Shorewall users - Mar 2003 - Squid

I''m attempting to setup Squid as shown on:

http://shorewall.sourceforge.net/Shorewall_Squid_Usage.html#DMZ

	The firewall is a Bering 1.0 firewall running Shorewall 1.3.11, Red Hat
7.2 on the server in the DMZ. I''m not seeing the requests come in to
the
server using tcpdump. The server is 192.168.2.1 connecting to eth2 on the
firewall, the local traffic I''m trying to proxy is in the
192.168.3.0/24
range connected to eth3.. The web browsers are loading pages fine, but not
getting routed through Squid.. Here''s the info from the firewall:

firewall: -root-
# ip addr show
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
2: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop 
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
3: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc htb qlen 100
    link/ether 00:60:08:3e:7f:d8 brd ff:ff:ff:ff:ff:ff
    inet 64.216.105.3/25 brd 64.216.105.127 scope global eth0
4: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc htb qlen 100
    link/ether 00:60:08:31:70:b9 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.254/24 brd 192.168.1.255 scope global eth1
5: eth2: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc htb qlen 100
    link/ether 00:60:08:3e:85:bd brd ff:ff:ff:ff:ff:ff
    inet 192.168.2.254/24 brd 192.168.2.255 scope global eth2
6: eth3: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc htb qlen 100
    link/ether 00:40:96:34:2a:b1 brd ff:ff:ff:ff:ff:ff
    inet 192.168.3.254/24 brd 192.168.3.255 scope global eth3

firewall: -root-
# ip route show
64.216.105.0/25 dev eth0  proto kernel  scope link  src 64.216.105.3 
192.168.3.0/24 dev eth3  proto kernel  scope link  src 192.168.3.254 
192.168.2.0/24 dev eth2  proto kernel  scope link  src 192.168.2.254 
192.168.1.0/24 dev eth1  proto kernel  scope link  src 192.168.1.254 
default via 64.216.105.1 dev eth0 

firewall: -root-
# cat /etc/iproute2/rt_tables
#
# reserved values
#
255	local
254	main
253	default
0	unspec
#
# local
#
1	inr.ruhep
202 www.out

firewall: -root-
# cat /etc/shorewall/init
if [ -z "`ip rule list | grep www.out`" ] ; then
	ip rule add fwmark 202 table www.out
	ip route add default via 192.168.2.1 dev eth2 table www.out
	ip route flush cache
fi

firewall: -root-
# cat /etc/shorewall/start
#
# dumping the rules for the weblet so it can run without root rights
#
chown sh-httpd.adm /var/sh-www/data
shorewall show >/var/sh-www/data/firewall
chown sh-httpd.adm /var/sh-www/data/firewall
shorewall show nat >/var/sh-www/data/masq
chown sh-httpd.adm /var/sh-www/data/masq

iptables -t mangle -A PREROUTING -i eth3 -p tcp --dport 80 -j MARK
--set-mark 202


Shorewall-1.3.11 Status at firewall - Fri Mar 28 11:17:23 UTC 2003

Counters reset Fri Mar 28 11:17:03 UTC 2003

Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source              
destination         
   32  2688 ACCEPT     ah   --  lo     *       0.0.0.0/0           
0.0.0.0/0          
   22  3068 eth0_in    ah   --  eth0   *       0.0.0.0/0           
0.0.0.0/0          
  105  8004 eth1_in    ah   --  eth1   *       0.0.0.0/0           
0.0.0.0/0          
    1   230 eth2_in    ah   --  eth2   *       0.0.0.0/0           
0.0.0.0/0          
    0     0 eth3_in    ah   --  eth3   *       0.0.0.0/0           
0.0.0.0/0          
    0     0 common     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          
    0     0 LOG        ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          LOG flags 0 level 6 prefix `Shorewall:INPUT:REJECT:''
    0     0 reject     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source              
destination         
  413 61925 eth0_fwd   ah   --  eth0   *       0.0.0.0/0           
0.0.0.0/0          
  237 12324 eth1_fwd   ah   --  eth1   *       0.0.0.0/0           
0.0.0.0/0          
  176 16908 eth2_fwd   ah   --  eth2   *       0.0.0.0/0           
0.0.0.0/0          
    0     0 eth3_fwd   ah   --  eth3   *       0.0.0.0/0           
0.0.0.0/0          
    0     0 common     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          
    0     0 LOG        ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          LOG flags 0 level 6 prefix
`Shorewall:FORWARD:REJECT:''
    0     0 reject     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source              
destination         
    0     0 ACCEPT     udp  --  *      eth0    0.0.0.0/0           
0.0.0.0/0          udp dpts:67:68 
    0     0 ACCEPT     udp  --  *      eth1    0.0.0.0/0           
0.0.0.0/0          udp dpts:67:68 
    0     0 ACCEPT     udp  --  *      eth2    0.0.0.0/0           
0.0.0.0/0          udp dpts:67:68 
    0     0 ACCEPT     udp  --  *      eth3    0.0.0.0/0           
0.0.0.0/0          udp dpts:67:68 
   32  2688 ACCEPT     ah   --  *      lo      0.0.0.0/0           
0.0.0.0/0          
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW,RELATED,ESTABLISHED 
    0     0 all2all    ah   --  *      eth0    0.0.0.0/0           
0.0.0.0/0          
   58  5768 all2all    ah   --  *      eth1    0.0.0.0/0           
0.0.0.0/0          
    1    40 fw2dmz     ah   --  *      eth2    0.0.0.0/0           
0.0.0.0/0          
    0     0 all2all    ah   --  *      eth3    0.0.0.0/0           
0.0.0.0/0          
    0     0 common     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          
    0     0 LOG        ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          LOG flags 0 level 6 prefix
`Shorewall:OUTPUT:REJECT:''
    0     0 reject     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain all2all (14 references)
 pkts bytes target     prot opt in     out     source              
destination         
   58  5768 ACCEPT     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          state RELATED,ESTABLISHED 
    0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp flags:!0x16/0x02 
    2   290 common     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          
    0     0 LOG        ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          LOG flags 0 level 6 prefix
`Shorewall:all2all:REJECT:''
    0     0 reject     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain blacklst (2 references)
 pkts bytes target     prot opt in     out     source              
destination         
    0     0 DROP       tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:1433 
    0     0 DROP       udp  --  *      *       0.0.0.0/0           
0.0.0.0/0          udp dpt:1433 
    0     0 DROP       tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:1434 
    0     0 DROP       udp  --  *      *       0.0.0.0/0           
0.0.0.0/0          udp dpt:1434 
    0     0 DROP       ah   --  *      *       65.89.168.0/24      
0.0.0.0/0          
    0     0 DROP       ah   --  *      *       207.6.0.0/16        
0.0.0.0/0          
    0     0 DROP       ah   --  *      *       199.95.206.0/23     
0.0.0.0/0          
    0     0 DROP       ah   --  *      *       199.95.208.0/23     
0.0.0.0/0          

Chain common (6 references)
 pkts bytes target     prot opt in     out     source              
destination         
    0     0 icmpdef    icmp --  *      *       0.0.0.0/0           
0.0.0.0/0          
    0     0 DROP       tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state INVALID 
   23  3298 REJECT     udp  --  *      *       0.0.0.0/0           
0.0.0.0/0          udp dpts:137:139 reject-with icmp-port-unreachable 
    0     0 REJECT     udp  --  *      *       0.0.0.0/0           
0.0.0.0/0          udp dpt:445 reject-with icmp-port-unreachable 
    0     0 reject     tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:135 
    0     0 DROP       udp  --  *      *       0.0.0.0/0           
0.0.0.0/0          udp dpt:1900 
    0     0 DROP       ah   --  *      *       0.0.0.0/0           
255.255.255.255    
    0     0 DROP       ah   --  *      *       0.0.0.0/0           
224.0.0.0/4        
    1    60 reject     tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:113 
    0     0 DROP       udp  --  *      *       0.0.0.0/0           
0.0.0.0/0          udp spt:53 state NEW 
    0     0 DROP       ah   --  *      *       0.0.0.0/0           
64.216.105.127     
    0     0 DROP       ah   --  *      *       0.0.0.0/0           
192.168.1.255      
    0     0 DROP       ah   --  *      *       0.0.0.0/0           
192.168.2.255      
    0     0 DROP       ah   --  *      *       0.0.0.0/0           
192.168.3.255      

Chain dmz2fw (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
    0     0 ACCEPT     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          state RELATED,ESTABLISHED 
    0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp flags:!0x16/0x02 
    0     0 ACCEPT     udp  --  *      *       192.168.2.1         
0.0.0.0/0          state NEW udp dpt:123 
    1   230 all2all    ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain dmz2kids (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
    0     0 ACCEPT     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          state RELATED,ESTABLISHED 
    0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp flags:!0x16/0x02 
    0     0 ACCEPT     udp  --  *      *       192.168.2.1         
0.0.0.0/0          state NEW udp dpt:123 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp spt:20 
    0     0 all2all    ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain dmz2loc (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
    0     0 ACCEPT     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          state RELATED,ESTABLISHED 
    0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp flags:!0x16/0x02 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW udp dpts:137:139 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp dpts:137:139 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp dpt:445 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW udp dpts:1024:65535 
    0     0 ACCEPT     udp  --  *      *       192.168.2.1         
0.0.0.0/0          state NEW udp dpt:123 
    0     0 ACCEPT     tcp  --  *      *       192.168.2.1         
192.168.1.1        state NEW tcp dpt:22 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp spt:20 
    0     0 all2all    ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain dmz2net (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
  140 14286 ACCEPT     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          state RELATED,ESTABLISHED 
    0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp flags:!0x16/0x02 
   29  2274 ACCEPT     udp  --  *      *       192.168.2.1         
0.0.0.0/0          state NEW udp dpt:53 
    0     0 ACCEPT     tcp  --  *      *       192.168.2.1         
0.0.0.0/0          state NEW tcp dpt:53 
    0     0 ACCEPT     udp  --  *      *       192.168.2.1         
0.0.0.0/0          state NEW udp spt:53 
    0     0 ACCEPT     tcp  --  *      *       192.168.2.1         
0.0.0.0/0          state NEW tcp spt:53 
    0     0 ACCEPT     tcp  --  *      *       192.168.2.1         
0.0.0.0/0          state NEW tcp dpt:25 
    0     0 ACCEPT     tcp  --  *      *       192.168.2.1         
0.0.0.0/0          state NEW tcp spt:20 
    0     0 ACCEPT     ah   --  *      *       192.168.2.100       
0.0.0.0/0          state NEW 
    0     0 ACCEPT     tcp  --  *      *       192.168.2.1         
0.0.0.0/0          state NEW tcp dpt:80 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp dpt:80 
    0     0 ACCEPT     udp  --  *      *       192.168.2.1         
151.164.172.245    state NEW udp dpt:123 
    0     0 ACCEPT     udp  --  *      *       192.168.2.1         
199.240.130.1      state NEW udp dpt:123 
    0     0 ACCEPT     tcp  --  *      *       192.168.2.2         
132.163.135.130    state NEW tcp dpt:13 
    0     0 ACCEPT     tcp  --  *      *       192.168.2.1         
213.220.100.1      state NEW tcp dpt:20 
    0     0 ACCEPT     tcp  --  *      *       192.168.2.1         
213.220.100.1      state NEW tcp dpt:21 
    0     0 ACCEPT     tcp  --  *      *       192.168.2.1         
213.220.100.2      state NEW tcp dpt:20 
    0     0 ACCEPT     tcp  --  *      *       192.168.2.1         
213.220.100.2      state NEW tcp dpt:21 
    0     0 ACCEPT     tcp  --  *      *       192.168.2.1         
213.220.100.3      state NEW tcp dpt:20 
    0     0 ACCEPT     tcp  --  *      *       192.168.2.1         
213.220.100.3      state NEW tcp dpt:21 
    6   288 ACCEPT     tcp  --  *      *       0.0.0.0/0           
208.191.32.28      state NEW tcp dpt:2064 
    1    60 all2all    ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain dynamic (8 references)
 pkts bytes target     prot opt in     out     source              
destination         

Chain eth0_fwd (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
  413 61925 dynamic    ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          
  413 61925 rfc1918    ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          
  413 61925 blacklst   ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          
  259 38487 net2loc    ah   --  *      eth1    0.0.0.0/0           
0.0.0.0/0          
  154 23438 net2dmz    ah   --  *      eth2    0.0.0.0/0           
0.0.0.0/0          
    0     0 net2all    ah   --  *      eth3    0.0.0.0/0           
0.0.0.0/0          

Chain eth0_in (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
   22  3068 dynamic    ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0           
0.0.0.0/0          udp dpts:67:68 
   22  3068 rfc1918    ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          
   22  3068 blacklst   ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          
   22  3068 net2fw     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain eth1_fwd (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
  237 12324 dynamic    ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          
  237 12324 loc2net    ah   --  *      eth0    0.0.0.0/0           
0.0.0.0/0          
    0     0 loc2dmz    ah   --  *      eth2    0.0.0.0/0           
0.0.0.0/0          
    0     0 loc2kids   ah   --  *      eth3    0.0.0.0/0           
0.0.0.0/0          

Chain eth1_in (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
  105  8004 dynamic    ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0           
0.0.0.0/0          udp dpts:67:68 
  105  8004 loc2fw     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain eth2_fwd (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
  176 16908 dynamic    ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          
  176 16908 dmz2net    ah   --  *      eth0    0.0.0.0/0           
0.0.0.0/0          
    0     0 dmz2loc    ah   --  *      eth1    0.0.0.0/0           
0.0.0.0/0          
    0     0 dmz2kids   ah   --  *      eth3    0.0.0.0/0           
0.0.0.0/0          

Chain eth2_in (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
    1   230 dynamic    ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0           
0.0.0.0/0          udp dpts:67:68 
    1   230 dmz2fw     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain eth3_fwd (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
    0     0 dynamic    ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          
    0     0 eth3_mac   ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW 
    0     0 kids2net   ah   --  *      eth0    0.0.0.0/0           
0.0.0.0/0          
    0     0 kids2loc   ah   --  *      eth1    0.0.0.0/0           
0.0.0.0/0          
    0     0 kids2dmz   ah   --  *      eth2    0.0.0.0/0           
0.0.0.0/0          

Chain eth3_in (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
    0     0 dynamic    ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0           
0.0.0.0/0          udp dpts:67:68 
    0     0 eth3_mac   ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW 
    0     0 all2all    ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain eth3_mac (2 references)
 pkts bytes target     prot opt in     out     source              
destination         
    0     0 RETURN     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          MAC 00:40:96:33:A7:9E 
    0     0 RETURN     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          MAC 00:60:1D:23:7E:B2 
    0     0 RETURN     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          MAC 00:02:2D:31:9C:69 
    0     0 RETURN     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          MAC 00:02:2D:02:67:25 
    0     0 RETURN     ah   --  *      *       192.168.3.254       
192.168.3.255      
    0     0 RETURN     ah   --  *      *       192.168.3.254       
255.255.255.255    
    0     0 RETURN     ah   --  *      *       192.168.3.254       
224.0.0.0/4        
    0     0 LOG        ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          LOG flags 0 level 6 prefix
`Shorewall:eth3_mac:REJECT:''

    0     0 reject     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain fw2dmz (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
    1    40 ACCEPT     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          state RELATED,ESTABLISHED 
    0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp flags:!0x16/0x02 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW udp dpt:53 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW tcp dpt:53 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW udp dpt:123 
    0     0 all2all    ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain icmpdef (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0           
0.0.0.0/0          icmp type 8 

Chain kids2dmz (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
    0     0 ACCEPT     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          state RELATED,ESTABLISHED 
    0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp flags:!0x16/0x02 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
192.168.2.2        state NEW tcp dpt:23 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW udp dpt:53 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW tcp dpt:53 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW tcp dpt:25 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW tcp dpt:110 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW tcp dpt:80 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW udp dpt:123 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp dpt:21 
    0     0 all2all    ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain kids2loc (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
    0     0 ACCEPT     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          state RELATED,ESTABLISHED 
    0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp flags:!0x16/0x02 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW udp dpts:137:139 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp dpts:137:139 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp dpt:445 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW udp dpts:1024:65535 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp dpt:515 
    0     0 all2all    ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain kids2net (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
    0     0 ACCEPT     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          state RELATED,ESTABLISHED 
    0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp flags:!0x16/0x02 
    0     0 ACCEPT     ah   --  *      *       192.168.3.1         
0.0.0.0/0          state NEW 
    0     0 ACCEPT     ah   --  *      *       192.168.3.128/27    
0.0.0.0/0          state NEW 
    0     0 common     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          
    0     0 reject     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain loc2dmz (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
    0     0 ACCEPT     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          state RELATED,ESTABLISHED 
    0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp flags:!0x16/0x02 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
192.168.2.2        state NEW tcp dpt:23 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW udp dpt:53 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW tcp dpt:53 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW udp dpts:137:139 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp dpts:137:139 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp dpt:445 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW udp dpts:1024:65535 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW tcp dpt:25 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW tcp dpt:110 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW tcp dpt:80 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW udp dpt:123 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp dpt:22 
    0     0 ACCEPT     tcp  --  *      *       192.168.1.1         
192.168.2.1        state NEW tcp dpt:10000 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp dpt:21 
    0     0 all2all    ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain loc2fw (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
  105  8004 ACCEPT     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          state RELATED,ESTABLISHED 
    0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp flags:!0x16/0x02 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp dpt:22 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp dpt:80 
    0     0 all2all    ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain loc2kids (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
    0     0 ACCEPT     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          state RELATED,ESTABLISHED 
    0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp flags:!0x16/0x02 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW udp dpts:137:139 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp dpts:137:139 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp dpt:445 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW udp dpts:1024:65535 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp dpt:22 
    0     0 all2all    ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain loc2net (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
  237 12324 ACCEPT     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          state RELATED,ESTABLISHED 
    0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp flags:!0x16/0x02 
    0     0 ACCEPT     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain logdrop (25 references)
 pkts bytes target     prot opt in     out     source              
destination         
    0     0 LOG        ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          LOG flags 0 level 6 prefix `Shorewall:rfc1918:DROP:''
    0     0 DROP       ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain net2all (4 references)
 pkts bytes target     prot opt in     out     source              
destination         
    0     0 ACCEPT     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          state RELATED,ESTABLISHED 
    0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp flags:!0x16/0x02 
   22  3068 common     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          
    0     0 LOG        ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          LOG flags 0 level 6 prefix `Shorewall:net2all:DROP:''
    0     0 DROP       ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain net2dmz (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
  150 23163 ACCEPT     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          state RELATED,ESTABLISHED 
    0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp flags:!0x16/0x02 
    3   215 ACCEPT     udp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW udp dpt:53 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW tcp dpt:53 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW tcp dpt:21 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW tcp dpt:22 
    1    60 ACCEPT     tcp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW tcp dpt:25 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW tcp dpt:110 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW udp dpt:110 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW tcp dpt:143 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW tcp dpt:80 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW tcp dpt:443 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
192.168.2.2        state NEW tcp dpt:23 
    0     0 net2all    ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain net2fw (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
    0     0 ACCEPT     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          state RELATED,ESTABLISHED 
    0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp flags:!0x16/0x02 
    0     0 DROP       tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp dpt:1433 
   22  3068 net2all    ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain net2loc (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
  259 38487 ACCEPT     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          state RELATED,ESTABLISHED 
    0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp flags:!0x16/0x02 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
192.168.1.1        state NEW tcp dpt:6346 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0           
192.168.1.1        state NEW udp dpt:6346 
    0     0 net2all    ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain newnotsyn (17 references)
 pkts bytes target     prot opt in     out     source              
destination         
    0     0 DROP       ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain reject (8 references)
 pkts bytes target     prot opt in     out     source              
destination         
    1    60 REJECT     tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          reject-with tcp-reset 
    0     0 REJECT     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          reject-with icmp-port-unreachable 

Chain rfc1918 (2 references)
 pkts bytes target     prot opt in     out     source              
destination         
    0     0 RETURN     ah   --  *      *       255.255.255.255     
0.0.0.0/0          
    0     0 DROP       ah   --  *      *       169.254.0.0/16      
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       172.16.0.0/12       
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       192.0.2.0/24        
0.0.0.0/0          
    0     0 DROP       ah   --  *      *       192.168.0.0/16      
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       0.0.0.0/7           
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       2.0.0.0/8           
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       5.0.0.0/8           
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       7.0.0.0/8           
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       23.0.0.0/8          
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       27.0.0.0/8          
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       31.0.0.0/8          
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       36.0.0.0/7          
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       39.0.0.0/8          
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       41.0.0.0/8          
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       42.0.0.0/8          
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       58.0.0.0/7          
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       60.0.0.0/8          
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       70.0.0.0/7          
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       72.0.0.0/5          
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       82.0.0.0/7          
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       84.0.0.0/6          
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       88.0.0.0/5          
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       96.0.0.0/3          
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       127.0.0.0/8         
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       197.0.0.0/8         
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       222.0.0.0/7         
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       240.0.0.0/4         
0.0.0.0/0          

Chain shorewall (0 references)
 pkts bytes target     prot opt in     out     source              
destination         

Mar 28 08:27:00 all2all:REJECT:IN=eth2 OUT=eth0 SRC=192.168.2.2
DST=65.112.245.232 LEN=48 TOS=0x00 PREC=0x00 TTL=63 ID=11323 DF PROTO=TCP
SPT=50899 DPT=2064 WINDOW=32768 RES=0x00 SYN URGP=0  
Mar 28 08:27:04 all2all:REJECT:IN=eth2 OUT=eth0 SRC=192.168.2.2
DST=128.104.18.148 LEN=48 TOS=0x00 PREC=0x00 TTL=63 ID=11324 DF PROTO=TCP
SPT=50900 DPT=2064 WINDOW=32768 RES=0x00 SYN URGP=0  
Mar 28 08:27:08 all2all:REJECT:IN=eth2 OUT=eth0 SRC=192.168.2.2
DST=204.152.186.139 LEN=48 TOS=0x00 PREC=0x00 TTL=63 ID=11325 DF PROTO=TCP
SPT=50901 DPT=2064 WINDOW=32768 RES=0x00 SYN URGP=0  
Mar 28 08:27:11 all2all:REJECT:IN=eth2 OUT=eth0 SRC=192.168.2.2
DST=64.49.222.254 LEN=48 TOS=0x00 PREC=0x00 TTL=63 ID=11332 DF PROTO=TCP
SPT=50903 DPT=2064 WINDOW=32768 RES=0x00 SYN URGP=0  
Mar 28 08:27:15 all2all:REJECT:IN=eth2 OUT=eth0 SRC=192.168.2.2
DST=65.112.245.232 LEN=48 TOS=0x00 PREC=0x00 TTL=63 ID=11333 DF PROTO=TCP
SPT=50904 DPT=2064 WINDOW=32768 RES=0x00 SYN URGP=0  
Mar 28 08:27:19 all2all:REJECT:IN=eth2 OUT=eth0 SRC=192.168.2.2
DST=128.104.18.148 LEN=48 TOS=0x00 PREC=0x00 TTL=63 ID=11334 DF PROTO=TCP
SPT=50905 DPT=2064 WINDOW=32768 RES=0x00 SYN URGP=0  
Mar 28 08:27:23 all2all:REJECT:IN=eth2 OUT=eth0 SRC=192.168.2.2
DST=204.152.186.139 LEN=48 TOS=0x00 PREC=0x00 TTL=63 ID=11335 DF PROTO=TCP
SPT=50906 DPT=2064 WINDOW=32768 RES=0x00 SYN URGP=0  
Mar 28 08:27:27 all2all:REJECT:IN=eth2 OUT=eth0 SRC=192.168.2.2
DST=64.49.222.254 LEN=48 TOS=0x00 PREC=0x00 TTL=63 ID=11341 DF PROTO=TCP
SPT=50908 DPT=2064 WINDOW=32768 RES=0x00 SYN URGP=0  
Mar 28 08:27:31 all2all:REJECT:IN=eth2 OUT=eth0 SRC=192.168.2.2
DST=65.112.245.232 LEN=48 TOS=0x00 PREC=0x00 TTL=63 ID=11343 DF PROTO=TCP
SPT=50909 DPT=2064 WINDOW=32768 RES=0x00 SYN URGP=0  
Mar 28 08:27:35 all2all:REJECT:IN=eth2 OUT=eth0 SRC=192.168.2.2
DST=128.104.18.148 LEN=48 TOS=0x00 PREC=0x00 TTL=63 ID=11344 DF PROTO=TCP
SPT=50910 DPT=2064 WINDOW=32768 RES=0x00 SYN URGP=0  
Mar 28 08:27:39 all2all:REJECT:IN=eth2 OUT=eth0 SRC=192.168.2.2
DST=204.152.186.139 LEN=48 TOS=0x00 PREC=0x00 TTL=63 ID=11345 DF PROTO=TCP
SPT=50911 DPT=2064 WINDOW=32768 RES=0x00 SYN URGP=0  
Mar 28 09:32:08 net2all:DROP:IN=eth0 OUT= SRC=220.99.186.61
DST=64.216.105.3 LEN=52 TOS=0x00 PREC=0x00 TTL=107 ID=29086 DF PROTO=TCP
SPT=3745 DPT=445 WINDOW=63568 RES=0x00 SYN URGP=0  
Mar 28 09:32:11 net2all:DROP:IN=eth0 OUT= SRC=220.99.186.61
DST=64.216.105.3 LEN=52 TOS=0x00 PREC=0x00 TTL=107 ID=30129 DF PROTO=TCP
SPT=3745 DPT=445 WINDOW=63568 RES=0x00 SYN URGP=0  
Mar 28 09:32:17 net2all:DROP:IN=eth0 OUT= SRC=220.99.186.61
DST=64.216.105.3 LEN=52 TOS=0x00 PREC=0x00 TTL=107 ID=31854 DF PROTO=TCP
SPT=3745 DPT=445 WINDOW=63568 RES=0x00 SYN URGP=0  
Mar 28 09:58:58 all2all:REJECT:IN=eth1 OUT=eth2 SRC=192.168.1.1
DST=192.168.2.1 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=52384 DF PROTO=TCP
SPT=35746 DPT=3128 WINDOW=5840 RES=0x00 SYN URGP=0  
Mar 28 09:59:05 all2all:REJECT:IN=eth1 OUT=eth2 SRC=192.168.1.1
DST=192.168.2.1 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=24219 DF PROTO=TCP
SPT=35747 DPT=3128 WINDOW=5840 RES=0x00 SYN URGP=0  
Mar 28 09:59:10 all2all:REJECT:IN=eth1 OUT=eth2 SRC=192.168.1.1
DST=192.168.2.1 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=35798 DF PROTO=TCP
SPT=35748 DPT=3128 WINDOW=5840 RES=0x00 SYN URGP=0  
Mar 28 10:32:11 net2all:DROP:IN=eth0 OUT= SRC=211.254.168.105
DST=64.216.105.3 LEN=48 TOS=0x00 PREC=0x00 TTL=101 ID=55847 DF PROTO=TCP
SPT=4211 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0  
Mar 28 10:32:14 net2all:DROP:IN=eth0 OUT= SRC=211.254.168.105
DST=64.216.105.3 LEN=48 TOS=0x00 PREC=0x00 TTL=101 ID=55937 DF PROTO=TCP
SPT=4211 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0  
Mar 28 10:32:21 net2all:DROP:IN=eth0 OUT= SRC=211.254.168.105
DST=64.216.105.3 LEN=48 TOS=0x00 PREC=0x00 TTL=101 ID=56360 DF PROTO=TCP
SPT=4211 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0  

Chain PREROUTING (policy ACCEPT 50 packets, 5224 bytes)
 pkts bytes target     prot opt in     out     source              
destination         
   26  3343 net_dnat   ah   --  eth0   *       0.0.0.0/0           
0.0.0.0/0          

Chain POSTROUTING (policy ACCEPT 5 packets, 315 bytes)
 pkts bytes target     prot opt in     out     source              
destination         
   26  1866 eth0_masq  ah   --  *      eth0    0.0.0.0/0           
0.0.0.0/0          

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source              
destination         

Chain eth0_masq (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
    0     0 MASQUERADE  ah   --  *      *       192.168.1.0/24      
0.0.0.0/0          
   26  1866 MASQUERADE  ah   --  *      *       192.168.2.0/24      
0.0.0.0/0          
    0     0 MASQUERADE  ah   --  *      *       192.168.3.0/24      
0.0.0.0/0          

Chain net_dnat (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
    3   215 DNAT       udp  --  *      *       0.0.0.0/0           
64.216.105.3       udp dpt:53 to:192.168.2.1 
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0           
64.216.105.3       tcp dpt:53 to:192.168.2.1 
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:21 to:192.168.2.1 
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:22 to:192.168.2.1 
    1    60 DNAT       tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:25 to:192.168.2.1 
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:110 to:192.168.2.1 
    0     0 DNAT       udp  --  *      *       0.0.0.0/0           
0.0.0.0/0          udp dpt:110 to:192.168.2.1 
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:143 to:192.168.2.1 
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:80 to:192.168.2.1 
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:443 to:192.168.2.1 
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:23 to:192.168.2.2 
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:6346 to:192.168.1.1 
    0     0 DNAT       udp  --  *      *       0.0.0.0/0           
0.0.0.0/0          udp dpt:6346 to:192.168.1.1 

Chain PREROUTING (policy ACCEPT 992 packets, 106K bytes)
 pkts bytes target     prot opt in     out     source              
destination         
  437 65376 man1918    ah   --  eth0   *       0.0.0.0/0           
0.0.0.0/0          
  992  106K pretos     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          
  992  106K tcpre      ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          
    0     0 MARK       tcp  --  eth3   *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:80 MARK set 0xca 
    0     0 MARK       tcp  --  eth3   *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:80 MARK set 0xca 

Chain INPUT (policy ACCEPT 160 packets, 13990 bytes)
 pkts bytes target     prot opt in     out     source              
destination         

Chain FORWARD (policy ACCEPT 832 packets, 91748 bytes)
 pkts bytes target     prot opt in     out     source              
destination         

Chain OUTPUT (policy ACCEPT 91 packets, 8496 bytes)
 pkts bytes target     prot opt in     out     source              
destination         
   91  8496 outtos     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          
   91  8496 tcout      ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain POSTROUTING (policy ACCEPT 922 packets, 100K bytes)
 pkts bytes target     prot opt in     out     source              
destination         

Chain logdrop (25 references)
 pkts bytes target     prot opt in     out     source              
destination         
    0     0 LOG        ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          LOG flags 0 level 6 prefix `Shorewall:man1918:DROP:''
    0     0 DROP       ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain man1918 (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
    0     0 RETURN     ah   --  *      *       0.0.0.0/0           
255.255.255.255    
    0     0 DROP       ah   --  *      *       0.0.0.0/0           
169.254.0.0/16     
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
172.16.0.0/12      
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
192.0.2.0/24       
    0     0 DROP       ah   --  *      *       0.0.0.0/0           
192.168.0.0/16     
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
0.0.0.0/7          
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
2.0.0.0/8          
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
5.0.0.0/8          
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
7.0.0.0/8          
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
23.0.0.0/8         
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
27.0.0.0/8         
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
31.0.0.0/8         
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
36.0.0.0/7         
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
39.0.0.0/8         
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
41.0.0.0/8         
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
42.0.0.0/8         
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
58.0.0.0/7         
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
60.0.0.0/8         
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
70.0.0.0/7         
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
72.0.0.0/5         
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
82.0.0.0/7         
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
84.0.0.0/6         
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
88.0.0.0/5         
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
96.0.0.0/3         
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
127.0.0.0/8        
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
197.0.0.0/8        
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
222.0.0.0/7        
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
240.0.0.0/4        

Chain outtos (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
   16  1120 TOS        udp  --  *      *       0.0.0.0/0           
0.0.0.0/0          TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp spt:53 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:53 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp spt:953 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:953 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:22 TOS set 0x10 
   58  5768 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp spt:22 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp spt:23 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:23 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:21 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp spt:21 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:80 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp spt:80 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp spt:20 TOS set 0x08 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:20 TOS set 0x08 

Chain pretos (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
  215 24405 TOS        udp  --  *      *       0.0.0.0/0           
0.0.0.0/0          TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp spt:53 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:53 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp spt:953 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:953 TOS set 0x10 
  105  8004 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:22 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp spt:22 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp spt:23 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:23 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:21 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp spt:21 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:80 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp spt:80 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp spt:20 TOS set 0x08 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:20 TOS set 0x08 

Chain tcout (1 references)
 pkts bytes target     prot opt in     out     source              
destination         

Chain tcpre (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
    0     0 MARK       ah   --  eth0   *       0.0.0.0/0           
192.168.1.0/24     MARK set 0x1 
    0     0 MARK       ah   --  eth0   *       0.0.0.0/0           
192.168.2.0/24     MARK set 0x2 
    0     0 MARK       ah   --  eth0   *       0.0.0.0/0           
192.168.3.0/24     MARK set 0x3 
  346 20536 MARK       ah   --  eth1   *       0.0.0.0/0           
0.0.0.0/0          MARK set 0xe 
    0     0 MARK       ah   --  eth1   *       0.0.0.0/0           
64.216.105.0/25    MARK set 0xb 
    0     0 MARK       ah   --  eth1   *       0.0.0.0/0           
208.191.32.0/24    MARK set 0xb 
    0     0 MARK       ah   --  eth1   *       0.0.0.0/0           
192.168.2.0/24     MARK set 0xc 
    0     0 MARK       ah   --  eth1   *       0.0.0.0/0           
192.168.3.0/24     MARK set 0xd 
  177 17138 MARK       ah   --  eth2   *       0.0.0.0/0           
0.0.0.0/0          MARK set 0x17 
    0     0 MARK       ah   --  eth2   *       0.0.0.0/0           
192.168.1.0/24     MARK set 0x15 
    0     0 MARK       ah   --  eth2   *       0.0.0.0/0           
192.168.3.0/24     MARK set 0x16 
    0     0 MARK       ah   --  eth3   *       0.0.0.0/0           
0.0.0.0/0          MARK set 0x21 
    0     0 MARK       ah   --  eth3   *       0.0.0.0/0           
192.168.1.0/24     MARK set 0x1f 
    0     0 MARK       ah   --  eth3   *       0.0.0.0/0           
192.168.2.0/24     MARK set 0x20 

tcp      6 431645 ESTABLISHED src=192.168.1.1 dst=192.168.2.1 sport=32768
dport=139 src=192.168.2.1 dst=192.168.1.1 sport=139 dport=32768 [ASSURED]
use=1 
udp      17 143 src=192.168.2.1 dst=194.109.6.152 sport=34412 dport=53
src=194.109.6.152 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 4 src=192.168.2.1 dst=194.109.6.153 sport=34412 dport=53
src=194.109.6.153 dst=64.216.105.3 sport=53 dport=34412 use=1 
udp      17 170 src=192.168.2.1 dst=194.109.6.154 sport=34412 dport=53
src=194.109.6.154 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
tcp      6 92 TIME_WAIT src=192.168.1.1 dst=192.168.2.1 sport=35853
dport=110 src=192.168.2.1 dst=192.168.1.1 sport=110 dport=35853 [ASSURED]
use=1 
udp      17 1 src=192.168.1.1 dst=192.168.2.1 sport=32787 dport=53
src=192.168.2.1 dst=192.168.1.1 sport=53 dport=32787 use=1 
tcp      6 431762 ESTABLISHED src=192.168.1.1 dst=208.191.32.28
sport=32771 dport=22 src=208.191.32.28 dst=64.216.105.3 sport=22
dport=32771 [ASSURED] use=1 
udp      17 155 src=192.168.2.1 dst=217.71.96.182 sport=34412 dport=53
src=217.71.96.182 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
tcp      6 18 TIME_WAIT src=24.203.99.164 dst=64.216.105.3 sport=3460
dport=25 src=192.168.2.1 dst=24.203.99.164 sport=25 dport=3460 [ASSURED]
use=1 
udp      17 150 src=192.168.2.1 dst=212.204.207.192 sport=34412 dport=53
src=212.204.207.192 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 172 src=192.168.2.1 dst=193.0.0.193 sport=34412 dport=53
src=193.0.0.193 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 81 src=192.168.2.1 dst=204.152.186.195 sport=34412 dport=53
src=204.152.186.195 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
tcp      6 29316 ESTABLISHED src=192.168.1.1 dst=208.191.32.28 sport=32794
dport=22 src=208.191.32.28 dst=64.216.105.3 sport=22 dport=32794 [ASSURED]
use=1 
udp      17 178 src=192.168.2.1 dst=202.42.194.205 sport=34412 dport=53
src=202.42.194.205 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 176 src=192.168.2.1 dst=202.42.194.208 sport=34412 dport=53
src=202.42.194.208 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 178 src=192.168.2.1 dst=202.42.194.214 sport=34412 dport=53
src=202.42.194.214 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 19 src=192.168.2.1 dst=193.109.122.215 sport=34412 dport=53
src=193.109.122.215 dst=64.216.105.3 sport=53 dport=34412 use=1 
udp      17 29 src=208.191.32.6 dst=64.216.105.3 sport=3395 dport=53
src=192.168.2.1 dst=208.191.32.6 sport=53 dport=3395 use=1 
udp      17 23 src=192.168.2.1 dst=195.13.10.226 sport=34412 dport=53
[UNREPLIED] src=195.13.10.226 dst=64.216.105.3 sport=53 dport=34412 use=1 
udp      17 4 src=192.168.2.1 dst=167.216.193.232 sport=34412 dport=53
src=167.216.193.232 dst=64.216.105.3 sport=53 dport=34412 use=1 
udp      17 153 src=192.168.2.1 dst=193.242.87.236 sport=34412 dport=53
src=193.242.87.236 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 161 src=194.247.47.47 dst=64.216.105.3 sport=32808 dport=53
src=192.168.2.1 dst=194.247.47.47 sport=53 dport=32808 [ASSURED] use=1 
udp      17 167 src=192.168.2.1 dst=205.231.29.242 sport=34412 dport=53
src=205.231.29.242 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 169 src=192.168.2.1 dst=205.231.29.244 sport=34412 dport=53
src=205.231.29.244 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 169 src=192.168.2.1 dst=205.231.29.245 sport=34412 dport=53
src=205.231.29.245 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 22 src=192.168.2.1 dst=208.191.32.1 sport=34412 dport=53
src=208.191.32.1 dst=64.216.105.3 sport=53 dport=34412 use=1 
udp      17 149 src=192.168.2.1 dst=193.193.190.1 sport=34412 dport=53
src=193.193.190.1 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 2 src=192.168.2.1 dst=128.194.178.1 sport=34412 dport=53
src=128.194.178.1 dst=64.216.105.3 sport=53 dport=34412 use=1 
udp      17 3 src=192.168.2.1 dst=62.250.2.2 sport=34412 dport=53
src=62.250.2.2 dst=64.216.105.3 sport=53 dport=34412 use=1 
udp      17 156 src=192.168.2.1 dst=81.17.33.2 sport=34412 dport=53
src=81.17.33.2 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 163 src=192.168.2.1 dst=192.169.33.3 sport=34412 dport=53
src=192.169.33.3 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 5 src=192.168.2.1 dst=140.142.5.5 sport=34412 dport=53
src=140.142.5.5 dst=64.216.105.3 sport=53 dport=34412 use=1 
udp      17 143 src=192.168.2.1 dst=128.194.254.5 sport=34412 dport=53
src=128.194.254.5 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 168 src=192.168.2.1 dst=165.21.83.11 sport=34412 dport=53
src=165.21.83.11 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 173 src=192.168.2.1 dst=195.13.1.13 sport=34412 dport=53
src=195.13.1.13 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 171 src=192.168.2.1 dst=198.6.1.19 sport=34412 dport=53
src=198.6.1.19 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 79 src=192.168.2.1 dst=132.216.44.21 sport=34412 dport=53
src=132.216.44.21 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 24 src=192.168.2.1 dst=216.201.96.33 sport=34412 dport=53
src=216.201.96.33 dst=64.216.105.3 sport=53 dport=34412 use=1 
udp      17 174 src=192.168.2.1 dst=216.201.96.34 sport=34412 dport=53
src=216.201.96.34 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 3 src=64.216.105.9 dst=64.216.105.3 sport=137 dport=53
src=192.168.2.1 dst=64.216.105.9 sport=53 dport=137 use=1 
tcp      6 34082 ESTABLISHED src=213.202.160.10 dst=64.216.105.3
sport=3980 dport=25 src=192.168.2.1 dst=213.202.160.10 sport=25 dport=3980
[ASSURED] use=1 
tcp      6 34074 ESTABLISHED src=213.202.160.10 dst=64.216.105.3
sport=3981 dport=25 src=192.168.2.1 dst=213.202.160.10 sport=25 dport=3981
[ASSURED] use=1 
tcp      6 34081 ESTABLISHED src=213.202.160.10 dst=64.216.105.3
sport=3983 dport=25 src=192.168.2.1 dst=213.202.160.10 sport=25 dport=3983
[ASSURED] use=1 
udp      17 4 src=192.168.2.1 dst=134.100.9.61 sport=34412 dport=53
src=134.100.9.61 dst=64.216.105.3 sport=53 dport=34412 use=1 
udp      17 171 src=192.168.2.1 dst=198.6.1.65 sport=34412 dport=53
src=198.6.1.65 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 165 src=192.168.2.1 dst=207.228.46.66 sport=34412 dport=53
src=207.228.46.66 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 26 src=192.168.2.1 dst=207.155.183.73 sport=34412 dport=53
src=207.155.183.73 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 153 src=192.168.2.1 dst=198.6.1.82 sport=34412 dport=53
src=198.6.1.82 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 168 src=192.168.2.1 dst=157.22.13.82 sport=34412 dport=53
src=157.22.13.82 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 172 src=192.168.2.1 dst=198.6.1.83 sport=34412 dport=53
src=198.6.1.83 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 5 src=192.168.2.1 dst=216.199.0.101 sport=34412 dport=53
src=216.199.0.101 dst=64.216.105.3 sport=53 dport=34412 use=1 
udp      17 155 src=192.168.2.1 dst=128.101.101.101 sport=34412 dport=53
src=128.101.101.101 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 150 src=192.168.2.1 dst=216.199.0.102 sport=34412 dport=53
src=216.199.0.102 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
tcp      6 120054 ESTABLISHED src=192.168.3.1 dst=205.188.248.56
sport=34715 dport=80 src=205.188.248.56 dst=64.216.105.3 sport=80
dport=34715 [ASSURED] use=1 
udp      17 162 src=165.21.83.91 dst=64.216.105.3 sport=40321 dport=53
src=192.168.2.1 dst=165.21.83.91 sport=53 dport=40321 [ASSURED] use=1 
tcp      6 431999 ESTABLISHED src=192.168.1.1 dst=192.168.1.254
sport=34788 dport=22 src=192.168.1.254 dst=192.168.1.1 sport=22
dport=34788 [ASSURED] use=1 
udp      17 162 src=192.168.2.1 dst=194.247.40.126 sport=34412 dport=53
src=194.247.40.126 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
tcp      6 431999 ESTABLISHED src=192.168.1.1 dst=134.173.254.38
sport=35267 dport=10151 src=134.173.254.38 dst=64.216.105.3 sport=10151
dport=35267 [ASSURED] use=1 
udp      17 78 src=192.168.2.1 dst=206.191.0.140 sport=34412 dport=53
src=206.191.0.140 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 164 src=192.168.2.1 dst=194.255.24.145 sport=34412 dport=53
src=194.255.24.145 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 36 src=151.164.70.201 dst=64.216.105.3 sport=53 dport=53
src=192.168.2.1 dst=151.164.70.201 sport=53 dport=53 [ASSURED] use=1 
tcp      6 431863 ESTABLISHED src=192.168.3.1 dst=192.168.1.1 sport=32768
dport=139 src=192.168.1.1 dst=192.168.3.1 sport=139 dport=32768 [ASSURED]
use=1 
udp      17 27 src=64.216.105.3 dst=64.216.105.3 sport=1024 dport=53
[UNREPLIED] src=64.216.105.3 dst=64.216.105.3 sport=53 dport=1024 use=1 
tcp      6 22 TIME_WAIT src=192.168.2.2 dst=208.191.32.28 sport=52751
dport=2064 src=208.191.32.28 dst=64.216.105.3 sport=2064 dport=52751
[ASSURED] use=1 
tcp      6 23 TIME_WAIT src=192.168.2.2 dst=208.191.32.28 sport=52752
dport=2064 src=208.191.32.28 dst=64.216.105.3 sport=2064 dport=52752
[ASSURED] use=1 
tcp      6 24 TIME_WAIT src=192.168.2.2 dst=208.191.32.28 sport=52753
dport=2064 src=208.191.32.28 dst=64.216.105.3 sport=2064 dport=52753
[ASSURED] use=1 
tcp      6 25 TIME_WAIT src=192.168.2.2 dst=208.191.32.28 sport=52754
dport=2064 src=208.191.32.28 dst=64.216.105.3 sport=2064 dport=52754
[ASSURED] use=1 
tcp      6 26 TIME_WAIT src=192.168.2.2 dst=208.191.32.28 sport=52755
dport=2064 src=208.191.32.28 dst=64.216.105.3 sport=2064 dport=52755
[ASSURED] use=1 
tcp      6 27 TIME_WAIT src=192.168.2.2 dst=208.191.32.28 sport=52756
dport=2064 src=208.191.32.28 dst=64.216.105.3 sport=2064 dport=52756
[ASSURED] use=1 
tcp      6 50 TIME_WAIT src=192.168.2.2 dst=208.191.32.28 sport=52757
dport=2064 src=208.191.32.28 dst=64.216.105.3 sport=2064 dport=52757
[ASSURED] use=1 
tcp      6 51 TIME_WAIT src=192.168.2.2 dst=208.191.32.28 sport=52758
dport=2064 src=208.191.32.28 dst=64.216.105.3 sport=2064 dport=52758
[ASSURED] use=1 
tcp      6 52 TIME_WAIT src=192.168.2.2 dst=208.191.32.28 sport=52759
dport=2064 src=208.191.32.28 dst=64.216.105.3 sport=2064 dport=52759
[ASSURED] use=1 
tcp      6 53 TIME_WAIT src=192.168.2.2 dst=208.191.32.28 sport=52760
dport=2064 src=208.191.32.28 dst=64.216.105.3 sport=2064 dport=52760
[ASSURED] use=1 
tcp      6 56 TIME_WAIT src=192.168.2.2 dst=208.191.32.28 sport=52761
dport=2064 src=208.191.32.28 dst=64.216.105.3 sport=2064 dport=52761
[ASSURED] use=1 
tcp      6 84 TIME_WAIT src=192.168.2.2 dst=208.191.32.28 sport=52762
dport=2064 src=208.191.32.28 dst=64.216.105.3 sport=2064 dport=52762
[ASSURED] use=1 
tcp      6 85 TIME_WAIT src=192.168.2.2 dst=208.191.32.28 sport=52763
dport=2064 src=208.191.32.28 dst=64.216.105.3 sport=2064 dport=52763
[ASSURED] use=1 
tcp      6 86 TIME_WAIT src=192.168.2.2 dst=208.191.32.28 sport=52764
dport=2064 src=208.191.32.28 dst=64.216.105.3 sport=2064 dport=52764
[ASSURED] use=1 
tcp      6 87 TIME_WAIT src=192.168.2.2 dst=208.191.32.28 sport=52765
dport=2064 src=208.191.32.28 dst=64.216.105.3 sport=2064 dport=52765
[ASSURED] use=1 
tcp      6 88 TIME_WAIT src=192.168.2.2 dst=208.191.32.28 sport=52766
dport=2064 src=208.191.32.28 dst=64.216.105.3 sport=2064 dport=52766
[ASSURED] use=1 
tcp      6 89 TIME_WAIT src=192.168.2.2 dst=208.191.32.28 sport=52767
dport=2064 src=208.191.32.28 dst=64.216.105.3 sport=2064 dport=52767
[ASSURED] use=1 
tcp      6 112 TIME_WAIT src=192.168.2.2 dst=208.191.32.28 sport=52768
dport=2064 src=208.191.32.28 dst=64.216.105.3 sport=2064 dport=52768
[ASSURED] use=1 
tcp      6 113 TIME_WAIT src=192.168.2.2 dst=208.191.32.28 sport=52769
dport=2064 src=208.191.32.28 dst=64.216.105.3 sport=2064 dport=52769
[ASSURED] use=1 
tcp      6 114 TIME_WAIT src=192.168.2.2 dst=208.191.32.28 sport=52770
dport=2064 src=208.191.32.28 dst=64.216.105.3 sport=2064 dport=52770
[ASSURED] use=1 
tcp      6 28339 ESTABLISHED src=192.168.1.1 dst=134.173.254.38
sport=32792 dport=10151 src=134.173.254.38 dst=64.216.105.3 sport=10151
dport=32792 [ASSURED] use=1 
tcp      6 116 TIME_WAIT src=192.168.2.2 dst=208.191.32.28 sport=52771
dport=2064 src=208.191.32.28 dst=64.216.105.3 sport=2064 dport=52771
[ASSURED] use=1 
tcp      6 117 TIME_WAIT src=192.168.2.2 dst=208.191.32.28 sport=52772
dport=2064 src=208.191.32.28 dst=64.216.105.3 sport=2064 dport=52772
[ASSURED] use=1 
tcp      6 119 TIME_WAIT src=192.168.2.2 dst=208.191.32.28 sport=52773
dport=2064 src=208.191.32.28 dst=64.216.105.3 sport=2064 dport=52773
[ASSURED] use=1 
tcp      6 0 TIME_WAIT src=68.106.95.70 dst=64.216.105.3 sport=1562
dport=110 src=192.168.2.1 dst=68.106.95.70 sport=110 dport=1562 [ASSURED]
use=1 
udp      17 150 src=192.168.2.1 dst=212.204.192.252 sport=34412 dport=53
src=212.204.192.252 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 1 src=192.168.2.1 dst=216.199.19.1 sport=34412 dport=53
src=216.199.19.1 dst=64.216.105.3 sport=53 dport=34412 use=1 
udp      17 78 src=192.168.2.1 dst=192.26.210.1 sport=34412 dport=53
src=192.26.210.1 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 6 src=192.168.2.1 dst=81.17.34.2 sport=34412 dport=53
src=81.17.34.2 dst=64.216.105.3 sport=53 dport=34412 use=1 
udp      17 152 src=192.168.2.1 dst=213.196.1.2 sport=34412 dport=53
src=213.196.1.2 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 165 src=192.168.2.1 dst=63.164.70.2 sport=34412 dport=53
src=63.164.70.2 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 137 src=192.168.2.1 dst=154.11.136.2 sport=34412 dport=53
src=154.11.136.2 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 152 src=192.168.2.1 dst=213.196.1.3 sport=34412 dport=53
src=213.196.1.3 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 148 src=192.168.2.1 dst=138.47.18.3 sport=34412 dport=53
src=138.47.18.3 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 140 src=192.168.2.1 dst=66.101.58.3 sport=34412 dport=53
src=66.101.58.3 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 164 src=192.168.2.1 dst=205.162.184.3 sport=34412 dport=53
src=205.162.184.3 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 172 src=192.168.2.1 dst=134.58.40.4 sport=34412 dport=53
src=134.58.40.4 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
tcp      6 81 TIME_WAIT src=205.206.231.26 dst=64.216.105.3 sport=51027
dport=25 src=192.168.2.1 dst=205.206.231.26 sport=25 dport=51027 [ASSURED]
use=1 
udp      17 167 src=192.168.2.1 dst=66.33.206.6 sport=34412 dport=53
src=66.33.206.6 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 4 src=192.168.2.1 dst=195.124.48.7 sport=34412 dport=53
src=195.124.48.7 dst=64.216.105.3 sport=53 dport=34412 use=1 
udp      17 169 src=192.168.2.1 dst=130.94.6.10 sport=34412 dport=53
src=130.94.6.10 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 175 src=192.168.2.1 dst=165.21.100.11 sport=34412 dport=53
src=165.21.100.11 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 3 src=192.168.2.1 dst=192.76.144.16 sport=34412 dport=53
src=192.76.144.16 dst=64.216.105.3 sport=53 dport=34412 use=1 
udp      17 169 src=192.168.2.1 dst=192.149.252.22 sport=34412 dport=53
src=192.149.252.22 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 152 src=192.168.2.1 dst=138.47.18.25 sport=34412 dport=53
src=138.47.18.25 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 174 src=192.168.2.1 dst=192.26.92.30 sport=34412 dport=53
src=192.26.92.30 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 171 src=192.168.2.1 dst=192.33.14.32 sport=34412 dport=53
src=192.33.14.32 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
tcp      6 431980 ESTABLISHED src=192.168.1.1 dst=192.168.1.254
sport=34702 dport=22 src=192.168.1.254 dst=192.168.1.1 sport=22
dport=34702 [ASSURED] use=1 
udp      17 140 src=192.168.2.1 dst=209.83.162.35 sport=34412 dport=53
src=209.83.162.35 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 150 src=192.168.2.1 dst=192.41.162.36 sport=34412 dport=53
src=192.41.162.36 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 168 src=192.168.2.1 dst=64.142.16.36 sport=34412 dport=53
src=64.142.16.36 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
tcp      6 431301 ESTABLISHED src=192.168.1.1 dst=192.168.2.1 sport=34703
dport=22 src=192.168.2.1 dst=192.168.1.1 sport=22 dport=34703 [ASSURED]
use=1 
udp      17 137 src=192.168.2.1 dst=205.233.109.39 sport=34412 dport=53
src=205.233.109.39 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 172 src=192.168.2.1 dst=203.120.90.40 sport=34412 dport=53
src=203.120.90.40 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 137 src=192.168.2.1 dst=205.233.109.40 sport=34412 dport=53
src=205.233.109.40 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 19 src=192.168.2.1 dst=208.31.42.43 sport=34412 dport=53
src=208.31.42.43 dst=64.216.105.3 sport=53 dport=34412 use=1 
udp      17 149 src=192.168.2.1 dst=62.250.7.46 sport=34412 dport=53
src=62.250.7.46 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
tcp      6 426524 ESTABLISHED src=192.168.1.1 dst=192.168.3.1 sport=35737
dport=22 src=192.168.3.1 dst=192.168.1.1 sport=22 dport=35737 [ASSURED]
use=1 
udp      17 11 src=192.168.2.1 dst=194.247.47.47 sport=34412 dport=53
src=194.247.47.47 dst=64.216.105.3 sport=53 dport=34412 use=1 
udp      17 1 src=192.168.2.1 dst=192.134.0.49 sport=34412 dport=53
src=192.134.0.49 dst=64.216.105.3 sport=53 dport=34412 use=1 
udp      17 156 src=192.168.2.1 dst=81.17.40.64 sport=34412 dport=53
src=81.17.40.64 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 149 src=192.168.2.1 dst=213.136.0.66 sport=34412 dport=53
src=213.136.0.66 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
tcp      6 106 TIME_WAIT src=205.206.231.27 dst=64.216.105.3 sport=45460
dport=25 src=192.168.2.1 dst=205.206.231.27 sport=25 dport=45460 [ASSURED]
use=1 
udp      17 1 src=192.168.2.1 dst=81.17.40.71 sport=34412 dport=53
src=81.17.40.71 dst=64.216.105.3 sport=53 dport=34412 use=1 
udp      17 147 src=192.168.2.1 dst=213.136.0.77 sport=34412 dport=53
src=213.136.0.77 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 151 src=192.168.2.1 dst=128.8.10.90 sport=34412 dport=53
src=128.8.10.90 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
tcp      6 224705 ESTABLISHED src=213.202.167.125 dst=64.216.105.3
sport=4426 dport=25 src=192.168.2.1 dst=213.202.167.125 sport=25
dport=4426 [ASSURED] use=1 
udp      17 5 src=192.168.2.1 dst=196.36.190.96 sport=34412 dport=53
src=196.36.190.96 dst=64.216.105.3 sport=53 dport=34412 use=1 
tcp      6 224708 ESTABLISHED src=213.202.167.125 dst=64.216.105.3
sport=4428 dport=25 src=192.168.2.1 dst=213.202.167.125 sport=25
dport=4428 [ASSURED] use=1 
tcp      6 91 TIME_WAIT src=216.199.19.6 dst=64.216.105.3 sport=4040
dport=25 src=192.168.2.1 dst=216.199.19.6 sport=25 dport=4040 [ASSURED]
use=1 
tcp      6 93 TIME_WAIT src=216.199.19.6 dst=64.216.105.3 sport=4042
dport=25 src=192.168.2.1 dst=216.199.19.6 sport=25 dport=4042 [ASSURED]
use=1 
tcp      6 95 TIME_WAIT src=216.199.19.6 dst=64.216.105.3 sport=4045
dport=25 src=192.168.2.1 dst=216.199.19.6 sport=25 dport=4045 [ASSURED]
use=1 
tcp      6 97 TIME_WAIT src=216.199.19.6 dst=64.216.105.3 sport=4047
dport=25 src=192.168.2.1 dst=216.199.19.6 sport=25 dport=4047 [ASSURED]
use=1 
udp      17 169 src=192.168.2.1 dst=209.98.98.115 sport=34412 dport=53
src=209.98.98.115 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 137 src=192.168.2.1 dst=154.11.136.130 sport=34412 dport=53
src=154.11.136.130 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 161 src=192.168.2.1 dst=217.79.164.131 sport=34412 dport=53
src=217.79.164.131 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 0 src=192.168.2.1 dst=128.101.80.131 sport=34412 dport=53
src=128.101.80.131 dst=64.216.105.3 sport=53 dport=34412 use=1 
udp      17 165 src=192.168.2.1 dst=195.154.210.133 sport=34412 dport=53
src=195.154.210.133 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 



--- 
Homer Parker                  /"\ ASCII Ribbon Campaign
                              \ / No HTML/RTF in email
http://www.homershut.net       x  No Word docs in email
telnet://bbs.homershut.net    / \ Respect for open standards

"Bill Gates reports on security progress made and the challenges
ahead."
-- Microsoft''s Homepage, on the day an SQL Server bug crippled large
   sections of the Internet.


 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url :
http://lists.shorewall.net/pipermail/shorewall-users/attachments/20030328/33da2ea5/attachment-0001.bin

On Fri, 28 Mar 2003, Homer Parker wrote:
> 	I''m attempting to setup Squid as shown on:
> 
> http://shorewall.sourceforge.net/Shorewall_Squid_Usage.html#DMZ
> 
> 	The firewall is a Bering 1.0 firewall running Shorewall 1.3.11, Red Hat
> 7.2 on the server in the DMZ. I''m not seeing the requests come in
to the
> server using tcpdump. The server is 192.168.2.1 connecting to eth2 on the
> firewall, the local traffic I''m trying to proxy is in the
192.168.3.0/24
> range connected to eth3.. The web browsers are loading pages fine, but not
> getting routed through Squid.. Here''s the info from the firewall:
>
Before you captured all of this volumenous information, did you browse 
from the eth3 LAN segment? The MARK rule shows no
traffic!!!
> 
> Chain PREROUTING (policy ACCEPT 992 packets, 106K bytes)
>  pkts bytes target     prot opt in     out     source              
> destination         
>   437 65376 man1918    ah   --  eth0   *       0.0.0.0/0           
> 0.0.0.0/0          
>   992  106K pretos     ah   --  *      *       0.0.0.0/0           
> 0.0.0.0/0          
>   992  106K tcpre      ah   --  *      *       0.0.0.0/0           
> 0.0.0.0/0          
>     0     0 MARK       tcp  --  eth3   *       0.0.0.0/0           
> 0.0.0.0/0          tcp dpt:80 MARK set 0xca 
>     0     0 MARK       tcp  --  eth3   *       0.0.0.0/0           
> 0.0.0.0/0          tcp dpt:80 MARK set 0xca 
> 
Also note that you have two mark rules.

Also, check "ip route show table 202" and "ip rule show".

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
Shoreline,     \ http://www.shorewall.net
Washington USA  \ teastep@shorewall.net

On Fri, 28 Mar 2003 11:13:47 -0800 (PST) Tom Eastep
<teastep@shorewall.net> wrote....
> On Fri, 28 Mar 2003, Homer Parker wrote:
> 
> > 	I''m attempting to setup Squid as shown on:
> > 
> > http://shorewall.sourceforge.net/Shorewall_Squid_Usage.html#DMZ
> > 
> > 	The firewall is a Bering 1.0 firewall running Shorewall 1.3.11,
> > 	Red Hat
> > 7.2 on the server in the DMZ. I''m not seeing the requests
come in to
> > the server using tcpdump. The server is 192.168.2.1 connecting to eth2
> > on the firewall, the local traffic I''m trying to proxy is in
the
> > 192.168.3.0/24 range connected to eth3.. The web browsers are loading
> > pages fine, but not getting routed through Squid.. Here''s the
info
> > from the firewall:
> >
> 
> Before you captured all of this volumenous information, did you browse 
> from the eth3 LAN segment? The MARK rule shows no traffic!!!
	Here''s what has accumulated since I sent that e-mail...

Chain PREROUTING (policy ACCEPT 1070K packets, 139M bytes)
 pkts bytes target     prot opt in     out     source              
destination         
 536K   97M man1918    ah   --  eth0   *       0.0.0.0/0           
0.0.0.0/0          
1070K  139M pretos     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          
1070K  139M tcpre      ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          
14656 1588K MARK       tcp  --  eth3   *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:80 MARK set 0xca 

> Also note that you have two mark rules.
	From playing with commands...
 
> Also, check "ip route show table 202" and "ip rule
show".
firewall: -root-
# ip route show table 202
default via 192.168.2.1 dev eth2 

firewall: -root-
# ip rule show
0:	from all lookup local 
32765:	from all fwmark      202 lookup www.out 
32766:	from all lookup main 
32767:	from all lookup default 

--- 
Homer Parker                  /"\ ASCII Ribbon Campaign
                              \ / No HTML/RTF in email
http://www.homershut.net       x  No Word docs in email
telnet://bbs.homershut.net    / \ Respect for open standards

"Bill Gates reports on security progress made and the challenges
ahead."
-- Microsoft''s Homepage, on the day an SQL Server bug crippled large
   sections of the Internet.


 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url :
http://lists.shorewall.net/pipermail/shorewall-users/attachments/20030328/79b692ce/attachment.bin

On Fri, 28 Mar 2003, Homer Parker wrote:
> On Fri, 28 Mar 2003 11:13:47 -0800 (PST) Tom Eastep
> <teastep@shorewall.net> wrote....
> 
> > On Fri, 28 Mar 2003, Homer Parker wrote:
> > 
> > > 	I''m attempting to setup Squid as shown on:
> > > 
> > > http://shorewall.sourceforge.net/Shorewall_Squid_Usage.html#DMZ
> > > 
> > > 	The firewall is a Bering 1.0 firewall running Shorewall 1.3.11,
> > > 	Red Hat
> > > 7.2 on the server in the DMZ. I''m not seeing the
requests come in to
> > > the server using tcpdump. The server is 192.168.2.1 connecting to
eth2
> > > on the firewall, the local traffic I''m trying to proxy
is in the
> > > 192.168.3.0/24 range connected to eth3.. The web browsers are
loading
> > > pages fine, but not getting routed through Squid..
Here''s the info
> > > from the firewall:
> > >
> > 
> > Before you captured all of this volumenous information, did you browse
> > from the eth3 LAN segment? The MARK rule shows no traffic!!!
> 
> 	Here''s what has accumulated since I sent that e-mail...
> 
> Chain PREROUTING (policy ACCEPT 1070K packets, 139M bytes)
>  pkts bytes target     prot opt in     out     source              
> destination         
>  536K   97M man1918    ah   --  eth0   *       0.0.0.0/0           
> 0.0.0.0/0          
> 1070K  139M pretos     ah   --  *      *       0.0.0.0/0           
> 0.0.0.0/0          
> 1070K  139M tcpre      ah   --  *      *       0.0.0.0/0           
> 0.0.0.0/0          
> 14656 1588K MARK       tcp  --  eth3   *       0.0.0.0/0           
> 0.0.0.0/0          tcp dpt:80 MARK set 0xca 
> 
> 
Homer -- I can''t tell you what''s happening if you only show me
one little
window at a time.

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
Shoreline,     \ http://www.shorewall.net
Washington USA  \ teastep@shorewall.net

On Fri, 28 Mar 2003 16:05:23 -0800 (PST) Tom Eastep
<teastep@shorewall.net> wrote....
> Homer -- I can''t tell you what''s happening if you only
show me one
> little window at a time.
	Didn''t think you wanted the whole status again... Let me try it this
way,
what info do you need to diagnose this problem? (The problem is getting
Squid running in the DMZ)


--- 
Homer Parker                  /"\ ASCII Ribbon Campaign
                              \ / No HTML/RTF in email
http://www.homershut.net       x  No Word docs in email
telnet://bbs.homershut.net    / \ Respect for open standards

"Bill Gates reports on security progress made and the challenges
ahead."
-- Microsoft''s Homepage, on the day an SQL Server bug crippled large
   sections of the Internet.


 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url :
http://lists.shorewall.net/pipermail/shorewall-users/attachments/20030328/6fdb80f3/attachment.bin

On Fri, 28 Mar 2003, Homer Parker wrote:
> On Fri, 28 Mar 2003 16:05:23 -0800 (PST) Tom Eastep
> <teastep@shorewall.net> wrote....
> 
> > Homer -- I can''t tell you what''s happening if you
only show me one
> > little window at a time.
> 
> 	Didn''t think you wanted the whole status again... Let me try it
this way,
> what info do you need to diagnose this problem? (The problem is getting
> Squid running in the DMZ)
> 
>From the firewall:
a) Output of "shorewall status" after you have made attempts to
connect to
web sites.

b) Output of "ip route show table 202"

c) Output of "ip rule show"
>From the Server:
a) Output of "netstat -tnap"

b) Output of "iptables -t nat -L -n -v"

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
Shoreline,     \ http://www.shorewall.net
Washington USA  \ teastep@shorewall.net

On Fri, 28 Mar 2003 16:32:45 -0800 (PST) Tom Eastep
<teastep@shorewall.net> wrote....
> On Fri, 28 Mar 2003, Homer Parker wrote:
> 
> > On Fri, 28 Mar 2003 16:05:23 -0800 (PST) Tom Eastep
> > <teastep@shorewall.net> wrote....
> > 
> > > Homer -- I can''t tell you what''s happening if
you only show me one
> > > little window at a time.
> > 
> > 	Didn''t think you wanted the whole status again... Let me try
it
> > 	this way,
> > what info do you need to diagnose this problem? (The problem is
> > getting Squid running in the DMZ)
> > 
> 
> From the firewall:
> 
> a) Output of "shorewall status" after you have made attempts to
connect
> to web sites.
> 
> b) Output of "ip route show table 202"
> 
> c) Output of "ip rule show"
Shorewall-1.3.11 Status at firewall - Fri Mar 28 11:17:23 UTC 2003

Counters reset Fri Mar 28 11:17:03 UTC 2003

Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source              
destination         
   32  2688 ACCEPT     ah   --  lo     *       0.0.0.0/0           
0.0.0.0/0          
   22  3068 eth0_in    ah   --  eth0   *       0.0.0.0/0           
0.0.0.0/0          
  105  8004 eth1_in    ah   --  eth1   *       0.0.0.0/0           
0.0.0.0/0          
    1   230 eth2_in    ah   --  eth2   *       0.0.0.0/0           
0.0.0.0/0          
    0     0 eth3_in    ah   --  eth3   *       0.0.0.0/0           
0.0.0.0/0          
    0     0 common     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          
    0     0 LOG        ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          LOG flags 0 level 6 prefix `Shorewall:INPUT:REJECT:''
    0     0 reject     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source              
destination         
  413 61925 eth0_fwd   ah   --  eth0   *       0.0.0.0/0           
0.0.0.0/0          
  237 12324 eth1_fwd   ah   --  eth1   *       0.0.0.0/0           
0.0.0.0/0          
  176 16908 eth2_fwd   ah   --  eth2   *       0.0.0.0/0           
0.0.0.0/0          
    0     0 eth3_fwd   ah   --  eth3   *       0.0.0.0/0           
0.0.0.0/0          
    0     0 common     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          
    0     0 LOG        ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          LOG flags 0 level 6 prefix
`Shorewall:FORWARD:REJECT:''
    0     0 reject     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source              
destination         
    0     0 ACCEPT     udp  --  *      eth0    0.0.0.0/0           
0.0.0.0/0          udp dpts:67:68 
    0     0 ACCEPT     udp  --  *      eth1    0.0.0.0/0           
0.0.0.0/0          udp dpts:67:68 
    0     0 ACCEPT     udp  --  *      eth2    0.0.0.0/0           
0.0.0.0/0          udp dpts:67:68 
    0     0 ACCEPT     udp  --  *      eth3    0.0.0.0/0           
0.0.0.0/0          udp dpts:67:68 
   32  2688 ACCEPT     ah   --  *      lo      0.0.0.0/0           
0.0.0.0/0          
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW,RELATED,ESTABLISHED 
    0     0 all2all    ah   --  *      eth0    0.0.0.0/0           
0.0.0.0/0          
   58  5768 all2all    ah   --  *      eth1    0.0.0.0/0           
0.0.0.0/0          
    1    40 fw2dmz     ah   --  *      eth2    0.0.0.0/0           
0.0.0.0/0          
    0     0 all2all    ah   --  *      eth3    0.0.0.0/0           
0.0.0.0/0          
    0     0 common     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          
    0     0 LOG        ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          LOG flags 0 level 6 prefix
`Shorewall:OUTPUT:REJECT:''
    0     0 reject     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain all2all (14 references)
 pkts bytes target     prot opt in     out     source              
destination         
   58  5768 ACCEPT     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          state RELATED,ESTABLISHED 
    0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp flags:!0x16/0x02 
    2   290 common     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          
    0     0 LOG        ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          LOG flags 0 level 6 prefix
`Shorewall:all2all:REJECT:''
    0     0 reject     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain blacklst (2 references)
 pkts bytes target     prot opt in     out     source              
destination         
    0     0 DROP       tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:1433 
    0     0 DROP       udp  --  *      *       0.0.0.0/0           
0.0.0.0/0          udp dpt:1433 
    0     0 DROP       tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:1434 
    0     0 DROP       udp  --  *      *       0.0.0.0/0           
0.0.0.0/0          udp dpt:1434 
    0     0 DROP       ah   --  *      *       65.89.168.0/24      
0.0.0.0/0          
    0     0 DROP       ah   --  *      *       207.6.0.0/16        
0.0.0.0/0          
    0     0 DROP       ah   --  *      *       199.95.206.0/23     
0.0.0.0/0          
    0     0 DROP       ah   --  *      *       199.95.208.0/23     
0.0.0.0/0          

Chain common (6 references)
 pkts bytes target     prot opt in     out     source              
destination         
    0     0 icmpdef    icmp --  *      *       0.0.0.0/0           
0.0.0.0/0          
    0     0 DROP       tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state INVALID 
   23  3298 REJECT     udp  --  *      *       0.0.0.0/0           
0.0.0.0/0          udp dpts:137:139 reject-with icmp-port-unreachable 
    0     0 REJECT     udp  --  *      *       0.0.0.0/0           
0.0.0.0/0          udp dpt:445 reject-with icmp-port-unreachable 
    0     0 reject     tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:135 
    0     0 DROP       udp  --  *      *       0.0.0.0/0           
0.0.0.0/0          udp dpt:1900 
    0     0 DROP       ah   --  *      *       0.0.0.0/0           
255.255.255.255    
    0     0 DROP       ah   --  *      *       0.0.0.0/0           
224.0.0.0/4        
    1    60 reject     tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:113 
    0     0 DROP       udp  --  *      *       0.0.0.0/0           
0.0.0.0/0          udp spt:53 state NEW 
    0     0 DROP       ah   --  *      *       0.0.0.0/0           
64.216.105.127     
    0     0 DROP       ah   --  *      *       0.0.0.0/0           
192.168.1.255      
    0     0 DROP       ah   --  *      *       0.0.0.0/0           
192.168.2.255      
    0     0 DROP       ah   --  *      *       0.0.0.0/0           
192.168.3.255      

Chain dmz2fw (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
    0     0 ACCEPT     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          state RELATED,ESTABLISHED 
    0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp flags:!0x16/0x02 
    0     0 ACCEPT     udp  --  *      *       192.168.2.1         
0.0.0.0/0          state NEW udp dpt:123 
    1   230 all2all    ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain dmz2kids (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
    0     0 ACCEPT     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          state RELATED,ESTABLISHED 
    0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp flags:!0x16/0x02 
    0     0 ACCEPT     udp  --  *      *       192.168.2.1         
0.0.0.0/0          state NEW udp dpt:123 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp spt:20 
    0     0 all2all    ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain dmz2loc (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
    0     0 ACCEPT     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          state RELATED,ESTABLISHED 
    0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp flags:!0x16/0x02 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW udp dpts:137:139 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp dpts:137:139 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp dpt:445 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW udp dpts:1024:65535 
    0     0 ACCEPT     udp  --  *      *       192.168.2.1         
0.0.0.0/0          state NEW udp dpt:123 
    0     0 ACCEPT     tcp  --  *      *       192.168.2.1         
192.168.1.1        state NEW tcp dpt:22 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp spt:20 
    0     0 all2all    ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain dmz2net (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
  140 14286 ACCEPT     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          state RELATED,ESTABLISHED 
    0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp flags:!0x16/0x02 
   29  2274 ACCEPT     udp  --  *      *       192.168.2.1         
0.0.0.0/0          state NEW udp dpt:53 
    0     0 ACCEPT     tcp  --  *      *       192.168.2.1         
0.0.0.0/0          state NEW tcp dpt:53 
    0     0 ACCEPT     udp  --  *      *       192.168.2.1         
0.0.0.0/0          state NEW udp spt:53 
    0     0 ACCEPT     tcp  --  *      *       192.168.2.1         
0.0.0.0/0          state NEW tcp spt:53 
    0     0 ACCEPT     tcp  --  *      *       192.168.2.1         
0.0.0.0/0          state NEW tcp dpt:25 
    0     0 ACCEPT     tcp  --  *      *       192.168.2.1         
0.0.0.0/0          state NEW tcp spt:20 
    0     0 ACCEPT     ah   --  *      *       192.168.2.100       
0.0.0.0/0          state NEW 
    0     0 ACCEPT     tcp  --  *      *       192.168.2.1         
0.0.0.0/0          state NEW tcp dpt:80 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp dpt:80 
    0     0 ACCEPT     udp  --  *      *       192.168.2.1         
151.164.172.245    state NEW udp dpt:123 
    0     0 ACCEPT     udp  --  *      *       192.168.2.1         
199.240.130.1      state NEW udp dpt:123 
    0     0 ACCEPT     tcp  --  *      *       192.168.2.2         
132.163.135.130    state NEW tcp dpt:13 
    0     0 ACCEPT     tcp  --  *      *       192.168.2.1         
213.220.100.1      state NEW tcp dpt:20 
    0     0 ACCEPT     tcp  --  *      *       192.168.2.1         
213.220.100.1      state NEW tcp dpt:21 
    0     0 ACCEPT     tcp  --  *      *       192.168.2.1         
213.220.100.2      state NEW tcp dpt:20 
    0     0 ACCEPT     tcp  --  *      *       192.168.2.1         
213.220.100.2      state NEW tcp dpt:21 
    0     0 ACCEPT     tcp  --  *      *       192.168.2.1         
213.220.100.3      state NEW tcp dpt:20 
    0     0 ACCEPT     tcp  --  *      *       192.168.2.1         
213.220.100.3      state NEW tcp dpt:21 
    6   288 ACCEPT     tcp  --  *      *       0.0.0.0/0           
208.191.32.28      state NEW tcp dpt:2064 
    1    60 all2all    ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain dynamic (8 references)
 pkts bytes target     prot opt in     out     source              
destination         

Chain eth0_fwd (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
  413 61925 dynamic    ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          
  413 61925 rfc1918    ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          
  413 61925 blacklst   ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          
  259 38487 net2loc    ah   --  *      eth1    0.0.0.0/0           
0.0.0.0/0          
  154 23438 net2dmz    ah   --  *      eth2    0.0.0.0/0           
0.0.0.0/0          
    0     0 net2all    ah   --  *      eth3    0.0.0.0/0           
0.0.0.0/0          

Chain eth0_in (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
   22  3068 dynamic    ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0           
0.0.0.0/0          udp dpts:67:68 
   22  3068 rfc1918    ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          
   22  3068 blacklst   ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          
   22  3068 net2fw     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain eth1_fwd (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
  237 12324 dynamic    ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          
  237 12324 loc2net    ah   --  *      eth0    0.0.0.0/0           
0.0.0.0/0          
    0     0 loc2dmz    ah   --  *      eth2    0.0.0.0/0           
0.0.0.0/0          
    0     0 loc2kids   ah   --  *      eth3    0.0.0.0/0           
0.0.0.0/0          

Chain eth1_in (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
  105  8004 dynamic    ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0           
0.0.0.0/0          udp dpts:67:68 
  105  8004 loc2fw     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain eth2_fwd (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
  176 16908 dynamic    ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          
  176 16908 dmz2net    ah   --  *      eth0    0.0.0.0/0           
0.0.0.0/0          
    0     0 dmz2loc    ah   --  *      eth1    0.0.0.0/0           
0.0.0.0/0          
    0     0 dmz2kids   ah   --  *      eth3    0.0.0.0/0           
0.0.0.0/0          

Chain eth2_in (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
    1   230 dynamic    ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0           
0.0.0.0/0          udp dpts:67:68 
    1   230 dmz2fw     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain eth3_fwd (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
    0     0 dynamic    ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          
    0     0 eth3_mac   ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW 
    0     0 kids2net   ah   --  *      eth0    0.0.0.0/0           
0.0.0.0/0          
    0     0 kids2loc   ah   --  *      eth1    0.0.0.0/0           
0.0.0.0/0          
    0     0 kids2dmz   ah   --  *      eth2    0.0.0.0/0           
0.0.0.0/0          

Chain eth3_in (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
    0     0 dynamic    ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0           
0.0.0.0/0          udp dpts:67:68 
    0     0 eth3_mac   ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW 
    0     0 all2all    ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain eth3_mac (2 references)
 pkts bytes target     prot opt in     out     source              
destination         
    0     0 RETURN     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          MAC 00:40:96:33:A7:9E 
    0     0 RETURN     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          MAC 00:60:1D:23:7E:B2 
    0     0 RETURN     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          MAC 00:02:2D:31:9C:69 
    0     0 RETURN     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          MAC 00:02:2D:02:67:25 
    0     0 RETURN     ah   --  *      *       192.168.3.254       
192.168.3.255      
    0     0 RETURN     ah   --  *      *       192.168.3.254       
255.255.255.255    
    0     0 RETURN     ah   --  *      *       192.168.3.254       
224.0.0.0/4        
    0     0 LOG        ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          LOG flags 0 level 6 prefix
`Shorewall:eth3_mac:REJECT:''

    0     0 reject     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain fw2dmz (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
    1    40 ACCEPT     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          state RELATED,ESTABLISHED 
    0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp flags:!0x16/0x02 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW udp dpt:53 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW tcp dpt:53 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW udp dpt:123 
    0     0 all2all    ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain icmpdef (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0           
0.0.0.0/0          icmp type 8 

Chain kids2dmz (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
    0     0 ACCEPT     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          state RELATED,ESTABLISHED 
    0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp flags:!0x16/0x02 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
192.168.2.2        state NEW tcp dpt:23 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW udp dpt:53 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW tcp dpt:53 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW tcp dpt:25 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW tcp dpt:110 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW tcp dpt:80 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW udp dpt:123 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp dpt:21 
    0     0 all2all    ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain kids2loc (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
    0     0 ACCEPT     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          state RELATED,ESTABLISHED 
    0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp flags:!0x16/0x02 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW udp dpts:137:139 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp dpts:137:139 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp dpt:445 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW udp dpts:1024:65535 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp dpt:515 
    0     0 all2all    ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain kids2net (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
    0     0 ACCEPT     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          state RELATED,ESTABLISHED 
    0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp flags:!0x16/0x02 
    0     0 ACCEPT     ah   --  *      *       192.168.3.1         
0.0.0.0/0          state NEW 
    0     0 ACCEPT     ah   --  *      *       192.168.3.128/27    
0.0.0.0/0          state NEW 
    0     0 common     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          
    0     0 reject     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain loc2dmz (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
    0     0 ACCEPT     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          state RELATED,ESTABLISHED 
    0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp flags:!0x16/0x02 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
192.168.2.2        state NEW tcp dpt:23 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW udp dpt:53 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW tcp dpt:53 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW udp dpts:137:139 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp dpts:137:139 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp dpt:445 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW udp dpts:1024:65535 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW tcp dpt:25 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW tcp dpt:110 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW tcp dpt:80 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW udp dpt:123 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp dpt:22 
    0     0 ACCEPT     tcp  --  *      *       192.168.1.1         
192.168.2.1        state NEW tcp dpt:10000 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp dpt:21 
    0     0 all2all    ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain loc2fw (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
  105  8004 ACCEPT     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          state RELATED,ESTABLISHED 
    0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp flags:!0x16/0x02 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp dpt:22 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp dpt:80 
    0     0 all2all    ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain loc2kids (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
    0     0 ACCEPT     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          state RELATED,ESTABLISHED 
    0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp flags:!0x16/0x02 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW udp dpts:137:139 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp dpts:137:139 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp dpt:445 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW udp dpts:1024:65535 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp dpt:22 
    0     0 all2all    ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain loc2net (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
  237 12324 ACCEPT     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          state RELATED,ESTABLISHED 
    0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp flags:!0x16/0x02 
    0     0 ACCEPT     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain logdrop (25 references)
 pkts bytes target     prot opt in     out     source              
destination         
    0     0 LOG        ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          LOG flags 0 level 6 prefix `Shorewall:rfc1918:DROP:''
    0     0 DROP       ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain net2all (4 references)
 pkts bytes target     prot opt in     out     source              
destination         
    0     0 ACCEPT     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          state RELATED,ESTABLISHED 
    0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp flags:!0x16/0x02 
   22  3068 common     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          
    0     0 LOG        ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          LOG flags 0 level 6 prefix `Shorewall:net2all:DROP:''
    0     0 DROP       ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain net2dmz (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
  150 23163 ACCEPT     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          state RELATED,ESTABLISHED 
    0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp flags:!0x16/0x02 
    3   215 ACCEPT     udp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW udp dpt:53 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW tcp dpt:53 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW tcp dpt:21 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW tcp dpt:22 
    1    60 ACCEPT     tcp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW tcp dpt:25 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW tcp dpt:110 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW udp dpt:110 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW tcp dpt:143 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW tcp dpt:80 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW tcp dpt:443 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
192.168.2.2        state NEW tcp dpt:23 
    0     0 net2all    ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain net2fw (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
    0     0 ACCEPT     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          state RELATED,ESTABLISHED 
    0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp flags:!0x16/0x02 
    0     0 DROP       tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp dpt:1433 
   22  3068 net2all    ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain net2loc (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
  259 38487 ACCEPT     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          state RELATED,ESTABLISHED 
    0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp flags:!0x16/0x02 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
192.168.1.1        state NEW tcp dpt:6346 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0           
192.168.1.1        state NEW udp dpt:6346 
    0     0 net2all    ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain newnotsyn (17 references)
 pkts bytes target     prot opt in     out     source              
destination         
    0     0 DROP       ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain reject (8 references)
 pkts bytes target     prot opt in     out     source              
destination         
    1    60 REJECT     tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          reject-with tcp-reset 
    0     0 REJECT     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          reject-with icmp-port-unreachable 

Chain rfc1918 (2 references)
 pkts bytes target     prot opt in     out     source              
destination         
    0     0 RETURN     ah   --  *      *       255.255.255.255     
0.0.0.0/0          
    0     0 DROP       ah   --  *      *       169.254.0.0/16      
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       172.16.0.0/12       
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       192.0.2.0/24        
0.0.0.0/0          
    0     0 DROP       ah   --  *      *       192.168.0.0/16      
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       0.0.0.0/7           
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       2.0.0.0/8           
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       5.0.0.0/8           
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       7.0.0.0/8           
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       23.0.0.0/8          
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       27.0.0.0/8          
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       31.0.0.0/8          
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       36.0.0.0/7          
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       39.0.0.0/8          
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       41.0.0.0/8          
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       42.0.0.0/8          
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       58.0.0.0/7          
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       60.0.0.0/8          
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       70.0.0.0/7          
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       72.0.0.0/5          
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       82.0.0.0/7          
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       84.0.0.0/6          
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       88.0.0.0/5          
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       96.0.0.0/3          
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       127.0.0.0/8         
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       197.0.0.0/8         
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       222.0.0.0/7         
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       240.0.0.0/4         
0.0.0.0/0          

Chain shorewall (0 references)
 pkts bytes target     prot opt in     out     source              
destination         

Mar 28 08:27:00 all2all:REJECT:IN=eth2 OUT=eth0 SRC=192.168.2.2
DST=65.112.245.232 LEN=48 TOS=0x00 PREC=0x00 TTL=63 ID=11323 DF PROTO=TCP
SPT=50899 DPT=2064 WINDOW=32768 RES=0x00 SYN URGP=0  
Mar 28 08:27:04 all2all:REJECT:IN=eth2 OUT=eth0 SRC=192.168.2.2
DST=128.104.18.148 LEN=48 TOS=0x00 PREC=0x00 TTL=63 ID=11324 DF PROTO=TCP
SPT=50900 DPT=2064 WINDOW=32768 RES=0x00 SYN URGP=0  
Mar 28 08:27:08 all2all:REJECT:IN=eth2 OUT=eth0 SRC=192.168.2.2
DST=204.152.186.139 LEN=48 TOS=0x00 PREC=0x00 TTL=63 ID=11325 DF PROTO=TCP
SPT=50901 DPT=2064 WINDOW=32768 RES=0x00 SYN URGP=0  
Mar 28 08:27:11 all2all:REJECT:IN=eth2 OUT=eth0 SRC=192.168.2.2
DST=64.49.222.254 LEN=48 TOS=0x00 PREC=0x00 TTL=63 ID=11332 DF PROTO=TCP
SPT=50903 DPT=2064 WINDOW=32768 RES=0x00 SYN URGP=0  
Mar 28 08:27:15 all2all:REJECT:IN=eth2 OUT=eth0 SRC=192.168.2.2
DST=65.112.245.232 LEN=48 TOS=0x00 PREC=0x00 TTL=63 ID=11333 DF PROTO=TCP
SPT=50904 DPT=2064 WINDOW=32768 RES=0x00 SYN URGP=0  
Mar 28 08:27:19 all2all:REJECT:IN=eth2 OUT=eth0 SRC=192.168.2.2
DST=128.104.18.148 LEN=48 TOS=0x00 PREC=0x00 TTL=63 ID=11334 DF PROTO=TCP
SPT=50905 DPT=2064 WINDOW=32768 RES=0x00 SYN URGP=0  
Mar 28 08:27:23 all2all:REJECT:IN=eth2 OUT=eth0 SRC=192.168.2.2
DST=204.152.186.139 LEN=48 TOS=0x00 PREC=0x00 TTL=63 ID=11335 DF PROTO=TCP
SPT=50906 DPT=2064 WINDOW=32768 RES=0x00 SYN URGP=0  
Mar 28 08:27:27 all2all:REJECT:IN=eth2 OUT=eth0 SRC=192.168.2.2
DST=64.49.222.254 LEN=48 TOS=0x00 PREC=0x00 TTL=63 ID=11341 DF PROTO=TCP
SPT=50908 DPT=2064 WINDOW=32768 RES=0x00 SYN URGP=0  
Mar 28 08:27:31 all2all:REJECT:IN=eth2 OUT=eth0 SRC=192.168.2.2
DST=65.112.245.232 LEN=48 TOS=0x00 PREC=0x00 TTL=63 ID=11343 DF PROTO=TCP
SPT=50909 DPT=2064 WINDOW=32768 RES=0x00 SYN URGP=0  
Mar 28 08:27:35 all2all:REJECT:IN=eth2 OUT=eth0 SRC=192.168.2.2
DST=128.104.18.148 LEN=48 TOS=0x00 PREC=0x00 TTL=63 ID=11344 DF PROTO=TCP
SPT=50910 DPT=2064 WINDOW=32768 RES=0x00 SYN URGP=0  
Mar 28 08:27:39 all2all:REJECT:IN=eth2 OUT=eth0 SRC=192.168.2.2
DST=204.152.186.139 LEN=48 TOS=0x00 PREC=0x00 TTL=63 ID=11345 DF PROTO=TCP
SPT=50911 DPT=2064 WINDOW=32768 RES=0x00 SYN URGP=0  
Mar 28 09:32:08 net2all:DROP:IN=eth0 OUT= SRC=220.99.186.61
DST=64.216.105.3 LEN=52 TOS=0x00 PREC=0x00 TTL=107 ID=29086 DF PROTO=TCP
SPT=3745 DPT=445 WINDOW=63568 RES=0x00 SYN URGP=0  
Mar 28 09:32:11 net2all:DROP:IN=eth0 OUT= SRC=220.99.186.61
DST=64.216.105.3 LEN=52 TOS=0x00 PREC=0x00 TTL=107 ID=30129 DF PROTO=TCP
SPT=3745 DPT=445 WINDOW=63568 RES=0x00 SYN URGP=0  
Mar 28 09:32:17 net2all:DROP:IN=eth0 OUT= SRC=220.99.186.61
DST=64.216.105.3 LEN=52 TOS=0x00 PREC=0x00 TTL=107 ID=31854 DF PROTO=TCP
SPT=3745 DPT=445 WINDOW=63568 RES=0x00 SYN URGP=0  
Mar 28 09:58:58 all2all:REJECT:IN=eth1 OUT=eth2 SRC=192.168.1.1
DST=192.168.2.1 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=52384 DF PROTO=TCP
SPT=35746 DPT=3128 WINDOW=5840 RES=0x00 SYN URGP=0  
Mar 28 09:59:05 all2all:REJECT:IN=eth1 OUT=eth2 SRC=192.168.1.1
DST=192.168.2.1 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=24219 DF PROTO=TCP
SPT=35747 DPT=3128 WINDOW=5840 RES=0x00 SYN URGP=0  
Mar 28 09:59:10 all2all:REJECT:IN=eth1 OUT=eth2 SRC=192.168.1.1
DST=192.168.2.1 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=35798 DF PROTO=TCP
SPT=35748 DPT=3128 WINDOW=5840 RES=0x00 SYN URGP=0  
Mar 28 10:32:11 net2all:DROP:IN=eth0 OUT= SRC=211.254.168.105
DST=64.216.105.3 LEN=48 TOS=0x00 PREC=0x00 TTL=101 ID=55847 DF PROTO=TCP
SPT=4211 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0  
Mar 28 10:32:14 net2all:DROP:IN=eth0 OUT= SRC=211.254.168.105
DST=64.216.105.3 LEN=48 TOS=0x00 PREC=0x00 TTL=101 ID=55937 DF PROTO=TCP
SPT=4211 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0  
Mar 28 10:32:21 net2all:DROP:IN=eth0 OUT= SRC=211.254.168.105
DST=64.216.105.3 LEN=48 TOS=0x00 PREC=0x00 TTL=101 ID=56360 DF PROTO=TCP
SPT=4211 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0  

Chain PREROUTING (policy ACCEPT 50 packets, 5224 bytes)
 pkts bytes target     prot opt in     out     source              
destination         
   26  3343 net_dnat   ah   --  eth0   *       0.0.0.0/0           
0.0.0.0/0          

Chain POSTROUTING (policy ACCEPT 5 packets, 315 bytes)
 pkts bytes target     prot opt in     out     source              
destination         
   26  1866 eth0_masq  ah   --  *      eth0    0.0.0.0/0           
0.0.0.0/0          

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source              
destination         

Chain eth0_masq (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
    0     0 MASQUERADE  ah   --  *      *       192.168.1.0/24      
0.0.0.0/0          
   26  1866 MASQUERADE  ah   --  *      *       192.168.2.0/24      
0.0.0.0/0          
    0     0 MASQUERADE  ah   --  *      *       192.168.3.0/24      
0.0.0.0/0          

Chain net_dnat (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
    3   215 DNAT       udp  --  *      *       0.0.0.0/0           
64.216.105.3       udp dpt:53 to:192.168.2.1 
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0           
64.216.105.3       tcp dpt:53 to:192.168.2.1 
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:21 to:192.168.2.1 
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:22 to:192.168.2.1 
    1    60 DNAT       tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:25 to:192.168.2.1 
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:110 to:192.168.2.1 
    0     0 DNAT       udp  --  *      *       0.0.0.0/0           
0.0.0.0/0          udp dpt:110 to:192.168.2.1 
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:143 to:192.168.2.1 
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:80 to:192.168.2.1 
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:443 to:192.168.2.1 
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:23 to:192.168.2.2 
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:6346 to:192.168.1.1 
    0     0 DNAT       udp  --  *      *       0.0.0.0/0           
0.0.0.0/0          udp dpt:6346 to:192.168.1.1 

Chain PREROUTING (policy ACCEPT 992 packets, 106K bytes)
 pkts bytes target     prot opt in     out     source              
destination         
  437 65376 man1918    ah   --  eth0   *       0.0.0.0/0           
0.0.0.0/0          
  992  106K pretos     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          
  992  106K tcpre      ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          
    0     0 MARK       tcp  --  eth3   *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:80 MARK set 0xca 
    0     0 MARK       tcp  --  eth3   *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:80 MARK set 0xca 

Chain INPUT (policy ACCEPT 160 packets, 13990 bytes)
 pkts bytes target     prot opt in     out     source              
destination         

Chain FORWARD (policy ACCEPT 832 packets, 91748 bytes)
 pkts bytes target     prot opt in     out     source              
destination         

Chain OUTPUT (policy ACCEPT 91 packets, 8496 bytes)
 pkts bytes target     prot opt in     out     source              
destination         
   91  8496 outtos     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          
   91  8496 tcout      ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain POSTROUTING (policy ACCEPT 922 packets, 100K bytes)
 pkts bytes target     prot opt in     out     source              
destination         

Chain logdrop (25 references)
 pkts bytes target     prot opt in     out     source              
destination         
    0     0 LOG        ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          LOG flags 0 level 6 prefix `Shorewall:man1918:DROP:''
    0     0 DROP       ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain man1918 (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
    0     0 RETURN     ah   --  *      *       0.0.0.0/0           
255.255.255.255    
    0     0 DROP       ah   --  *      *       0.0.0.0/0           
169.254.0.0/16     
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
172.16.0.0/12      
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
192.0.2.0/24       
    0     0 DROP       ah   --  *      *       0.0.0.0/0           
192.168.0.0/16     
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
0.0.0.0/7          
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
2.0.0.0/8          
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
5.0.0.0/8          
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
7.0.0.0/8          
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
23.0.0.0/8         
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
27.0.0.0/8         
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
31.0.0.0/8         
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
36.0.0.0/7         
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
39.0.0.0/8         
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
41.0.0.0/8         
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
42.0.0.0/8         
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
58.0.0.0/7         
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
60.0.0.0/8         
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
70.0.0.0/7         
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
72.0.0.0/5         
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
82.0.0.0/7         
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
84.0.0.0/6         
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
88.0.0.0/5         
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
96.0.0.0/3         
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
127.0.0.0/8        
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
197.0.0.0/8        
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
222.0.0.0/7        
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
240.0.0.0/4        

Chain outtos (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
   16  1120 TOS        udp  --  *      *       0.0.0.0/0           
0.0.0.0/0          TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp spt:53 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:53 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp spt:953 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:953 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:22 TOS set 0x10 
   58  5768 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp spt:22 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp spt:23 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:23 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:21 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp spt:21 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:80 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp spt:80 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp spt:20 TOS set 0x08 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:20 TOS set 0x08 

Chain pretos (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
  215 24405 TOS        udp  --  *      *       0.0.0.0/0           
0.0.0.0/0          TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp spt:53 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:53 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp spt:953 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:953 TOS set 0x10 
  105  8004 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:22 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp spt:22 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp spt:23 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:23 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:21 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp spt:21 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:80 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp spt:80 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp spt:20 TOS set 0x08 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:20 TOS set 0x08 

Chain tcout (1 references)
 pkts bytes target     prot opt in     out     source              
destination         

Chain tcpre (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
    0     0 MARK       ah   --  eth0   *       0.0.0.0/0           
192.168.1.0/24     MARK set 0x1 
    0     0 MARK       ah   --  eth0   *       0.0.0.0/0           
192.168.2.0/24     MARK set 0x2 
    0     0 MARK       ah   --  eth0   *       0.0.0.0/0           
192.168.3.0/24     MARK set 0x3 
  346 20536 MARK       ah   --  eth1   *       0.0.0.0/0           
0.0.0.0/0          MARK set 0xe 
    0     0 MARK       ah   --  eth1   *       0.0.0.0/0           
64.216.105.0/25    MARK set 0xb 
    0     0 MARK       ah   --  eth1   *       0.0.0.0/0           
208.191.32.0/24    MARK set 0xb 
    0     0 MARK       ah   --  eth1   *       0.0.0.0/0           
192.168.2.0/24     MARK set 0xc 
    0     0 MARK       ah   --  eth1   *       0.0.0.0/0           
192.168.3.0/24     MARK set 0xd 
  177 17138 MARK       ah   --  eth2   *       0.0.0.0/0           
0.0.0.0/0          MARK set 0x17 
    0     0 MARK       ah   --  eth2   *       0.0.0.0/0           
192.168.1.0/24     MARK set 0x15 
    0     0 MARK       ah   --  eth2   *       0.0.0.0/0           
192.168.3.0/24     MARK set 0x16 
    0     0 MARK       ah   --  eth3   *       0.0.0.0/0           
0.0.0.0/0          MARK set 0x21 
    0     0 MARK       ah   --  eth3   *       0.0.0.0/0           
192.168.1.0/24     MARK set 0x1f 
    0     0 MARK       ah   --  eth3   *       0.0.0.0/0           
192.168.2.0/24     MARK set 0x20 

tcp      6 431645 ESTABLISHED src=192.168.1.1 dst=192.168.2.1 sport=32768
dport=139 src=192.168.2.1 dst=192.168.1.1 sport=139 dport=32768 [ASSURED]
use=1 
udp      17 143 src=192.168.2.1 dst=194.109.6.152 sport=34412 dport=53
src=194.109.6.152 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 4 src=192.168.2.1 dst=194.109.6.153 sport=34412 dport=53
src=194.109.6.153 dst=64.216.105.3 sport=53 dport=34412 use=1 
udp      17 170 src=192.168.2.1 dst=194.109.6.154 sport=34412 dport=53
src=194.109.6.154 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
tcp      6 92 TIME_WAIT src=192.168.1.1 dst=192.168.2.1 sport=35853
dport=110 src=192.168.2.1 dst=192.168.1.1 sport=110 dport=35853 [ASSURED]
use=1 
udp      17 1 src=192.168.1.1 dst=192.168.2.1 sport=32787 dport=53
src=192.168.2.1 dst=192.168.1.1 sport=53 dport=32787 use=1 
tcp      6 431762 ESTABLISHED src=192.168.1.1 dst=208.191.32.28
sport=32771 dport=22 src=208.191.32.28 dst=64.216.105.3 sport=22
dport=32771 [ASSURED] use=1 
udp      17 155 src=192.168.2.1 dst=217.71.96.182 sport=34412 dport=53
src=217.71.96.182 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
tcp      6 18 TIME_WAIT src=24.203.99.164 dst=64.216.105.3 sport=3460
dport=25 src=192.168.2.1 dst=24.203.99.164 sport=25 dport=3460 [ASSURED]
use=1 
udp      17 150 src=192.168.2.1 dst=212.204.207.192 sport=34412 dport=53
src=212.204.207.192 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 172 src=192.168.2.1 dst=193.0.0.193 sport=34412 dport=53
src=193.0.0.193 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 81 src=192.168.2.1 dst=204.152.186.195 sport=34412 dport=53
src=204.152.186.195 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
tcp      6 29316 ESTABLISHED src=192.168.1.1 dst=208.191.32.28 sport=32794
dport=22 src=208.191.32.28 dst=64.216.105.3 sport=22 dport=32794 [ASSURED]
use=1 
udp      17 178 src=192.168.2.1 dst=202.42.194.205 sport=34412 dport=53
src=202.42.194.205 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 176 src=192.168.2.1 dst=202.42.194.208 sport=34412 dport=53
src=202.42.194.208 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 178 src=192.168.2.1 dst=202.42.194.214 sport=34412 dport=53
src=202.42.194.214 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 19 src=192.168.2.1 dst=193.109.122.215 sport=34412 dport=53
src=193.109.122.215 dst=64.216.105.3 sport=53 dport=34412 use=1 
udp      17 29 src=208.191.32.6 dst=64.216.105.3 sport=3395 dport=53
src=192.168.2.1 dst=208.191.32.6 sport=53 dport=3395 use=1 
udp      17 23 src=192.168.2.1 dst=195.13.10.226 sport=34412 dport=53
[UNREPLIED] src=195.13.10.226 dst=64.216.105.3 sport=53 dport=34412 use=1 
udp      17 4 src=192.168.2.1 dst=167.216.193.232 sport=34412 dport=53
src=167.216.193.232 dst=64.216.105.3 sport=53 dport=34412 use=1 
udp      17 153 src=192.168.2.1 dst=193.242.87.236 sport=34412 dport=53
src=193.242.87.236 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 161 src=194.247.47.47 dst=64.216.105.3 sport=32808 dport=53
src=192.168.2.1 dst=194.247.47.47 sport=53 dport=32808 [ASSURED] use=1 
udp      17 167 src=192.168.2.1 dst=205.231.29.242 sport=34412 dport=53
src=205.231.29.242 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 169 src=192.168.2.1 dst=205.231.29.244 sport=34412 dport=53
src=205.231.29.244 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 169 src=192.168.2.1 dst=205.231.29.245 sport=34412 dport=53
src=205.231.29.245 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 22 src=192.168.2.1 dst=208.191.32.1 sport=34412 dport=53
src=208.191.32.1 dst=64.216.105.3 sport=53 dport=34412 use=1 
udp      17 149 src=192.168.2.1 dst=193.193.190.1 sport=34412 dport=53
src=193.193.190.1 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 2 src=192.168.2.1 dst=128.194.178.1 sport=34412 dport=53
src=128.194.178.1 dst=64.216.105.3 sport=53 dport=34412 use=1 
udp      17 3 src=192.168.2.1 dst=62.250.2.2 sport=34412 dport=53
src=62.250.2.2 dst=64.216.105.3 sport=53 dport=34412 use=1 
udp      17 156 src=192.168.2.1 dst=81.17.33.2 sport=34412 dport=53
src=81.17.33.2 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 163 src=192.168.2.1 dst=192.169.33.3 sport=34412 dport=53
src=192.169.33.3 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 5 src=192.168.2.1 dst=140.142.5.5 sport=34412 dport=53
src=140.142.5.5 dst=64.216.105.3 sport=53 dport=34412 use=1 
udp      17 143 src=192.168.2.1 dst=128.194.254.5 sport=34412 dport=53
src=128.194.254.5 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 168 src=192.168.2.1 dst=165.21.83.11 sport=34412 dport=53
src=165.21.83.11 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 173 src=192.168.2.1 dst=195.13.1.13 sport=34412 dport=53
src=195.13.1.13 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 171 src=192.168.2.1 dst=198.6.1.19 sport=34412 dport=53
src=198.6.1.19 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 79 src=192.168.2.1 dst=132.216.44.21 sport=34412 dport=53
src=132.216.44.21 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 24 src=192.168.2.1 dst=216.201.96.33 sport=34412 dport=53
src=216.201.96.33 dst=64.216.105.3 sport=53 dport=34412 use=1 
udp      17 174 src=192.168.2.1 dst=216.201.96.34 sport=34412 dport=53
src=216.201.96.34 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 3 src=64.216.105.9 dst=64.216.105.3 sport=137 dport=53
src=192.168.2.1 dst=64.216.105.9 sport=53 dport=137 use=1 
tcp      6 34082 ESTABLISHED src=213.202.160.10 dst=64.216.105.3
sport=3980 dport=25 src=192.168.2.1 dst=213.202.160.10 sport=25 dport=3980
[ASSURED] use=1 
tcp      6 34074 ESTABLISHED src=213.202.160.10 dst=64.216.105.3
sport=3981 dport=25 src=192.168.2.1 dst=213.202.160.10 sport=25 dport=3981
[ASSURED] use=1 
tcp      6 34081 ESTABLISHED src=213.202.160.10 dst=64.216.105.3
sport=3983 dport=25 src=192.168.2.1 dst=213.202.160.10 sport=25 dport=3983
[ASSURED] use=1 
udp      17 4 src=192.168.2.1 dst=134.100.9.61 sport=34412 dport=53
src=134.100.9.61 dst=64.216.105.3 sport=53 dport=34412 use=1 
udp      17 171 src=192.168.2.1 dst=198.6.1.65 sport=34412 dport=53
src=198.6.1.65 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 165 src=192.168.2.1 dst=207.228.46.66 sport=34412 dport=53
src=207.228.46.66 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 26 src=192.168.2.1 dst=207.155.183.73 sport=34412 dport=53
src=207.155.183.73 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 153 src=192.168.2.1 dst=198.6.1.82 sport=34412 dport=53
src=198.6.1.82 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 168 src=192.168.2.1 dst=157.22.13.82 sport=34412 dport=53
src=157.22.13.82 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 172 src=192.168.2.1 dst=198.6.1.83 sport=34412 dport=53
src=198.6.1.83 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 5 src=192.168.2.1 dst=216.199.0.101 sport=34412 dport=53
src=216.199.0.101 dst=64.216.105.3 sport=53 dport=34412 use=1 
udp      17 155 src=192.168.2.1 dst=128.101.101.101 sport=34412 dport=53
src=128.101.101.101 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 150 src=192.168.2.1 dst=216.199.0.102 sport=34412 dport=53
src=216.199.0.102 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
tcp      6 120054 ESTABLISHED src=192.168.3.1 dst=205.188.248.56
sport=34715 dport=80 src=205.188.248.56 dst=64.216.105.3 sport=80
dport=34715 [ASSURED] use=1 
udp      17 162 src=165.21.83.91 dst=64.216.105.3 sport=40321 dport=53
src=192.168.2.1 dst=165.21.83.91 sport=53 dport=40321 [ASSURED] use=1 
tcp      6 431999 ESTABLISHED src=192.168.1.1 dst=192.168.1.254
sport=34788 dport=22 src=192.168.1.254 dst=192.168.1.1 sport=22
dport=34788 [ASSURED] use=1 
udp      17 162 src=192.168.2.1 dst=194.247.40.126 sport=34412 dport=53
src=194.247.40.126 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
tcp      6 431999 ESTABLISHED src=192.168.1.1 dst=134.173.254.38
sport=35267 dport=10151 src=134.173.254.38 dst=64.216.105.3 sport=10151
dport=35267 [ASSURED] use=1 
udp      17 78 src=192.168.2.1 dst=206.191.0.140 sport=34412 dport=53
src=206.191.0.140 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 164 src=192.168.2.1 dst=194.255.24.145 sport=34412 dport=53
src=194.255.24.145 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 36 src=151.164.70.201 dst=64.216.105.3 sport=53 dport=53
src=192.168.2.1 dst=151.164.70.201 sport=53 dport=53 [ASSURED] use=1 
tcp      6 431863 ESTABLISHED src=192.168.3.1 dst=192.168.1.1 sport=32768
dport=139 src=192.168.1.1 dst=192.168.3.1 sport=139 dport=32768 [ASSURED]
use=1 
udp      17 27 src=64.216.105.3 dst=64.216.105.3 sport=1024 dport=53
[UNREPLIED] src=64.216.105.3 dst=64.216.105.3 sport=53 dport=1024 use=1 
tcp      6 22 TIME_WAIT src=192.168.2.2 dst=208.191.32.28 sport=52751
dport=2064 src=208.191.32.28 dst=64.216.105.3 sport=2064 dport=52751
[ASSURED] use=1 
tcp      6 23 TIME_WAIT src=192.168.2.2 dst=208.191.32.28 sport=52752
dport=2064 src=208.191.32.28 dst=64.216.105.3 sport=2064 dport=52752
[ASSURED] use=1 
tcp      6 24 TIME_WAIT src=192.168.2.2 dst=208.191.32.28 sport=52753
dport=2064 src=208.191.32.28 dst=64.216.105.3 sport=2064 dport=52753
[ASSURED] use=1 
tcp      6 25 TIME_WAIT src=192.168.2.2 dst=208.191.32.28 sport=52754
dport=2064 src=208.191.32.28 dst=64.216.105.3 sport=2064 dport=52754
[ASSURED] use=1 
tcp      6 26 TIME_WAIT src=192.168.2.2 dst=208.191.32.28 sport=52755
dport=2064 src=208.191.32.28 dst=64.216.105.3 sport=2064 dport=52755
[ASSURED] use=1 
tcp      6 27 TIME_WAIT src=192.168.2.2 dst=208.191.32.28 sport=52756
dport=2064 src=208.191.32.28 dst=64.216.105.3 sport=2064 dport=52756
[ASSURED] use=1 
tcp      6 50 TIME_WAIT src=192.168.2.2 dst=208.191.32.28 sport=52757
dport=2064 src=208.191.32.28 dst=64.216.105.3 sport=2064 dport=52757
[ASSURED] use=1 
tcp      6 51 TIME_WAIT src=192.168.2.2 dst=208.191.32.28 sport=52758
dport=2064 src=208.191.32.28 dst=64.216.105.3 sport=2064 dport=52758
[ASSURED] use=1 
tcp      6 52 TIME_WAIT src=192.168.2.2 dst=208.191.32.28 sport=52759
dport=2064 src=208.191.32.28 dst=64.216.105.3 sport=2064 dport=52759
[ASSURED] use=1 
tcp      6 53 TIME_WAIT src=192.168.2.2 dst=208.191.32.28 sport=52760
dport=2064 src=208.191.32.28 dst=64.216.105.3 sport=2064 dport=52760
[ASSURED] use=1 
tcp      6 56 TIME_WAIT src=192.168.2.2 dst=208.191.32.28 sport=52761
dport=2064 src=208.191.32.28 dst=64.216.105.3 sport=2064 dport=52761
[ASSURED] use=1 
tcp      6 84 TIME_WAIT src=192.168.2.2 dst=208.191.32.28 sport=52762
dport=2064 src=208.191.32.28 dst=64.216.105.3 sport=2064 dport=52762
[ASSURED] use=1 
tcp      6 85 TIME_WAIT src=192.168.2.2 dst=208.191.32.28 sport=52763
dport=2064 src=208.191.32.28 dst=64.216.105.3 sport=2064 dport=52763
[ASSURED] use=1 
tcp      6 86 TIME_WAIT src=192.168.2.2 dst=208.191.32.28 sport=52764
dport=2064 src=208.191.32.28 dst=64.216.105.3 sport=2064 dport=52764
[ASSURED] use=1 
tcp      6 87 TIME_WAIT src=192.168.2.2 dst=208.191.32.28 sport=52765
dport=2064 src=208.191.32.28 dst=64.216.105.3 sport=2064 dport=52765
[ASSURED] use=1 
tcp      6 88 TIME_WAIT src=192.168.2.2 dst=208.191.32.28 sport=52766
dport=2064 src=208.191.32.28 dst=64.216.105.3 sport=2064 dport=52766
[ASSURED] use=1 
tcp      6 89 TIME_WAIT src=192.168.2.2 dst=208.191.32.28 sport=52767
dport=2064 src=208.191.32.28 dst=64.216.105.3 sport=2064 dport=52767
[ASSURED] use=1 
tcp      6 112 TIME_WAIT src=192.168.2.2 dst=208.191.32.28 sport=52768
dport=2064 src=208.191.32.28 dst=64.216.105.3 sport=2064 dport=52768
[ASSURED] use=1 
tcp      6 113 TIME_WAIT src=192.168.2.2 dst=208.191.32.28 sport=52769
dport=2064 src=208.191.32.28 dst=64.216.105.3 sport=2064 dport=52769
[ASSURED] use=1 
tcp      6 114 TIME_WAIT src=192.168.2.2 dst=208.191.32.28 sport=52770
dport=2064 src=208.191.32.28 dst=64.216.105.3 sport=2064 dport=52770
[ASSURED] use=1 
tcp      6 28339 ESTABLISHED src=192.168.1.1 dst=134.173.254.38
sport=32792 dport=10151 src=134.173.254.38 dst=64.216.105.3 sport=10151
dport=32792 [ASSURED] use=1 
tcp      6 116 TIME_WAIT src=192.168.2.2 dst=208.191.32.28 sport=52771
dport=2064 src=208.191.32.28 dst=64.216.105.3 sport=2064 dport=52771
[ASSURED] use=1 
tcp      6 117 TIME_WAIT src=192.168.2.2 dst=208.191.32.28 sport=52772
dport=2064 src=208.191.32.28 dst=64.216.105.3 sport=2064 dport=52772
[ASSURED] use=1 
tcp      6 119 TIME_WAIT src=192.168.2.2 dst=208.191.32.28 sport=52773
dport=2064 src=208.191.32.28 dst=64.216.105.3 sport=2064 dport=52773
[ASSURED] use=1 
tcp      6 0 TIME_WAIT src=68.106.95.70 dst=64.216.105.3 sport=1562
dport=110 src=192.168.2.1 dst=68.106.95.70 sport=110 dport=1562 [ASSURED]
use=1 
udp      17 150 src=192.168.2.1 dst=212.204.192.252 sport=34412 dport=53
src=212.204.192.252 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 1 src=192.168.2.1 dst=216.199.19.1 sport=34412 dport=53
src=216.199.19.1 dst=64.216.105.3 sport=53 dport=34412 use=1 
udp      17 78 src=192.168.2.1 dst=192.26.210.1 sport=34412 dport=53
src=192.26.210.1 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 6 src=192.168.2.1 dst=81.17.34.2 sport=34412 dport=53
src=81.17.34.2 dst=64.216.105.3 sport=53 dport=34412 use=1 
udp      17 152 src=192.168.2.1 dst=213.196.1.2 sport=34412 dport=53
src=213.196.1.2 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 165 src=192.168.2.1 dst=63.164.70.2 sport=34412 dport=53
src=63.164.70.2 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 137 src=192.168.2.1 dst=154.11.136.2 sport=34412 dport=53
src=154.11.136.2 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 152 src=192.168.2.1 dst=213.196.1.3 sport=34412 dport=53
src=213.196.1.3 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 148 src=192.168.2.1 dst=138.47.18.3 sport=34412 dport=53
src=138.47.18.3 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 140 src=192.168.2.1 dst=66.101.58.3 sport=34412 dport=53
src=66.101.58.3 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 164 src=192.168.2.1 dst=205.162.184.3 sport=34412 dport=53
src=205.162.184.3 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 172 src=192.168.2.1 dst=134.58.40.4 sport=34412 dport=53
src=134.58.40.4 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
tcp      6 81 TIME_WAIT src=205.206.231.26 dst=64.216.105.3 sport=51027
dport=25 src=192.168.2.1 dst=205.206.231.26 sport=25 dport=51027 [ASSURED]
use=1 
udp      17 167 src=192.168.2.1 dst=66.33.206.6 sport=34412 dport=53
src=66.33.206.6 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 4 src=192.168.2.1 dst=195.124.48.7 sport=34412 dport=53
src=195.124.48.7 dst=64.216.105.3 sport=53 dport=34412 use=1 
udp      17 169 src=192.168.2.1 dst=130.94.6.10 sport=34412 dport=53
src=130.94.6.10 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 175 src=192.168.2.1 dst=165.21.100.11 sport=34412 dport=53
src=165.21.100.11 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 3 src=192.168.2.1 dst=192.76.144.16 sport=34412 dport=53
src=192.76.144.16 dst=64.216.105.3 sport=53 dport=34412 use=1 
udp      17 169 src=192.168.2.1 dst=192.149.252.22 sport=34412 dport=53
src=192.149.252.22 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 152 src=192.168.2.1 dst=138.47.18.25 sport=34412 dport=53
src=138.47.18.25 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 174 src=192.168.2.1 dst=192.26.92.30 sport=34412 dport=53
src=192.26.92.30 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 171 src=192.168.2.1 dst=192.33.14.32 sport=34412 dport=53
src=192.33.14.32 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
tcp      6 431980 ESTABLISHED src=192.168.1.1 dst=192.168.1.254
sport=34702 dport=22 src=192.168.1.254 dst=192.168.1.1 sport=22
dport=34702 [ASSURED] use=1 
udp      17 140 src=192.168.2.1 dst=209.83.162.35 sport=34412 dport=53
src=209.83.162.35 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 150 src=192.168.2.1 dst=192.41.162.36 sport=34412 dport=53
src=192.41.162.36 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 168 src=192.168.2.1 dst=64.142.16.36 sport=34412 dport=53
src=64.142.16.36 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
tcp      6 431301 ESTABLISHED src=192.168.1.1 dst=192.168.2.1 sport=34703
dport=22 src=192.168.2.1 dst=192.168.1.1 sport=22 dport=34703 [ASSURED]
use=1 
udp      17 137 src=192.168.2.1 dst=205.233.109.39 sport=34412 dport=53
src=205.233.109.39 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 172 src=192.168.2.1 dst=203.120.90.40 sport=34412 dport=53
src=203.120.90.40 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 137 src=192.168.2.1 dst=205.233.109.40 sport=34412 dport=53
src=205.233.109.40 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 19 src=192.168.2.1 dst=208.31.42.43 sport=34412 dport=53
src=208.31.42.43 dst=64.216.105.3 sport=53 dport=34412 use=1 
udp      17 149 src=192.168.2.1 dst=62.250.7.46 sport=34412 dport=53
src=62.250.7.46 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
tcp      6 426524 ESTABLISHED src=192.168.1.1 dst=192.168.3.1 sport=35737
dport=22 src=192.168.3.1 dst=192.168.1.1 sport=22 dport=35737 [ASSURED]
use=1 
udp      17 11 src=192.168.2.1 dst=194.247.47.47 sport=34412 dport=53
src=194.247.47.47 dst=64.216.105.3 sport=53 dport=34412 use=1 
udp      17 1 src=192.168.2.1 dst=192.134.0.49 sport=34412 dport=53
src=192.134.0.49 dst=64.216.105.3 sport=53 dport=34412 use=1 
udp      17 156 src=192.168.2.1 dst=81.17.40.64 sport=34412 dport=53
src=81.17.40.64 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 149 src=192.168.2.1 dst=213.136.0.66 sport=34412 dport=53
src=213.136.0.66 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
tcp      6 106 TIME_WAIT src=205.206.231.27 dst=64.216.105.3 sport=45460
dport=25 src=192.168.2.1 dst=205.206.231.27 sport=25 dport=45460 [ASSURED]
use=1 
udp      17 1 src=192.168.2.1 dst=81.17.40.71 sport=34412 dport=53
src=81.17.40.71 dst=64.216.105.3 sport=53 dport=34412 use=1 
udp      17 147 src=192.168.2.1 dst=213.136.0.77 sport=34412 dport=53
src=213.136.0.77 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 151 src=192.168.2.1 dst=128.8.10.90 sport=34412 dport=53
src=128.8.10.90 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
tcp      6 224705 ESTABLISHED src=213.202.167.125 dst=64.216.105.3
sport=4426 dport=25 src=192.168.2.1 dst=213.202.167.125 sport=25
dport=4426 [ASSURED] use=1 
udp      17 5 src=192.168.2.1 dst=196.36.190.96 sport=34412 dport=53
src=196.36.190.96 dst=64.216.105.3 sport=53 dport=34412 use=1 
tcp      6 224708 ESTABLISHED src=213.202.167.125 dst=64.216.105.3
sport=4428 dport=25 src=192.168.2.1 dst=213.202.167.125 sport=25
dport=4428 [ASSURED] use=1 
tcp      6 91 TIME_WAIT src=216.199.19.6 dst=64.216.105.3 sport=4040
dport=25 src=192.168.2.1 dst=216.199.19.6 sport=25 dport=4040 [ASSURED]
use=1 
tcp      6 93 TIME_WAIT src=216.199.19.6 dst=64.216.105.3 sport=4042
dport=25 src=192.168.2.1 dst=216.199.19.6 sport=25 dport=4042 [ASSURED]
use=1 
tcp      6 95 TIME_WAIT src=216.199.19.6 dst=64.216.105.3 sport=4045
dport=25 src=192.168.2.1 dst=216.199.19.6 sport=25 dport=4045 [ASSURED]
use=1 
tcp      6 97 TIME_WAIT src=216.199.19.6 dst=64.216.105.3 sport=4047
dport=25 src=192.168.2.1 dst=216.199.19.6 sport=25 dport=4047 [ASSURED]
use=1 
udp      17 169 src=192.168.2.1 dst=209.98.98.115 sport=34412 dport=53
src=209.98.98.115 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 137 src=192.168.2.1 dst=154.11.136.130 sport=34412 dport=53
src=154.11.136.130 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 161 src=192.168.2.1 dst=217.79.164.131 sport=34412 dport=53
src=217.79.164.131 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 0 src=192.168.2.1 dst=128.101.80.131 sport=34412 dport=53
src=128.101.80.131 dst=64.216.105.3 sport=53 dport=34412 use=1 
udp      17 165 src=192.168.2.1 dst=195.154.210.133 sport=34412 dport=53
src=195.154.210.133 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
[H[JShorewall-1.3.11 Status at firewall - Mon Mar 31 11:31:27 UTC 2003

Counters reset Mon Mar 31 11:29:36 UTC 2003

Chain INPUT (policy DROP 30 packets, 4006 bytes)
 pkts bytes target     prot opt in     out     source              
destination         
  144 12096 ACCEPT     ah   --  lo     *       0.0.0.0/0           
0.0.0.0/0          
   91 15514 eth0_in    ah   --  eth0   *       0.0.0.0/0           
0.0.0.0/0          
  105  9706 eth1_in    ah   --  eth1   *       0.0.0.0/0           
0.0.0.0/0          
    3   690 eth2_in    ah   --  eth2   *       0.0.0.0/0           
0.0.0.0/0          
    0     0 eth3_in    ah   --  eth3   *       0.0.0.0/0           
0.0.0.0/0          
    0     0 common     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          
    0     0 LOG        ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          LOG flags 0 level 6 prefix `Shorewall:INPUT:REJECT:''
    0     0 reject     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain FORWARD (policy DROP 5 packets, 327 bytes)
 pkts bytes target     prot opt in     out     source              
destination         
  585  353K eth0_fwd   ah   --  eth0   *       0.0.0.0/0           
0.0.0.0/0          
   34  5935 eth1_fwd   ah   --  eth1   *       0.0.0.0/0           
0.0.0.0/0          
  317 57206 eth2_fwd   ah   --  eth2   *       0.0.0.0/0           
0.0.0.0/0          
  312 29785 eth3_fwd   ah   --  eth3   *       0.0.0.0/0           
0.0.0.0/0          
    0     0 common     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          
    0     0 LOG        ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          LOG flags 0 level 6 prefix
`Shorewall:FORWARD:REJECT:''
    0     0 reject     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source              
destination         
    0     0 ACCEPT     udp  --  *      eth0    0.0.0.0/0           
0.0.0.0/0          udp dpts:67:68 
    0     0 ACCEPT     udp  --  *      eth1    0.0.0.0/0           
0.0.0.0/0          udp dpts:67:68 
    0     0 ACCEPT     udp  --  *      eth2    0.0.0.0/0           
0.0.0.0/0          udp dpts:67:68 
    0     0 ACCEPT     udp  --  *      eth3    0.0.0.0/0           
0.0.0.0/0          udp dpts:67:68 
  144 12096 ACCEPT     ah   --  *      lo      0.0.0.0/0           
0.0.0.0/0          
   14  1608 ACCEPT     icmp --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW,RELATED,ESTABLISHED 
    0     0 all2all    ah   --  *      eth0    0.0.0.0/0           
0.0.0.0/0          
   59  7635 all2all    ah   --  *      eth1    0.0.0.0/0           
0.0.0.0/0          
    1    40 fw2dmz     ah   --  *      eth2    0.0.0.0/0           
0.0.0.0/0          
    0     0 all2all    ah   --  *      eth3    0.0.0.0/0           
0.0.0.0/0          
    0     0 common     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          
    0     0 LOG        ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          LOG flags 0 level 6 prefix
`Shorewall:OUTPUT:REJECT:''
    0     0 reject     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain all2all (14 references)
 pkts bytes target     prot opt in     out     source              
destination         
   59  7635 ACCEPT     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          state RELATED,ESTABLISHED 
    0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp flags:!0x16/0x02 
   14  1882 common     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          
    0     0 LOG        ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          LOG flags 0 level 6 prefix
`Shorewall:all2all:REJECT:''
    0     0 reject     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain blacklst (2 references)
 pkts bytes target     prot opt in     out     source              
destination         
    0     0 DROP       tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:1433 
    0     0 DROP       udp  --  *      *       0.0.0.0/0           
0.0.0.0/0          udp dpt:1433 
    0     0 DROP       tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:1434 
    0     0 DROP       udp  --  *      *       0.0.0.0/0           
0.0.0.0/0          udp dpt:1434 
    0     0 DROP       ah   --  *      *       65.89.168.0/24      
0.0.0.0/0          
    0     0 DROP       ah   --  *      *       207.6.0.0/16        
0.0.0.0/0          
    0     0 DROP       ah   --  *      *       199.95.206.0/23     
0.0.0.0/0          
    0     0 DROP       ah   --  *      *       199.95.208.0/23     
0.0.0.0/0          

Chain common (6 references)
 pkts bytes target     prot opt in     out     source              
destination         
    8   672 icmpdef    icmp --  *      *       0.0.0.0/0           
0.0.0.0/0          
    0     0 DROP       tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state INVALID 
   79 10303 REJECT     udp  --  *      *       0.0.0.0/0           
0.0.0.0/0          udp dpts:137:139 reject-with icmp-port-unreachable 
    0     0 REJECT     udp  --  *      *       0.0.0.0/0           
0.0.0.0/0          udp dpt:445 reject-with icmp-port-unreachable 
    0     0 reject     tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:135 
    0     0 DROP       udp  --  *      *       0.0.0.0/0           
0.0.0.0/0          udp dpt:1900 
    0     0 DROP       ah   --  *      *       0.0.0.0/0           
255.255.255.255    
    0     0 DROP       ah   --  *      *       0.0.0.0/0           
224.0.0.0/4        
    1    60 reject     tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:113 
    0     0 DROP       udp  --  *      *       0.0.0.0/0           
0.0.0.0/0          udp spt:53 state NEW 
    0     0 DROP       ah   --  *      *       0.0.0.0/0           
64.216.105.127     
    0     0 DROP       ah   --  *      *       0.0.0.0/0           
192.168.1.255      
    0     0 DROP       ah   --  *      *       0.0.0.0/0           
192.168.2.255      
    0     0 DROP       ah   --  *      *       0.0.0.0/0           
192.168.3.255      

Chain dmz2fw (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
    0     0 ACCEPT     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          state RELATED,ESTABLISHED 
    0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp flags:!0x16/0x02 
    0     0 ACCEPT     udp  --  *      *       192.168.2.1         
0.0.0.0/0          state NEW udp dpt:123 
    3   690 all2all    ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain dmz2kids (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
    7   928 ACCEPT     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          state RELATED,ESTABLISHED 
    0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp flags:!0x16/0x02 
    0     0 ACCEPT     udp  --  *      *       192.168.2.1         
0.0.0.0/0          state NEW udp dpt:123 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp spt:20 
    0     0 all2all    ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain dmz2loc (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
    0     0 ACCEPT     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          state RELATED,ESTABLISHED 
    0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp flags:!0x16/0x02 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW udp dpts:137:139 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp dpts:137:139 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp dpt:445 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW udp dpts:1024:65535 
    0     0 ACCEPT     udp  --  *      *       192.168.2.1         
0.0.0.0/0          state NEW udp dpt:123 
    0     0 ACCEPT     tcp  --  *      *       192.168.2.1         
192.168.1.1        state NEW tcp dpt:22 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp spt:20 
    0     0 all2all    ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain dmz2net (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
  261 52161 ACCEPT     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          state RELATED,ESTABLISHED 
    3   792 newnotsyn  tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp flags:!0x16/0x02 
   30  2181 ACCEPT     udp  --  *      *       192.168.2.1         
0.0.0.0/0          state NEW udp dpt:53 
    0     0 ACCEPT     tcp  --  *      *       192.168.2.1         
0.0.0.0/0          state NEW tcp dpt:53 
    0     0 ACCEPT     udp  --  *      *       192.168.2.1         
0.0.0.0/0          state NEW udp spt:53 
    0     0 ACCEPT     tcp  --  *      *       192.168.2.1         
0.0.0.0/0          state NEW tcp spt:53 
    0     0 ACCEPT     tcp  --  *      *       192.168.2.1         
0.0.0.0/0          state NEW tcp dpt:25 
    0     0 ACCEPT     tcp  --  *      *       192.168.2.1         
0.0.0.0/0          state NEW tcp spt:20 
    0     0 ACCEPT     ah   --  *      *       192.168.2.100       
0.0.0.0/0          state NEW 
    0     0 ACCEPT     tcp  --  *      *       192.168.2.1         
0.0.0.0/0          state NEW tcp dpt:80 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp dpt:80 
    0     0 ACCEPT     udp  --  *      *       192.168.2.1         
151.164.172.245    state NEW udp dpt:123 
    0     0 ACCEPT     udp  --  *      *       192.168.2.1         
199.240.130.1      state NEW udp dpt:123 
    0     0 ACCEPT     tcp  --  *      *       192.168.2.2         
132.163.135.130    state NEW tcp dpt:13 
    0     0 ACCEPT     tcp  --  *      *       192.168.2.1         
213.220.100.1      state NEW tcp dpt:20 
    0     0 ACCEPT     tcp  --  *      *       192.168.2.1         
213.220.100.1      state NEW tcp dpt:21 
    0     0 ACCEPT     tcp  --  *      *       192.168.2.1         
213.220.100.2      state NEW tcp dpt:20 
    0     0 ACCEPT     tcp  --  *      *       192.168.2.1         
213.220.100.2      state NEW tcp dpt:21 
    0     0 ACCEPT     tcp  --  *      *       192.168.2.1         
213.220.100.3      state NEW tcp dpt:20 
    0     0 ACCEPT     tcp  --  *      *       192.168.2.1         
213.220.100.3      state NEW tcp dpt:21 
   13   624 ACCEPT     tcp  --  *      *       0.0.0.0/0           
208.191.32.28      state NEW tcp dpt:2064 
    3   520 all2all    ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain dynamic (8 references)
 pkts bytes target     prot opt in     out     source              
destination         

Chain eth0_fwd (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
  585  353K dynamic    ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          
  585  353K rfc1918    ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          
  585  353K blacklst   ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          
   35 31525 net2loc    ah   --  *      eth1    0.0.0.0/0           
0.0.0.0/0          
  278 24544 net2dmz    ah   --  *      eth2    0.0.0.0/0           
0.0.0.0/0          
  272  297K net2all    ah   --  *      eth3    0.0.0.0/0           
0.0.0.0/0          

Chain eth0_in (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
   91 15514 dynamic    ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          
    6  3456 ACCEPT     udp  --  *      *       0.0.0.0/0           
0.0.0.0/0          udp dpts:67:68 
   85 12058 rfc1918    ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          
   85 12058 blacklst   ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          
   85 12058 net2fw     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain eth1_fwd (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
   34  5935 dynamic    ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          
   34  5935 loc2net    ah   --  *      eth0    0.0.0.0/0           
0.0.0.0/0          
    0     0 loc2dmz    ah   --  *      eth2    0.0.0.0/0           
0.0.0.0/0          
    0     0 loc2kids   ah   --  *      eth3    0.0.0.0/0           
0.0.0.0/0          

Chain eth1_in (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
  105  9706 dynamic    ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0           
0.0.0.0/0          udp dpts:67:68 
  105  9706 loc2fw     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain eth2_fwd (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
  317 57206 dynamic    ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          
  310 56278 dmz2net    ah   --  *      eth0    0.0.0.0/0           
0.0.0.0/0          
    0     0 dmz2loc    ah   --  *      eth1    0.0.0.0/0           
0.0.0.0/0          
    7   928 dmz2kids   ah   --  *      eth3    0.0.0.0/0           
0.0.0.0/0          

Chain eth2_in (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
    3   690 dynamic    ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0           
0.0.0.0/0          udp dpts:67:68 
    3   690 dmz2fw     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain eth3_fwd (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
  312 29785 dynamic    ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          
   26  2227 eth3_mac   ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW 
  296 28145 kids2net   ah   --  *      eth0    0.0.0.0/0           
0.0.0.0/0          
    9  1188 kids2loc   ah   --  *      eth1    0.0.0.0/0           
0.0.0.0/0          
    7   452 kids2dmz   ah   --  *      eth2    0.0.0.0/0           
0.0.0.0/0          

Chain eth3_in (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
    0     0 dynamic    ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0           
0.0.0.0/0          udp dpts:67:68 
    0     0 eth3_mac   ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW 
    0     0 all2all    ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain eth3_mac (2 references)
 pkts bytes target     prot opt in     out     source              
destination         
   26  2227 RETURN     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          MAC 00:40:96:33:A7:9E 
    0     0 RETURN     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          MAC 00:60:1D:23:7E:B2 
    0     0 RETURN     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          MAC 00:02:2D:31:9C:69 
    0     0 RETURN     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          MAC 00:02:2D:02:67:25 
    0     0 RETURN     ah   --  *      *       192.168.3.254       
192.168.3.255      
    0     0 RETURN     ah   --  *      *       192.168.3.254       
255.255.255.255    
    0     0 RETURN     ah   --  *      *       192.168.3.254       
224.0.0.0/4        
    0     0 LOG        ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          LOG flags 0 level 6 prefix
`Shorewall:eth3_mac:REJECT:''

    0     0 reject     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain fw2dmz (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
    1    40 ACCEPT     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          state RELATED,ESTABLISHED 
    0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp flags:!0x16/0x02 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW udp dpt:53 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW tcp dpt:53 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW udp dpt:123 
    0     0 all2all    ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain icmpdef (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
    8   672 ACCEPT     icmp --  *      *       0.0.0.0/0           
0.0.0.0/0          icmp type 8 

Chain kids2dmz (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
    5   313 ACCEPT     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          state RELATED,ESTABLISHED 
    0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp flags:!0x16/0x02 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
192.168.2.2        state NEW tcp dpt:23 
    1    63 ACCEPT     udp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW udp dpt:53 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW tcp dpt:53 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW tcp dpt:25 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW tcp dpt:110 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW tcp dpt:80 
    1    76 ACCEPT     udp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW udp dpt:123 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp dpt:21 
    0     0 all2all    ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain kids2loc (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
    0     0 ACCEPT     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          state RELATED,ESTABLISHED 
    9  1188 newnotsyn  tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp flags:!0x16/0x02 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW udp dpts:137:139 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp dpts:137:139 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp dpt:445 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW udp dpts:1024:65535 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp dpt:515 
    0     0 all2all    ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain kids2net (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
  281 27245 ACCEPT     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          state RELATED,ESTABLISHED 
    0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp flags:!0x16/0x02 
   15   900 ACCEPT     ah   --  *      *       192.168.3.1         
0.0.0.0/0          state NEW 
    0     0 ACCEPT     ah   --  *      *       192.168.3.128/27    
0.0.0.0/0          state NEW 
    0     0 common     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          
    0     0 reject     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain loc2dmz (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
    0     0 ACCEPT     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          state RELATED,ESTABLISHED 
    0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp flags:!0x16/0x02 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
192.168.2.2        state NEW tcp dpt:23 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW udp dpt:53 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW tcp dpt:53 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW udp dpts:137:139 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp dpts:137:139 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp dpt:445 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW udp dpts:1024:65535 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW tcp dpt:25 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW tcp dpt:110 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW tcp dpt:80 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW udp dpt:123 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp dpt:22 
    0     0 ACCEPT     tcp  --  *      *       192.168.1.1         
192.168.2.1        state NEW tcp dpt:10000 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp dpt:21 
    0     0 all2all    ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain loc2fw (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
   96  8974 ACCEPT     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          state RELATED,ESTABLISHED 
    0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp flags:!0x16/0x02 
    1    60 ACCEPT     tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp dpt:22 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp dpt:80 
    8   672 all2all    ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain loc2kids (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
    0     0 ACCEPT     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          state RELATED,ESTABLISHED 
    0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp flags:!0x16/0x02 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW udp dpts:137:139 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp dpts:137:139 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp dpt:445 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW udp dpts:1024:65535 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp dpt:22 
    0     0 all2all    ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain loc2net (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
   31  5744 ACCEPT     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          state RELATED,ESTABLISHED 
    1    71 newnotsyn  tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp flags:!0x16/0x02 
    2   120 ACCEPT     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain logdrop (25 references)
 pkts bytes target     prot opt in     out     source              
destination         
    0     0 LOG        ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          LOG flags 0 level 6 prefix `Shorewall:rfc1918:DROP:''
    0     0 DROP       ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain net2all (4 references)
 pkts bytes target     prot opt in     out     source              
destination         
  272  297K ACCEPT     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          state RELATED,ESTABLISHED 
    0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp flags:!0x16/0x02 
   74  9153 common     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          
    0     0 LOG        ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          LOG flags 0 level 6 prefix `Shorewall:net2all:DROP:''
    0     0 DROP       ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain net2dmz (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
  255 23012 ACCEPT     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          state RELATED,ESTABLISHED 
    0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp flags:!0x16/0x02 
   21  1424 ACCEPT     udp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW udp dpt:53 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW tcp dpt:53 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW tcp dpt:21 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW tcp dpt:22 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW tcp dpt:25 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW tcp dpt:110 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW udp dpt:110 
    1    60 ACCEPT     tcp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW tcp dpt:143 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW tcp dpt:80 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
192.168.2.1        state NEW tcp dpt:443 
    1    48 ACCEPT     tcp  --  *      *       0.0.0.0/0           
192.168.2.2        state NEW tcp dpt:23 
    0     0 net2all    ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain net2fw (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
    0     0 ACCEPT     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          state RELATED,ESTABLISHED 
   11  2905 newnotsyn  tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp flags:!0x16/0x02 
    0     0 DROP       tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp dpt:1433 
   74  9153 net2all    ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain net2loc (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
   35 31525 ACCEPT     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          state RELATED,ESTABLISHED 
    0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          state NEW tcp flags:!0x16/0x02 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
192.168.1.1        state NEW tcp dpt:6346 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0           
192.168.1.1        state NEW udp dpt:6346 
    0     0 net2all    ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain newnotsyn (17 references)
 pkts bytes target     prot opt in     out     source              
destination         
   24  4956 DROP       ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain reject (8 references)
 pkts bytes target     prot opt in     out     source              
destination         
    1    60 REJECT     tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          reject-with tcp-reset 
    0     0 REJECT     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          reject-with icmp-port-unreachable 

Chain rfc1918 (2 references)
 pkts bytes target     prot opt in     out     source              
destination         
    0     0 RETURN     ah   --  *      *       255.255.255.255     
0.0.0.0/0          
    0     0 DROP       ah   --  *      *       169.254.0.0/16      
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       172.16.0.0/12       
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       192.0.2.0/24        
0.0.0.0/0          
    0     0 DROP       ah   --  *      *       192.168.0.0/16      
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       0.0.0.0/7           
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       2.0.0.0/8           
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       5.0.0.0/8           
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       7.0.0.0/8           
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       23.0.0.0/8          
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       27.0.0.0/8          
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       31.0.0.0/8          
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       36.0.0.0/7          
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       39.0.0.0/8          
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       41.0.0.0/8          
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       42.0.0.0/8          
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       58.0.0.0/7          
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       60.0.0.0/8          
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       70.0.0.0/7          
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       72.0.0.0/5          
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       82.0.0.0/7          
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       84.0.0.0/6          
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       88.0.0.0/5          
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       96.0.0.0/3          
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       127.0.0.0/8         
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       197.0.0.0/8         
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       222.0.0.0/7         
0.0.0.0/0          
    0     0 logdrop    ah   --  *      *       240.0.0.0/4         
0.0.0.0/0          

Chain shorewall (0 references)
 pkts bytes target     prot opt in     out     source              
destination         


Chain PREROUTING (policy ACCEPT 218 packets, 26659 bytes)
 pkts bytes target     prot opt in     out     source              
destination         
  109 14182 net_dnat   ah   --  eth0   *       0.0.0.0/0           
0.0.0.0/0          

Chain POSTROUTING (policy ACCEPT 27 packets, 1920 bytes)
 pkts bytes target     prot opt in     out     source              
destination         
   57  3620 eth0_masq  ah   --  *      eth0    0.0.0.0/0           
0.0.0.0/0          

Chain OUTPUT (policy ACCEPT 1 packets, 63 bytes)
 pkts bytes target     prot opt in     out     source              
destination         

Chain eth0_masq (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
    2   120 MASQUERADE  ah   --  *      *       192.168.1.0/24      
0.0.0.0/0          
   40  2600 MASQUERADE  ah   --  *      *       192.168.2.0/24      
0.0.0.0/0          
   15   900 MASQUERADE  ah   --  *      *       192.168.3.0/24      
0.0.0.0/0          

Chain net_dnat (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
   20  1362 DNAT       udp  --  *      *       0.0.0.0/0           
64.216.105.3       udp dpt:53 to:192.168.2.1 
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0           
64.216.105.3       tcp dpt:53 to:192.168.2.1 
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:21 to:192.168.2.1 
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:22 to:192.168.2.1 
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:25 to:192.168.2.1 
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:110 to:192.168.2.1 
    0     0 DNAT       udp  --  *      *       0.0.0.0/0           
0.0.0.0/0          udp dpt:110 to:192.168.2.1 
    1    60 DNAT       tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:143 to:192.168.2.1 
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:80 to:192.168.2.1 
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:443 to:192.168.2.1 
    1    48 DNAT       tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:23 to:192.168.2.2 
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:6346 to:192.168.1.1 
    0     0 DNAT       udp  --  *      *       0.0.0.0/0           
0.0.0.0/0          udp dpt:6346 to:192.168.1.1 

Chain PREROUTING (policy ACCEPT 1644 packets, 492K bytes)
 pkts bytes target     prot opt in     out     source              
destination         
  689  371K man1918    ah   --  eth0   *       0.0.0.0/0           
0.0.0.0/0          
 1602  485K pretos     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          
 1601  485K tcpre      ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          
  296 28145 MARK       tcp  --  eth3   *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:80 MARK set 0xca 

Chain INPUT (policy ACCEPT 387 packets, 44688 bytes)
 pkts bytes target     prot opt in     out     source              
destination         

Chain FORWARD (policy ACCEPT 1257 packets, 447K bytes)
 pkts bytes target     prot opt in     out     source              
destination         

Chain OUTPUT (policy ACCEPT 226 packets, 22007 bytes)
 pkts bytes target     prot opt in     out     source              
destination         
  218 21371 outtos     ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          
  218 21371 tcout      ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain POSTROUTING (policy ACCEPT 1462 packets, 466K bytes)
 pkts bytes target     prot opt in     out     source              
destination         

Chain logdrop (25 references)
 pkts bytes target     prot opt in     out     source              
destination         
    0     0 LOG        ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          LOG flags 0 level 6 prefix `Shorewall:man1918:DROP:''
    0     0 DROP       ah   --  *      *       0.0.0.0/0           
0.0.0.0/0          

Chain man1918 (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
    6  3456 RETURN     ah   --  *      *       0.0.0.0/0           
255.255.255.255    
    0     0 DROP       ah   --  *      *       0.0.0.0/0           
169.254.0.0/16     
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
172.16.0.0/12      
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
192.0.2.0/24       
    0     0 DROP       ah   --  *      *       0.0.0.0/0           
192.168.0.0/16     
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
0.0.0.0/7          
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
2.0.0.0/8          
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
5.0.0.0/8          
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
7.0.0.0/8          
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
23.0.0.0/8         
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
27.0.0.0/8         
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
31.0.0.0/8         
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
36.0.0.0/7         
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
39.0.0.0/8         
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
41.0.0.0/8         
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
42.0.0.0/8         
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
58.0.0.0/7         
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
60.0.0.0/8         
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
70.0.0.0/7         
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
72.0.0.0/5         
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
82.0.0.0/7         
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
84.0.0.0/6         
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
88.0.0.0/5         
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
96.0.0.0/3         
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
127.0.0.0/8        
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
197.0.0.0/8        
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
222.0.0.0/7        
    0     0 logdrop    ah   --  *      *       0.0.0.0/0           
240.0.0.0/4        

Chain outtos (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
   72  5040 TOS        udp  --  *      *       0.0.0.0/0           
0.0.0.0/0          TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp spt:53 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:53 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp spt:953 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:953 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:22 TOS set 0x10 
   59  7635 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp spt:22 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp spt:23 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:23 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:21 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp spt:21 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:80 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp spt:80 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp spt:20 TOS set 0x08 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:20 TOS set 0x08 

Chain pretos (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
  347 43602 TOS        udp  --  *      *       0.0.0.0/0           
0.0.0.0/0          TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp spt:53 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:53 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp spt:953 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:953 TOS set 0x10 
   97  9034 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:22 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp spt:22 TOS set 0x10 
   64 16351 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp spt:23 TOS set 0x10 
   63  2619 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:23 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:21 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp spt:21 TOS set 0x10 
  329 34009 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:80 TOS set 0x10 
  307  328K TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp spt:80 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp spt:20 TOS set 0x08 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:20 TOS set 0x08 

Chain tcout (1 references)
 pkts bytes target     prot opt in     out     source              
destination         

Chain tcpre (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
    0     0 MARK       ah   --  eth0   *       0.0.0.0/0           
192.168.1.0/24     MARK set 0x1 
    0     0 MARK       ah   --  eth0   *       0.0.0.0/0           
192.168.2.0/24     MARK set 0x2 
    0     0 MARK       ah   --  eth0   *       0.0.0.0/0           
192.168.3.0/24     MARK set 0x3 
  141 15809 MARK       ah   --  eth1   *       0.0.0.0/0           
0.0.0.0/0          MARK set 0xe 
    0     0 MARK       ah   --  eth1   *       0.0.0.0/0           
64.216.105.0/25    MARK set 0xb 
   33  5864 MARK       ah   --  eth1   *       0.0.0.0/0           
208.191.32.0/24    MARK set 0xb 
    0     0 MARK       ah   --  eth1   *       0.0.0.0/0           
192.168.2.0/24     MARK set 0xc 
    0     0 MARK       ah   --  eth1   *       0.0.0.0/0           
192.168.3.0/24     MARK set 0xd 
  321 58302 MARK       ah   --  eth2   *       0.0.0.0/0           
0.0.0.0/0          MARK set 0x17 
    0     0 MARK       ah   --  eth2   *       0.0.0.0/0           
192.168.1.0/24     MARK set 0x15 
    7   928 MARK       ah   --  eth2   *       0.0.0.0/0           
192.168.3.0/24     MARK set 0x16 
  312 29785 MARK       ah   --  eth3   *       0.0.0.0/0           
0.0.0.0/0          MARK set 0x21 
    9  1188 MARK       ah   --  eth3   *       0.0.0.0/0           
192.168.1.0/24     MARK set 0x1f 
    7   452 MARK       ah   --  eth3   *       0.0.0.0/0           
192.168.2.0/24     MARK set 0x20 

udp      17 123 src=192.168.3.1 dst=192.168.2.1 sport=32768 dport=53
src=192.168.2.1 dst=192.168.3.1 sport=53 dport=32768 [ASSURED] use=1 
udp      17 16 src=192.168.2.1 dst=63.211.227.203 sport=34412 dport=53
src=63.211.227.203 dst=64.216.105.3 sport=53 dport=34412 use=1 
tcp      6 91 FIN_WAIT src=192.168.2.2 dst=208.191.32.28 sport=49958
dport=2064 [UNREPLIED] src=208.191.32.28 dst=192.168.2.2 sport=2064
dport=49958 use=1 
tcp      6 59 TIME_WAIT src=192.168.2.2 dst=208.191.32.28 sport=49959
dport=2064 src=208.191.32.28 dst=64.216.105.3 sport=2064 dport=49959
[ASSURED] use=1 
tcp      6 87 TIME_WAIT src=192.168.2.2 dst=208.191.32.28 sport=49960
dport=2064 src=208.191.32.28 dst=64.216.105.3 sport=2064 dport=49960
[ASSURED] use=1 
tcp      6 88 TIME_WAIT src=192.168.2.2 dst=208.191.32.28 sport=49961
dport=2064 src=208.191.32.28 dst=64.216.105.3 sport=2064 dport=49961
[ASSURED] use=1 
tcp      6 89 TIME_WAIT src=192.168.2.2 dst=208.191.32.28 sport=49962
dport=2064 src=208.191.32.28 dst=64.216.105.3 sport=2064 dport=49962
[ASSURED] use=1 
tcp      6 90 TIME_WAIT src=192.168.2.2 dst=208.191.32.28 sport=49963
dport=2064 src=208.191.32.28 dst=64.216.105.3 sport=2064 dport=49963
[ASSURED] use=1 
tcp      6 91 TIME_WAIT src=192.168.2.2 dst=208.191.32.28 sport=49964
dport=2064 src=208.191.32.28 dst=64.216.105.3 sport=2064 dport=49964
[ASSURED] use=1 
tcp      6 93 TIME_WAIT src=192.168.2.2 dst=208.191.32.28 sport=49965
dport=2064 src=208.191.32.28 dst=64.216.105.3 sport=2064 dport=49965
[ASSURED] use=1 
udp      17 74 src=192.168.2.1 dst=204.187.61.222 sport=34412 dport=53
src=204.187.61.222 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
tcp      6 111 TIME_WAIT src=192.168.2.2 dst=208.191.32.28 sport=49966
dport=2064 src=208.191.32.28 dst=64.216.105.3 sport=2064 dport=49966
[ASSURED] use=1 
tcp      6 112 TIME_WAIT src=192.168.2.2 dst=208.191.32.28 sport=49967
dport=2064 src=208.191.32.28 dst=64.216.105.3 sport=2064 dport=49967
[ASSURED] use=1 
tcp      6 113 TIME_WAIT src=192.168.2.2 dst=208.191.32.28 sport=49968
dport=2064 src=208.191.32.28 dst=64.216.105.3 sport=2064 dport=49968
[ASSURED] use=1 
tcp      6 115 TIME_WAIT src=192.168.2.2 dst=208.191.32.28 sport=49969
dport=2064 src=208.191.32.28 dst=64.216.105.3 sport=2064 dport=49969
[ASSURED] use=1 
tcp      6 116 TIME_WAIT src=192.168.2.2 dst=208.191.32.28 sport=49970
dport=2064 src=208.191.32.28 dst=64.216.105.3 sport=2064 dport=49970
[ASSURED] use=1 
tcp      6 117 TIME_WAIT src=192.168.2.2 dst=208.191.32.28 sport=49971
dport=2064 src=208.191.32.28 dst=64.216.105.3 sport=2064 dport=49971
[ASSURED] use=1 
udp      17 148 src=192.168.2.1 dst=38.117.132.251 sport=34412 dport=53
src=38.117.132.251 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 148 src=192.168.2.1 dst=38.117.132.252 sport=34412 dport=53
src=38.117.132.252 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 109 src=192.168.2.1 dst=209.244.0.1 sport=34412 dport=53
src=209.244.0.1 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 117 src=192.168.2.1 dst=192.35.51.32 sport=34412 dport=53
src=192.35.51.32 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 17 src=192.168.2.1 dst=63.150.183.46 sport=34412 dport=53
src=63.150.183.46 dst=64.216.105.3 sport=53 dport=34412 use=1 
udp      17 166 src=64.216.105.33 dst=64.216.105.3 sport=1167 dport=53
src=192.168.2.1 dst=64.216.105.33 sport=53 dport=1167 [ASSURED] use=1 
udp      17 16 src=64.216.105.33 dst=64.216.105.3 sport=1168 dport=53
src=192.168.2.1 dst=64.216.105.33 sport=53 dport=1168 use=1 
udp      17 17 src=64.216.105.33 dst=64.216.105.3 sport=1171 dport=53
src=192.168.2.1 dst=64.216.105.33 sport=53 dport=1171 use=1 
udp      17 18 src=64.216.105.33 dst=64.216.105.3 sport=1174 dport=53
src=192.168.2.1 dst=64.216.105.33 sport=53 dport=1174 use=1 
udp      17 102 src=12.127.16.68 dst=64.216.105.3 sport=60293 dport=53
src=192.168.2.1 dst=12.127.16.68 sport=53 dport=60293 [ASSURED] use=1 
tcp      6 431999 ESTABLISHED src=192.168.1.1 dst=192.168.1.254
sport=40400 dport=22 src=192.168.1.254 dst=192.168.1.1 sport=22
dport=40400 [ASSURED] use=1 
tcp      6 65 TIME_WAIT src=192.168.3.1 dst=216.116.226.186 sport=32793
dport=80 src=216.116.226.186 dst=64.216.105.3 sport=80 dport=32793
[ASSURED] use=1 
tcp      6 431999 ESTABLISHED src=206.47.217.158 dst=64.216.105.3
sport=2355 dport=23 src=192.168.2.2 dst=206.47.217.158 sport=23 dport=2355
[ASSURED] use=1 
tcp      6 63 TIME_WAIT src=192.168.3.1 dst=216.116.226.186 sport=32794
dport=80 src=216.116.226.186 dst=64.216.105.3 sport=80 dport=32794
[ASSURED] use=1 
tcp      6 67 TIME_WAIT src=192.168.3.1 dst=216.116.226.186 sport=32795
dport=80 src=216.116.226.186 dst=64.216.105.3 sport=80 dport=32795
[ASSURED] use=1 
tcp      6 88 TIME_WAIT src=192.168.1.1 dst=208.191.32.7 sport=40401
dport=80 src=208.191.32.7 dst=64.216.105.3 sport=80 dport=40401 [ASSURED]
use=1 
tcp      6 88 TIME_WAIT src=192.168.1.1 dst=208.191.32.7 sport=40402
dport=80 src=208.191.32.7 dst=64.216.105.3 sport=80 dport=40402 [ASSURED]
use=1 
tcp      6 65 TIME_WAIT src=192.168.3.1 dst=216.116.226.186 sport=32800
dport=80 src=216.116.226.186 dst=64.216.105.3 sport=80 dport=32800
[ASSURED] use=1 
tcp      6 66 TIME_WAIT src=192.168.3.1 dst=216.116.226.186 sport=32801
dport=80 src=216.116.226.186 dst=64.216.105.3 sport=80 dport=32801
[ASSURED] use=1 
tcp      6 66 TIME_WAIT src=192.168.3.1 dst=216.116.226.186 sport=32802
dport=80 src=216.116.226.186 dst=64.216.105.3 sport=80 dport=32802
[ASSURED] use=1 
tcp      6 70 TIME_WAIT src=192.168.3.1 dst=216.116.226.186 sport=32803
dport=80 src=216.116.226.186 dst=64.216.105.3 sport=80 dport=32803
[ASSURED] use=1 
tcp      6 89 TIME_WAIT src=192.168.3.1 dst=216.116.226.186 sport=32804
dport=80 src=216.116.226.186 dst=64.216.105.3 sport=80 dport=32804
[ASSURED] use=1 
tcp      6 99 TIME_WAIT src=192.168.3.1 dst=216.116.226.186 sport=32805
dport=80 src=216.116.226.186 dst=64.216.105.3 sport=80 dport=32805
[ASSURED] use=1 
tcp      6 119 TIME_WAIT src=192.168.3.1 dst=216.116.226.186 sport=32807
dport=80 src=216.116.226.186 dst=64.216.105.3 sport=80 dport=32807
[ASSURED] use=1 
udp      17 23 src=64.216.105.3 dst=64.216.105.3 sport=1024 dport=53
[UNREPLIED] src=64.216.105.3 dst=64.216.105.3 sport=53 dport=1024 use=1 
udp      17 105 src=12.127.17.72 dst=64.216.105.3 sport=62680 dport=53
src=192.168.2.1 dst=12.127.17.72 sport=53 dport=62680 [ASSURED] use=1 
udp      17 29 src=64.216.105.33 dst=64.216.105.3 sport=1028 dport=53
src=192.168.2.1 dst=64.216.105.33 sport=53 dport=1028 use=1 
udp      17 4 src=198.235.216.131 dst=64.216.105.3 sport=33201 dport=53
src=192.168.2.1 dst=198.235.216.131 sport=53 dport=33201 use=1 
udp      17 108 src=64.216.105.12 dst=64.216.105.3 sport=62271 dport=53
src=192.168.2.1 dst=64.216.105.12 sport=53 dport=62271 [ASSURED] use=1 
udp      17 179 src=192.168.2.1 dst=209.247.108.228 sport=34412 dport=53
src=209.247.108.228 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 168 src=192.168.2.1 dst=207.46.245.230 sport=34412 dport=53
src=207.46.245.230 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 150 src=192.168.2.1 dst=38.8.48.2 sport=34412 dport=53
src=38.8.48.2 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 16 src=192.168.2.1 dst=192.112.36.4 sport=34412 dport=53
src=192.112.36.4 dst=64.216.105.3 sport=53 dport=34412 use=1 
udp      17 117 src=192.168.2.1 dst=216.116.224.4 sport=34412 dport=53
src=216.116.224.4 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 112 src=12.15.136.26 dst=64.216.105.3 sport=39266 dport=53
src=192.168.2.1 dst=12.15.136.26 sport=53 dport=39266 [ASSURED] use=1 
udp      17 136 src=216.248.176.20 dst=64.216.105.3 sport=32882 dport=53
src=192.168.2.1 dst=216.248.176.20 sport=53 dport=32882 [ASSURED] use=1 
udp      17 117 src=192.168.2.1 dst=192.12.94.30 sport=34412 dport=53
src=192.12.94.30 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 
udp      17 114 src=12.15.136.26 dst=64.216.105.3 sport=39283 dport=53
src=192.168.2.1 dst=12.15.136.26 sport=53 dport=39283 [ASSURED] use=1 
tcp      6 93 TIME_WAIT src=68.106.95.70 dst=64.216.105.3 sport=3463
dport=143 src=192.168.2.1 dst=68.106.95.70 sport=143 dport=3463 [ASSURED]
use=1 
udp      17 164 src=192.168.2.1 dst=128.9.0.107 sport=34412 dport=53
src=128.9.0.107 dst=64.216.105.3 sport=53 dport=34412 [ASSURED] use=1 

firewall: -root-
# ip route show table 202
default via 192.168.2.1 dev eth2 

firewall: -root-
# ip rule show
0:	from all lookup local 
32765:	from all fwmark      202 lookup www.out 
32766:	from all lookup main 
32767:	from all lookup default 

> From the Server:
> 
> a) Output of "netstat -tnap"
> 
> b) Output of "iptables -t nat -L -n -v"
[root@linux sysconfig]# netstat -tnap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State 
     PID/Program name   
tcp        0      0 0.0.0.0:993             0.0.0.0:*               LISTEN
     710/xinetd          
tcp        0      0 0.0.0.0:995             0.0.0.0:*               LISTEN
     710/xinetd          
tcp        0      0 0.0.0.0:110             0.0.0.0:*               LISTEN
     710/xinetd          
tcp        0      0 0.0.0.0:143             0.0.0.0:*               LISTEN
     710/xinetd          
tcp        0      0 0.0.0.0:8080            0.0.0.0:*               LISTEN
     871/dansguardian    
tcp        0      0 0.0.0.0:21              0.0.0.0:*               LISTEN
     710/xinetd          
tcp        0      0 192.168.2.1:53          0.0.0.0:*               LISTEN
     665/named           
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN
     665/named           
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN
     690/sshd            
tcp        0      0 0.0.0.0:3128            0.0.0.0:*               LISTEN
     860/(squid)         
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN
     665/named           
tcp        0      0 192.168.2.1:22          192.168.1.1:40408      
ESTABLISHED 734/sshd            
[root@linux sysconfig]# iptables -t nat -L -n -v
Chain PREROUTING (policy ACCEPT 598K packets, 43M bytes)
 pkts bytes target     prot opt in     out     source              
destination         
    0     0 REDIRECT   tcp  --  eth0   *       0.0.0.0/0          
!192.168.2.1        tcp dpt:80 redir ports 8080 

Chain POSTROUTING (policy ACCEPT 647K packets, 55M bytes)
 pkts bytes target     prot opt in     out     source              
destination         

Chain OUTPUT (policy ACCEPT 647K packets, 55M bytes)
 pkts bytes target     prot opt in     out     source              
destination         
[root@linux sysconfig]# 



--- 
Homer Parker                  /"\ ASCII Ribbon Campaign
                              \ / No HTML/RTF in email
http://www.homershut.net       x  No Word docs in email
telnet://bbs.homershut.net    / \ Respect for open standards

"Bill Gates reports on security progress made and the challenges
ahead."
-- Microsoft''s Homepage, on the day an SQL Server bug crippled large
   sections of the Internet.


 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url :
http://lists.shorewall.net/pipermail/shorewall-users/attachments/20030331/381f33dc/attachment-0001.bin

>From your 167kb message body (hint: use attachments):
    0     0 eth3_in    ah   --  eth3   *       0.0.0.0/0
0.0.0.0/0

and:

    0     0 eth3_fwd   ah   --  eth3   *       0.0.0.0/0
0.0.0.0/0

In other words, not one single packet was received from eth3 which is the
interface that you are trying to proxy traffic from and from which you
claim transparent proxy doesn''t work. When you can demonstrate that you
have a problem and what that problem is, let us know.

And keep in mind that Shorewall rules (except those in the
''mangle'' table)
only affect new connections; you can change your rules to your heart''s 
content and existing connections won''t do anything different.

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
Shoreline,     \ http://www.shorewall.net
Washington USA  \ teastep@shorewall.net

Skipped content of type multipart/mixed-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url :
http://lists.shorewall.net/pipermail/shorewall-users/attachments/20030401/694769d2/attachment-0001.bin

On Tue, 1 Apr 2003, Homer Parker wrote:
> On Mon, 31 Mar 2003 17:31:26 -0800 (PST) Tom Eastep
> <teastep@shorewall.net> wrote....
> 
> > 
> > From your 167kb message body (hint: use attachments):
> 
> 	Noted... Maybe this will show you what you want to see, maybe it was too
> soon after a restart that last time, but I went and surfed through that
> machine...
> 
You will need a wider rule for kids->dmz TCP port 80 since traffic with
arbitrary destination addresses will be redirected from the kinds zone to
the DMZ. I don''t think that''s the root cause of your problem
but it''s
something that needs changing.

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
Shoreline,     \ http://www.shorewall.net
Washington USA  \ teastep@shorewall.net