Hi,
Trying to figure out why I cannot get access to dell.com
Their site is up because I can browse using a different firewall.
Trying to find out where the logs are located and what log files it
would write to if it were to deny browsing to a website. I can see the
[UNREPLIED] when using the shorewall status. Was hoping to know what
logfile it is writing it to.
Thanks in advance,
Elmer
-=-=-=-=-=-=-=-=-=-
Shorewall-2.0.7 Status at hilo.webmerch.com - Wed Aug 4 18:10:30 PDT
2004
Counters reset Wed Aug 4 18:03:52 PDT 2004
Chain INPUT (policy DROP 4 packets, 1208 bytes)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- lo * 0.0.0.0/0
0.0.0.0/0
0 0 DROP !icmp -- * * 0.0.0.0/0
0.0.0.0/0 state INVALID
65 8740 eth0_in all -- eth0 * 0.0.0.0/0
0.0.0.0/0
1747 1175K eth1_in all -- eth1 * 0.0.0.0/0
0.0.0.0/0
0 0 eth2_in all -- eth2 * 0.0.0.0/0
0.0.0.0/0
0 0 Reject all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:INPUT:REJECT:''
0 0 reject all -- * * 0.0.0.0/0
0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 DROP !icmp -- * * 0.0.0.0/0
0.0.0.0/0 state INVALID
34 15323 eth0_fwd all -- eth0 * 0.0.0.0/0
0.0.0.0/0
56 13757 eth1_fwd all -- eth1 * 0.0.0.0/0
0.0.0.0/0
0 0 eth2_fwd all -- eth2 * 0.0.0.0/0
0.0.0.0/0
0 0 Reject all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 6 prefix
`Shorewall:FORWARD:REJECT:''
0 0 reject all -- * * 0.0.0.0/0
0.0.0.0/0
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * lo 0.0.0.0/0
0.0.0.0/0
0 0 DROP !icmp -- * * 0.0.0.0/0
0.0.0.0/0 state INVALID
0 0 fw2net all -- * eth0 0.0.0.0/0
0.0.0.0/0
1582 1409K all2all all -- * eth1 0.0.0.0/0
0.0.0.0/0
0 0 all2all all -- * eth2 0.0.0.0/0
0.0.0.0/0
0 0 Reject all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 6 prefix
`Shorewall:OUTPUT:REJECT:''
0 0 reject all -- * * 0.0.0.0/0
0.0.0.0/0
Chain Drop (1 references)
pkts bytes target prot opt in out source
destination
65 8740 RejectAuth all -- * * 0.0.0.0/0
0.0.0.0/0
65 8740 dropBcast all -- * * 0.0.0.0/0
0.0.0.0/0
60 8508 dropInvalid all -- * * 0.0.0.0/0
0.0.0.0/0
60 8508 DropSMB all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 DropUPnP all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 dropNotSyn all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 DropDNSrep all -- * * 0.0.0.0/0
0.0.0.0/0
Chain DropDNSrep (2 references)
pkts bytes target prot opt in out source
destination
0 0 DROP udp -- * * 0.0.0.0/0
0.0.0.0/0 udp spt:53
Chain DropSMB (1 references)
pkts bytes target prot opt in out source
destination
0 0 DROP udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:135
60 8508 DROP udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpts:137:139
0 0 DROP udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:445
0 0 DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:135
0 0 DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:139
0 0 DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:445
Chain DropUPnP (2 references)
pkts bytes target prot opt in out source
destination
0 0 DROP udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:1900
Chain Reject (4 references)
pkts bytes target prot opt in out source
destination
0 0 RejectAuth all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 dropBcast all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 dropInvalid all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 RejectSMB all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 DropUPnP all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 dropNotSyn all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 DropDNSrep all -- * * 0.0.0.0/0
0.0.0.0/0
Chain RejectAuth (2 references)
pkts bytes target prot opt in out source
destination
0 0 reject tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:113
Chain RejectSMB (1 references)
pkts bytes target prot opt in out source
destination
0 0 reject udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:135
0 0 reject udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpts:137:139
0 0 reject udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:445
0 0 reject tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:135
0 0 reject tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:139
0 0 reject tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:445
Chain all2all (5 references)
pkts bytes target prot opt in out source
destination
1582 1409K ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 Reject all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 6 prefix
`Shorewall:all2all:REJECT:''
0 0 reject all -- * * 0.0.0.0/0
0.0.0.0/0
Chain blacklst (2 references)
pkts bytes target prot opt in out source
destination
Chain dmz2fw (1 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 multiport dports 22,25,53,443
0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:53
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 multiport dports 81,10000
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 8
0 0 all2all all -- * * 0.0.0.0/0
0.0.0.0/0
Chain dmz2net (1 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0
Chain dropBcast (2 references)
pkts bytes target prot opt in out source
destination
0 0 DROP all -- * * 0.0.0.0/0
192.168.1.255
0 0 DROP all -- * * 0.0.0.0/0
192.168.200.255
5 232 DROP all -- * * 0.0.0.0/0
255.255.255.255
0 0 DROP all -- * * 0.0.0.0/0
224.0.0.0/4
Chain dropInvalid (2 references)
pkts bytes target prot opt in out source
destination
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0 state INVALID
Chain dropNotSyn (2 references)
pkts bytes target prot opt in out source
destination
0 0 DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:!0x16/0x02
Chain dynamic (6 references)
pkts bytes target prot opt in out source
destination
Chain eth0_fwd (1 references)
pkts bytes target prot opt in out source
destination
0 0 dynamic all -- * * 0.0.0.0/0
0.0.0.0/0 state INVALID,NEW
0 0 blacklst all -- * * 0.0.0.0/0
0.0.0.0/0 state INVALID,NEW
0 0 norfc1918 all -- * * 0.0.0.0/0
0.0.0.0/0 state NEW
34 15323 tcpflags tcp -- * * 0.0.0.0/0
0.0.0.0/0
34 15323 net2loc all -- * eth1 0.0.0.0/0
0.0.0.0/0
0 0 net2dmz all -- * eth2 0.0.0.0/0
0.0.0.0/0
Chain eth0_in (1 references)
pkts bytes target prot opt in out source
destination
65 8740 dynamic all -- * * 0.0.0.0/0
0.0.0.0/0 state INVALID,NEW
65 8740 blacklst all -- * * 0.0.0.0/0
0.0.0.0/0 state INVALID,NEW
65 8740 norfc1918 all -- * * 0.0.0.0/0
0.0.0.0/0 state NEW
5 232 tcpflags tcp -- * * 0.0.0.0/0
0.0.0.0/0
65 8740 net2fw all -- * * 0.0.0.0/0
0.0.0.0/0
Chain eth1_fwd (1 references)
pkts bytes target prot opt in out source
destination
11 528 dynamic all -- * * 0.0.0.0/0
0.0.0.0/0 state INVALID,NEW
56 13757 loc2net all -- * eth0 0.0.0.0/0
0.0.0.0/0
0 0 loc2dmz all -- * eth2 0.0.0.0/0
0.0.0.0/0
Chain eth1_in (1 references)
pkts bytes target prot opt in out source
destination
111 12988 dynamic all -- * * 0.0.0.0/0
0.0.0.0/0 state INVALID,NEW
1747 1175K loc2fw all -- * * 0.0.0.0/0
0.0.0.0/0
Chain eth2_fwd (1 references)
pkts bytes target prot opt in out source
destination
0 0 dynamic all -- * * 0.0.0.0/0
0.0.0.0/0 state INVALID,NEW
0 0 dmz2net all -- * eth0 0.0.0.0/0
0.0.0.0/0
0 0 all2all all -- * eth1 0.0.0.0/0
0.0.0.0/0
Chain eth2_in (1 references)
pkts bytes target prot opt in out source
destination
0 0 dynamic all -- * * 0.0.0.0/0
0.0.0.0/0 state INVALID,NEW
0 0 dmz2fw all -- * * 0.0.0.0/0
0.0.0.0/0
Chain fw2net (1 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0
Chain icmpdef (0 references)
pkts bytes target prot opt in out source
destination
Chain loc2dmz (1 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 multiport dports 20,21,22,25,53,80,110,443,999,3306
0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:53
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 multiport dports 81,10000
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 8
0 0 all2all all -- * * 0.0.0.0/0
0.0.0.0/0
Chain loc2fw (1 references)
pkts bytes target prot opt in out source
destination
1636 1162K ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
111 12988 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0
Chain loc2net (1 references)
pkts bytes target prot opt in out source
destination
45 13229 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
11 528 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0
Chain logflags (5 references)
pkts bytes target prot opt in out source
destination
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 4 level 6 prefix
`Shorewall:logflags:DROP:''
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0
Chain net2all (3 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
65 8740 Drop all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:net2all:DROP:''
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0
Chain net2dmz (1 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 multiport dports 20,21,22,25,53,80,110,443,999,3306
0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:53
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 multiport dports 81,10000
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 8
0 0 net2all all -- * * 0.0.0.0/0
0.0.0.0/0
Chain net2fw (1 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 multiport dports 22,25,53,443
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 multiport dports 81,10000
0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:53
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 8
65 8740 net2all all -- * * 0.0.0.0/0
0.0.0.0/0
Chain net2loc (1 references)
pkts bytes target prot opt in out source
destination
34 15323 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0
192.168.1.190 tcp dpt:3389
0 0 net2all all -- * * 0.0.0.0/0
0.0.0.0/0
Chain norfc1918 (2 references)
pkts bytes target prot opt in out source
destination
0 0 rfc1918 all -- * * 172.16.0.0/12
0.0.0.0/0
0 0 rfc1918 all -- * * 192.168.0.0/16
0.0.0.0/0
0 0 rfc1918 all -- * * 10.0.0.0/8
0.0.0.0/0
Chain reject (11 references)
pkts bytes target prot opt in out source
destination
0 0 DROP all -- * * 0.0.0.0/0
192.168.1.255
0 0 DROP all -- * * 0.0.0.0/0
192.168.200.255
0 0 DROP all -- * * 0.0.0.0/0
255.255.255.255
0 0 DROP all -- * * 0.0.0.0/0
224.0.0.0/4
0 0 DROP all -- * * 192.168.1.255
0.0.0.0/0
0 0 DROP all -- * * 192.168.200.255
0.0.0.0/0
0 0 DROP all -- * * 255.255.255.255
0.0.0.0/0
0 0 DROP all -- * * 224.0.0.0/4
0.0.0.0/0
0 0 REJECT tcp -- * * 0.0.0.0/0
0.0.0.0/0 reject-with tcp-reset
0 0 REJECT udp -- * * 0.0.0.0/0
0.0.0.0/0 reject-with icmp-port-unreachable
0 0 REJECT icmp -- * * 0.0.0.0/0
0.0.0.0/0 reject-with icmp-host-unreachable
0 0 REJECT all -- * * 0.0.0.0/0
0.0.0.0/0 reject-with icmp-host-prohibited
Chain rfc1918 (3 references)
pkts bytes target prot opt in out source
destination
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:rfc1918:DROP:''
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0
Chain shorewall (0 references)
pkts bytes target prot opt in out source
destination
Chain smurfs (0 references)
pkts bytes target prot opt in out source
destination
0 0 LOG all -- * * 192.168.1.255
0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:''
0 0 DROP all -- * * 192.168.1.255
0.0.0.0/0
0 0 LOG all -- * * 192.168.200.255
0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:''
0 0 DROP all -- * * 192.168.200.255
0.0.0.0/0
0 0 LOG all -- * * 255.255.255.255
0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:''
0 0 DROP all -- * * 255.255.255.255
0.0.0.0/0
0 0 LOG all -- * * 224.0.0.0/4
0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:''
0 0 DROP all -- * * 224.0.0.0/4
0.0.0.0/0
Chain tcpflags (2 references)
pkts bytes target prot opt in out source
destination
0 0 logflags tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x3F/0x29
0 0 logflags tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x3F/0x00
0 0 logflags tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x06/0x06
0 0 logflags tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x03/0x03
0 0 logflags tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp spt:0 flags:0x16/0x02
NAT Table
Chain PREROUTING (policy ACCEPT 2021 packets, 274K bytes)
pkts bytes target prot opt in out source
destination
65 8740 net_dnat all -- eth0 * 0.0.0.0/0
0.0.0.0/0
Chain POSTROUTING (policy ACCEPT 202 packets, 16264 bytes)
pkts bytes target prot opt in out source
destination
7 336 eth0_masq all -- * eth0 0.0.0.0/0
0.0.0.0/0
Chain OUTPUT (policy ACCEPT 196 packets, 15976 bytes)
pkts bytes target prot opt in out source
destination
Chain eth0_masq (1 references)
pkts bytes target prot opt in out source
destination
7 336 SNAT all -- * * 192.168.1.0/24
0.0.0.0/0 to:216.23.172.196
Chain net_dnat (1 references)
pkts bytes target prot opt in out source
destination
0 0 DNAT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:3389 to:192.168.1.190
Mangle Table
Chain PREROUTING (policy ACCEPT 42485 packets, 9375K bytes)
pkts bytes target prot opt in out source
destination
65 8740 man1918 all -- eth0 * 0.0.0.0/0
0.0.0.0/0 state NEW
1904 1213K pretos all -- * * 0.0.0.0/0
0.0.0.0/0
Chain INPUT (policy ACCEPT 9130 packets, 2117K bytes)
pkts bytes target prot opt in out source
destination
Chain FORWARD (policy ACCEPT 33355 packets, 7258K bytes)
pkts bytes target prot opt in out source
destination
Chain OUTPUT (policy ACCEPT 9701 packets, 3760K bytes)
pkts bytes target prot opt in out source
destination
1584 1410K outtos all -- * * 0.0.0.0/0
0.0.0.0/0
Chain POSTROUTING (policy ACCEPT 43053 packets, 11M bytes)
pkts bytes target prot opt in out source
destination
Chain man1918 (1 references)
pkts bytes target prot opt in out source
destination
0 0 rfc1918 all -- * * 0.0.0.0/0
172.16.0.0/12
0 0 rfc1918 all -- * * 0.0.0.0/0
192.168.0.0/16
0 0 rfc1918 all -- * * 0.0.0.0/0
10.0.0.0/8
Chain outtos (1 references)
pkts bytes target prot opt in out source
destination
0 0 TOS tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:22 TOS set 0x10
8 624 TOS tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp spt:22 TOS set 0x10
0 0 TOS tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:21 TOS set 0x10
0 0 TOS tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp spt:21 TOS set 0x10
0 0 TOS tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp spt:20 TOS set 0x08
0 0 TOS tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:20 TOS set 0x08
0 0 TOS tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp spt:80 TOS set 0x04
0 0 TOS tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:80 TOS set 0x04
Chain pretos (1 references)
pkts bytes target prot opt in out source
destination
4 368 TOS tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:22 TOS set 0x10
0 0 TOS tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp spt:22 TOS set 0x10
0 0 TOS tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:21 TOS set 0x10
0 0 TOS tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp spt:21 TOS set 0x10
0 0 TOS tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp spt:20 TOS set 0x08
0 0 TOS tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:20 TOS set 0x08
25 14255 TOS tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp spt:80 TOS set 0x04
38 12997 TOS tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:80 TOS set 0x04
Chain rfc1918 (3 references)
pkts bytes target prot opt in out source
destination
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:rfc1918:DROP:''
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0
udp 17 23 src=192.168.1.25 dst=192.168.1.255 sport=137 dport=137
[UNREPLIED] src=192.168.1.255 dst=192.168.1.25 sport=137 dport=137 use=1
tcp 6 86 SYN_SENT src=192.168.1.190 dst=143.166.83.231 sport=1285
dport=80 [UNREPLIED] src=143.166.83.231 dst=216.23.172.196 sport=80
dport=1285 use=1
tcp 6 431978 ESTABLISHED src=192.168.1.190 dst=63.147.175.27
sport=1289 dport=80 src=63.147.175.27 dst=216.23.172.196 sport=80
dport=1289 [ASSURED] use=1
tcp 6 431975 ESTABLISHED src=192.168.1.190 dst=207.46.107.89
sport=4412 dport=1863 src=207.46.107.89 dst=216.23.172.196 sport=1863
dport=4412 [ASSURED] use=1
tcp 6 25 TIME_WAIT src=192.168.1.190 dst=192.168.1.7 sport=1281
dport=443 src=192.168.1.7 dst=192.168.1.190 sport=443 dport=1281
[ASSURED] use=1
tcp 6 431999 ESTABLISHED src=192.168.1.190 dst=192.168.1.7
sport=1295 dport=443 src=192.168.1.7 dst=192.168.1.190 sport=443
dport=1295 [ASSURED] use=1
tcp 6 116 TIME_WAIT src=192.168.1.190 dst=192.168.1.7 sport=1294
dport=443 src=192.168.1.7 dst=192.168.1.190 sport=443 dport=1294
[ASSURED] use=1
tcp 6 28 TIME_WAIT src=192.168.1.190 dst=192.168.1.7 sport=1282
dport=443 src=192.168.1.7 dst=192.168.1.190 sport=443 dport=1282
[ASSURED] use=1
udp 17 24 src=192.168.1.130 dst=192.168.1.255 sport=138 dport=138
[UNREPLIED] src=192.168.1.255 dst=192.168.1.130 sport=138 dport=138
use=1
IP Configuration
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:10:e0:01:22:05 brd ff:ff:ff:ff:ff:ff
inet 216.23.172.196/26 brd 216.23.172.255 scope global eth0
3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:10:e0:01:22:06 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.7/24 brd 192.168.1.255 scope global eth1
4: eth2: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:c0:f0:59:b4:ab brd ff:ff:ff:ff:ff:ff
inet 192.168.200.46/24 brd 192.168.200.255 scope global eth2
Routing Rules
0: from all lookup local
32766: from all lookup main
32767: from all lookup 253
Table local:
broadcast 192.168.1.0 dev eth1 proto kernel scope link src
192.168.1.7
broadcast 127.255.255.255 dev lo proto kernel scope link src
127.0.0.1
broadcast 216.23.172.255 dev eth0 proto kernel scope link src
216.23.172.196
broadcast 192.168.200.255 dev eth2 proto kernel scope link src
192.168.200.46
local 192.168.200.46 dev eth2 proto kernel scope host src
192.168.200.46
local 192.168.1.7 dev eth1 proto kernel scope host src 192.168.1.7
local 216.23.172.196 dev eth0 proto kernel scope host src
216.23.172.196
broadcast 192.168.1.255 dev eth1 proto kernel scope link src
192.168.1.7
broadcast 192.168.200.0 dev eth2 proto kernel scope link src
192.168.200.46
broadcast 216.23.172.192 dev eth0 proto kernel scope link src
216.23.172.196
broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1
Table main:
192.168.200.46 dev eth2 scope link
192.168.1.7 dev eth1 scope link
216.23.172.196 dev eth0 scope link
216.23.172.192/26 dev eth0 proto kernel scope link src 216.23.172.196
192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.7
192.168.200.0/24 dev eth2 proto kernel scope link src 192.168.200.46
127.0.0.0/8 dev lo scope link
default via 216.23.172.193 dev eth0
Table 253:
Tolentino, Elmer wrote:> Trying to figure out why I cannot get access to dell.com > > Their site is up because I can browse using a different firewall. > > Trying to find out where the logs are located and what log files it > would write to if it were to deny browsing to a website.Not all connection problems are Shorewall problems. When I troubleshoot a connection problem, Shorewall is the *last* place I look (and only rarely do I find that I need to add a rule somewhere, but it did happen today :-) ). a) http://shorewall.net/shorewall_logging.html tells you everything that there is to know about Shorewall logging. In your case, if you search through the "shorewall status" output you posted for the string "LOG", you will see that *all* logging by the Shorewall-generated ruleset is done at level 6 (info). Thus, a quick look at /etc/syslog.conf will tell you everywhere that kernel.info messages are logged and those are the only possible places where Netfilter will log "Shorewall" messages. b) Do you have ECN enabled on the client system? There may be a router somewhere in the path from your firewall to dell.com that doesn''t support ECN (although that problem is getting to be fairly rare). c) The SYN_SENT state means simply that the first step of the three-step TCP handshake has been sent by the firewall and answering SYN,ACK has not been received. d) Can you ping 143.166.83.231 from the client system (where your browser is running)? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Cannot get it to access http://cobalt-forum.sun.com/forum/ also But can access www.sun.com I am getting a feeling that I need to open a port to come back to me... I am at a lost as this does not happen on all sites. Thanks, ~Elmer> -----Original Message----- > From: Tolentino, Elmer > Sent: Wednesday, August 04, 2004 6:20 PM > To: ''Mailing List for Shorewall Users'' > Subject: Not able to access website > > Hi, > > Trying to figure out why I cannot get access to dell.com > > Their site is up because I can browse using a different firewall. > > Trying to find out where the logs are located and what log files itwould> write to if it were to deny browsing to a website. I can see the > [UNREPLIED] when using the shorewall status. Was hoping to know what > logfile it is writing it to. > > Thanks in advance, > Elmer > > -=-=-=-=-=-=-=-=-=- > > Shorewall-2.0.7 Status at hilo.webmerch.com - Wed Aug 4 18:10:30 PDT2004> > Counters reset Wed Aug 4 18:03:52 PDT 2004 > > Chain INPUT (policy DROP 4 packets, 1208 bytes) > pkts bytes target prot opt in out source > destination > 0 0 ACCEPT all -- lo * 0.0.0.0/0 > 0.0.0.0/0 > 0 0 DROP !icmp -- * * 0.0.0.0/0 > 0.0.0.0/0 state INVALID > 65 8740 eth0_in all -- eth0 * 0.0.0.0/0 > 0.0.0.0/0 > 1747 1175K eth1_in all -- eth1 * 0.0.0.0/0 > 0.0.0.0/0 > 0 0 eth2_in all -- eth2 * 0.0.0.0/0 > 0.0.0.0/0 > 0 0 Reject all -- * * 0.0.0.0/0 > 0.0.0.0/0 > 0 0 LOG all -- * * 0.0.0.0/0 > 0.0.0.0/0 LOG flags 0 level 6 prefix`Shorewall:INPUT:REJECT:''> 0 0 reject all -- * * 0.0.0.0/0 > 0.0.0.0/0 > > Chain FORWARD (policy DROP 0 packets, 0 bytes) > pkts bytes target prot opt in out source > destination > 0 0 DROP !icmp -- * * 0.0.0.0/0 > 0.0.0.0/0 state INVALID > 34 15323 eth0_fwd all -- eth0 * 0.0.0.0/0 > 0.0.0.0/0 > 56 13757 eth1_fwd all -- eth1 * 0.0.0.0/0 > 0.0.0.0/0 > 0 0 eth2_fwd all -- eth2 * 0.0.0.0/0 > 0.0.0.0/0 > 0 0 Reject all -- * * 0.0.0.0/0 > 0.0.0.0/0 > 0 0 LOG all -- * * 0.0.0.0/0 > 0.0.0.0/0 LOG flags 0 level 6 prefix`Shorewall:FORWARD:REJECT:''> 0 0 reject all -- * * 0.0.0.0/0 > 0.0.0.0/0 > > Chain OUTPUT (policy DROP 0 packets, 0 bytes) > pkts bytes target prot opt in out source > destination > 0 0 ACCEPT all -- * lo 0.0.0.0/0 > 0.0.0.0/0 > 0 0 DROP !icmp -- * * 0.0.0.0/0 > 0.0.0.0/0 state INVALID > 0 0 fw2net all -- * eth0 0.0.0.0/0 > 0.0.0.0/0 > 1582 1409K all2all all -- * eth1 0.0.0.0/0 > 0.0.0.0/0 > 0 0 all2all all -- * eth2 0.0.0.0/0 > 0.0.0.0/0 > 0 0 Reject all -- * * 0.0.0.0/0 > 0.0.0.0/0 > 0 0 LOG all -- * * 0.0.0.0/0 > 0.0.0.0/0 LOG flags 0 level 6 prefix`Shorewall:OUTPUT:REJECT:''> 0 0 reject all -- * * 0.0.0.0/0 > 0.0.0.0/0 > > Chain Drop (1 references) > pkts bytes target prot opt in out source > destination > 65 8740 RejectAuth all -- * * 0.0.0.0/0 > 0.0.0.0/0 > 65 8740 dropBcast all -- * * 0.0.0.0/0 > 0.0.0.0/0 > 60 8508 dropInvalid all -- * * 0.0.0.0/0 > 0.0.0.0/0 > 60 8508 DropSMB all -- * * 0.0.0.0/0 > 0.0.0.0/0 > 0 0 DropUPnP all -- * * 0.0.0.0/0 > 0.0.0.0/0 > 0 0 dropNotSyn all -- * * 0.0.0.0/0 > 0.0.0.0/0 > 0 0 DropDNSrep all -- * * 0.0.0.0/0 > 0.0.0.0/0 > > Chain DropDNSrep (2 references) > pkts bytes target prot opt in out source > destination > 0 0 DROP udp -- * * 0.0.0.0/0 > 0.0.0.0/0 udp spt:53 > > Chain DropSMB (1 references) > pkts bytes target prot opt in out source > destination > 0 0 DROP udp -- * * 0.0.0.0/0 > 0.0.0.0/0 udp dpt:135 > 60 8508 DROP udp -- * * 0.0.0.0/0 > 0.0.0.0/0 udp dpts:137:139 > 0 0 DROP udp -- * * 0.0.0.0/0 > 0.0.0.0/0 udp dpt:445 > 0 0 DROP tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:135 > 0 0 DROP tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:139 > 0 0 DROP tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:445 > > Chain DropUPnP (2 references) > pkts bytes target prot opt in out source > destination > 0 0 DROP udp -- * * 0.0.0.0/0 > 0.0.0.0/0 udp dpt:1900 > > Chain Reject (4 references) > pkts bytes target prot opt in out source > destination > 0 0 RejectAuth all -- * * 0.0.0.0/0 > 0.0.0.0/0 > 0 0 dropBcast all -- * * 0.0.0.0/0 > 0.0.0.0/0 > 0 0 dropInvalid all -- * * 0.0.0.0/0 > 0.0.0.0/0 > 0 0 RejectSMB all -- * * 0.0.0.0/0 > 0.0.0.0/0 > 0 0 DropUPnP all -- * * 0.0.0.0/0 > 0.0.0.0/0 > 0 0 dropNotSyn all -- * * 0.0.0.0/0 > 0.0.0.0/0 > 0 0 DropDNSrep all -- * * 0.0.0.0/0 > 0.0.0.0/0 > > Chain RejectAuth (2 references) > pkts bytes target prot opt in out source > destination > 0 0 reject tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:113 > > Chain RejectSMB (1 references) > pkts bytes target prot opt in out source > destination > 0 0 reject udp -- * * 0.0.0.0/0 > 0.0.0.0/0 udp dpt:135 > 0 0 reject udp -- * * 0.0.0.0/0 > 0.0.0.0/0 udp dpts:137:139 > 0 0 reject udp -- * * 0.0.0.0/0 > 0.0.0.0/0 udp dpt:445 > 0 0 reject tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:135 > 0 0 reject tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:139 > 0 0 reject tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:445 > > Chain all2all (5 references) > pkts bytes target prot opt in out source > destination > 1582 1409K ACCEPT all -- * * 0.0.0.0/0 > 0.0.0.0/0 state RELATED,ESTABLISHED > 0 0 Reject all -- * * 0.0.0.0/0 > 0.0.0.0/0 > 0 0 LOG all -- * * 0.0.0.0/0 > 0.0.0.0/0 LOG flags 0 level 6 prefix`Shorewall:all2all:REJECT:''> 0 0 reject all -- * * 0.0.0.0/0 > 0.0.0.0/0 > > Chain blacklst (2 references) > pkts bytes target prot opt in out source > destination > > Chain dmz2fw (1 references) > pkts bytes target prot opt in out source > destination > 0 0 ACCEPT all -- * * 0.0.0.0/0 > 0.0.0.0/0 state RELATED,ESTABLISHED > 0 0 ACCEPT tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 multiport dports 22,25,53,443 > 0 0 ACCEPT udp -- * * 0.0.0.0/0 > 0.0.0.0/0 udp dpt:53 > 0 0 ACCEPT tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 multiport dports 81,10000 > 0 0 ACCEPT icmp -- * * 0.0.0.0/0 > 0.0.0.0/0 icmp type 8 > 0 0 all2all all -- * * 0.0.0.0/0 > 0.0.0.0/0 > > Chain dmz2net (1 references) > pkts bytes target prot opt in out source > destination > 0 0 ACCEPT all -- * * 0.0.0.0/0 > 0.0.0.0/0 state RELATED,ESTABLISHED > 0 0 ACCEPT all -- * * 0.0.0.0/0 > 0.0.0.0/0 > > Chain dropBcast (2 references) > pkts bytes target prot opt in out source > destination > 0 0 DROP all -- * * 0.0.0.0/0 > 192.168.1.255 > 0 0 DROP all -- * * 0.0.0.0/0 > 192.168.200.255 > 5 232 DROP all -- * * 0.0.0.0/0 > 255.255.255.255 > 0 0 DROP all -- * * 0.0.0.0/0 > 224.0.0.0/4 > > Chain dropInvalid (2 references) > pkts bytes target prot opt in out source > destination > 0 0 DROP all -- * * 0.0.0.0/0 > 0.0.0.0/0 state INVALID > > Chain dropNotSyn (2 references) > pkts bytes target prot opt in out source > destination > 0 0 DROP tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp flags:!0x16/0x02 > > Chain dynamic (6 references) > pkts bytes target prot opt in out source > destination > > Chain eth0_fwd (1 references) > pkts bytes target prot opt in out source > destination > 0 0 dynamic all -- * * 0.0.0.0/0 > 0.0.0.0/0 state INVALID,NEW > 0 0 blacklst all -- * * 0.0.0.0/0 > 0.0.0.0/0 state INVALID,NEW > 0 0 norfc1918 all -- * * 0.0.0.0/0 > 0.0.0.0/0 state NEW > 34 15323 tcpflags tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 > 34 15323 net2loc all -- * eth1 0.0.0.0/0 > 0.0.0.0/0 > 0 0 net2dmz all -- * eth2 0.0.0.0/0 > 0.0.0.0/0 > > Chain eth0_in (1 references) > pkts bytes target prot opt in out source > destination > 65 8740 dynamic all -- * * 0.0.0.0/0 > 0.0.0.0/0 state INVALID,NEW > 65 8740 blacklst all -- * * 0.0.0.0/0 > 0.0.0.0/0 state INVALID,NEW > 65 8740 norfc1918 all -- * * 0.0.0.0/0 > 0.0.0.0/0 state NEW > 5 232 tcpflags tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 > 65 8740 net2fw all -- * * 0.0.0.0/0 > 0.0.0.0/0 > > Chain eth1_fwd (1 references) > pkts bytes target prot opt in out source > destination > 11 528 dynamic all -- * * 0.0.0.0/0 > 0.0.0.0/0 state INVALID,NEW > 56 13757 loc2net all -- * eth0 0.0.0.0/0 > 0.0.0.0/0 > 0 0 loc2dmz all -- * eth2 0.0.0.0/0 > 0.0.0.0/0 > > Chain eth1_in (1 references) > pkts bytes target prot opt in out source > destination > 111 12988 dynamic all -- * * 0.0.0.0/0 > 0.0.0.0/0 state INVALID,NEW > 1747 1175K loc2fw all -- * * 0.0.0.0/0 > 0.0.0.0/0 > > Chain eth2_fwd (1 references) > pkts bytes target prot opt in out source > destination > 0 0 dynamic all -- * * 0.0.0.0/0 > 0.0.0.0/0 state INVALID,NEW > 0 0 dmz2net all -- * eth0 0.0.0.0/0 > 0.0.0.0/0 > 0 0 all2all all -- * eth1 0.0.0.0/0 > 0.0.0.0/0 > > Chain eth2_in (1 references) > pkts bytes target prot opt in out source > destination > 0 0 dynamic all -- * * 0.0.0.0/0 > 0.0.0.0/0 state INVALID,NEW > 0 0 dmz2fw all -- * * 0.0.0.0/0 > 0.0.0.0/0 > > Chain fw2net (1 references) > pkts bytes target prot opt in out source > destination > 0 0 ACCEPT all -- * * 0.0.0.0/0 > 0.0.0.0/0 state RELATED,ESTABLISHED > 0 0 ACCEPT all -- * * 0.0.0.0/0 > 0.0.0.0/0 > > Chain icmpdef (0 references) > pkts bytes target prot opt in out source > destination > > Chain loc2dmz (1 references) > pkts bytes target prot opt in out source > destination > 0 0 ACCEPT all -- * * 0.0.0.0/0 > 0.0.0.0/0 state RELATED,ESTABLISHED > 0 0 ACCEPT tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 multiport dports 20,21,22,25,53,80,110,443,999,3306 > 0 0 ACCEPT udp -- * * 0.0.0.0/0 > 0.0.0.0/0 udp dpt:53 > 0 0 ACCEPT tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 multiport dports 81,10000 > 0 0 ACCEPT icmp -- * * 0.0.0.0/0 > 0.0.0.0/0 icmp type 8 > 0 0 all2all all -- * * 0.0.0.0/0 > 0.0.0.0/0 > > Chain loc2fw (1 references) > pkts bytes target prot opt in out source > destination > 1636 1162K ACCEPT all -- * * 0.0.0.0/0 > 0.0.0.0/0 state RELATED,ESTABLISHED > 111 12988 ACCEPT all -- * * 0.0.0.0/0 > 0.0.0.0/0 > > Chain loc2net (1 references) > pkts bytes target prot opt in out source > destination > 45 13229 ACCEPT all -- * * 0.0.0.0/0 > 0.0.0.0/0 state RELATED,ESTABLISHED > 11 528 ACCEPT all -- * * 0.0.0.0/0 > 0.0.0.0/0 > > Chain logflags (5 references) > pkts bytes target prot opt in out source > destination > 0 0 LOG all -- * * 0.0.0.0/0 > 0.0.0.0/0 LOG flags 4 level 6 prefix`Shorewall:logflags:DROP:''> 0 0 DROP all -- * * 0.0.0.0/0 > 0.0.0.0/0 > > Chain net2all (3 references) > pkts bytes target prot opt in out source > destination > 0 0 ACCEPT all -- * * 0.0.0.0/0 > 0.0.0.0/0 state RELATED,ESTABLISHED > 65 8740 Drop all -- * * 0.0.0.0/0 > 0.0.0.0/0 > 0 0 LOG all -- * * 0.0.0.0/0 > 0.0.0.0/0 LOG flags 0 level 6 prefix`Shorewall:net2all:DROP:''> 0 0 DROP all -- * * 0.0.0.0/0 > 0.0.0.0/0 > > Chain net2dmz (1 references) > pkts bytes target prot opt in out source > destination > 0 0 ACCEPT all -- * * 0.0.0.0/0 > 0.0.0.0/0 state RELATED,ESTABLISHED > 0 0 ACCEPT tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 multiport dports 20,21,22,25,53,80,110,443,999,3306 > 0 0 ACCEPT udp -- * * 0.0.0.0/0 > 0.0.0.0/0 udp dpt:53 > 0 0 ACCEPT tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 multiport dports 81,10000 > 0 0 ACCEPT icmp -- * * 0.0.0.0/0 > 0.0.0.0/0 icmp type 8 > 0 0 net2all all -- * * 0.0.0.0/0 > 0.0.0.0/0 > > Chain net2fw (1 references) > pkts bytes target prot opt in out source > destination > 0 0 ACCEPT all -- * * 0.0.0.0/0 > 0.0.0.0/0 state RELATED,ESTABLISHED > 0 0 ACCEPT tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 multiport dports 22,25,53,443 > 0 0 ACCEPT tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 multiport dports 81,10000 > 0 0 ACCEPT udp -- * * 0.0.0.0/0 > 0.0.0.0/0 udp dpt:53 > 0 0 ACCEPT icmp -- * * 0.0.0.0/0 > 0.0.0.0/0 icmp type 8 > 65 8740 net2all all -- * * 0.0.0.0/0 > 0.0.0.0/0 > > Chain net2loc (1 references) > pkts bytes target prot opt in out source > destination > 34 15323 ACCEPT all -- * * 0.0.0.0/0 > 0.0.0.0/0 state RELATED,ESTABLISHED > 0 0 ACCEPT tcp -- * * 0.0.0.0/0 > 192.168.1.190 tcp dpt:3389 > 0 0 net2all all -- * * 0.0.0.0/0 > 0.0.0.0/0 > > Chain norfc1918 (2 references) > pkts bytes target prot opt in out source > destination > 0 0 rfc1918 all -- * * 172.16.0.0/12 > 0.0.0.0/0 > 0 0 rfc1918 all -- * * 192.168.0.0/16 > 0.0.0.0/0 > 0 0 rfc1918 all -- * * 10.0.0.0/8 > 0.0.0.0/0 > > Chain reject (11 references) > pkts bytes target prot opt in out source > destination > 0 0 DROP all -- * * 0.0.0.0/0 > 192.168.1.255 > 0 0 DROP all -- * * 0.0.0.0/0 > 192.168.200.255 > 0 0 DROP all -- * * 0.0.0.0/0 > 255.255.255.255 > 0 0 DROP all -- * * 0.0.0.0/0 > 224.0.0.0/4 > 0 0 DROP all -- * * 192.168.1.255 > 0.0.0.0/0 > 0 0 DROP all -- * * 192.168.200.255 > 0.0.0.0/0 > 0 0 DROP all -- * * 255.255.255.255 > 0.0.0.0/0 > 0 0 DROP all -- * * 224.0.0.0/4 > 0.0.0.0/0 > 0 0 REJECT tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 reject-with tcp-reset > 0 0 REJECT udp -- * * 0.0.0.0/0 > 0.0.0.0/0 reject-with icmp-port-unreachable > 0 0 REJECT icmp -- * * 0.0.0.0/0 > 0.0.0.0/0 reject-with icmp-host-unreachable > 0 0 REJECT all -- * * 0.0.0.0/0 > 0.0.0.0/0 reject-with icmp-host-prohibited > > Chain rfc1918 (3 references) > pkts bytes target prot opt in out source > destination > 0 0 LOG all -- * * 0.0.0.0/0 > 0.0.0.0/0 LOG flags 0 level 6 prefix`Shorewall:rfc1918:DROP:''> 0 0 DROP all -- * * 0.0.0.0/0 > 0.0.0.0/0 > > Chain shorewall (0 references) > pkts bytes target prot opt in out source > destination > > Chain smurfs (0 references) > pkts bytes target prot opt in out source > destination > 0 0 LOG all -- * * 192.168.1.255 > 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'' > 0 0 DROP all -- * * 192.168.1.255 > 0.0.0.0/0 > 0 0 LOG all -- * * 192.168.200.255 > 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'' > 0 0 DROP all -- * * 192.168.200.255 > 0.0.0.0/0 > 0 0 LOG all -- * * 255.255.255.255 > 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'' > 0 0 DROP all -- * * 255.255.255.255 > 0.0.0.0/0 > 0 0 LOG all -- * * 224.0.0.0/4 > 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'' > 0 0 DROP all -- * * 224.0.0.0/4 > 0.0.0.0/0 > > Chain tcpflags (2 references) > pkts bytes target prot opt in out source > destination > 0 0 logflags tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp flags:0x3F/0x29 > 0 0 logflags tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp flags:0x3F/0x00 > 0 0 logflags tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp flags:0x06/0x06 > 0 0 logflags tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp flags:0x03/0x03 > 0 0 logflags tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp spt:0 flags:0x16/0x02 > > > NAT Table > > Chain PREROUTING (policy ACCEPT 2021 packets, 274K bytes) > pkts bytes target prot opt in out source > destination > 65 8740 net_dnat all -- eth0 * 0.0.0.0/0 > 0.0.0.0/0 > > Chain POSTROUTING (policy ACCEPT 202 packets, 16264 bytes) > pkts bytes target prot opt in out source > destination > 7 336 eth0_masq all -- * eth0 0.0.0.0/0 > 0.0.0.0/0 > > Chain OUTPUT (policy ACCEPT 196 packets, 15976 bytes) > pkts bytes target prot opt in out source > destination > > Chain eth0_masq (1 references) > pkts bytes target prot opt in out source > destination > 7 336 SNAT all -- * * 192.168.1.0/24 > 0.0.0.0/0 to:216.23.172.196 > > Chain net_dnat (1 references) > pkts bytes target prot opt in out source > destination > 0 0 DNAT tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:3389 to:192.168.1.190 > > Mangle Table > > Chain PREROUTING (policy ACCEPT 42485 packets, 9375K bytes) > pkts bytes target prot opt in out source > destination > 65 8740 man1918 all -- eth0 * 0.0.0.0/0 > 0.0.0.0/0 state NEW > 1904 1213K pretos all -- * * 0.0.0.0/0 > 0.0.0.0/0 > > Chain INPUT (policy ACCEPT 9130 packets, 2117K bytes) > pkts bytes target prot opt in out source > destination > > Chain FORWARD (policy ACCEPT 33355 packets, 7258K bytes) > pkts bytes target prot opt in out source > destination > > Chain OUTPUT (policy ACCEPT 9701 packets, 3760K bytes) > pkts bytes target prot opt in out source > destination > 1584 1410K outtos all -- * * 0.0.0.0/0 > 0.0.0.0/0 > > Chain POSTROUTING (policy ACCEPT 43053 packets, 11M bytes) > pkts bytes target prot opt in out source > destination > > Chain man1918 (1 references) > pkts bytes target prot opt in out source > destination > 0 0 rfc1918 all -- * * 0.0.0.0/0 > 172.16.0.0/12 > 0 0 rfc1918 all -- * * 0.0.0.0/0 > 192.168.0.0/16 > 0 0 rfc1918 all -- * * 0.0.0.0/0 > 10.0.0.0/8 > > Chain outtos (1 references) > pkts bytes target prot opt in out source > destination > 0 0 TOS tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:22 TOS set 0x10 > 8 624 TOS tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp spt:22 TOS set 0x10 > 0 0 TOS tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:21 TOS set 0x10 > 0 0 TOS tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp spt:21 TOS set 0x10 > 0 0 TOS tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp spt:20 TOS set 0x08 > 0 0 TOS tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:20 TOS set 0x08 > 0 0 TOS tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp spt:80 TOS set 0x04 > 0 0 TOS tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:80 TOS set 0x04 > > Chain pretos (1 references) > pkts bytes target prot opt in out source > destination > 4 368 TOS tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:22 TOS set 0x10 > 0 0 TOS tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp spt:22 TOS set 0x10 > 0 0 TOS tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:21 TOS set 0x10 > 0 0 TOS tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp spt:21 TOS set 0x10 > 0 0 TOS tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp spt:20 TOS set 0x08 > 0 0 TOS tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:20 TOS set 0x08 > 25 14255 TOS tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp spt:80 TOS set 0x04 > 38 12997 TOS tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:80 TOS set 0x04 > > Chain rfc1918 (3 references) > pkts bytes target prot opt in out source > destination > 0 0 LOG all -- * * 0.0.0.0/0 > 0.0.0.0/0 LOG flags 0 level 6 prefix`Shorewall:rfc1918:DROP:''> 0 0 DROP all -- * * 0.0.0.0/0 > 0.0.0.0/0 > > udp 17 23 src=192.168.1.25 dst=192.168.1.255 sport=137 dport=137 > [UNREPLIED] src=192.168.1.255 dst=192.168.1.25 sport=137 dport=137use=1> tcp 6 86 SYN_SENT src=192.168.1.190 dst=143.166.83.231 sport=1285 > dport=80 [UNREPLIED] src=143.166.83.231 dst=216.23.172.196 sport=80 > dport=1285 use=1 > tcp 6 431978 ESTABLISHED src=192.168.1.190 dst=63.147.175.27 > sport=1289 dport=80 src=63.147.175.27 dst=216.23.172.196 sport=80 > dport=1289 [ASSURED] use=1 > tcp 6 431975 ESTABLISHED src=192.168.1.190 dst=207.46.107.89 > sport=4412 dport=1863 src=207.46.107.89 dst=216.23.172.196 sport=1863 > dport=4412 [ASSURED] use=1 > tcp 6 25 TIME_WAIT src=192.168.1.190 dst=192.168.1.7 sport=1281 > dport=443 src=192.168.1.7 dst=192.168.1.190 sport=443 dport=1281[ASSURED]> use=1 > tcp 6 431999 ESTABLISHED src=192.168.1.190 dst=192.168.1.7sport=1295> dport=443 src=192.168.1.7 dst=192.168.1.190 sport=443 dport=1295[ASSURED]> use=1 > tcp 6 116 TIME_WAIT src=192.168.1.190 dst=192.168.1.7 sport=1294 > dport=443 src=192.168.1.7 dst=192.168.1.190 sport=443 dport=1294[ASSURED]> use=1 > tcp 6 28 TIME_WAIT src=192.168.1.190 dst=192.168.1.7 sport=1282 > dport=443 src=192.168.1.7 dst=192.168.1.190 sport=443 dport=1282[ASSURED]> use=1 > udp 17 24 src=192.168.1.130 dst=192.168.1.255 sport=138 dport=138 > [UNREPLIED] src=192.168.1.255 dst=192.168.1.130 sport=138 dport=138use=1> > IP Configuration > > 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > inet 127.0.0.1/8 brd 127.255.255.255 scope host lo > 2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100 > link/ether 00:10:e0:01:22:05 brd ff:ff:ff:ff:ff:ff > inet 216.23.172.196/26 brd 216.23.172.255 scope global eth0 > 3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100 > link/ether 00:10:e0:01:22:06 brd ff:ff:ff:ff:ff:ff > inet 192.168.1.7/24 brd 192.168.1.255 scope global eth1 > 4: eth2: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100 > link/ether 00:c0:f0:59:b4:ab brd ff:ff:ff:ff:ff:ff > inet 192.168.200.46/24 brd 192.168.200.255 scope global eth2 > > Routing Rules > > 0: from all lookup local > 32766: from all lookup main > 32767: from all lookup 253 > > Table local: > > broadcast 192.168.1.0 dev eth1 proto kernel scope link src192.168.1.7> broadcast 127.255.255.255 dev lo proto kernel scope link src127.0.0.1> broadcast 216.23.172.255 dev eth0 proto kernel scope link src > 216.23.172.196 > broadcast 192.168.200.255 dev eth2 proto kernel scope link src > 192.168.200.46 > local 192.168.200.46 dev eth2 proto kernel scope host src > 192.168.200.46 > local 192.168.1.7 dev eth1 proto kernel scope host src 192.168.1.7 > local 216.23.172.196 dev eth0 proto kernel scope host src > 216.23.172.196 > broadcast 192.168.1.255 dev eth1 proto kernel scope link src > 192.168.1.7 > broadcast 192.168.200.0 dev eth2 proto kernel scope link src > 192.168.200.46 > broadcast 216.23.172.192 dev eth0 proto kernel scope link src > 216.23.172.196 > broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1 > local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1 > local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1 > > Table main: > > 192.168.200.46 dev eth2 scope link > 192.168.1.7 dev eth1 scope link > 216.23.172.196 dev eth0 scope link > 216.23.172.192/26 dev eth0 proto kernel scope link src216.23.172.196> 192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.7 > 192.168.200.0/24 dev eth2 proto kernel scope link src192.168.200.46> 127.0.0.0/8 dev lo scope link > default via 216.23.172.193 dev eth0 > > Table 253:
> Cannot get it to access http://cobalt-forum.sun.com/forum/ also > > But can access www.sun.com > > I am getting a feeling that I need to open a port to come back to me... > > I am at a lost as this does not happen on all sites.ECN? Check the shorewall docs about it. HTH Simon> > Thanks, > ~Elmer >> -----Original Message----- >> From: Tolentino, Elmer >> Sent: Wednesday, August 04, 2004 6:20 PM >> To: ''Mailing List for Shorewall Users'' >> Subject: Not able to access website >> >> Hi, >> >> Trying to figure out why I cannot get access to dell.com >> >> Their site is up because I can browse using a different firewall. >> >> Trying to find out where the logs are located and what log files it > would >> write to if it were to deny browsing to a website. I can see the >> [UNREPLIED] when using the shorewall status. Was hoping to know what >> logfile it is writing it to. >> >> Thanks in advance, >> Elmer >> >> -=-=-=-=-=-=-=-=-=- >> >> Shorewall-2.0.7 Status at hilo.webmerch.com - Wed Aug 4 18:10:30 PDT > 2004 >> >> Counters reset Wed Aug 4 18:03:52 PDT 2004 >> >> Chain INPUT (policy DROP 4 packets, 1208 bytes) >> pkts bytes target prot opt in out source >> destination >> 0 0 ACCEPT all -- lo * 0.0.0.0/0 >> 0.0.0.0/0 >> 0 0 DROP !icmp -- * * 0.0.0.0/0 >> 0.0.0.0/0 state INVALID >> 65 8740 eth0_in all -- eth0 * 0.0.0.0/0 >> 0.0.0.0/0 >> 1747 1175K eth1_in all -- eth1 * 0.0.0.0/0 >> 0.0.0.0/0 >> 0 0 eth2_in all -- eth2 * 0.0.0.0/0 >> 0.0.0.0/0 >> 0 0 Reject all -- * * 0.0.0.0/0 >> 0.0.0.0/0 >> 0 0 LOG all -- * * 0.0.0.0/0 >> 0.0.0.0/0 LOG flags 0 level 6 prefix > `Shorewall:INPUT:REJECT:'' >> 0 0 reject all -- * * 0.0.0.0/0 >> 0.0.0.0/0 >> >> Chain FORWARD (policy DROP 0 packets, 0 bytes) >> pkts bytes target prot opt in out source >> destination >> 0 0 DROP !icmp -- * * 0.0.0.0/0 >> 0.0.0.0/0 state INVALID >> 34 15323 eth0_fwd all -- eth0 * 0.0.0.0/0 >> 0.0.0.0/0 >> 56 13757 eth1_fwd all -- eth1 * 0.0.0.0/0 >> 0.0.0.0/0 >> 0 0 eth2_fwd all -- eth2 * 0.0.0.0/0 >> 0.0.0.0/0 >> 0 0 Reject all -- * * 0.0.0.0/0 >> 0.0.0.0/0 >> 0 0 LOG all -- * * 0.0.0.0/0 >> 0.0.0.0/0 LOG flags 0 level 6 prefix > `Shorewall:FORWARD:REJECT:'' >> 0 0 reject all -- * * 0.0.0.0/0 >> 0.0.0.0/0 >> >> Chain OUTPUT (policy DROP 0 packets, 0 bytes) >> pkts bytes target prot opt in out source >> destination >> 0 0 ACCEPT all -- * lo 0.0.0.0/0 >> 0.0.0.0/0 >> 0 0 DROP !icmp -- * * 0.0.0.0/0 >> 0.0.0.0/0 state INVALID >> 0 0 fw2net all -- * eth0 0.0.0.0/0 >> 0.0.0.0/0 >> 1582 1409K all2all all -- * eth1 0.0.0.0/0 >> 0.0.0.0/0 >> 0 0 all2all all -- * eth2 0.0.0.0/0 >> 0.0.0.0/0 >> 0 0 Reject all -- * * 0.0.0.0/0 >> 0.0.0.0/0 >> 0 0 LOG all -- * * 0.0.0.0/0 >> 0.0.0.0/0 LOG flags 0 level 6 prefix > `Shorewall:OUTPUT:REJECT:'' >> 0 0 reject all -- * * 0.0.0.0/0 >> 0.0.0.0/0 >> >> Chain Drop (1 references) >> pkts bytes target prot opt in out source >> destination >> 65 8740 RejectAuth all -- * * 0.0.0.0/0 >> 0.0.0.0/0 >> 65 8740 dropBcast all -- * * 0.0.0.0/0 >> 0.0.0.0/0 >> 60 8508 dropInvalid all -- * * 0.0.0.0/0 >> 0.0.0.0/0 >> 60 8508 DropSMB all -- * * 0.0.0.0/0 >> 0.0.0.0/0 >> 0 0 DropUPnP all -- * * 0.0.0.0/0 >> 0.0.0.0/0 >> 0 0 dropNotSyn all -- * * 0.0.0.0/0 >> 0.0.0.0/0 >> 0 0 DropDNSrep all -- * * 0.0.0.0/0 >> 0.0.0.0/0 >> >> Chain DropDNSrep (2 references) >> pkts bytes target prot opt in out source >> destination >> 0 0 DROP udp -- * * 0.0.0.0/0 >> 0.0.0.0/0 udp spt:53 >> >> Chain DropSMB (1 references) >> pkts bytes target prot opt in out source >> destination >> 0 0 DROP udp -- * * 0.0.0.0/0 >> 0.0.0.0/0 udp dpt:135 >> 60 8508 DROP udp -- * * 0.0.0.0/0 >> 0.0.0.0/0 udp dpts:137:139 >> 0 0 DROP udp -- * * 0.0.0.0/0 >> 0.0.0.0/0 udp dpt:445 >> 0 0 DROP tcp -- * * 0.0.0.0/0 >> 0.0.0.0/0 tcp dpt:135 >> 0 0 DROP tcp -- * * 0.0.0.0/0 >> 0.0.0.0/0 tcp dpt:139 >> 0 0 DROP tcp -- * * 0.0.0.0/0 >> 0.0.0.0/0 tcp dpt:445 >> >> Chain DropUPnP (2 references) >> pkts bytes target prot opt in out source >> destination >> 0 0 DROP udp -- * * 0.0.0.0/0 >> 0.0.0.0/0 udp dpt:1900 >> >> Chain Reject (4 references) >> pkts bytes target prot opt in out source >> destination >> 0 0 RejectAuth all -- * * 0.0.0.0/0 >> 0.0.0.0/0 >> 0 0 dropBcast all -- * * 0.0.0.0/0 >> 0.0.0.0/0 >> 0 0 dropInvalid all -- * * 0.0.0.0/0 >> 0.0.0.0/0 >> 0 0 RejectSMB all -- * * 0.0.0.0/0 >> 0.0.0.0/0 >> 0 0 DropUPnP all -- * * 0.0.0.0/0 >> 0.0.0.0/0 >> 0 0 dropNotSyn all -- * * 0.0.0.0/0 >> 0.0.0.0/0 >> 0 0 DropDNSrep all -- * * 0.0.0.0/0 >> 0.0.0.0/0 >> >> Chain RejectAuth (2 references) >> pkts bytes target prot opt in out source >> destination >> 0 0 reject tcp -- * * 0.0.0.0/0 >> 0.0.0.0/0 tcp dpt:113 >> >> Chain RejectSMB (1 references) >> pkts bytes target prot opt in out source >> destination >> 0 0 reject udp -- * * 0.0.0.0/0 >> 0.0.0.0/0 udp dpt:135 >> 0 0 reject udp -- * * 0.0.0.0/0 >> 0.0.0.0/0 udp dpts:137:139 >> 0 0 reject udp -- * * 0.0.0.0/0 >> 0.0.0.0/0 udp dpt:445 >> 0 0 reject tcp -- * * 0.0.0.0/0 >> 0.0.0.0/0 tcp dpt:135 >> 0 0 reject tcp -- * * 0.0.0.0/0 >> 0.0.0.0/0 tcp dpt:139 >> 0 0 reject tcp -- * * 0.0.0.0/0 >> 0.0.0.0/0 tcp dpt:445 >> >> Chain all2all (5 references) >> pkts bytes target prot opt in out source >> destination >> 1582 1409K ACCEPT all -- * * 0.0.0.0/0 >> 0.0.0.0/0 state RELATED,ESTABLISHED >> 0 0 Reject all -- * * 0.0.0.0/0 >> 0.0.0.0/0 >> 0 0 LOG all -- * * 0.0.0.0/0 >> 0.0.0.0/0 LOG flags 0 level 6 prefix > `Shorewall:all2all:REJECT:'' >> 0 0 reject all -- * * 0.0.0.0/0 >> 0.0.0.0/0 >> >> Chain blacklst (2 references) >> pkts bytes target prot opt in out source >> destination >> >> Chain dmz2fw (1 references) >> pkts bytes target prot opt in out source >> destination >> 0 0 ACCEPT all -- * * 0.0.0.0/0 >> 0.0.0.0/0 state RELATED,ESTABLISHED >> 0 0 ACCEPT tcp -- * * 0.0.0.0/0 >> 0.0.0.0/0 multiport dports 22,25,53,443 >> 0 0 ACCEPT udp -- * * 0.0.0.0/0 >> 0.0.0.0/0 udp dpt:53 >> 0 0 ACCEPT tcp -- * * 0.0.0.0/0 >> 0.0.0.0/0 multiport dports 81,10000 >> 0 0 ACCEPT icmp -- * * 0.0.0.0/0 >> 0.0.0.0/0 icmp type 8 >> 0 0 all2all all -- * * 0.0.0.0/0 >> 0.0.0.0/0 >> >> Chain dmz2net (1 references) >> pkts bytes target prot opt in out source >> destination >> 0 0 ACCEPT all -- * * 0.0.0.0/0 >> 0.0.0.0/0 state RELATED,ESTABLISHED >> 0 0 ACCEPT all -- * * 0.0.0.0/0 >> 0.0.0.0/0 >> >> Chain dropBcast (2 references) >> pkts bytes target prot opt in out source >> destination >> 0 0 DROP all -- * * 0.0.0.0/0 >> 192.168.1.255 >> 0 0 DROP all -- * * 0.0.0.0/0 >> 192.168.200.255 >> 5 232 DROP all -- * * 0.0.0.0/0 >> 255.255.255.255 >> 0 0 DROP all -- * * 0.0.0.0/0 >> 224.0.0.0/4 >> >> Chain dropInvalid (2 references) >> pkts bytes target prot opt in out source >> destination >> 0 0 DROP all -- * * 0.0.0.0/0 >> 0.0.0.0/0 state INVALID >> >> Chain dropNotSyn (2 references) >> pkts bytes target prot opt in out source >> destination >> 0 0 DROP tcp -- * * 0.0.0.0/0 >> 0.0.0.0/0 tcp flags:!0x16/0x02 >> >> Chain dynamic (6 references) >> pkts bytes target prot opt in out source >> destination >> >> Chain eth0_fwd (1 references) >> pkts bytes target prot opt in out source >> destination >> 0 0 dynamic all -- * * 0.0.0.0/0 >> 0.0.0.0/0 state INVALID,NEW >> 0 0 blacklst all -- * * 0.0.0.0/0 >> 0.0.0.0/0 state INVALID,NEW >> 0 0 norfc1918 all -- * * 0.0.0.0/0 >> 0.0.0.0/0 state NEW >> 34 15323 tcpflags tcp -- * * 0.0.0.0/0 >> 0.0.0.0/0 >> 34 15323 net2loc all -- * eth1 0.0.0.0/0 >> 0.0.0.0/0 >> 0 0 net2dmz all -- * eth2 0.0.0.0/0 >> 0.0.0.0/0 >> >> Chain eth0_in (1 references) >> pkts bytes target prot opt in out source >> destination >> 65 8740 dynamic all -- * * 0.0.0.0/0 >> 0.0.0.0/0 state INVALID,NEW >> 65 8740 blacklst all -- * * 0.0.0.0/0 >> 0.0.0.0/0 state INVALID,NEW >> 65 8740 norfc1918 all -- * * 0.0.0.0/0 >> 0.0.0.0/0 state NEW >> 5 232 tcpflags tcp -- * * 0.0.0.0/0 >> 0.0.0.0/0 >> 65 8740 net2fw all -- * * 0.0.0.0/0 >> 0.0.0.0/0 >> >> Chain eth1_fwd (1 references) >> pkts bytes target prot opt in out source >> destination >> 11 528 dynamic all -- * * 0.0.0.0/0 >> 0.0.0.0/0 state INVALID,NEW >> 56 13757 loc2net all -- * eth0 0.0.0.0/0 >> 0.0.0.0/0 >> 0 0 loc2dmz all -- * eth2 0.0.0.0/0 >> 0.0.0.0/0 >> >> Chain eth1_in (1 references) >> pkts bytes target prot opt in out source >> destination >> 111 12988 dynamic all -- * * 0.0.0.0/0 >> 0.0.0.0/0 state INVALID,NEW >> 1747 1175K loc2fw all -- * * 0.0.0.0/0 >> 0.0.0.0/0 >> >> Chain eth2_fwd (1 references) >> pkts bytes target prot opt in out source >> destination >> 0 0 dynamic all -- * * 0.0.0.0/0 >> 0.0.0.0/0 state INVALID,NEW >> 0 0 dmz2net all -- * eth0 0.0.0.0/0 >> 0.0.0.0/0 >> 0 0 all2all all -- * eth1 0.0.0.0/0 >> 0.0.0.0/0 >> >> Chain eth2_in (1 references) >> pkts bytes target prot opt in out source >> destination >> 0 0 dynamic all -- * * 0.0.0.0/0 >> 0.0.0.0/0 state INVALID,NEW >> 0 0 dmz2fw all -- * * 0.0.0.0/0 >> 0.0.0.0/0 >> >> Chain fw2net (1 references) >> pkts bytes target prot opt in out source >> destination >> 0 0 ACCEPT all -- * * 0.0.0.0/0 >> 0.0.0.0/0 state RELATED,ESTABLISHED >> 0 0 ACCEPT all -- * * 0.0.0.0/0 >> 0.0.0.0/0 >> >> Chain icmpdef (0 references) >> pkts bytes target prot opt in out source >> destination >> >> Chain loc2dmz (1 references) >> pkts bytes target prot opt in out source >> destination >> 0 0 ACCEPT all -- * * 0.0.0.0/0 >> 0.0.0.0/0 state RELATED,ESTABLISHED >> 0 0 ACCEPT tcp -- * * 0.0.0.0/0 >> 0.0.0.0/0 multiport dports 20,21,22,25,53,80,110,443,999,3306 >> 0 0 ACCEPT udp -- * * 0.0.0.0/0 >> 0.0.0.0/0 udp dpt:53 >> 0 0 ACCEPT tcp -- * * 0.0.0.0/0 >> 0.0.0.0/0 multiport dports 81,10000 >> 0 0 ACCEPT icmp -- * * 0.0.0.0/0 >> 0.0.0.0/0 icmp type 8 >> 0 0 all2all all -- * * 0.0.0.0/0 >> 0.0.0.0/0 >> >> Chain loc2fw (1 references) >> pkts bytes target prot opt in out source >> destination >> 1636 1162K ACCEPT all -- * * 0.0.0.0/0 >> 0.0.0.0/0 state RELATED,ESTABLISHED >> 111 12988 ACCEPT all -- * * 0.0.0.0/0 >> 0.0.0.0/0 >> >> Chain loc2net (1 references) >> pkts bytes target prot opt in out source >> destination >> 45 13229 ACCEPT all -- * * 0.0.0.0/0 >> 0.0.0.0/0 state RELATED,ESTABLISHED >> 11 528 ACCEPT all -- * * 0.0.0.0/0 >> 0.0.0.0/0 >> >> Chain logflags (5 references) >> pkts bytes target prot opt in out source >> destination >> 0 0 LOG all -- * * 0.0.0.0/0 >> 0.0.0.0/0 LOG flags 4 level 6 prefix > `Shorewall:logflags:DROP:'' >> 0 0 DROP all -- * * 0.0.0.0/0 >> 0.0.0.0/0 >> >> Chain net2all (3 references) >> pkts bytes target prot opt in out source >> destination >> 0 0 ACCEPT all -- * * 0.0.0.0/0 >> 0.0.0.0/0 state RELATED,ESTABLISHED >> 65 8740 Drop all -- * * 0.0.0.0/0 >> 0.0.0.0/0 >> 0 0 LOG all -- * * 0.0.0.0/0 >> 0.0.0.0/0 LOG flags 0 level 6 prefix > `Shorewall:net2all:DROP:'' >> 0 0 DROP all -- * * 0.0.0.0/0 >> 0.0.0.0/0 >> >> Chain net2dmz (1 references) >> pkts bytes target prot opt in out source >> destination >> 0 0 ACCEPT all -- * * 0.0.0.0/0 >> 0.0.0.0/0 state RELATED,ESTABLISHED >> 0 0 ACCEPT tcp -- * * 0.0.0.0/0 >> 0.0.0.0/0 multiport dports 20,21,22,25,53,80,110,443,999,3306 >> 0 0 ACCEPT udp -- * * 0.0.0.0/0 >> 0.0.0.0/0 udp dpt:53 >> 0 0 ACCEPT tcp -- * * 0.0.0.0/0 >> 0.0.0.0/0 multiport dports 81,10000 >> 0 0 ACCEPT icmp -- * * 0.0.0.0/0 >> 0.0.0.0/0 icmp type 8 >> 0 0 net2all all -- * * 0.0.0.0/0 >> 0.0.0.0/0 >> >> Chain net2fw (1 references) >> pkts bytes target prot opt in out source >> destination >> 0 0 ACCEPT all -- * * 0.0.0.0/0 >> 0.0.0.0/0 state RELATED,ESTABLISHED >> 0 0 ACCEPT tcp -- * * 0.0.0.0/0 >> 0.0.0.0/0 multiport dports 22,25,53,443 >> 0 0 ACCEPT tcp -- * * 0.0.0.0/0 >> 0.0.0.0/0 multiport dports 81,10000 >> 0 0 ACCEPT udp -- * * 0.0.0.0/0 >> 0.0.0.0/0 udp dpt:53 >> 0 0 ACCEPT icmp -- * * 0.0.0.0/0 >> 0.0.0.0/0 icmp type 8 >> 65 8740 net2all all -- * * 0.0.0.0/0 >> 0.0.0.0/0 >> >> Chain net2loc (1 references) >> pkts bytes target prot opt in out source >> destination >> 34 15323 ACCEPT all -- * * 0.0.0.0/0 >> 0.0.0.0/0 state RELATED,ESTABLISHED >> 0 0 ACCEPT tcp -- * * 0.0.0.0/0 >> 192.168.1.190 tcp dpt:3389 >> 0 0 net2all all -- * * 0.0.0.0/0 >> 0.0.0.0/0 >> >> Chain norfc1918 (2 references) >> pkts bytes target prot opt in out source >> destination >> 0 0 rfc1918 all -- * * 172.16.0.0/12 >> 0.0.0.0/0 >> 0 0 rfc1918 all -- * * 192.168.0.0/16 >> 0.0.0.0/0 >> 0 0 rfc1918 all -- * * 10.0.0.0/8 >> 0.0.0.0/0 >> >> Chain reject (11 references) >> pkts bytes target prot opt in out source >> destination >> 0 0 DROP all -- * * 0.0.0.0/0 >> 192.168.1.255 >> 0 0 DROP all -- * * 0.0.0.0/0 >> 192.168.200.255 >> 0 0 DROP all -- * * 0.0.0.0/0 >> 255.255.255.255 >> 0 0 DROP all -- * * 0.0.0.0/0 >> 224.0.0.0/4 >> 0 0 DROP all -- * * 192.168.1.255 >> 0.0.0.0/0 >> 0 0 DROP all -- * * 192.168.200.255 >> 0.0.0.0/0 >> 0 0 DROP all -- * * 255.255.255.255 >> 0.0.0.0/0 >> 0 0 DROP all -- * * 224.0.0.0/4 >> 0.0.0.0/0 >> 0 0 REJECT tcp -- * * 0.0.0.0/0 >> 0.0.0.0/0 reject-with tcp-reset >> 0 0 REJECT udp -- * * 0.0.0.0/0 >> 0.0.0.0/0 reject-with icmp-port-unreachable >> 0 0 REJECT icmp -- * * 0.0.0.0/0 >> 0.0.0.0/0 reject-with icmp-host-unreachable >> 0 0 REJECT all -- * * 0.0.0.0/0 >> 0.0.0.0/0 reject-with icmp-host-prohibited >> >> Chain rfc1918 (3 references) >> pkts bytes target prot opt in out source >> destination >> 0 0 LOG all -- * * 0.0.0.0/0 >> 0.0.0.0/0 LOG flags 0 level 6 prefix > `Shorewall:rfc1918:DROP:'' >> 0 0 DROP all -- * * 0.0.0.0/0 >> 0.0.0.0/0 >> >> Chain shorewall (0 references) >> pkts bytes target prot opt in out source >> destination >> >> Chain smurfs (0 references) >> pkts bytes target prot opt in out source >> destination >> 0 0 LOG all -- * * 192.168.1.255 >> 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'' >> 0 0 DROP all -- * * 192.168.1.255 >> 0.0.0.0/0 >> 0 0 LOG all -- * * 192.168.200.255 >> 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'' >> 0 0 DROP all -- * * 192.168.200.255 >> 0.0.0.0/0 >> 0 0 LOG all -- * * 255.255.255.255 >> 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'' >> 0 0 DROP all -- * * 255.255.255.255 >> 0.0.0.0/0 >> 0 0 LOG all -- * * 224.0.0.0/4 >> 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'' >> 0 0 DROP all -- * * 224.0.0.0/4 >> 0.0.0.0/0 >> >> Chain tcpflags (2 references) >> pkts bytes target prot opt in out source >> destination >> 0 0 logflags tcp -- * * 0.0.0.0/0 >> 0.0.0.0/0 tcp flags:0x3F/0x29 >> 0 0 logflags tcp -- * * 0.0.0.0/0 >> 0.0.0.0/0 tcp flags:0x3F/0x00 >> 0 0 logflags tcp -- * * 0.0.0.0/0 >> 0.0.0.0/0 tcp flags:0x06/0x06 >> 0 0 logflags tcp -- * * 0.0.0.0/0 >> 0.0.0.0/0 tcp flags:0x03/0x03 >> 0 0 logflags tcp -- * * 0.0.0.0/0 >> 0.0.0.0/0 tcp spt:0 flags:0x16/0x02 >> >> >> NAT Table >> >> Chain PREROUTING (policy ACCEPT 2021 packets, 274K bytes) >> pkts bytes target prot opt in out source >> destination >> 65 8740 net_dnat all -- eth0 * 0.0.0.0/0 >> 0.0.0.0/0 >> >> Chain POSTROUTING (policy ACCEPT 202 packets, 16264 bytes) >> pkts bytes target prot opt in out source >> destination >> 7 336 eth0_masq all -- * eth0 0.0.0.0/0 >> 0.0.0.0/0 >> >> Chain OUTPUT (policy ACCEPT 196 packets, 15976 bytes) >> pkts bytes target prot opt in out source >> destination >> >> Chain eth0_masq (1 references) >> pkts bytes target prot opt in out source >> destination >> 7 336 SNAT all -- * * 192.168.1.0/24 >> 0.0.0.0/0 to:216.23.172.196 >> >> Chain net_dnat (1 references) >> pkts bytes target prot opt in out source >> destination >> 0 0 DNAT tcp -- * * 0.0.0.0/0 >> 0.0.0.0/0 tcp dpt:3389 to:192.168.1.190 >> >> Mangle Table >> >> Chain PREROUTING (policy ACCEPT 42485 packets, 9375K bytes) >> pkts bytes target prot opt in out source >> destination >> 65 8740 man1918 all -- eth0 * 0.0.0.0/0 >> 0.0.0.0/0 state NEW >> 1904 1213K pretos all -- * * 0.0.0.0/0 >> 0.0.0.0/0 >> >> Chain INPUT (policy ACCEPT 9130 packets, 2117K bytes) >> pkts bytes target prot opt in out source >> destination >> >> Chain FORWARD (policy ACCEPT 33355 packets, 7258K bytes) >> pkts bytes target prot opt in out source >> destination >> >> Chain OUTPUT (policy ACCEPT 9701 packets, 3760K bytes) >> pkts bytes target prot opt in out source >> destination >> 1584 1410K outtos all -- * * 0.0.0.0/0 >> 0.0.0.0/0 >> >> Chain POSTROUTING (policy ACCEPT 43053 packets, 11M bytes) >> pkts bytes target prot opt in out source >> destination >> >> Chain man1918 (1 references) >> pkts bytes target prot opt in out source >> destination >> 0 0 rfc1918 all -- * * 0.0.0.0/0 >> 172.16.0.0/12 >> 0 0 rfc1918 all -- * * 0.0.0.0/0 >> 192.168.0.0/16 >> 0 0 rfc1918 all -- * * 0.0.0.0/0 >> 10.0.0.0/8 >> >> Chain outtos (1 references) >> pkts bytes target prot opt in out source >> destination >> 0 0 TOS tcp -- * * 0.0.0.0/0 >> 0.0.0.0/0 tcp dpt:22 TOS set 0x10 >> 8 624 TOS tcp -- * * 0.0.0.0/0 >> 0.0.0.0/0 tcp spt:22 TOS set 0x10 >> 0 0 TOS tcp -- * * 0.0.0.0/0 >> 0.0.0.0/0 tcp dpt:21 TOS set 0x10 >> 0 0 TOS tcp -- * * 0.0.0.0/0 >> 0.0.0.0/0 tcp spt:21 TOS set 0x10 >> 0 0 TOS tcp -- * * 0.0.0.0/0 >> 0.0.0.0/0 tcp spt:20 TOS set 0x08 >> 0 0 TOS tcp -- * * 0.0.0.0/0 >> 0.0.0.0/0 tcp dpt:20 TOS set 0x08 >> 0 0 TOS tcp -- * * 0.0.0.0/0 >> 0.0.0.0/0 tcp spt:80 TOS set 0x04 >> 0 0 TOS tcp -- * * 0.0.0.0/0 >> 0.0.0.0/0 tcp dpt:80 TOS set 0x04 >> >> Chain pretos (1 references) >> pkts bytes target prot opt in out source >> destination >> 4 368 TOS tcp -- * * 0.0.0.0/0 >> 0.0.0.0/0 tcp dpt:22 TOS set 0x10 >> 0 0 TOS tcp -- * * 0.0.0.0/0 >> 0.0.0.0/0 tcp spt:22 TOS set 0x10 >> 0 0 TOS tcp -- * * 0.0.0.0/0 >> 0.0.0.0/0 tcp dpt:21 TOS set 0x10 >> 0 0 TOS tcp -- * * 0.0.0.0/0 >> 0.0.0.0/0 tcp spt:21 TOS set 0x10 >> 0 0 TOS tcp -- * * 0.0.0.0/0 >> 0.0.0.0/0 tcp spt:20 TOS set 0x08 >> 0 0 TOS tcp -- * * 0.0.0.0/0 >> 0.0.0.0/0 tcp dpt:20 TOS set 0x08 >> 25 14255 TOS tcp -- * * 0.0.0.0/0 >> 0.0.0.0/0 tcp spt:80 TOS set 0x04 >> 38 12997 TOS tcp -- * * 0.0.0.0/0 >> 0.0.0.0/0 tcp dpt:80 TOS set 0x04 >> >> Chain rfc1918 (3 references) >> pkts bytes target prot opt in out source >> destination >> 0 0 LOG all -- * * 0.0.0.0/0 >> 0.0.0.0/0 LOG flags 0 level 6 prefix > `Shorewall:rfc1918:DROP:'' >> 0 0 DROP all -- * * 0.0.0.0/0 >> 0.0.0.0/0 >> >> udp 17 23 src=192.168.1.25 dst=192.168.1.255 sport=137 dport=137 >> [UNREPLIED] src=192.168.1.255 dst=192.168.1.25 sport=137 dport=137 > use=1 >> tcp 6 86 SYN_SENT src=192.168.1.190 dst=143.166.83.231 sport=1285 >> dport=80 [UNREPLIED] src=143.166.83.231 dst=216.23.172.196 sport=80 >> dport=1285 use=1 >> tcp 6 431978 ESTABLISHED src=192.168.1.190 dst=63.147.175.27 >> sport=1289 dport=80 src=63.147.175.27 dst=216.23.172.196 sport=80 >> dport=1289 [ASSURED] use=1 >> tcp 6 431975 ESTABLISHED src=192.168.1.190 dst=207.46.107.89 >> sport=4412 dport=1863 src=207.46.107.89 dst=216.23.172.196 sport=1863 >> dport=4412 [ASSURED] use=1 >> tcp 6 25 TIME_WAIT src=192.168.1.190 dst=192.168.1.7 sport=1281 >> dport=443 src=192.168.1.7 dst=192.168.1.190 sport=443 dport=1281 > [ASSURED] >> use=1 >> tcp 6 431999 ESTABLISHED src=192.168.1.190 dst=192.168.1.7 > sport=1295 >> dport=443 src=192.168.1.7 dst=192.168.1.190 sport=443 dport=1295 > [ASSURED] >> use=1 >> tcp 6 116 TIME_WAIT src=192.168.1.190 dst=192.168.1.7 sport=1294 >> dport=443 src=192.168.1.7 dst=192.168.1.190 sport=443 dport=1294 > [ASSURED] >> use=1 >> tcp 6 28 TIME_WAIT src=192.168.1.190 dst=192.168.1.7 sport=1282 >> dport=443 src=192.168.1.7 dst=192.168.1.190 sport=443 dport=1282 > [ASSURED] >> use=1 >> udp 17 24 src=192.168.1.130 dst=192.168.1.255 sport=138 dport=138 >> [UNREPLIED] src=192.168.1.255 dst=192.168.1.130 sport=138 dport=138 > use=1 >> >> IP Configuration >> >> 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue >> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 >> inet 127.0.0.1/8 brd 127.255.255.255 scope host lo >> 2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100 >> link/ether 00:10:e0:01:22:05 brd ff:ff:ff:ff:ff:ff >> inet 216.23.172.196/26 brd 216.23.172.255 scope global eth0 >> 3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100 >> link/ether 00:10:e0:01:22:06 brd ff:ff:ff:ff:ff:ff >> inet 192.168.1.7/24 brd 192.168.1.255 scope global eth1 >> 4: eth2: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100 >> link/ether 00:c0:f0:59:b4:ab brd ff:ff:ff:ff:ff:ff >> inet 192.168.200.46/24 brd 192.168.200.255 scope global eth2 >> >> Routing Rules >> >> 0: from all lookup local >> 32766: from all lookup main >> 32767: from all lookup 253 >> >> Table local: >> >> broadcast 192.168.1.0 dev eth1 proto kernel scope link src > 192.168.1.7 >> broadcast 127.255.255.255 dev lo proto kernel scope link src > 127.0.0.1 >> broadcast 216.23.172.255 dev eth0 proto kernel scope link src >> 216.23.172.196 >> broadcast 192.168.200.255 dev eth2 proto kernel scope link src >> 192.168.200.46 >> local 192.168.200.46 dev eth2 proto kernel scope host src >> 192.168.200.46 >> local 192.168.1.7 dev eth1 proto kernel scope host src 192.168.1.7 >> local 216.23.172.196 dev eth0 proto kernel scope host src >> 216.23.172.196 >> broadcast 192.168.1.255 dev eth1 proto kernel scope link src >> 192.168.1.7 >> broadcast 192.168.200.0 dev eth2 proto kernel scope link src >> 192.168.200.46 >> broadcast 216.23.172.192 dev eth0 proto kernel scope link src >> 216.23.172.196 >> broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1 >> local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1 >> local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1 >> >> Table main: >> >> 192.168.200.46 dev eth2 scope link >> 192.168.1.7 dev eth1 scope link >> 216.23.172.196 dev eth0 scope link >> 216.23.172.192/26 dev eth0 proto kernel scope link src > 216.23.172.196 >> 192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.7 >> 192.168.200.0/24 dev eth2 proto kernel scope link src > 192.168.200.46 >> 127.0.0.0/8 dev lo scope link >> default via 216.23.172.193 dev eth0 >> >> Table 253: > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: > https://lists.shorewall.net/mailman/listinfo/shorewall-users > Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm > >
> Not all connection problems are Shorewall problems. When Itroubleshoot> a connection problem, Shorewall is the *last* place I look (and only > rarely do I find that I need to add a rule somewhere, but it didhappen> today :-) ). >I only assumed it was some configuration on the firewall when I stop shorewall, I can get to dell.com from the firewall. Ofcourse no access for LAN computers to the internet in general.> a) http://shorewall.net/shorewall_logging.html tells you everythingthat> there is to know about Shorewall logging. In your case, if you search > through the "shorewall status" output you posted for the string "LOG", > you will see that *all* logging by the Shorewall-generated ruleset is > done at level 6 (info). Thus, a quick look at /etc/syslog.conf willtell> you everywhere that kernel.info messages are logged and those are the > only possible places where Netfilter will log "Shorewall" messages. > > b) Do you have ECN enabled on the client system? There may be a router > somewhere in the path from your firewall to dell.com that doesn''t > support ECN (although that problem is getting to be fairly rare). >ECN is not enabled on the firewall. I have kernel 2.4.19 and I thought it is not support on that.> c) The SYN_SENT state means simply that the first step of thethree-step> TCP handshake has been sent by the firewall and answering SYN,ACK has > not been received. > > d) Can you ping 143.166.83.231 from the client system (where your > browser is running)?>From the firewall ssh in from Internet to eth0 (from another system ondifferent firewall) or from the LAN to eth2 (from behind the shorewall firewall), I cannot get to dell.com (telnet dell.com 80). But when I stop shorewall, I can get through using telnet to port 80 to dell.com Thanks, Elmer> > -Tom > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: > https://lists.shorewall.net/mailman/listinfo/shorewall-users > Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm
Hopefully someone on the list can help you -- I''m leaving on vacation and I simply don''t have the time or energy to deal with your problem. Sorry, -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
> Hopefully someone on the list can help you -- I''m leaving on vacation > and I simply don''t have the time or energy to deal with your problem. >No worries, everyone deserves a vacation. I will try to search the web or the archives to see if there is anything relevant. I hope you have time when you get back unless someone on the list has experienced this problem already. This is still not in production mode and I am running it parallel to a system that is in production right now anyway.> Sorry, > -Tom > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: > https://lists.shorewall.net/mailman/listinfo/shorewall-users > Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm
> ECN? Check the shorewall docs about it. >I do not have ECN enabled. My kernel is 2.4.19 and I think that ECN is not supported. I did notice that this affects just port 80, because I can telnet to the MX records of dell.com''s mail servers just fine. Very weird. I can''t help but think there is a rule I could add to make everything swell.> HTH > Simon
> > ECN? Check the shorewall docs about it.Okay, my fault. Not knowing too much about TOS configuration, I setup http for "Maximize Reliability (4)". I am not sure why it would affect some sites and not all sites though.> > > HTH > > Simon > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: > https://lists.shorewall.net/mailman/listinfo/shorewall-users > Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm
On Thursday 05 August 2004 16:52, Tolentino, Elmer wrote:> > > ECN? Check the shorewall docs about it. > > Okay, my fault. Not knowing too much about TOS configuration, I setup > http for "Maximize Reliability (4)". I am not sure why it would affect > some sites and not all sites though.Thanks for letting us know, -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net