thr3ads.net - Shorewall users - [Shorewall-users] Isnt this DHCP? [Jun 2002]

If this information is useful, please help other people find it:
Share via:

2002-Jun-17 20:47 UTC

[Shorewall-users] Isnt this DHCP?

Jun 17 20:08:09 curtain kernel: Shorewall:all2all:REJECT:IN=eth2
OUTMAC=00:90:27:d1:56:27:00:90:27:d1:66:44:08:00 SRC=192.168.0.140
DST=192.168.0.254 LEN=576 TOS=0x00 PREC=0x00 TTL=64 ID=4795 PROTO=UDP SPT=68
DPT=67 LEN=556
Jun 17 20:08:09 curtain kernel: Shorewall:all2all:REJECT:IN= OUT=eth2
SRC=192.168.0.254 DST=192.168.0.140 LEN=353 TOS=0x00 PREC=0x00 TTL=64 ID=0
DF PROTO=UDP SPT=67 DPT=68 LEN=333
Jun 17 20:08:13 curtain kernel: Shorewall:all2all:REJECT:IN=eth2
OUTMAC=00:90:27:d1:56:27:00:90:27:d1:66:44:08:00 SRC=192.168.0.140
DST=192.168.0.254 LEN=576 TOS=0x00 PREC=0x00 TTL=64 ID=4796 PROTO=UDP SPT=68
DPT=67 LEN=556
Jun 17 20:08:13 curtain kernel: Shorewall:all2all:REJECT:IN= OUT=eth2
SRC=192.168.0.254 DST=192.168.0.140 LEN=353 TOS=0x00 PREC=0x00 TTL=64 ID=0
DF PROTO=UDP SPT=67 DPT=68 LEN=333
Jun 17 20:08:16 curtain kernel: Shorewall:all2all:REJECT:IN=eth2
OUTMAC=00:90:27:d1:56:27:00:90:27:d1:66:44:08:00 SRC=192.168.0.140
DST=192.168.0.254 LEN=576 TOS=0x00 PREC=0x00 TTL=64 ID=4797 PROTO=UDP SPT=68
DPT=67 LEN=556
Jun 17 20:08:16 curtain kernel: Shorewall:all2all:REJECT:IN= OUT=eth2
SRC=192.168.0.254 DST=192.168.0.140 LEN=353 TOS=0x00 PREC=0x00 TTL=64 ID=0
DF PROTO=UDP SPT=67 DPT=68 LEN=333
Jun 17 20:08:21 curtain kernel: Shorewall:all2all:REJECT:IN=eth2
OUTMAC=00:90:27:d1:56:27:00:90:27:d1:66:44:08:00 SRC=192.168.0.140
DST=192.168.0.254 LEN=576 TOS=0x00 PREC=0x00 TTL=64 ID=4814 PROTO=UDP SPT=68
DPT=67 LEN=556
Jun 17 20:08:21 curtain kernel: Shorewall:all2all:REJECT:IN= OUT=eth2
SRC=192.168.0.254 DST=192.168.0.140 LEN=353 TOS=0x00 PREC=0x00 TTL=64 ID=0
DF PROTO=UDP SPT=67 DPT=68 LEN=333

#ZONE    INTERFACE      BROADCAST       OPTIONS
net     eth0    detect  dhcp
loc     eth2    detect  routestopped,dhcp
locB    eth1    detect  routestopped,dhcp

I cant really figure this out?

and if needed, here is status output.

curtain:~# shorewall status

Shorewall-1.3.1 Status at curtain - Mon Jun 17 20:12:23 CEST 2002

Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source
destination
 5644 2068K ACCEPT     all  --  lo     *       0.0.0.0/0
0.0.0.0/0
 1180  550K eth0_in    all  --  eth0   *       0.0.0.0/0
0.0.0.0/0
18153 3913K eth2_in    all  --  eth2   *       0.0.0.0/0
0.0.0.0/0
    0     0 eth1_in    all  --  eth1   *       0.0.0.0/0
0.0.0.0/0
    0     0 common     all  --  *      *       0.0.0.0/0
0.0.0.0/0
    0     0 LOG        all  --  *      *       0.0.0.0/0
0.0.0.0/0          LOG flags 0 level 6 prefix `Shorewall:INPUT:REJECT:''
    0     0 reject     all  --  *      *       0.0.0.0/0
0.0.0.0/0

Chain FORWARD (policy DROP 16 packets, 18200 bytes)
 pkts bytes target     prot opt in     out     source
destination
1018K 1203M eth0_fwd   all  --  eth0   *       0.0.0.0/0
0.0.0.0/0
 683K   55M eth2_fwd   all  --  eth2   *       0.0.0.0/0
0.0.0.0/0
    0     0 eth1_fwd   all  --  eth1   *       0.0.0.0/0
0.0.0.0/0
    0     0 common     all  --  *      *       0.0.0.0/0
0.0.0.0/0
    0     0 LOG        all  --  *      *       0.0.0.0/0
0.0.0.0/0          LOG flags 0 level 6 prefix
`Shorewall:FORWARD:REJECT:''
    0     0 reject     all  --  *      *       0.0.0.0/0
0.0.0.0/0

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source
destination
 5644 2068K ACCEPT     all  --  *      lo      0.0.0.0/0
0.0.0.0/0
 5771 3123K ACCEPT     icmp --  *      *       0.0.0.0/0
0.0.0.0/0
    9  2952 ACCEPT     udp  --  *      eth0    0.0.0.0/0
0.0.0.0/0          udp dpts:67:68
  599 38359 fw2net     all  --  *      eth0    0.0.0.0/0
0.0.0.0/0
17291 5477K fw2loc     all  --  *      eth2    0.0.0.0/0
0.0.0.0/0
    0     0 all2all    all  --  *      eth1    0.0.0.0/0
0.0.0.0/0
    0     0 common     all  --  *      *       0.0.0.0/0
0.0.0.0/0
    0     0 LOG        all  --  *      *       0.0.0.0/0
0.0.0.0/0          LOG flags 0 level 6 prefix
`Shorewall:OUTPUT:REJECT:''
    0     0 reject     all  --  *      *       0.0.0.0/0
0.0.0.0/0

Chain all2all (8 references)
 pkts bytes target     prot opt in     out     source
destination
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0
0.0.0.0/0          state RELATED,ESTABLISHED
11042 5039K common     all  --  *      *       0.0.0.0/0
0.0.0.0/0
10724 4981K LOG        all  --  *      *       0.0.0.0/0
0.0.0.0/0          LOG flags 0 level 6 prefix
`Shorewall:all2all:REJECT:''
10724 4981K reject     all  --  *      *       0.0.0.0/0
0.0.0.0/0

Chain common (5 references)
 pkts bytes target     prot opt in     out     source
destination
    0     0 icmpdef    icmp --  *      *       0.0.0.0/0
0.0.0.0/0
    7   556 ACCEPT     tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          tcp flags:0x10/0x10
    1    40 ACCEPT     tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          tcp flags:0x04/0x04
  341 59230 REJECT     udp  --  *      *       0.0.0.0/0
0.0.0.0/0          udp dpts:137:139 reject-with icmp-port-unreachable
    0     0 REJECT     udp  --  *      *       0.0.0.0/0
0.0.0.0/0          udp dpt:445 reject-with icmp-port-unreachable
    0     0 reject     tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          tcp dpt:135
    0     0 DROP       udp  --  *      *       0.0.0.0/0
0.0.0.0/0          udp dpt:1900
    1   328 DROP       all  --  *      *       0.0.0.0/0
255.255.255.255
    0     0 DROP       all  --  *      *       0.0.0.0/0
224.0.0.0/4
    0     0 reject     tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          tcp dpt:113
    0     0 DROP       all  --  *      *       0.0.0.0/0
213.67.241.255
    0     0 DROP       all  --  *      *       0.0.0.0/0
192.168.0.255
    0     0 DROP       all  --  *      *       0.0.0.0/0
192.168.1.255

Chain eth0_fwd (1 references)
 pkts bytes target     prot opt in     out     source
destination
1018K 1203M net2loc    all  --  *      eth2    0.0.0.0/0
0.0.0.0/0
    0     0 net2all    all  --  *      eth1    0.0.0.0/0
0.0.0.0/0

Chain eth0_in (1 references)
 pkts bytes target     prot opt in     out     source
destination
    9  2952 ACCEPT     udp  --  *      *       0.0.0.0/0
0.0.0.0/0          udp dpts:67:68
  370 31080 ACCEPT     icmp --  *      *       0.0.0.0/0
0.0.0.0/0          icmp type 8
  801  516K net2fw     all  --  *      *       0.0.0.0/0
0.0.0.0/0

Chain eth1_fwd (1 references)
 pkts bytes target     prot opt in     out     source
destination
    0     0 all2all    all  --  *      eth0    0.0.0.0/0
0.0.0.0/0
    0     0 all2all    all  --  *      eth2    0.0.0.0/0
0.0.0.0/0

Chain eth1_in (1 references)
 pkts bytes target     prot opt in     out     source
destination
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0
0.0.0.0/0          icmp type 8
    0     0 all2all    all  --  *      *       0.0.0.0/0
0.0.0.0/0

Chain eth2_fwd (1 references)
 pkts bytes target     prot opt in     out     source
destination
 683K   55M loc2net    all  --  *      eth0    0.0.0.0/0
0.0.0.0/0
    0     0 all2all    all  --  *      eth1    0.0.0.0/0
0.0.0.0/0

Chain eth2_in (1 references)
 pkts bytes target     prot opt in     out     source
destination
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0
0.0.0.0/0          icmp type 8
18153 3913K loc2fw     all  --  *      *       0.0.0.0/0
0.0.0.0/0

Chain fw2loc (1 references)
 pkts bytes target     prot opt in     out     source
destination
11922 3584K ACCEPT     all  --  *      *       0.0.0.0/0
0.0.0.0/0          state RELATED,ESTABLISHED
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          state NEW tcp dpt:22
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          state NEW tcp dpt:3306
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0
0.0.0.0/0          state NEW udp dpt:3306
    7   420 ACCEPT     tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          state NEW tcp dpt:617
 5362 1893K all2all    all  --  *      *       0.0.0.0/0
0.0.0.0/0

Chain fw2net (1 references)
 pkts bytes target     prot opt in     out     source
destination
  265 14889 ACCEPT     all  --  *      *       0.0.0.0/0
0.0.0.0/0          state RELATED,ESTABLISHED
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0
0.0.0.0/0          state NEW udp dpt:123
    3   180 ACCEPT     tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          state NEW tcp dpt:80
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          state NEW tcp dpt:443
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          state NEW tcp dpt:53
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          state NEW tcp dpt:22
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          state NEW tcp dpt:37
  331 23290 ACCEPT     udp  --  *      *       0.0.0.0/0
0.0.0.0/0          state NEW udp dpt:53
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0
0.0.0.0/0          icmp type 8
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0
0.0.0.0/0          icmp type 0
    0     0 all2all    all  --  *      *       0.0.0.0/0
0.0.0.0/0

Chain icmpdef (1 references)
 pkts bytes target     prot opt in     out     source
destination
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0
0.0.0.0/0          icmp type 0
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0
0.0.0.0/0          icmp type 4
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0
0.0.0.0/0          icmp type 3
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0
0.0.0.0/0          icmp type 11
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0
0.0.0.0/0          icmp type 12

Chain loc2fw (1 references)
 pkts bytes target     prot opt in     out     source
destination
11866  729K ACCEPT     all  --  *      *       0.0.0.0/0
0.0.0.0/0          state RELATED,ESTABLISHED
    4   240 ACCEPT     tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          state NEW tcp dpt:22
  602 38066 ACCEPT     udp  --  *      *       0.0.0.0/0
0.0.0.0/0          state NEW udp dpt:53
    1    60 ACCEPT     tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          state NEW tcp dpt:617
 5680 3146K all2all    all  --  *      *       0.0.0.0/0
0.0.0.0/0

Chain loc2net (1 references)
 pkts bytes target     prot opt in     out     source
destination
 679K   55M ACCEPT     all  --  *      *       0.0.0.0/0
0.0.0.0/0          state RELATED,ESTABLISHED
 4114  204K ACCEPT     all  --  *      *       0.0.0.0/0
0.0.0.0/0

Chain net2all (3 references)
 pkts bytes target     prot opt in     out     source
destination
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0
0.0.0.0/0          state RELATED,ESTABLISHED
  101  6216 common     all  --  *      *       0.0.0.0/0
0.0.0.0/0
   69  3748 LOG        all  --  *      *       0.0.0.0/0
0.0.0.0/0          LOG flags 0 level 6 prefix `Shorewall:net2all:DROP:''
   69  3748 DROP       all  --  *      *       0.0.0.0/0
0.0.0.0/0

Chain net2fw (1 references)
 pkts bytes target     prot opt in     out     source
destination
  698  510K ACCEPT     all  --  *      *       0.0.0.0/0
0.0.0.0/0          state RELATED,ESTABLISHED
    2   120 ACCEPT     tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          state NEW tcp dpt:113
  101  6216 net2all    all  --  *      *       0.0.0.0/0
0.0.0.0/0

Chain net2loc (1 references)
 pkts bytes target     prot opt in     out     source
destination
1018K 1203M ACCEPT     all  --  *      *       0.0.0.0/0
0.0.0.0/0          state RELATED,ESTABLISHED
  263 15432 ACCEPT     tcp  --  *      *       0.0.0.0/0
192.168.0.130      state NEW tcp dpt:25
  104  4992 ACCEPT     tcp  --  *      *       0.0.0.0/0
192.168.0.130      state NEW tcp dpt:110
   96  4832 ACCEPT     tcp  --  *      *       0.0.0.0/0
192.168.0.130      state NEW tcp dpt:80
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0
192.168.0.130      state NEW tcp dpt:443
    4   176 ACCEPT     tcp  --  *      *       0.0.0.0/0
192.168.0.130      state NEW tcp dpt:22
    0     0 ACCEPT     tcp  --  *      *       130.241.25.165
192.168.0.130      state NEW tcp dpt:617
    0     0 ACCEPT     tcp  --  *      *       194.236.142.201
192.168.0.130      state NEW tcp dpt:617
    0     0 ACCEPT     tcp  --  *      *       212.247.15.77
192.168.0.130      state NEW tcp dpt:617
    4   192 ACCEPT     tcp  --  *      *       203.190.196.0/24
192.168.0.160      state NEW tcp dpt:5999
    0     0 ACCEPT     tcp  --  *      *       212.247.15.77
192.168.0.160      state NEW tcp dpt:5999
    0     0 net2all    all  --  *      *       0.0.0.0/0
0.0.0.0/0

Chain reject (6 references)
 pkts bytes target     prot opt in     out     source
destination
    0     0 REJECT     tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          reject-with tcp-reset
10724 4981K REJECT     all  --  *      *       0.0.0.0/0
0.0.0.0/0          reject-with icmp-port-unreachable

Chain shorewall (0 references)
 pkts bytes target     prot opt in     out     source
destination

Jun 17 20:11:56 all2all:REJECT:IN=eth2 OUT= SRC=192.168.0.140
DST=192.168.0.254 LEN=576 TOS=0x00 PREC=0x00 TTL=64 ID=4878 PROTO=UDP SPT=68
DPT=67 LEN=556
Jun 17 20:11:56 all2all:REJECT:IN= OUT=eth2 SRC=192.168.0.254
DST=192.168.0.140 LEN=353 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=67
DPT=68 LEN=333
Jun 17 20:11:59 all2all:REJECT:IN=eth2 OUT= SRC=192.168.0.140
DST=192.168.0.254 LEN=576 TOS=0x00 PREC=0x00 TTL=64 ID=4879 PROTO=UDP SPT=68
DPT=67 LEN=556
Jun 17 20:11:59 all2all:REJECT:IN= OUT=eth2 SRC=192.168.0.254
DST=192.168.0.140 LEN=353 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=67
DPT=68 LEN=333
Jun 17 20:12:02 all2all:REJECT:IN=eth2 OUT= SRC=192.168.0.140
DST=192.168.0.254 LEN=576 TOS=0x00 PREC=0x00 TTL=64 ID=4880 PROTO=UDP SPT=68
DPT=67 LEN=556
Jun 17 20:12:02 all2all:REJECT:IN= OUT=eth2 SRC=192.168.0.254
DST=192.168.0.140 LEN=353 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=67
DPT=68 LEN=333
Jun 17 20:12:06 all2all:REJECT:IN=eth2 OUT= SRC=192.168.0.140
DST=192.168.0.254 LEN=576 TOS=0x00 PREC=0x00 TTL=64 ID=4881 PROTO=UDP SPT=68
DPT=67 LEN=556
Jun 17 20:12:06 all2all:REJECT:IN= OUT=eth2 SRC=192.168.0.254
DST=192.168.0.140 LEN=353 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=67
DPT=68 LEN=333
Jun 17 20:12:09 all2all:REJECT:IN=eth2 OUT= SRC=192.168.0.140
DST=192.168.0.254 LEN=576 TOS=0x00 PREC=0x00 TTL=64 ID=4882 PROTO=UDP SPT=68
DPT=67 LEN=556
Jun 17 20:12:09 all2all:REJECT:IN= OUT=eth2 SRC=192.168.0.254
DST=192.168.0.140 LEN=353 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=67
DPT=68 LEN=333
Jun 17 20:12:13 all2all:REJECT:IN=eth2 OUT= SRC=192.168.0.140
DST=192.168.0.254 LEN=576 TOS=0x00 PREC=0x00 TTL=64 ID=4883 PROTO=UDP SPT=68
DPT=67 LEN=556
Jun 17 20:12:13 all2all:REJECT:IN= OUT=eth2 SRC=192.168.0.254
DST=192.168.0.140 LEN=353 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=67
DPT=68 LEN=333
Jun 17 20:12:16 all2all:REJECT:IN=eth2 OUT= SRC=192.168.0.140
DST=192.168.0.254 LEN=576 TOS=0x00 PREC=0x00 TTL=64 ID=4884 PROTO=UDP SPT=68
DPT=67 LEN=556
Jun 17 20:12:16 all2all:REJECT:IN= OUT=eth2 SRC=192.168.0.254
DST=192.168.0.140 LEN=353 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=67
DPT=68 LEN=333
Jun 17 20:12:20 all2all:REJECT:IN=eth2 OUT= SRC=192.168.0.140
DST=192.168.0.254 LEN=576 TOS=0x00 PREC=0x00 TTL=64 ID=4885 PROTO=UDP SPT=68
DPT=67 LEN=556
Jun 17 20:12:20 all2all:REJECT:IN= OUT=eth2 SRC=192.168.0.254
DST=192.168.0.140 LEN=353 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=67
DPT=68 LEN=333
Jun 17 20:12:23 all2all:REJECT:IN=eth2 OUT= SRC=192.168.0.140
DST=192.168.0.254 LEN=576 TOS=0x00 PREC=0x00 TTL=64 ID=4886 PROTO=UDP SPT=68
DPT=67 LEN=556
Jun 17 20:12:23 all2all:REJECT:IN= OUT=eth2 SRC=192.168.0.254
DST=192.168.0.140 LEN=353 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=67
DPT=68 LEN=333
Jun 17 20:12:26 all2all:REJECT:IN=eth2 OUT= SRC=192.168.0.140
DST=192.168.0.254 LEN=576 TOS=0x00 PREC=0x00 TTL=64 ID=4888 PROTO=UDP SPT=68
DPT=67 LEN=556
Jun 17 20:12:26 all2all:REJECT:IN= OUT=eth2 SRC=192.168.0.254
DST=192.168.0.140 LEN=353 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=67
DPT=68 LEN=333

Chain PREROUTING (policy ACCEPT 527K packets, 37M bytes)
 pkts bytes target     prot opt in     out     source
destination
  944 63040 net        all  --  eth0   *       0.0.0.0/0
0.0.0.0/0

Chain POSTROUTING (policy ACCEPT 247K packets, 15M bytes)
 pkts bytes target     prot opt in     out     source
destination
    0     0 MASQUERADE  all  --  *      eth0    192.168.1.0/24
0.0.0.0/0
 4067  201K MASQUERADE  all  --  *      eth0    192.168.0.0/24
0.0.0.0/0

Chain OUTPUT (policy ACCEPT 113K packets, 9572K bytes)
 pkts bytes target     prot opt in     out     source
destination

Chain net (1 references)
 pkts bytes target     prot opt in     out     source
destination
  263 15432 DNAT       tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          tcp dpt:25 to:192.168.0.130
  104  4992 DNAT       tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          tcp dpt:110 to:192.168.0.130
   96  4832 DNAT       tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          tcp dpt:80 to:192.168.0.130
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          tcp dpt:443 to:192.168.0.130
    4   176 DNAT       tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          tcp dpt:11111 to:192.168.0.130:22
    0     0 DNAT       tcp  --  *      *       130.241.25.165
0.0.0.0/0          tcp dpt:617 to:192.168.0.130
    0     0 DNAT       tcp  --  *      *       194.236.142.201
0.0.0.0/0          tcp dpt:617 to:192.168.0.130
    0     0 DNAT       tcp  --  *      *       212.247.15.77
0.0.0.0/0          tcp dpt:617 to:192.168.0.130
    4   192 DNAT       tcp  --  *      *       203.190.196.0/24
0.0.0.0/0          tcp dpt:5999 to:192.168.0.160
    0     0 DNAT       tcp  --  *      *       212.247.15.77
0.0.0.0/0          tcp dpt:5999 to:192.168.0.160

Chain PREROUTING (policy ACCEPT 51M packets, 34G bytes)
 pkts bytes target     prot opt in     out     source
destination
1727K 1265M pretos     all  --  *      *       0.0.0.0/0
0.0.0.0/0

Chain INPUT (policy ACCEPT 890K packets, 95M bytes)
 pkts bytes target     prot opt in     out     source
destination

Chain FORWARD (policy ACCEPT 50M packets, 33G bytes)
 pkts bytes target     prot opt in     out     source
destination

Chain OUTPUT (policy ACCEPT 868K packets, 101M bytes)
 pkts bytes target     prot opt in     out     source
destination
29432   11M outtos     all  --  *      *       0.0.0.0/0
0.0.0.0/0

Chain POSTROUTING (policy ACCEPT 50M packets, 34G bytes)
 pkts bytes target     prot opt in     out     source
destination

Chain outtos (1 references)
 pkts bytes target     prot opt in     out     source
destination
    0     0 TOS        tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          tcp dpt:22 TOS set 0x10
 9202 3147K TOS        tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          tcp spt:22 TOS set 0x10
    0     0 TOS        tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          tcp dpt:21 TOS set 0x10
    0     0 TOS        tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          tcp spt:21 TOS set 0x10
    0     0 TOS        tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          tcp spt:20 TOS set 0x08
    0     0 TOS        tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          tcp dpt:20 TOS set 0x08

Chain pretos (1 references)
 pkts bytes target     prot opt in     out     source
destination
 9705  587K TOS        tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          tcp dpt:22 TOS set 0x10
 8939 1811K TOS        tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          tcp spt:22 TOS set 0x10
 2634  135K TOS        tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          tcp dpt:21 TOS set 0x10
 2334  165K TOS        tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          tcp spt:21 TOS set 0x10
    0     0 TOS        tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          tcp spt:20 TOS set 0x08
    0     0 TOS        tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          tcp dpt:20 TOS set 0x08

tcp      6 332808 ESTABLISHED src=192.168.0.160 dst=24.58.1.215 sport=1187
dport=2619 src=24.58.1.215 dst=213.67.241.162 sport=2619 dport=1187
[ASSURED] use=1
tcp      6 426867 ESTABLISHED src=212.247.15.77 dst=213.67.241.162
sport=16453 dport=11111 src=192.168.0.130 dst=212.247.15.77 sport=22
dport=16453 [ASSURED] use=1
tcp      6 431999 ESTABLISHED src=192.168.0.160 dst=65.188.248.245
sport=1453 dport=3059 src=65.188.248.245 dst=213.67.241.162 sport=3059
dport=1453 [ASSURED] use=1
tcp      6 161042 ESTABLISHED src=203.190.196.47 dst=213.67.241.162
sport=1406 dport=5999 src=192.168.0.160 dst=203.190.196.47 sport=5999
dport=1406 [ASSURED] use=1
udp      17 164 src=213.67.241.162 dst=206.124.146.177 sport=1063 dport=53
src=206.124.146.177 dst=213.67.241.162 sport=53 dport=1063 [ASSURED] use=1
tcp      6 43 TIME_WAIT src=130.241.25.165 dst=213.67.241.162 sport=4660
dport=25 src=192.168.0.130 dst=130.241.25.165 sport=25 dport=4660 [ASSURED]
use=1
tcp      6 311162 ESTABLISHED src=203.190.196.151 dst=213.67.241.162
sport=1090 dport=5999 src=192.168.0.160 dst=203.190.196.151 sport=5999
dport=1090 [ASSURED] use=1
tcp      6 92 TIME_WAIT src=130.241.25.165 dst=213.67.241.162 sport=4663
dport=25 src=192.168.0.130 dst=130.241.25.165 sport=25 dport=4663 [ASSURED]
use=1
tcp      6 48 TIME_WAIT src=192.168.0.120 dst=64.12.184.89 sport=3531
dport=80 src=64.12.184.89 dst=213.67.241.162 sport=80 dport=3531 [ASSURED]
use=1
tcp      6 431942 ESTABLISHED src=192.168.0.120 dst=193.11.251.6 sport=1055
dport=6667 src=193.11.251.6 dst=213.67.241.162 sport=6667 dport=1055
[ASSURED] use=1
tcp      6 145025 ESTABLISHED src=192.168.0.160 dst=24.25.232.139 sport=3701
dport=2661 src=24.25.232.139 dst=213.67.241.162 sport=2661 dport=3701
[ASSURED] use=1
tcp      6 413186 ESTABLISHED src=203.190.196.132 dst=213.67.241.162
sport=1658 dport=5999 src=192.168.0.160 dst=203.190.196.132 sport=5999
dport=1658 [ASSURED] use=1
tcp      6 107 TIME_WAIT src=192.168.0.120 dst=64.12.184.89 sport=3540
dport=80 src=64.12.184.89 dst=213.67.241.162 sport=80 dport=3540 [ASSURED]
use=1
tcp      6 418250 ESTABLISHED src=192.168.0.160 dst=193.11.251.6 sport=1040
dport=7000 src=193.11.251.6 dst=213.67.241.162 sport=7000 dport=1040
[ASSURED] use=1
tcp      6 426507 ESTABLISHED src=192.168.0.120 dst=130.241.25.165
sport=1963 dport=22 src=130.241.25.165 dst=213.67.241.162 sport=22
dport=1963 [ASSURED] use=1
tcp      6 10 TIME_WAIT src=192.168.0.120 dst=206.124.146.177 sport=3493
dport=80 src=206.124.146.177 dst=213.67.241.162 sport=80 dport=3493
[ASSURED] use=1
tcp      6 19 TIME_WAIT src=192.168.0.120 dst=64.12.164.153 sport=3519
dport=80 src=64.12.164.153 dst=213.67.241.162 sport=80 dport=3519 [ASSURED]
use=1
tcp      6 11 TIME_WAIT src=192.168.0.120 dst=206.124.146.177 sport=3496
dport=80 src=206.124.146.177 dst=213.67.241.162 sport=80 dport=3496
[ASSURED] use=1
tcp      6 12 TIME_WAIT src=192.168.0.120 dst=206.124.146.177 sport=3499
dport=80 src=206.124.146.177 dst=213.67.241.162 sport=80 dport=3499
[ASSURED] use=1
tcp      6 426537 ESTABLISHED src=192.168.0.120 dst=130.241.25.165
sport=1981 dport=22 src=130.241.25.165 dst=213.67.241.162 sport=22
dport=1981 [ASSURED] use=1
tcp      6 430464 ESTABLISHED src=192.168.0.120 dst=194.236.142.201
sport=1689 dport=22 src=194.236.142.201 dst=213.67.241.162 sport=22
dport=1689 [ASSURED] use=1
tcp      6 12 TIME_WAIT src=192.168.0.120 dst=206.124.146.177 sport=3508
dport=80 src=206.124.146.177 dst=213.67.241.162 sport=80 dport=3508
[ASSURED] use=1
tcp      6 79 TIME_WAIT src=192.168.0.120 dst=64.12.164.153 sport=3534
dport=80 src=64.12.164.153 dst=213.67.241.162 sport=80 dport=3534 [ASSURED]
use=1
tcp      6 14 TIME_WAIT src=192.168.0.120 dst=206.124.146.177 sport=3511
dport=80 src=206.124.146.177 dst=213.67.241.162 sport=80 dport=3511
[ASSURED] use=1
tcp      6 15 TIME_WAIT src=192.168.0.120 dst=206.124.146.177 sport=3514
dport=80 src=206.124.146.177 dst=213.67.241.162 sport=80 dport=3514
[ASSURED] use=1
tcp      6 15 TIME_WAIT src=192.168.0.120 dst=206.124.146.177 sport=3517
dport=80 src=206.124.146.177 dst=213.67.241.162 sport=80 dport=3517
[ASSURED] use=1
udp      17 164 src=213.67.241.162 dst=192.43.172.30 sport=1063 dport=53
src=192.43.172.30 dst=213.67.241.162 sport=53 dport=1063 [ASSURED] use=1
tcp      6 19 TIME_WAIT src=192.168.0.120 dst=206.124.146.177 sport=3523
dport=80 src=206.124.146.177 dst=213.67.241.162 sport=80 dport=3523
[ASSURED] use=1
tcp      6 31 TIME_WAIT src=192.168.0.120 dst=206.124.146.177 sport=3526
dport=80 src=206.124.146.177 dst=213.67.241.162 sport=80 dport=3526
[ASSURED] use=1
tcp      6 431999 ESTABLISHED src=192.168.0.120 dst=205.188.9.1 sport=4023
dport=5190 src=205.188.9.1 dst=213.67.241.162 sport=5190 dport=4023
[ASSURED] use=1
tcp      6 181225 ESTABLISHED src=212.247.15.77 dst=213.67.241.162
sport=1136 dport=11111 src=192.168.0.130 dst=212.247.15.77 sport=22
dport=1136 [ASSURED] use=1
tcp      6 350034 ESTABLISHED src=203.190.196.138 dst=213.67.241.162
sport=1097 dport=5999 src=192.168.0.160 dst=203.190.196.138 sport=5999
dport=1097 [ASSURED] use=1
tcp      6 14 TIME_WAIT src=130.241.25.165 dst=213.67.241.162 sport=4658
dport=25 src=192.168.0.130 dst=130.241.25.165 sport=25 dport=4658 [ASSURED]
use=1
udp      17 14 src=213.67.241.162 dst=4.3.113.178 sport=1063 dport=53
src=4.3.113.178 dst=213.67.241.162 sport=53 dport=1063 use=1
tcp      6 13176 ESTABLISHED src=192.168.0.160 dst=63.211.153.178 sport=1325
dport=80 src=63.211.153.178 dst=213.67.241.162 sport=80 dport=1325 [ASSURED]
use=1
tcp      6 20 TIME_WAIT src=192.168.0.120 dst=64.12.184.89 sport=3520
dport=80 src=64.12.184.89 dst=213.67.241.162 sport=80 dport=3520 [ASSURED]
use=1
udp      17 176 src=192.168.0.130 dst=192.168.0.254 sport=32791 dport=53
src=192.168.0.254 dst=192.168.0.130 sport=53 dport=32791 [ASSURED] use=1
tcp      6 80 TIME_WAIT src=192.168.0.120 dst=64.12.184.89 sport=3535
dport=80 src=64.12.184.89 dst=213.67.241.162 sport=80 dport=3535 [ASSURED]
use=1
tcp      6 431996 ESTABLISHED src=192.168.0.160 dst=193.11.251.6 sport=1035
dport=6667 src=193.11.251.6 dst=213.67.241.162 sport=6667 dport=1035
[ASSURED] use=1
tcp      6 431999 ESTABLISHED src=192.168.0.120 dst=217.215.55.159
sport=3245 dport=3253 src=217.215.55.159 dst=213.67.241.162 sport=3253
dport=3245 [ASSURED] use=1
tcp      6 11 TIME_WAIT src=192.168.0.120 dst=206.124.146.177 sport=3494
dport=80 src=206.124.146.177 dst=213.67.241.162 sport=80 dport=3494
[ASSURED] use=1
tcp      6 11 TIME_WAIT src=192.168.0.120 dst=206.124.146.177 sport=3497
dport=80 src=206.124.146.177 dst=213.67.241.162 sport=80 dport=3497
[ASSURED] use=1
tcp      6 12 TIME_WAIT src=192.168.0.120 dst=206.124.146.177 sport=3500
dport=80 src=206.124.146.177 dst=213.67.241.162 sport=80 dport=3500
[ASSURED] use=1
tcp      6 143354 ESTABLISHED src=203.190.196.122 dst=213.67.241.162
sport=1208 dport=5999 src=192.168.0.160 dst=203.190.196.122 sport=5999
dport=1208 [ASSURED] use=1
tcp      6 12 TIME_WAIT src=192.168.0.120 dst=206.124.146.177 sport=3503
dport=80 src=206.124.146.177 dst=213.67.241.162 sport=80 dport=3503
[ASSURED] use=1
tcp      6 46 TIME_WAIT src=192.168.0.120 dst=64.12.164.153 sport=3529
dport=80 src=64.12.164.153 dst=213.67.241.162 sport=80 dport=3529 [ASSURED]
use=1
tcp      6 183688 ESTABLISHED src=212.247.15.77 dst=213.67.241.162
sport=7914 dport=11111 src=192.168.0.130 dst=212.247.15.77 sport=22
dport=7914 [ASSURED] use=1
tcp      6 12 TIME_WAIT src=192.168.0.120 dst=206.124.146.177 sport=3506
dport=80 src=206.124.146.177 dst=213.67.241.162 sport=80 dport=3506
[ASSURED] use=1
tcp      6 13 TIME_WAIT src=192.168.0.120 dst=206.124.146.177 sport=3509
dport=80 src=206.124.146.177 dst=213.67.241.162 sport=80 dport=3509
[ASSURED] use=1
tcp      6 14 TIME_WAIT src=192.168.0.120 dst=206.124.146.177 sport=3512
dport=80 src=206.124.146.177 dst=213.67.241.162 sport=80 dport=3512
[ASSURED] use=1
tcp      6 16 TIME_WAIT src=192.168.0.120 dst=206.124.146.177 sport=3515
dport=80 src=206.124.146.177 dst=213.67.241.162 sport=80 dport=3515
[ASSURED] use=1
tcp      6 19 TIME_WAIT src=192.168.0.120 dst=206.124.146.177 sport=3518
dport=80 src=206.124.146.177 dst=213.67.241.162 sport=80 dport=3518
[ASSURED] use=1
tcp      6 418273 ESTABLISHED src=203.190.196.247 dst=213.67.241.162
sport=1871 dport=5999 src=192.168.0.160 dst=203.190.196.247 sport=5999
dport=1871 [ASSURED] use=1
tcp      6 19 TIME_WAIT src=192.168.0.120 dst=206.124.146.177 sport=3521
dport=80 src=206.124.146.177 dst=213.67.241.162 sport=80 dport=3521
[ASSURED] use=1
tcp      6 31 TIME_WAIT src=192.168.0.120 dst=206.124.146.177 sport=3527
dport=80 src=206.124.146.177 dst=213.67.241.162 sport=80 dport=3527
[ASSURED] use=1
tcp      6 418226 ESTABLISHED src=192.168.0.160 dst=68.12.197.193 sport=1175
dport=3885 src=68.12.197.193 dst=213.67.241.162 sport=3885 dport=1175
[ASSURED] use=1
tcp      6 368328 ESTABLISHED src=203.190.196.99 dst=213.67.241.162
sport=1041 dport=5999 src=192.168.0.160 dst=203.190.196.99 sport=5999
dport=1041 [ASSURED] use=1
tcp      6 431943 ESTABLISHED src=192.168.0.120 dst=217.215.55.159
sport=4113 dport=33333 src=217.215.55.159 dst=213.67.241.162 sport=33333
dport=4113 [ASSURED] use=1
udp      17 71 src=213.67.241.162 dst=198.186.202.135 sport=1063 dport=53
src=198.186.202.135 dst=213.67.241.162 sport=53 dport=1063 [ASSURED] use=1
tcp      6 399298 ESTABLISHED src=203.190.196.119 dst=213.67.241.162
sport=1633 dport=5999 src=192.168.0.160 dst=203.190.196.119 sport=5999
dport=1633 [ASSURED] use=1
tcp      6 21 TIME_WAIT src=192.168.0.120 dst=64.12.184.89 sport=3524
dport=80 src=64.12.184.89 dst=213.67.241.162 sport=80 dport=3524 [ASSURED]
use=1
tcp      6 47 TIME_WAIT src=192.168.0.120 dst=64.12.184.89 sport=3530
dport=80 src=64.12.184.89 dst=213.67.241.162 sport=80 dport=3530 [ASSURED]
use=1
tcp      6 363016 ESTABLISHED src=203.190.196.34 dst=213.67.241.162
sport=1495 dport=5999 src=192.168.0.160 dst=203.190.196.34 sport=5999
dport=1495 [ASSURED] use=1
tcp      6 81 TIME_WAIT src=192.168.0.120 dst=64.12.184.89 sport=3536
dport=80 src=64.12.184.89 dst=213.67.241.162 sport=80 dport=3536 [ASSURED]
use=1
tcp      6 116 TIME_WAIT src=192.168.0.130 dst=206.124.146.177 sport=35952
dport=25 src=206.124.146.177 dst=213.67.241.162 sport=25 dport=35952
[ASSURED] use=1
tcp      6 432000 ESTABLISHED src=192.168.0.120 dst=192.168.0.254 sport=1101
dport=22 src=192.168.0.254 dst=192.168.0.120 sport=22 dport=1101 [ASSURED]
use=1
tcp      6 11 TIME_WAIT src=192.168.0.120 dst=206.124.146.177 sport=3495
dport=80 src=206.124.146.177 dst=213.67.241.162 sport=80 dport=3495
[ASSURED] use=1
tcp      6 12 TIME_WAIT src=192.168.0.120 dst=206.124.146.177 sport=3498
dport=80 src=206.124.146.177 dst=213.67.241.162 sport=80 dport=3498
[ASSURED] use=1
tcp      6 13 TIME_WAIT src=192.168.0.120 dst=206.124.146.177 sport=3504
dport=80 src=206.124.146.177 dst=213.67.241.162 sport=80 dport=3504
[ASSURED] use=1
tcp      6 204903 ESTABLISHED src=192.168.0.160 dst=24.25.232.139 sport=1199
dport=4824 src=24.25.232.139 dst=213.67.241.162 sport=4824 dport=1199
[ASSURED] use=1
tcp      6 12 TIME_WAIT src=192.168.0.120 dst=206.124.146.177 sport=3507
dport=80 src=206.124.146.177 dst=213.67.241.162 sport=80 dport=3507
[ASSURED] use=1
tcp      6 15 TIME_WAIT src=192.168.0.120 dst=206.124.146.177 sport=3510
dport=80 src=206.124.146.177 dst=213.67.241.162 sport=80 dport=3510
[ASSURED] use=1
tcp      6 14 TIME_WAIT src=192.168.0.120 dst=206.124.146.177 sport=3513
dport=80 src=206.124.146.177 dst=213.67.241.162 sport=80 dport=3513
[ASSURED] use=1
tcp      6 106 TIME_WAIT src=192.168.0.120 dst=64.12.164.153 sport=3539
dport=80 src=64.12.164.153 dst=213.67.241.162 sport=80 dport=3539 [ASSURED]
use=1
tcp      6 15 TIME_WAIT src=192.168.0.120 dst=206.124.146.177 sport=3516
dport=80 src=206.124.146.177 dst=213.67.241.162 sport=80 dport=3516
[ASSURED] use=1
tcp      6 19 TIME_WAIT src=192.168.0.120 dst=206.124.146.177 sport=3522
dport=80 src=206.124.146.177 dst=213.67.241.162 sport=80 dport=3522
[ASSURED] use=1
tcp      6 31 TIME_WAIT src=192.168.0.120 dst=206.124.146.177 sport=3525
dport=80 src=206.124.146.177 dst=213.67.241.162 sport=80 dport=3525
[ASSURED] use=1
tcp      6 31 TIME_WAIT src=192.168.0.120 dst=206.124.146.177 sport=3528
dport=80 src=206.124.146.177 dst=213.67.241.162 sport=80 dport=3528
[ASSURED] use=1

Tom Eastep

2002-Jun-17 21:15 UTC

head link

[Shorewall-users] Isnt this DHCP?

On Mon, 17 Jun 2002, j2 wrote:
> DF PROTO=UDP SPT=67 DPT=68 LEN=333
> 
> #ZONE    INTERFACE      BROADCAST       OPTIONS
> net     eth0    detect  dhcp
> loc     eth2    detect  routestopped,dhcp
> locB    eth1    detect  routestopped,dhcp
> 
> I cant really figure this out?
> 
> and if needed, here is status output.
> 
PLEASE read the errata.

-Tom

Shorewall users - Jun 2002 - Isnt this DHCP?

[Shorewall-users] Isnt this DHCP?

[Shorewall-users] Isnt this DHCP?