Good Morning,
I''m trying to access my internal PPTP server running behind the
firewall
on a Windows NT box 4.0 from the internet, except i keep getting error
messages saying that the request is "unreplied" when i execute the
"shorewall status" command.
I have created two rules within shorewall that should allow me to port
forward that request from the net to the PPTP server running within our
private Lan, apparently it does not seem to be working.
DNAT net loc:<192.168.5.10> tcp 1723
DNAT net loc:<192.168.5.10> 47 -
Shorewall Version 1.4.6b
ip addr show
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:c0:df:e7:87:c7 brd ff:ff:ff:ff:ff:ff
inet 65.115.171.251/29 brd 65.115.171.255 scope global eth0
3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:50:ba:ad:69:8c brd ff:ff:ff:ff:ff:ff
inet 192.168.2.1/24 brd 192.168.2.255 scope global eth1
4: eth2: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:10:4b:c6:f2:8a brd ff:ff:ff:ff:ff:ff
inet 192.168.5.184/24 brd 192.168.5.255 scope global eth2
ip route show
65.115.171.253 dev eth1 scope link
65.115.171.248/29 dev eth0 scope link
192.168.5.0/24 dev eth2 scope link
192.168.2.0/24 dev eth1 scope link
192.168.150.0/24 via 192.168.5.1 dev eth2
192.168.42.0/24 via 192.168.5.1 dev eth2
127.0.0.0/8 dev lo scope link
default via 65.115.171.249 dev eth0
Any help would greatly be appreciated thank you.
James,
-------------- next part --------------
Shorewall-1.4.6b Status at firewall.ecof.com - Mon Aug 25 10:22:13 EDT 2003
Counters reset Mon Aug 25 10:21:35 EDT 2003
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 DROP !icmp -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID
1 152 eth0_in all -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 eth1_in all -- eth1 * 0.0.0.0/0 0.0.0.0/0
546 182K eth2_in all -- eth2 * 0.0.0.0/0 0.0.0.0/0
0 0 common all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:INPUT:DROP:''
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP !icmp -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID
2 96 eth0_fwd all -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 eth1_fwd all -- eth1 * 0.0.0.0/0 0.0.0.0/0
0 0 eth2_fwd all -- eth2 * 0.0.0.0/0 0.0.0.0/0
0 0 common all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:FORWARD:DROP:''
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 DROP !icmp -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID
1 72 fw2net all -- * eth0 0.0.0.0/0 0.0.0.0/0
0 0 fw2dmz all -- * eth1 0.0.0.0/0 0.0.0.0/0
19 11587 fw2loc all -- * eth2 0.0.0.0/0 0.0.0.0/0
0 0 common all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:OUTPUT:DROP:''
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain all2all (6 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
state NEW tcp flags:!0x16/0x02
533 180K common all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:all2all:DROP:''
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain common (6 references)
pkts bytes target prot opt in out source destination
0 0 icmpdef icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:135
19 4355 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:137:139
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:445
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:139
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:445
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:135
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1900
0 0 DROP all -- * * 0.0.0.0/0
255.255.255.255
0 0 DROP all -- * * 0.0.0.0/0 224.0.0.0/4
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:113
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:53 state NEW
0 0 DROP all -- * * 0.0.0.0/0
65.115.171.255
0 0 DROP all -- * * 0.0.0.0/0
192.168.2.255
514 176K DROP all -- * * 0.0.0.0/0
192.168.5.255
Chain dmz2dmz (0 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
state NEW tcp flags:!0x16/0x02
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:dmz2dmz:ACCEPT:''
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain dmz2fw (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
state NEW tcp flags:!0x16/0x02
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 8
0 0 all2all all -- * * 0.0.0.0/0 0.0.0.0/0
Chain dmz2loc (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
state NEW tcp flags:!0x16/0x02
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 8
0 0 ACCEPT all -- * * 65.115.171.253
192.168.5.205 state NEW
0 0 all2all all -- * * 0.0.0.0/0 0.0.0.0/0
Chain dmz2net (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
state NEW tcp flags:!0x16/0x02
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 8
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain dynamic (6 references)
pkts bytes target prot opt in out source destination
Chain eth0_fwd (1 references)
pkts bytes target prot opt in out source destination
2 96 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
2 96 rfc1918 all -- * * 0.0.0.0/0 0.0.0.0/0
state NEW
0 0 net2dmz all -- * eth1 0.0.0.0/0 0.0.0.0/0
2 96 net2loc all -- * eth2 0.0.0.0/0 0.0.0.0/0
Chain eth0_in (1 references)
pkts bytes target prot opt in out source destination
1 152 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 rfc1918 all -- * * 0.0.0.0/0 0.0.0.0/0
state NEW
1 152 net2fw all -- * * 0.0.0.0/0 0.0.0.0/0
Chain eth1_fwd (1 references)
pkts bytes target prot opt in out source destination
0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 dmz2net all -- * eth0 0.0.0.0/0 0.0.0.0/0
0 0 dmz2loc all -- * eth2 0.0.0.0/0 0.0.0.0/0
Chain eth1_in (1 references)
pkts bytes target prot opt in out source destination
0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 dmz2fw all -- * * 0.0.0.0/0 0.0.0.0/0
Chain eth2_fwd (1 references)
pkts bytes target prot opt in out source destination
0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 loc2net all -- * eth0 0.0.0.0/0 0.0.0.0/0
0 0 loc2dmz all -- * eth1 0.0.0.0/0 0.0.0.0/0
Chain eth2_in (1 references)
pkts bytes target prot opt in out source destination
546 182K dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
546 182K loc2fw all -- * * 0.0.0.0/0 0.0.0.0/0
Chain fw2dmz (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
state NEW tcp flags:!0x16/0x02
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 8
0 0 all2all all -- * * 0.0.0.0/0 0.0.0.0/0
Chain fw2loc (1 references)
pkts bytes target prot opt in out source destination
19 11587 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
state NEW tcp flags:!0x16/0x02
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 8
0 0 all2all all -- * * 0.0.0.0/0 0.0.0.0/0
Chain fw2net (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
state NEW tcp flags:!0x16/0x02
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 8
1 72 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:fw2net:ACCEPT:''
1 72 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain icmpdef (1 references)
pkts bytes target prot opt in out source destination
Chain loc2dmz (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
state NEW tcp flags:!0x16/0x02
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
state NEW tcp dpt:22
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 8
0 0 ACCEPT all -- * * 0.0.0.0/0
65.115.171.253 state NEW
0 0 all2all all -- * * 0.0.0.0/0 0.0.0.0/0
Chain loc2fw (1 references)
pkts bytes target prot opt in out source destination
12 1561 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
state NEW tcp flags:!0x16/0x02
1 48 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 22,10000,25 state NEW
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 8
533 180K all2all all -- * * 0.0.0.0/0 0.0.0.0/0
Chain loc2net (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
state NEW tcp flags:!0x16/0x02
0 0 common all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logdrop (30 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:logdrop:DROP:''
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain net2all (3 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
state NEW tcp flags:!0x16/0x02
0 0 common all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:net2all:DROP:''
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain net2dmz (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
state NEW tcp flags:!0x16/0x02
0 0 DROP icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 8
0 0 net2all all -- * * 0.0.0.0/0 0.0.0.0/0
Chain net2fw (1 references)
pkts bytes target prot opt in out source destination
1 152 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
state NEW tcp flags:!0x16/0x02
0 0 DROP icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 8
0 0 net2all all -- * * 0.0.0.0/0 0.0.0.0/0
Chain net2loc (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
state NEW tcp flags:!0x16/0x02
0 0 DROP icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 8
2 96 ACCEPT tcp -- * * 12.95.45.203 192.168.5.10
state NEW tcp dpt:1723
0 0 ACCEPT 47 -- * * 12.95.45.203 192.168.5.10
0 0 net2all all -- * * 0.0.0.0/0 0.0.0.0/0
Chain newnotsyn (15 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:newnotsyn:DROP:''
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain reject (7 references)
pkts bytes target prot opt in out source destination
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with tcp-reset
19 4355 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-port-unreachable
0 0 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-unreachable
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-prohibited
Chain rfc1918 (2 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- * * 255.255.255.255 0.0.0.0/0
0 0 DROP all -- * * 169.254.0.0/16 0.0.0.0/0
0 0 logdrop all -- * * 172.16.0.0/12 0.0.0.0/0
0 0 logdrop all -- * * 192.0.2.0/24 0.0.0.0/0
0 0 logdrop all -- * * 192.168.0.0/16 0.0.0.0/0
0 0 logdrop all -- * * 0.0.0.0/7 0.0.0.0/0
0 0 logdrop all -- * * 2.0.0.0/8 0.0.0.0/0
0 0 logdrop all -- * * 5.0.0.0/8 0.0.0.0/0
0 0 logdrop all -- * * 7.0.0.0/8 0.0.0.0/0
0 0 logdrop all -- * * 10.0.0.0/8 0.0.0.0/0
0 0 logdrop all -- * * 23.0.0.0/8 0.0.0.0/0
0 0 logdrop all -- * * 27.0.0.0/8 0.0.0.0/0
0 0 logdrop all -- * * 31.0.0.0/8 0.0.0.0/0
0 0 logdrop all -- * * 36.0.0.0/7 0.0.0.0/0
0 0 logdrop all -- * * 39.0.0.0/8 0.0.0.0/0
0 0 logdrop all -- * * 41.0.0.0/8 0.0.0.0/0
0 0 logdrop all -- * * 42.0.0.0/8 0.0.0.0/0
0 0 logdrop all -- * * 49.0.0.0/8 0.0.0.0/0
0 0 logdrop all -- * * 50.0.0.0/8 0.0.0.0/0
0 0 logdrop all -- * * 58.0.0.0/7 0.0.0.0/0
0 0 logdrop all -- * * 60.0.0.0/8 0.0.0.0/0
0 0 logdrop all -- * * 70.0.0.0/7 0.0.0.0/0
0 0 logdrop all -- * * 72.0.0.0/5 0.0.0.0/0
0 0 logdrop all -- * * 83.0.0.0/8 0.0.0.0/0
0 0 logdrop all -- * * 84.0.0.0/6 0.0.0.0/0
0 0 logdrop all -- * * 88.0.0.0/5 0.0.0.0/0
0 0 logdrop all -- * * 96.0.0.0/3 0.0.0.0/0
0 0 logdrop all -- * * 127.0.0.0/8 0.0.0.0/0
0 0 logdrop all -- * * 197.0.0.0/8 0.0.0.0/0
0 0 logdrop all -- * * 198.18.0.0/15 0.0.0.0/0
0 0 logdrop all -- * * 201.0.0.0/8 0.0.0.0/0
0 0 logdrop all -- * * 240.0.0.0/4 0.0.0.0/0
Chain shorewall (0 references)
pkts bytes target prot opt in out source destination
Aug 25 09:56:42 FORWARD:DROP:IN=eth2 OUT=eth2 SRC=192.168.5.178
DST=192.168.150.65 LEN=63 TOS=0x00 PREC=0x00 TTL=30 ID=7637 PROTO=UDP SPT=2967
DPT=2967 LEN=43
Aug 25 09:56:43 FORWARD:DROP:IN=eth2 OUT=eth2 SRC=192.168.5.178
DST=192.168.150.65 LEN=63 TOS=0x00 PREC=0x00 TTL=30 ID=9429 PROTO=UDP SPT=2967
DPT=2967 LEN=43
Aug 25 09:56:44 FORWARD:DROP:IN=eth2 OUT=eth2 SRC=192.168.5.178
DST=192.168.150.65 LEN=63 TOS=0x00 PREC=0x00 TTL=30 ID=11477 PROTO=UDP SPT=2967
DPT=2967 LEN=43
Aug 25 10:00:21 fw2net:ACCEPT:IN= OUT=eth0 SRC=65.115.171.251 DST=65.115.171.250
LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=247 DF PROTO=UDP SPT=32790 DPT=53 LEN=52
Aug 25 10:00:35 fw2net:ACCEPT:IN= OUT=eth0 SRC=65.115.171.251 DST=65.115.171.250
LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=1586 DF PROTO=UDP SPT=32791 DPT=53 LEN=52
Aug 25 10:00:36 fw2net:ACCEPT:IN= OUT=eth0 SRC=65.115.171.251 DST=65.115.171.250
LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=1691 DF PROTO=UDP SPT=32792 DPT=53 LEN=52
Aug 25 10:00:55 net_dnat:DNAT:IN=eth0 OUT= SRC=12.95.45.203 DST=65.115.171.251
LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=24579 DF PROTO=TCP SPT=1077 DPT=1723
WINDOW=8192 RES=0x00 SYN URGP=0
Aug 25 10:01:47 net_dnat:DNAT:IN=eth0 OUT= SRC=12.95.45.203 DST=65.115.171.251
LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=26883 DF PROTO=TCP SPT=1078 DPT=1723
WINDOW=8192 RES=0x00 SYN URGP=0
Aug 25 10:01:53 fw2net:ACCEPT:IN= OUT=eth0 SRC=65.115.171.251 DST=65.115.171.250
LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=9438 DF PROTO=UDP SPT=32793 DPT=53 LEN=52
Aug 25 10:01:54 fw2net:ACCEPT:IN= OUT=eth0 SRC=65.115.171.251 DST=65.115.171.250
LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=9484 DF PROTO=UDP SPT=32794 DPT=53 LEN=52
Aug 25 10:01:54 fw2net:ACCEPT:IN= OUT=eth0 SRC=65.115.171.251 DST=65.115.171.250
LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=9501 DF PROTO=UDP SPT=32795 DPT=53 LEN=52
Aug 25 10:01:54 fw2net:ACCEPT:IN= OUT=eth0 SRC=65.115.171.251 DST=65.115.171.250
LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=9535 DF PROTO=UDP SPT=32796 DPT=53 LEN=52
Aug 25 10:01:55 fw2net:ACCEPT:IN= OUT=eth0 SRC=65.115.171.251 DST=65.115.171.250
LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=9594 DF PROTO=UDP SPT=32797 DPT=53 LEN=52
Aug 25 10:10:07 fw2net:ACCEPT:IN= OUT=eth0 SRC=65.115.171.251 DST=65.115.171.250
LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=58799 DF PROTO=UDP SPT=32797 DPT=53 LEN=52
Aug 25 10:14:34 FORWARD:DROP:IN=eth2 OUT=eth2 SRC=192.168.5.178
DST=192.168.150.65 LEN=63 TOS=0x00 PREC=0x00 TTL=30 ID=12 PROTO=UDP SPT=2967
DPT=2967 LEN=43
Aug 25 10:14:35 FORWARD:DROP:IN=eth2 OUT=eth2 SRC=192.168.5.178
DST=192.168.150.65 LEN=63 TOS=0x00 PREC=0x00 TTL=30 ID=5388 PROTO=UDP SPT=2967
DPT=2967 LEN=43
Aug 25 10:14:37 FORWARD:DROP:IN=eth2 OUT=eth2 SRC=192.168.5.178
DST=192.168.150.65 LEN=63 TOS=0x00 PREC=0x00 TTL=30 ID=9228 PROTO=UDP SPT=2967
DPT=2967 LEN=43
Aug 25 10:21:34 fw2net:ACCEPT:IN= OUT=eth0 SRC=65.115.171.251 DST=65.115.171.250
LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=61978 DF PROTO=UDP SPT=32797 DPT=53 LEN=52
Aug 25 10:21:56 net_dnat:DNAT:IN=eth0 OUT= SRC=12.95.45.203 DST=65.115.171.251
LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=48387 DF PROTO=TCP SPT=1079 DPT=1723
WINDOW=8192 RES=0x00 SYN URGP=0
Aug 25 10:22:12 fw2net:ACCEPT:IN= OUT=eth0 SRC=65.115.171.251 DST=65.115.171.250
LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=213 DF PROTO=UDP SPT=32797 DPT=53 LEN=52
NAT Table
Chain PREROUTING (policy ACCEPT 789 packets, 268K bytes)
pkts bytes target prot opt in out source destination
1 48 net_dnat all -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 dmz_dnat all -- eth1 * 0.0.0.0/0 0.0.0.0/0
789 268K loc_dnat all -- eth2 * 0.0.0.0/0 0.0.0.0/0
Chain POSTROUTING (policy ACCEPT 2 packets, 120 bytes)
pkts bytes target prot opt in out source destination
1 72 eth0_masq all -- * eth0 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 1 packets, 72 bytes)
pkts bytes target prot opt in out source destination
Chain dmz_dnat (1 references)
pkts bytes target prot opt in out source destination
0 0 DNAT all -- * * 65.115.171.253 192.168.2.1
to:192.168.5.205
Chain eth0_masq (1 references)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE all -- * * 65.115.171.253 0.0.0.0/0
0 0 MASQUERADE all -- * * 192.168.2.0/24 0.0.0.0/0
0 0 MASQUERADE all -- * * 192.168.5.0/24 0.0.0.0/0
0 0 MASQUERADE all -- * * 192.168.150.0/24 0.0.0.0/0
0 0 MASQUERADE all -- * * 192.168.42.0/24 0.0.0.0/0
Chain loc_dnat (1 references)
pkts bytes target prot opt in out source destination
0 0 DNAT all -- * * 0.0.0.0/0 192.168.2.1
to:65.115.171.253
Chain net_dnat (1 references)
pkts bytes target prot opt in out source destination
1 48 LOG tcp -- * * 12.95.45.203
65.115.171.251 tcp dpt:1723 LOG flags 0 level 6 prefix
`Shorewall:net_dnat:DNAT:''
1 48 DNAT tcp -- * * 12.95.45.203
65.115.171.251 tcp dpt:1723 to:192.168.5.10
0 0 LOG 47 -- * * 12.95.45.203
65.115.171.251 LOG flags 0 level 6 prefix
`Shorewall:net_dnat:DNAT:''
0 0 DNAT 47 -- * * 12.95.45.203
65.115.171.251 to:192.168.5.10
Mangle Table
Chain PREROUTING (policy ACCEPT 805 packets, 270K bytes)
pkts bytes target prot opt in out source destination
2 96 man1918 all -- eth0 * 0.0.0.0/0 0.0.0.0/0
state NEW
805 270K pretos all -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 20 packets, 11659 bytes)
pkts bytes target prot opt in out source destination
20 11659 outtos all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logdrop (30 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:logdrop:DROP:''
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain man1918 (1 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- * * 0.0.0.0/0
255.255.255.255
0 0 DROP all -- * * 0.0.0.0/0
169.254.0.0/16
0 0 logdrop all -- * * 0.0.0.0/0
172.16.0.0/12
0 0 logdrop all -- * * 0.0.0.0/0 192.0.2.0/24
0 0 logdrop all -- * * 0.0.0.0/0
192.168.0.0/16
0 0 logdrop all -- * * 0.0.0.0/0 0.0.0.0/7
0 0 logdrop all -- * * 0.0.0.0/0 2.0.0.0/8
0 0 logdrop all -- * * 0.0.0.0/0 5.0.0.0/8
0 0 logdrop all -- * * 0.0.0.0/0 7.0.0.0/8
0 0 logdrop all -- * * 0.0.0.0/0 10.0.0.0/8
0 0 logdrop all -- * * 0.0.0.0/0 23.0.0.0/8
0 0 logdrop all -- * * 0.0.0.0/0 27.0.0.0/8
0 0 logdrop all -- * * 0.0.0.0/0 31.0.0.0/8
0 0 logdrop all -- * * 0.0.0.0/0 36.0.0.0/7
0 0 logdrop all -- * * 0.0.0.0/0 39.0.0.0/8
0 0 logdrop all -- * * 0.0.0.0/0 41.0.0.0/8
0 0 logdrop all -- * * 0.0.0.0/0 42.0.0.0/8
0 0 logdrop all -- * * 0.0.0.0/0 49.0.0.0/8
0 0 logdrop all -- * * 0.0.0.0/0 50.0.0.0/8
0 0 logdrop all -- * * 0.0.0.0/0 58.0.0.0/7
0 0 logdrop all -- * * 0.0.0.0/0 60.0.0.0/8
0 0 logdrop all -- * * 0.0.0.0/0 70.0.0.0/7
0 0 logdrop all -- * * 0.0.0.0/0 72.0.0.0/5
0 0 logdrop all -- * * 0.0.0.0/0 83.0.0.0/8
0 0 logdrop all -- * * 0.0.0.0/0 84.0.0.0/6
0 0 logdrop all -- * * 0.0.0.0/0 88.0.0.0/5
0 0 logdrop all -- * * 0.0.0.0/0 96.0.0.0/3
0 0 logdrop all -- * * 0.0.0.0/0 127.0.0.0/8
0 0 logdrop all -- * * 0.0.0.0/0 197.0.0.0/8
0 0 logdrop all -- * * 0.0.0.0/0
198.18.0.0/15
0 0 logdrop all -- * * 0.0.0.0/0 201.0.0.0/8
0 0 logdrop all -- * * 0.0.0.0/0 240.0.0.0/4
Chain outtos (1 references)
pkts bytes target prot opt in out source destination
0 0 TOS tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:22 TOS set 0x10
0 0 TOS tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp spt:22 TOS set 0x10
0 0 TOS tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:21 TOS set 0x10
0 0 TOS tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp spt:21 TOS set 0x10
0 0 TOS tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp spt:20 TOS set 0x08
0 0 TOS tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:20 TOS set 0x08
Chain pretos (1 references)
pkts bytes target prot opt in out source destination
0 0 TOS tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:22 TOS set 0x10
0 0 TOS tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp spt:22 TOS set 0x10
0 0 TOS tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:21 TOS set 0x10
0 0 TOS tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp spt:21 TOS set 0x10
0 0 TOS tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp spt:20 TOS set 0x08
0 0 TOS tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:20 TOS set 0x08
udp 17 28 src=65.115.171.251 dst=65.115.171.250 sport=32797 dport=53
src=65.115.171.250 dst=65.115.171.251 sport=53 dport=32797 use=1
tcp 6 82 TIME_WAIT src=192.168.5.13 dst=192.168.5.184 sport=3176
dport=10000 src=192.168.5.184 dst=192.168.5.13 sport=10000 dport=3176 [ASSURED]
use=1
tcp 6 431999 ESTABLISHED src=192.168.5.13 dst=192.168.5.184 sport=3177
dport=10000 src=192.168.5.184 dst=192.168.5.13 sport=10000 dport=3177 [ASSURED]
use=1
tcp 6 106 SYN_SENT src=12.95.45.203 dst=65.115.171.251 sport=1079
dport=1723 [UNREPLIED] src=192.168.5.10 dst=12.95.45.203 sport=1723 dport=1079
use=1