewall:loc2net:REJECT:''
    0     0 reject     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW tcp dpt:6667
    0     0 ACCEPT     ah   --  *      *       0.0.0.0/0            0.0.0.0/0

Chain logdrop (27 references)
 pkts bytes target     prot opt in     out     source               destination
    5  1690 LOG        ah   --  *      *       0.0.0.0/0            0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:rfc1918:DROP:''
    5  1690 DROP       ah   --  *      *       0.0.0.0/0            0.0.0.0/0

Chain net2all (3 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     ah   --  *      *       0.0.0.0/0            0.0.0.0/0   
state RELATED,ESTABLISHED
    0     0 common     ah   --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 LOG        ah   --  *      *       0.0.0.0/0            0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:net2all:DROP:''
    0     0 DROP       ah   --  *      *       0.0.0.0/0            0.0.0.0/0

Chain net2dmz (2 references)
 pkts bytes target     prot opt in     out     source               destination
  100 81326 ACCEPT     ah   --  *      *       0.0.0.0/0            0.0.0.0/0   
state RELATED,ESTABLISHED
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0   
icmp type 8
    0     0 net2all    ah   --  *      *       0.0.0.0/0            0.0.0.0/0

Chain net2fw (1 references)
 pkts bytes target     prot opt in     out     source               destination
    7  1880 ACCEPT     ah   --  *      *       0.0.0.0/0            0.0.0.0/0   
state RELATED,ESTABLISHED
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW tcp dpt:1723
    0     0 ACCEPT     47   --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW
    0     0 reject     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW tcp dpt:80
    0     0 net2all    ah   --  *      *       0.0.0.0/0            0.0.0.0/0

Chain net2loc (2 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     ah   --  *      *       0.0.0.0/0            0.0.0.0/0   
state RELATED,ESTABLISHED
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0   
icmp type 8
    0     0 net2all    ah   --  *      *       0.0.0.0/0            0.0.0.0/0

Chain reject (9 references)
 pkts bytes target     prot opt in     out     source               destination
    2   120 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
reject-with tcp-reset
    0     0 REJECT     ah   --  *      *       0.0.0.0/0            0.0.0.0/0   
reject-with icmp-port-unreachable

Chain rfc1918 (2 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 RETURN     ah   --  *      *       255.255.255.255      0.0.0.0/0
    0     0 DROP       ah   --  *      *       169.254.0.0/16       0.0.0.0/0
    0     0 logdrop    ah   --  *      *       172.16.0.0/12        0.0.0.0/0
    0     0 logdrop    ah   --  *      *       192.0.2.0/24         0.0.0.0/0
    0     0 logdrop    ah   --  *      *       192.168.0.0/16       0.0.0.0/0
    0     0 logdrop    ah   --  *      *       0.0.0.0/7            0.0.0.0/0
    0     0 logdrop    ah   --  *      *       2.0.0.0/8            0.0.0.0/0
    0     0 logdrop    ah   --  *      *       5.0.0.0/8            0.0.0.0/0
    0     0 logdrop    ah   --  *      *       7.0.0.0/8            0.0.0.0/0
    5  1690 logdrop    ah   --  *      *       10.0.0.0/8           0.0.0.0/0
    0     0 logdrop    ah   --  *      *       23.0.0.0/8           0.0.0.0/0
    0     0 logdrop    ah   --  *      *       27.0.0.0/8           0.0.0.0/0
    0     0 logdrop    ah   --  *      *       31.0.0.0/8           0.0.0.0/0
    0     0 logdrop    ah   --  *      *       36.0.0.0/7           0.0.0.0/0
    0     0 logdrop    ah   --  *      *       39.0.0.0/8           0.0.0.0/0
    0     0 logdrop    ah   --  *      *       41.0.0.0/8           0.0.0.0/0
    0     0 logdrop    ah   --  *      *       42.0.0.0/8           0.0.0.0/0
    0     0 logdrop    ah   --  *      *       58.0.0.0/7           0.0.0.0/0
    0     0 logdrop    ah   --  *      *       60.0.0.0/8           0.0.0.0/0
    0     0 logdrop    ah   --  *      *       69.0.0.0/8           0.0.0.0/0
    0     0 logdrop    ah   --  *      *       70.0.0.0/7           0.0.0.0/0
    0     0 logdrop    ah   --  *      *       72.0.0.0/5           0.0.0.0/0
    0     0 logdrop    ah   --  *      *       82.0.0.0/7           0.0.0.0/0
    0     0 logdrop    ah   --  *      *       84.0.0.0/6           0.0.0.0/0
    0     0 logdrop    ah   --  *      *       88.0.0.0/5           0.0.0.0/0
    0     0 logdrop    ah   --  *      *       96.0.0.0/3           0.0.0.0/0
    0     0 logdrop    ah   --  *      *       197.0.0.0/8          0.0.0.0/0
    0     0 logdrop    ah   --  *      *       222.0.0.0/7          0.0.0.0/0
    0     0 logdrop    ah   --  *      *       240.0.0.0/4          0.0.0.0/0

Chain shorewall (0 references)
 pkts bytes target     prot opt in     out     source               destination

Jul 30 05:24:07 all2all:REJECT:IN= OUT=eth0 SRC=24.162.61.240 DST=24.93.35.166
LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=878 PROTO=TCP SPT=3006 DPT=110 WINDOW=5840
RES=0x00 CWR ECE SYN URGP=0
Jul 30 05:24:08 rfc1918:DROP:IN=eth0 OUT= SRC=10.50.96.1 DST=255.255.255.255
LEN=338 TOS=0x00 PREC=0x00 TTL=255 ID=17053 PROTO=UDP SPT=67 DPT=68 LEN=318
Jul 30 05:25:09 rfc1918:DROP:IN=eth0 OUT= SRC=10.50.96.1 DST=255.255.255.255
LEN=338 TOS=0x00 PREC=0x00 TTL=255 ID=17080 PROTO=UDP SPT=67 DPT=68 LEN=318
Jul 30 05:25:48 all2all:REJECT:IN= OUT=eth0 SRC=24.162.61.240 DST=208.14.208.44
LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=12336 PROTO=TCP SPT=4583 DPT=37 WINDOW=5840
RES=0x00 CWR ECE SYN URGP=0
Jul 30 05:26:09 rfc1918:DROP:IN=eth0 OUT= SRC=10.50.96.1 DST=255.255.255.255
LEN=338 TOS=0x00 PREC=0x00 TTL=255 ID=17123 PROTO=UDP SPT=67 DPT=68 LEN=318
Jul 30 05:27:10 rfc1918:DROP:IN=eth0 OUT= SRC=10.50.96.1 DST=255.255.255.255
LEN=338 TOS=0x00 PREC=0x00 TTL=255 ID=17153 PROTO=UDP SPT=67 DPT=68 LEN=318
Jul 30 05:28:10 rfc1918:DROP:IN=eth0 OUT= SRC=10.50.96.1 DST=255.255.255.255
LEN=338 TOS=0x00 PREC=0x00 TTL=255 ID=17180 PROTO=UDP SPT=67 DPT=68 LEN=318

Chain PREROUTING (policy ACCEPT 22 packets, 3926 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 15 packets, 1255 bytes)
 pkts bytes target     prot opt in     out     source               destination
   12   716 eth0_masq  ah   --  *      eth0    0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT 12 packets, 1025 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain eth0_masq (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 MASQUERADE  ah   --  *      *       192.168.0.64/26      0.0.0.0/0
    5   267 MASQUERADE  ah   --  *      *       192.168.0.128/26     0.0.0.0/0

Chain PREROUTING (policy ACCEPT 221 packets, 100K bytes)
 pkts bytes target     prot opt in     out     source               destination
  112 84896 man1918    ah   --  eth0   *       0.0.0.0/0            0.0.0.0/0
  212 97091 pretos     ah   --  *      *       0.0.0.0/0            0.0.0.0/0
  212 97091 tcpre      ah   --  *      *       0.0.0.0/0            0.0.0.0/0

Chain INPUT (policy ACCEPT 27 packets, 6282 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy ACCEPT 189 packets, 92617 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 29 packets, 3872 bytes)
 pkts bytes target     prot opt in     out     source               destination
   25  2064 outtos     ah   --  *      *       0.0.0.0/0            0.0.0.0/0
   25  2064 tcout      ah   --  *      *       0.0.0.0/0            0.0.0.0/0

Chain POSTROUTING (policy ACCEPT 220 packets, 98177 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain logdrop (27 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 LOG        ah   --  *      *       0.0.0.0/0            0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:man1918:DROP:''
    0     0 DROP       ah   --  *      *       0.0.0.0/0            0.0.0.0/0

Chain man1918 (1 references)
 pkts bytes target     prot opt in     out     source               destination
    5  1690 RETURN     ah   --  *      *       0.0.0.0/0           
255.255.255.255
    0     0 DROP       ah   --  *      *       0.0.0.0/0           
169.254.0.0/16
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
172.16.0.0/12
    0     0 logdrop    ah   --  *      *       0.0.0.0/0            192.0.2.0/24
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
192.168.0.0/16
    0     0 logdrop    ah   --  *      *       0.0.0.0/0            0.0.0.0/7
    0     0 logdrop    ah   --  *      *       0.0.0.0/0            2.0.0.0/8
    0     0 logdrop    ah   --  *      *       0.0.0.0/0            5.0.0.0/8
    0     0 logdrop    ah   --  *      *       0.0.0.0/0            7.0.0.0/8
    0     0 logdrop    ah   --  *      *       0.0.0.0/0            10.0.0.0/8
    0     0 logdrop    ah   --  *      *       0.0.0.0/0            23.0.0.0/8
    0     0 logdrop    ah   --  *      *       0.0.0.0/0            27.0.0.0/8
    0     0 logdrop    ah   --  *      *       0.0.0.0/0            31.0.0.0/8
    0     0 logdrop    ah   --  *      *       0.0.0.0/0            36.0.0.0/7
    0     0 logdrop    ah   --  *      *       0.0.0.0/0            39.0.0.0/8
    0     0 logdrop    ah   --  *      *       0.0.0.0/0            41.0.0.0/8
    0     0 logdrop    ah   --  *      *       0.0.0.0/0            42.0.0.0/8
    0     0 logdrop    ah   --  *      *       0.0.0.0/0            58.0.0.0/7
    0     0 logdrop    ah   --  *      *       0.0.0.0/0            60.0.0.0/8
    0     0 logdrop    ah   --  *      *       0.0.0.0/0            69.0.0.0/8
    0     0 logdrop    ah   --  *      *       0.0.0.0/0            70.0.0.0/7
    0     0 logdrop    ah   --  *      *       0.0.0.0/0            72.0.0.0/5
    0     0 logdrop    ah   --  *      *       0.0.0.0/0            82.0.0.0/7
    0     0 logdrop    ah   --  *      *       0.0.0.0/0            84.0.0.0/6
    0     0 logdrop    ah   --  *      *       0.0.0.0/0            88.0.0.0/5
    0     0 logdrop    ah   --  *      *       0.0.0.0/0            96.0.0.0/3
    0     0 logdrop    ah   --  *      *       0.0.0.0/0            197.0.0.0/8
    0     0 logdrop    ah   --  *      *       0.0.0.0/0            222.0.0.0/7
    0     0 logdrop    ah   --  *      *       0.0.0.0/0            240.0.0.0/4

Chain outtos (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp dpt:22 TOS set 0x10
    0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp spt:22 TOS set 0x10
    0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp dpt:21 TOS set 0x10
    0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp spt:21 TOS set 0x10
    0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp spt:20 TOS set 0x08
    0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp dpt:20 TOS set 0x08

Chain pretos (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp dpt:22 TOS set 0x10
    0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp spt:22 TOS set 0x10
    0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp dpt:21 TOS set 0x10
    0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp spt:21 TOS set 0x10
    0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp spt:20 TOS set 0x08
    0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp dpt:20 TOS set 0x08

Chain tcout (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain tcpre (1 references)
 pkts bytes target     prot opt in     out     source               destination


--=_99C5EF1E.FA9B87D7--

Tom Eastep

2002-Jul-30 13:45 UTC

head link

[Shorewall-users] Rdate error message

On Tue, 30 Jul 2002, Godfried Duodu wrote:
> Tom, I have attached the output of "shorewall status" to help
diagnose
> why I am getting "connection refused" error message. I have
allowed ntp
> access for the FW to the Net.
> 
Two things:

a) rdate doesn''t use ntp (UDP port 123) -- it uses TCP port 37.
b) You haven''t enabled anything between the fw and the net except DNS.

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net

Shorewall users - Jul 2002 - Rdate error message

[Shorewall-users] Rdate error message

[Shorewall-users] Rdate error message