Good day to all. I don''t like to Post unless I am really stuck. Guess what? Redhat with Shorewall. Been using this for years. I have a new client that we have setup with Redhat and Shorewall. The problem is that his outside address (ETH0 = NET) is dynamic (i.e. DHCP enabled). All the rules work fine when we use a STATIC address on Eth0, so we know the rules, filters, tos etc work fine (in fact these are clones of our standard config). Any ideas? Thanks
On Mon, 2004-12-27 at 19:07 -0700, Newbie wrote:> Good day to all. > > I don''t like to Post unless I am really stuck. Guess what? > > Redhat with Shorewall. Been using this for years. I have a new client that we have setup with Redhat and Shorewall. The problem is that his outside address (ETH0 = NET) is dynamic (i.e. DHCP enabled). > > All the rules work fine when we use a STATIC address on Eth0, so we know the rules, filters, tos etc work fine (in fact these are clones of our standard config). > > Any ideas?All you have said is "It doesn''t work". WHAT DOESN''T WORK???????? a) Firewall explodes when cables are connected? b) Wife takes children and leaves home shortly after Shorewall starts? Come on -- give us some clue! See http://shorewall.net/support.htm.... -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Sorry folks! My bad, of course more info is necessary - just been a long day. Anyway, here is some additional info. 1) LAN (eth1 - 192.168.5.0), 2) WAN (eht0 - dynamic. (Actually it is a STATiC, the way the ISP works here in the great white north, is the ISP reserves an address against your MAC address. The NIC has to send out a DHCP request in order for the ISP to assign an address. But in the ''Real World'' it''s a reserved DHCP address. According to the ISP, this is correct and work as expected) and we know this because on the firewall we can smurf the web etc, 3) Redhat (shriek) with Shorewall 2.0.2f, 4) The Redhat box has worked fine at another of the client''s sites. The only difference is now eth0 is dynamic (reserved ip -> mac - which the ISP calles Static!!!). But from Redhat''s perspective eth0 is dynamic, 5) Nothing else out of the ordinary and the configuration is as per out internal standards and docs. I realize that don''t mean squat in the universe, but it is the method and series of standard that we use for all our installs. Flawlessly, I might add - until now. Here''s what I mean by ''Doesn''t work''. When Redhat is rebooted all the rules process correctly (i.e. no errors and the tables are correct). On the console (or via ssh) I can merrily surf the web (eth0) and use resources on the LAN (via eth1). That makes sense.>From the Web, I cannot get past the firewall and from the LAN I cannotget past the firewall. I''m not on site now, but we ran tcpdump (eth1) and tried a simple web surf from the LAN (eth1, google.ca) and saw the connection request. Then nothing. At the same time, we ran tcpdump on eth0 port 80 and saw no web traffic coming from eth1. We also tried a web request using an IP address. Nada. Same thing with dig (nslookup). Nada. As mentioned, this configuration works fine with a static address (in fact this box is from another of this client''s sites and has been working just dicky for about 16 months). Checking resolv.conf (generated by the dynamic request) points to valid dns servers. We''ve tried low-level things like ping and traceroute. I know, don''t do this on a production box, but for testing what da? Anyway, we could ping, traceroute to eth1, but not past. Same thing from the wan (ie eth0). So, I''m thinking that I have to do something to tell Shorewall about DHCP? But (and this is because we''ve not done this with dynamics) I don''t know what. In the meantime, we''ve put an OpenBSD box (doh) back in place and all is functional for now. I hope this helps to give someone a grasp on what the heck I'' babbling about. Btw: if we hard code the IP address to eth0, nothing will work. That''s because the ISP wants the nic to generate a DHCP request. So the static we used was one of the client''s spare statoc addresses. Richard -----Original Message----- From: Tom Eastep [mailto:teastep@shorewall.net] Sent: Monday, December 27, 2004 7:15 PM To: Newbie Linux; Shorewall Users Subject: Re: [Shorewall-users] DHCP On Mon, 2004-12-27 at 19:07 -0700, Newbie wrote:> Good day to all. > > I don''t like to Post unless I am really stuck. Guess what? > > Redhat with Shorewall. Been using this for years. I have a new clientthat we have setup with Redhat and Shorewall. The problem is that his outside address (ETH0 = NET) is dynamic (i.e. DHCP enabled).> > All the rules work fine when we use a STATIC address on Eth0, so weknow the rules, filters, tos etc work fine (in fact these are clones of our standard config).> > Any ideas?All you have said is "It doesn''t work". WHAT DOESN''T WORK???????? a) Firewall explodes when cables are connected? b) Wife takes children and leaves home shortly after Shorewall starts? Come on -- give us some clue! See http://shorewall.net/support.htm.... -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key _______________________________________________ Shorewall-users mailing list Post: Shorewall-users@lists.shorewall.net Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users Support: http://www.shorewall.net/support.htm FAQ: http://www.shorewall.net/FAQ.htm
On Mon, 2004-12-27 at 18:14 -0800, Tom Eastep wrote:> On Mon, 2004-12-27 at 19:07 -0700, Newbie wrote: > > Good day to all. > > > > I don''t like to Post unless I am really stuck. Guess what? > > > > Redhat with Shorewall. Been using this for years. I have a new client that we have setup with Redhat and Shorewall. The problem is that his outside address (ETH0 = NET) is dynamic (i.e. DHCP enabled). > > > > All the rules work fine when we use a STATIC address on Eth0, so we know the rules, filters, tos etc work fine (in fact these are clones of our standard config). > > > > Any ideas? > > All you have said is "It doesn''t work". WHAT DOESN''T WORK???????? > > a) Firewall explodes when cables are connected? > b) Wife takes children and leaves home shortly after Shorewall starts? > > Come on -- give us some clue! See http://shorewall.net/support.htm....I assume that you''ve done enough research (such as entering ''dhcp'' in the quick search form on the Shorewall web site) to learn that you must set the ''dhcp'' option on eth0 in /etc/shorewall/interfaces. Without that option, the dhcp client running on the firewall may not be able to renew its lease (although it can usually get an initial lease). If this isn''t your problem then my comments above still stand... -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
On Mon, 2004-12-27 at 19:46 -0700, Richard Gutery wrote:> Sorry folks! My bad, of course more info is necessary - just been a long > day. > > Anyway, here is some additional info. >Richard -- I''d like to see the configuration and the output of "shorewall status" as an attachment. Thanks, -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Hi Tom: I made the appropriate entry in ''interfaces'' as suggested by at this url: http://shorewall.net/Documentation.htm#Interfaces. I had already tried this and removed it because it didn''t seem to help. In any case, I put it back in as per the site''s suggestion and the docs that I found with regard to DHCP. The entry is (net eth0 detect dhcp,norfc1918,blacklist) I''ve restarted Shorewall with no errors, so that is good. I now need to unplug and plug cables to check functionality. I will be at the client site later today and will forward the config and Shorewall status. Probably sometime around 4:00pm or 5:00pm mst, so you probably won''t see it until tomorrow. I''ll post the results in any case. Thanks for the assist. Cheers. Richard Gutery mentor ITS -----Original Message----- From: Tom Eastep [mailto:teastep@shorewall.net] Sent: Tuesday, December 28, 2004 9:10 AM To: Shorewall Users Subject: RE: [Shorewall-users] DHCP On Mon, 2004-12-27 at 19:46 -0700, Richard Gutery wrote:> Sorry folks! My bad, of course more info is necessary - just been along> day. > > Anyway, here is some additional info. >Richard -- I''d like to see the configuration and the output of "shorewall status" as an attachment. Thanks, -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key _______________________________________________ Shorewall-users mailing list Post: Shorewall-users@lists.shorewall.net Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users Support: http://www.shorewall.net/support.htm FAQ: http://www.shorewall.net/FAQ.htm
On Tue, 2004-12-28 at 08:09 -0800, Tom Eastep wrote:> On Mon, 2004-12-27 at 19:46 -0700, Richard Gutery wrote: > > Sorry folks! My bad, of course more info is necessary - just been a long > > day. > > > > Anyway, here is some additional info. > > > > Richard -- I''d like to see the configuration and the output of > "shorewall status" as an attachment. >Also, when you try to send traffic through the firewall do the packet counts and byte counts on the FORWARD chain increment (shorewall show FORWARD -- packet count is the first field and byte count is the second)? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Hi Tom, sorry for the delay. Please find attached the followng: TOS, RULES, INTERFACES, POLICY and Output of shorewall status. I really appreciate the help on this. Shorewall is an excellent prodcut and until this DHCP issue, I've never had problems (okay a few itty bitty ones). Richard -----Original Message----- From: Tom Eastep [mailto:teastep@shorewall.net] Sent: Tue 12/28/2004 9:09 AM To: Shorewall Users Cc: Subject: RE: [Shorewall-users] DHCP On Mon, 2004-12-27 at 19:46 -0700, Richard Gutery wrote: > Sorry folks! My bad, of course more info is necessary - just been a long > day. > > Anyway, here is some additional info. > Richard -- I'd like to see the configuration and the output of "shorewall status" as an attachment. Thanks, -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key _______________________________________________ Shorewall-users mailing list Post: Shorewall-users@lists.shorewall.net Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users Support: http://www.shorewall.net/support.htm FAQ: http://www.shorewall.net/FAQ.htm
On Wed, 2004-12-29 at 15:01 -0700, Richard Gutery wrote:> Hi Tom, sorry for the delay. Please find attached the followng: > > TOS, RULES, INTERFACES, POLICY and Output of shorewall status. > > I really appreciate the help on this. Shorewall is an excellent prodcut and until this DHCP issue, I''ve never had problems (okay a few itty bitty ones).Please send the information in a Unix-friendly format -- not application/ms-tnef (or give me some clue how to read the %$#@ attachment -- the KDE TNEF viewer can''t seem to deal with it). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Sorry Tom, were the files from etc/shorewall dir, I just assumed (bad...) that there would be no problem. I'm resending in text format using windows notepad??? They will also open in kEdit and Kate and Edipad Pro (Linux and Windows) If there still is a problem, please let me knwo which format is acceptable. Richard -----Original Message----- From: Tom Eastep [mailto:teastep@shorewall.net] Sent: Wed 12/29/2004 3:13 PM To: Shorewall Users Cc: Subject: RE: [Shorewall-users] DHCP On Wed, 2004-12-29 at 15:01 -0700, Richard Gutery wrote: > Hi Tom, sorry for the delay. Please find attached the followng: > > TOS, RULES, INTERFACES, POLICY and Output of shorewall status. > > I really appreciate the help on this. Shorewall is an excellent prodcut and until this DHCP issue, I've never had problems (okay a few itty bitty ones). Please send the information in a Unix-friendly format -- not application/ms-tnef (or give me some clue how to read the %$#@ attachment -- the KDE TNEF viewer can't seem to deal with it). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key _______________________________________________ Shorewall-users mailing list Post: Shorewall-users@lists.shorewall.net Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users Support: http://www.shorewall.net/support.htm FAQ: http://www.shorewall.net/FAQ.htm
On Wed, 2004-12-29 at 15:25 -0700, Richard Gutery wrote:> Sorry Tom, were the files from etc/shorewall dir, I just assumed (bad...) that there would be no problem. > > I''m resending in text format using windows notepad??? They will also open in kEdit and Kate and Edipad Pro (Linux and Windows) >I''m getting a single attachment of type application/ms-tnef.> If there still is a problem, please let me knwo which format is acceptable.How about you create a tarball on your Linux box and attach it to the email. DO NOT TRANSFER THE RAW FILES TO YOUR WINDOWS SYSTEM! -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
On Wed, 2004-12-29 at 15:25 -0700, Richard Gutery wrote:> Sorry Tom, were the files from etc/shorewall dir, I just assumed (bad...) that there would be no problem. > > I''m resending in text format using windows notepad??? They will also open in kEdit and Kate and Edipad Pro (Linux and Windows) > > If there still is a problem, please let me knwo which format is acceptable.I was able to pick out the files from the binary crap in the attachment. Is it true that you don''t use any masquerading/SNAT in this setup? (because you don''t have any) -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Let me try this again (stupid MS Outlook Web Access...) Richard ----- Original Message ----- From: "Tom Eastep" <teastep@shorewall.net> To: "Shorewall Users" <shorewall-users@lists.shorewall.net> Sent: Wednesday, December 29, 2004 3:29 PM Subject: RE: [Shorewall-users] DHCP> On Wed, 2004-12-29 at 15:25 -0700, Richard Gutery wrote: > > Sorry Tom, were the files from etc/shorewall dir, I just assumed(bad...) that there would be no problem.> > > > I''m resending in text format using windows notepad??? They will alsoopen in kEdit and Kate and Edipad Pro (Linux and Windows)> > > > I''m getting a single attachment of type application/ms-tnef. > > > If there still is a problem, please let me knwo which format isacceptable.> > How about you create a tarball on your Linux box and attach it to the > email. DO NOT TRANSFER THE RAW FILES TO YOUR WINDOWS SYSTEM! > > -Tom > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key > > > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe:https://lists.shorewall.net/mailman/listinfo/shorewall-users> Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm
On Wed, 2004-12-29 at 16:12 -0700, Richard Gutery wrote:> Let me try this again (stupid MS Outlook Web Access...)Again -- what is the point of the DNAT rules if you don''t use Masquerade/SNAT outbound?? Or is it that you intend to use Masquerade/SNAT but have neglected to configure it? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Here are the file contents between Begin and End information.
BEGIN INFORMATION
TOS
########################################################################
######
#SOURCE DEST PROTOCOL SOURCE PORTS DEST PORTS
TOS
net loc tcp domain
- 16
net loc udp domain
- 16
loc net tcp domain
- 16
loc net udp domain
- 16
net loc tcp smtp
smtp 8
net loc tcp pop3
pop3 8
net loc tcp 80
80 8
net loc tcp 88
88 8
net loc tcp 21
21 16
net loc tcp 20
20 8
net net tcp ssh
ssh 16
loc $FW tcp 137:139
137:139 0
loc $FW udp 137:139
137:139 0
$FW loc tcp 137:139
137:139 0
$FW loc udp 137:139
137:139 0
net loc tcp 1723
1723 0
# The next series allows for Remote Admin of Appliance Firewalls
#all all tcp 88 88 8
#all all tcp 1080 1080 8
#LAST LINE -- Add your entries above -- DO NOT REMOVE
INTERFACES
########################################################################
######
#ZONE INTERFACE BROADCAST OPTIONS
net eth0 detect tcpflags,dhcp,norfc1918
loc eth1 detect
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
POLICY
########################################################################
#######
#SOURCE DEST POLICY
LOG LIMIT:BURST
#
LEVEL
loc net ACCEPT -
loc fw ACCEPT -
# If you want remove access to the Internet from your Firewall
# comment the next line
# Net to firewall and local
net fw ACCEPT -
net loc ACCEPT -
# Firewall to anaywhere
fw loc ACCEPT -
fw net ACCEPT -
#
# THE FOLLOWING POLICY MUST BE LAST
#
all all REJECT -
#LAST LINE -- DO NOT REMOVE
RULES
########################################################################
############################
#ACTION SOURCE DEST PROTO DEST
SOURCE ORIGINAL RATE USER/
# send services to servers via DNAT
# NOTE: the second hyphen (-) is for Multiple outside NICS
DNAT net loc:192.168.1.254 tcp
smtp -
DNAT net loc:192.168.1.254 tcp
pop3 -
DNAT net loc:192.168.1.254 tcp
www,ftp-data,ftp
DNAT net loc:192.168.1.254 tcp
1723 -
DNAT net loc:192.168.1.254 gre
- -
DNAT net loc:192.168.1.2
tcp 10000 -
# From NETWORK TO FW, accept SSH, Webmin (100000), FTP and Samba
(137-139)
#
ACCEPT net loc
tcp 53
ACCEPT net loc
udp 53
ACCEPT loc fw
tcp ssh
ACCEPT fw loc
tcp 21
# RDG - webmin access
ACCEPT loc fw
tcp 10000
# Let SMB request to the FW
ACCEPT loc fw
tcp 137
ACCEPT loc fw
udp 137
ACCEPT loc fw
tcp 139
ACCEPT loc fw
udp 139
# Let the FW show SMB
ACCEPT fw loc
tcp 137
ACCEPT fw loc
tcp 137
ACCEPT fw loc
tcp 139
ACCEPT fw loc
tcp 139
# Allow traffic from NET to FW and ICMP
#
ACCEPT loc fw
icmp - -
ACCEPT fw loc
icmp - -
ACCEPT fw net
icmp - -
# Accept PPTP
ACCEPT net loc
tcp 1723 1723
# Accept Remote firewall (dlink etc) from LAN TO WEB
#
ACCEPT net loc
tcp 88 88
ACCEPT net loc
tcp 8080 8080
ACCEPT net loc
tcp 1080 1080
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
STATUS
[H[2JShorewall-2.0.2f Status at ppi-fw1.paladinsurvey.ca - Wed Dec 29
14:50:13 MST 2004
Counters reset Wed Dec 29 14:48:42 MST 2004
Chain INPUT (policy DROP 1 packets, 48 bytes)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- lo * 0.0.0.0/0
0.0.0.0/0
0 0 DROP !icmp -- * * 0.0.0.0/0
0.0.0.0/0 state INVALID
0 0 eth0_in all -- eth0 * 0.0.0.0/0
0.0.0.0/0
186 12408 eth1_in all -- eth1 * 0.0.0.0/0
0.0.0.0/0
0 0 Reject all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 reject all -- * * 0.0.0.0/0
0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 DROP !icmp -- * * 0.0.0.0/0
0.0.0.0/0 state INVALID
0 0 eth0_fwd all -- eth0 * 0.0.0.0/0
0.0.0.0/0
0 0 eth1_fwd all -- eth1 * 0.0.0.0/0
0.0.0.0/0
0 0 Reject all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 reject all -- * * 0.0.0.0/0
0.0.0.0/0
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * lo 0.0.0.0/0
0.0.0.0/0
0 0 DROP !icmp -- * * 0.0.0.0/0
0.0.0.0/0 state INVALID
0 0 ACCEPT udp -- * eth0 0.0.0.0/0
0.0.0.0/0 udp dpts:67:68
0 0 fw2net all -- * eth0 0.0.0.0/0
0.0.0.0/0
144 10454 fw2loc all -- * eth1 0.0.0.0/0
0.0.0.0/0
0 0 Reject all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 reject all -- * * 0.0.0.0/0
0.0.0.0/0
Chain Drop (0 references)
pkts bytes target prot opt in out source
destination
0 0 RejectAuth all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 dropBcast all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 DropSMB all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 DropUPnP all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 dropNonSyn all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 DropDNSrep all -- * * 0.0.0.0/0
0.0.0.0/0
Chain DropDNSrep (2 references)
pkts bytes target prot opt in out source
destination
0 0 DROP udp -- * * 0.0.0.0/0
0.0.0.0/0 udp spt:53
Chain DropSMB (1 references)
pkts bytes target prot opt in out source
destination
0 0 DROP udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:135
0 0 DROP udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpts:137:139
0 0 DROP udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:445
0 0 DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:135
0 0 DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:139
0 0 DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:445
Chain DropUPnP (2 references)
pkts bytes target prot opt in out source
destination
0 0 DROP udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:1900
Chain Reject (4 references)
pkts bytes target prot opt in out source
destination
0 0 RejectAuth all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 dropBcast all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 RejectSMB all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 DropUPnP all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 dropNonSyn all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 DropDNSrep all -- * * 0.0.0.0/0
0.0.0.0/0
Chain RejectAuth (2 references)
pkts bytes target prot opt in out source
destination
0 0 reject tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:113
Chain RejectSMB (1 references)
pkts bytes target prot opt in out source
destination
0 0 reject udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:135
0 0 reject udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpts:137:139
0 0 reject udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:445
0 0 reject tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:135
0 0 reject tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:139
0 0 reject tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:445
Chain all2all (0 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 Reject all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 reject all -- * * 0.0.0.0/0
0.0.0.0/0
Chain dropBcast (2 references)
pkts bytes target prot opt in out source
destination
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0 PKTTYPE = broadcast
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0 PKTTYPE = multicast
Chain dropNonSyn (2 references)
pkts bytes target prot opt in out source
destination
0 0 DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:!0x16/0x02
Chain dynamic (4 references)
pkts bytes target prot opt in out source
destination
Chain eth0_fwd (1 references)
pkts bytes target prot opt in out source
destination
0 0 dynamic all -- * * 0.0.0.0/0
0.0.0.0/0 state NEW
0 0 norfc1918 all -- * * 0.0.0.0/0
0.0.0.0/0 state NEW
0 0 tcpflags tcp -- * * 0.0.0.0/0
0.0.0.0/0
0 0 net2loc all -- * eth1 0.0.0.0/0
0.0.0.0/0
Chain eth0_in (1 references)
pkts bytes target prot opt in out source
destination
0 0 dynamic all -- * * 0.0.0.0/0
0.0.0.0/0 state NEW
0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpts:67:68
0 0 norfc1918 all -- * * 0.0.0.0/0
0.0.0.0/0 state NEW
0 0 tcpflags tcp -- * * 0.0.0.0/0
0.0.0.0/0
0 0 net2fw all -- * * 0.0.0.0/0
0.0.0.0/0
Chain eth1_fwd (1 references)
pkts bytes target prot opt in out source
destination
0 0 dynamic all -- * * 0.0.0.0/0
0.0.0.0/0 state NEW
0 0 loc2net all -- * eth0 0.0.0.0/0
0.0.0.0/0
Chain eth1_in (1 references)
pkts bytes target prot opt in out source
destination
28 3396 dynamic all -- * * 0.0.0.0/0
0.0.0.0/0 state NEW
186 12408 loc2fw all -- * * 0.0.0.0/0
0.0.0.0/0
Chain fw2loc (1 references)
pkts bytes target prot opt in out source
destination
121 7799 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:21
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:137
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:137
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:139
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:139
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0
23 2655 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0
Chain fw2net (1 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0
Chain icmpdef (0 references)
pkts bytes target prot opt in out source
destination
Chain loc2fw (1 references)
pkts bytes target prot opt in out source
destination
158 9012 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
1 48 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:22
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:10000
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:137
21 1998 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:137
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:139
0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:139
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0
6 1350 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0
Chain loc2net (1 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0
Chain logflags (5 references)
pkts bytes target prot opt in out source
destination
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 4 level 6 prefix
`Shorewall:logflags:DROP:''
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0
Chain net2fw (1 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0
Chain net2loc (1 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0
192.168.1.254 tcp dpt:25
0 0 ACCEPT tcp -- * * 0.0.0.0/0
192.168.1.254 tcp dpt:110
0 0 ACCEPT tcp -- * * 0.0.0.0/0
192.168.1.254 multiport dports 80,20,21
0 0 ACCEPT tcp -- * * 0.0.0.0/0
192.168.1.254 tcp dpt:1723
0 0 ACCEPT 47 -- * * 0.0.0.0/0
192.168.1.254
0 0 ACCEPT tcp -- * * 0.0.0.0/0
192.168.1.2 tcp dpt:10000
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:53
0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:53
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp spt:1723 dpt:1723
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp spt:88 dpt:88
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp spt:8080 dpt:8080
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp spt:1080 dpt:1080
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0
Chain norfc1918 (2 references)
pkts bytes target prot opt in out source
destination
0 0 rfc1918 all -- * * 172.16.0.0/12
0.0.0.0/0
0 0 rfc1918 all -- * * 0.0.0.0/0
0.0.0.0/0 ctorigdst 172.16.0.0/12
0 0 rfc1918 all -- * * 192.168.0.0/16
0.0.0.0/0
0 0 rfc1918 all -- * * 0.0.0.0/0
0.0.0.0/0 ctorigdst 192.168.0.0/16
0 0 rfc1918 all -- * * 10.0.0.0/8
0.0.0.0/0
0 0 rfc1918 all -- * * 0.0.0.0/0
0.0.0.0/0 ctorigdst 10.0.0.0/8
Chain reject (11 references)
pkts bytes target prot opt in out source
destination
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0 PKTTYPE = broadcast
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0 PKTTYPE = multicast
0 0 DROP all -- * * 142.179.159.255
0.0.0.0/0
0 0 DROP all -- * * 192.168.1.255
0.0.0.0/0
0 0 DROP all -- * * 255.255.255.255
0.0.0.0/0
0 0 DROP all -- * * 224.0.0.0/4
0.0.0.0/0
0 0 REJECT tcp -- * * 0.0.0.0/0
0.0.0.0/0 reject-with tcp-reset
0 0 REJECT udp -- * * 0.0.0.0/0
0.0.0.0/0 reject-with icmp-port-unreachable
0 0 REJECT icmp -- * * 0.0.0.0/0
0.0.0.0/0 reject-with icmp-host-unreachable
0 0 REJECT all -- * * 0.0.0.0/0
0.0.0.0/0 reject-with icmp-host-prohibited
Chain rfc1918 (6 references)
pkts bytes target prot opt in out source
destination
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:rfc1918:DROP:''
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0
Chain shorewall (0 references)
pkts bytes target prot opt in out source
destination
Chain smurfs (0 references)
pkts bytes target prot opt in out source
destination
0 0 LOG all -- * * 142.179.159.255
0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:''
0 0 DROP all -- * * 142.179.159.255
0.0.0.0/0
0 0 LOG all -- * * 192.168.1.255
0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:''
0 0 DROP all -- * * 192.168.1.255
0.0.0.0/0
0 0 LOG all -- * * 255.255.255.255
0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:''
0 0 DROP all -- * * 255.255.255.255
0.0.0.0/0
0 0 LOG all -- * * 224.0.0.0/4
0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:''
0 0 DROP all -- * * 224.0.0.0/4
0.0.0.0/0
Chain tcpflags (2 references)
pkts bytes target prot opt in out source
destination
0 0 logflags tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x3F/0x29
0 0 logflags tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x3F/0x00
0 0 logflags tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x06/0x06
0 0 logflags tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x03/0x03
0 0 logflags tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp spt:0 flags:0x16/0x02
Oct 13 13:27:31 FORWARD:REJECT:IN=eth0 OUT=eth0 SRC=172.16.1.254
DST=192.168.1.254 LEN=72 TOS=0x00 PREC=0x00 TTL=127 ID=774 PROTO=UDP
SPT=1086 DPT=53 LEN=52
Oct 13 13:27:39 FORWARD:REJECT:IN=eth0 OUT=eth0 SRC=172.16.1.254
DST=192.168.1.254 LEN=67 TOS=0x00 PREC=0x00 TTL=127 ID=775 PROTO=UDP
SPT=1087 DPT=53 LEN=47
Oct 13 13:27:40 FORWARD:REJECT:IN=eth0 OUT=eth0 SRC=172.16.1.254
DST=192.168.1.254 LEN=67 TOS=0x00 PREC=0x00 TTL=127 ID=776 PROTO=UDP
SPT=1087 DPT=53 LEN=47
Oct 13 13:27:42 FORWARD:REJECT:IN=eth0 OUT=eth0 SRC=172.16.1.254
DST=192.168.1.254 LEN=67 TOS=0x00 PREC=0x00 TTL=127 ID=777 PROTO=UDP
SPT=1087 DPT=53 LEN=47
Oct 13 13:27:44 FORWARD:REJECT:IN=eth0 OUT=eth0 SRC=172.16.1.254
DST=192.168.1.254 LEN=67 TOS=0x00 PREC=0x00 TTL=127 ID=778 PROTO=UDP
SPT=1087 DPT=53 LEN=47
Oct 13 13:27:44 FORWARD:REJECT:IN=eth0 OUT=eth0 SRC=172.16.1.254
DST=192.168.1.254 LEN=67 TOS=0x00 PREC=0x00 TTL=127 ID=779 PROTO=UDP
SPT=1087 DPT=53 LEN=47
Oct 13 13:27:48 FORWARD:REJECT:IN=eth0 OUT=eth0 SRC=172.16.1.254
DST=192.168.1.254 LEN=67 TOS=0x00 PREC=0x00 TTL=127 ID=780 PROTO=UDP
SPT=1087 DPT=53 LEN=47
Oct 13 13:27:48 FORWARD:REJECT:IN=eth0 OUT=eth0 SRC=172.16.1.254
DST=192.168.1.254 LEN=67 TOS=0x00 PREC=0x00 TTL=127 ID=781 PROTO=UDP
SPT=1087 DPT=53 LEN=47
Oct 13 13:42:17 FORWARD:REJECT:IN=eth1 OUT=eth1 SRC=172.16.1.254
DST=172.16.1.254 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=886 DF PROTO=TCP
SPT=1094 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0
Oct 13 13:51:48 FORWARD:REJECT:IN=eth0 OUT=eth0 SRC=172.16.1.254
DST=209.115.152.130 LEN=72 TOS=0x00 PREC=0x00 TTL=127 ID=65 PROTO=UDP
SPT=1032 DPT=53 LEN=52
Oct 13 13:51:48 FORWARD:REJECT:IN=eth0 OUT=eth0 SRC=172.16.1.254
DST=209.115.152.130 LEN=72 TOS=0x00 PREC=0x00 TTL=127 ID=66 PROTO=UDP
SPT=1032 DPT=53 LEN=52
Oct 13 13:51:48 FORWARD:REJECT:IN=eth0 OUT=eth0 SRC=172.16.1.254
DST=216.123.198.243 LEN=72 TOS=0x00 PREC=0x00 TTL=127 ID=67 PROTO=UDP
SPT=1032 DPT=53 LEN=52
Oct 13 13:51:48 FORWARD:REJECT:IN=eth0 OUT=eth0 SRC=172.16.1.254
DST=209.115.152.130 LEN=72 TOS=0x00 PREC=0x00 TTL=127 ID=68 PROTO=UDP
SPT=1032 DPT=53 LEN=52
Oct 13 13:51:52 FORWARD:REJECT:IN=eth0 OUT=eth0 SRC=172.16.1.254
DST=216.123.198.243 LEN=72 TOS=0x00 PREC=0x00 TTL=127 ID=69 PROTO=UDP
SPT=1032 DPT=53 LEN=52
Oct 13 13:51:52 FORWARD:REJECT:IN=eth0 OUT=eth0 SRC=172.16.1.254
DST=209.115.152.130 LEN=72 TOS=0x00 PREC=0x00 TTL=127 ID=70 PROTO=UDP
SPT=1032 DPT=53 LEN=52
Oct 15 11:52:08 FORWARD:REJECT:IN=eth1 OUT=eth1 SRC=192.168.1.254
DST=192.168.1.254 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=23082 DF
PROTO=TCP SPT=2426 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0
Oct 15 12:45:20 FORWARD:REJECT:IN=eth0 OUT=eth0 SRC=80.235.136.134
DST=198.53.129.153 LEN=60 TOS=0x00 PREC=0x00 TTL=108 ID=1061 PROTO=UDP
SPT=6346 DPT=6348 LEN=40
Oct 15 12:45:24 FORWARD:REJECT:IN=eth0 OUT=eth0 SRC=80.235.136.134
DST=198.53.129.153 LEN=60 TOS=0x00 PREC=0x00 TTL=108 ID=1245 PROTO=UDP
SPT=6348 DPT=6348 LEN=40
Oct 15 12:46:02 FORWARD:REJECT:IN=eth0 OUT=eth0 SRC=67.165.23.150
DST=198.53.129.153 LEN=60 TOS=0x00 PREC=0x00 TTL=42 ID=3764 PROTO=UDP
SPT=6346 DPT=6346 LEN=40
Oct 15 12:55:30 FORWARD:REJECT:IN=eth0 OUT=eth0 SRC=64.231.86.130
DST=198.53.129.153 LEN=60 TOS=0x00 PREC=0x00 TTL=108 ID=10013 PROTO=UDP
SPT=6346 DPT=6346 LEN=40
NAT Table
Chain PREROUTING (policy ACCEPT 71 packets, 21409 bytes)
pkts bytes target prot opt in out source
destination
0 0 net_dnat all -- eth0 * 0.0.0.0/0
0.0.0.0/0
Chain POSTROUTING (policy ACCEPT 4 packets, 831 bytes)
pkts bytes target prot opt in out source
destination
Chain OUTPUT (policy ACCEPT 4 packets, 831 bytes)
pkts bytes target prot opt in out source
destination
Chain net_dnat (1 references)
pkts bytes target prot opt in out source
destination
0 0 DNAT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:25 to:192.168.1.254
0 0 DNAT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:110 to:192.168.1.254
0 0 DNAT tcp -- * * 0.0.0.0/0
0.0.0.0/0 multiport dports 80,20,21 to:192.168.1.254
0 0 DNAT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:1723 to:192.168.1.254
0 0 DNAT 47 -- * * 0.0.0.0/0
0.0.0.0/0 to:192.168.1.254
0 0 DNAT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:10000 to:192.168.1.2
Mangle Table
Chain PREROUTING (policy ACCEPT 256 packets, 33276 bytes)
pkts bytes target prot opt in out source
destination
255 33228 pretos all -- * * 0.0.0.0/0
0.0.0.0/0
Chain INPUT (policy ACCEPT 191 packets, 12656 bytes)
pkts bytes target prot opt in out source
destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
Chain OUTPUT (policy ACCEPT 147 packets, 10614 bytes)
pkts bytes target prot opt in out source
destination
147 10614 outtos all -- * * 0.0.0.0/0
0.0.0.0/0
Chain POSTROUTING (policy ACCEPT 170 packets, 13269 bytes)
pkts bytes target prot opt in out source
destination
Chain outtos (1 references)
pkts bytes target prot opt in out source
destination
0 0 TOS tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp spts:137:139 dpts:137:139 TOS set 0x00
23 2655 TOS udp -- * * 0.0.0.0/0
0.0.0.0/0 udp spts:137:139 dpts:137:139 TOS set 0x00
Chain pretos (1 references)
pkts bytes target prot opt in out source
destination
0 0 TOS tcp -- eth0 * 0.0.0.0/0
0.0.0.0/0 tcp spt:53 TOS set 0x10
0 0 TOS udp -- eth0 * 0.0.0.0/0
0.0.0.0/0 udp spt:53 TOS set 0x10
0 0 TOS tcp -- eth1 * 0.0.0.0/0
0.0.0.0/0 tcp spt:53 TOS set 0x10
0 0 TOS udp -- eth1 * 0.0.0.0/0
0.0.0.0/0 udp spt:53 TOS set 0x10
0 0 TOS tcp -- eth0 * 0.0.0.0/0
0.0.0.0/0 tcp spt:25 dpt:25 TOS set 0x08
0 0 TOS tcp -- eth0 * 0.0.0.0/0
0.0.0.0/0 tcp spt:110 dpt:110 TOS set 0x08
0 0 TOS tcp -- eth0 * 0.0.0.0/0
0.0.0.0/0 tcp spt:80 dpt:80 TOS set 0x08
0 0 TOS tcp -- eth0 * 0.0.0.0/0
0.0.0.0/0 tcp spt:88 dpt:88 TOS set 0x08
0 0 TOS tcp -- eth0 * 0.0.0.0/0
0.0.0.0/0 tcp spt:21 dpt:21 TOS set 0x10
0 0 TOS tcp -- eth0 * 0.0.0.0/0
0.0.0.0/0 tcp spt:20 dpt:20 TOS set 0x08
0 0 TOS tcp -- eth0 * 0.0.0.0/0
0.0.0.0/0 tcp spt:22 dpt:22 TOS set 0x10
0 0 TOS tcp -- eth0 * 0.0.0.0/0
0.0.0.0/0 tcp spt:1723 dpt:1723 TOS set 0x00
udp 17 10 src=192.168.1.254 dst=192.168.1.255 sport=138 dport=138
[UNREPLIED] src=192.168.1.255 dst=192.168.1.254 sport=138 dport=138
use=1
tcp 6 431999 ESTABLISHED src=192.168.1.254 dst=192.168.1.2
sport=7317 dport=22 src=192.168.1.2 dst=192.168.1.254 sport=22
dport=7317 [ASSURED] use=1
udp 17 10 src=192.168.1.2 dst=192.168.1.255 sport=138 dport=138
[UNREPLIED] src=192.168.1.255 dst=192.168.1.2 sport=138 dport=138 use=1
END INFORMATION
Richard Gutery
mentor ITS
_____
From: Richard Gutery
[mailto:shorewall-users-bounces@lists.shorewall.net] On Behalf Of
Richard Gutery
Sent: Wednesday, December 29, 2004 3:25 PM
To: Mailing List for Shorewall Users
Subject: RE: [Shorewall-users] DHCP
Sorry Tom, were the files from etc/shorewall dir, I just assumed
(bad...) that there would be no problem.
I''m resending in text format using windows notepad??? They will also
open in kEdit and Kate and Edipad Pro (Linux and Windows)
If there still is a problem, please let me knwo which format is
acceptable.
Richard
-----Original Message-----
From: Tom Eastep [mailto:teastep@shorewall.net]
Sent: Wed 12/29/2004 3:13 PM
To: Shorewall Users
Cc:
Subject: RE: [Shorewall-users] DHCP
On Wed, 2004-12-29 at 15:01 -0700, Richard Gutery wrote:
> Hi Tom, sorry for the delay. Please find attached the
followng:
>
> TOS, RULES, INTERFACES, POLICY and Output of shorewall status.
>
> I really appreciate the help on this. Shorewall is an
excellent prodcut and until this DHCP issue, I''ve never had problems
(okay a few itty bitty ones).
Please send the information in a Unix-friendly format -- not
application/ms-tnef (or give me some clue how to read the %$#@
attachment -- the KDE TNEF viewer can''t seem to deal with it).
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented
fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
_______________________________________________
Shorewall-users mailing list
Post: Shorewall-users@lists.shorewall.net
Subscribe/Unsubscribe:
https://lists.shorewall.net/mailman/listinfo/shorewall-users
Support: http://www.shorewall.net/support.htm
FAQ: http://www.shorewall.net/FAQ.htm