thr3ads.net - Shorewall users - Squid and DMZ (ProxyARP) [Jan 2005]

If this information is useful, please help other people find it:
Share via:

Shorewall Admin User

2005-Jan-11 02:16 UTC

Squid and DMZ (ProxyARP)

Hello All,

I have a question about setting up the shorewall firewall for squid, I 
followed the instructions on "Using Shorewall with Squid" -->
"Squid Running
in the DMZ" section.  For some reason I am unable to get the program to
work.
I am able to have the squid work properly by using squidclient program, but
once I setup the firewall to use the redirect I am unable to get it to run 
properly. I am looking to see if I have the correct setup for the squid 
proxy in my firewall.

My shorewall version is 2.0.14


Shorewall-2.0.14 Status at iprouter - Mon Jan 10 20:08:12 CST 2005

Counters reset Mon Jan 10 20:07:17 CST 2005

Chain INPUT (policy DROP 9 packets, 741 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0
    0     0 DROP      !icmp --  *      *       0.0.0.0/0            0.0.0.0/0   
state INVALID
    0     0 eth0_in    all  --  eth0   *       0.0.0.0/0            0.0.0.0/0
   24  1920 eth1_in    all  --  eth1   *       0.0.0.0/0            0.0.0.0/0
    0     0 eth2_in    all  --  eth2   *       0.0.0.0/0            0.0.0.0/0
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:INPUT:REJECT:''
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy DROP 53 packets, 2772 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP      !icmp --  *      *       0.0.0.0/0            0.0.0.0/0   
state INVALID
   57  3036 TCPMSS     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp flags:0x06/0x02 TCPMSS clamp to PMTU
   55  9423 eth0_fwd   all  --  eth0   *       0.0.0.0/0            0.0.0.0/0
  109  8764 eth1_fwd   all  --  eth1   *       0.0.0.0/0            0.0.0.0/0
  168 52365 eth2_fwd   all  --  eth2   *       0.0.0.0/0            0.0.0.0/0
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:FORWARD:REJECT:''
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0
    0     0 DROP      !icmp --  *      *       0.0.0.0/0            0.0.0.0/0   
state INVALID
    4   160 fw2net     all  --  *      eth0    0.0.0.0/0            0.0.0.0/0
   16  1472 fw2loc     all  --  *      eth1    0.0.0.0/0            0.0.0.0/0
    1    40 fw2dmz     all  --  *      eth2    0.0.0.0/0            0.0.0.0/0
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:OUTPUT:REJECT:''
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain Drop (0 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 RejectAuth  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 dropBcast  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 DropSMB    all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 DropUPnP   all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 dropNonSyn  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 DropDNSrep  all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain DropDNSrep (2 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0   
udp spt:53

Chain DropSMB (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0   
udp dpt:135
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0   
udp dpts:137:139
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0   
udp dpt:445
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp dpt:135
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp dpt:139
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp dpt:445

Chain DropUPnP (2 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0   
udp dpt:1900

Chain Reject (5 references)
 pkts bytes target     prot opt in     out     source               destination
    6   320 RejectAuth  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    4   200 dropBcast  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    4   200 RejectSMB  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    2   104 DropUPnP   all  --  *      *       0.0.0.0/0            0.0.0.0/0
    2   104 dropNonSyn  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    2   104 DropDNSrep  all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain RejectAuth (2 references)
 pkts bytes target     prot opt in     out     source               destination
    2   120 reject     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp dpt:113

Chain RejectSMB (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 reject     udp  --  *      *       0.0.0.0/0            0.0.0.0/0   
udp dpt:135
    0     0 reject     udp  --  *      *       0.0.0.0/0            0.0.0.0/0   
udp dpts:137:139
    0     0 reject     udp  --  *      *       0.0.0.0/0            0.0.0.0/0   
udp dpt:445
    0     0 reject     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp dpt:135
    0     0 reject     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp dpt:139
    2    96 reject     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp dpt:445

Chain all2all (11 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
state RELATED,ESTABLISHED
    6   320 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0
    2   104 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:all2all:REJECT:''
    2   104 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain blacklst (4 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 LOG        all  --  *      *       136.145.49.21        0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       136.145.49.21        0.0.0.0/0
    0     0 LOG        all  --  *      *       152.78.98.133        0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       152.78.98.133        0.0.0.0/0
    0     0 LOG        all  --  *      *       194.69.221.118       0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       194.69.221.118       0.0.0.0/0
    0     0 LOG        all  --  *      *       194.88.113.226       0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       194.88.113.226       0.0.0.0/0
    0     0 LOG        all  --  *      *       200.124.168.8        0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       200.124.168.8        0.0.0.0/0
    0     0 LOG        all  --  *      *       200.192.250.53       0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       200.192.250.53       0.0.0.0/0
    0     0 LOG        all  --  *      *       200.223.129.33       0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       200.223.129.33       0.0.0.0/0
    0     0 LOG        all  --  *      *       201.8.34.248         0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       201.8.34.248         0.0.0.0/0
    0     0 LOG        all  --  *      *       202.101.62.209       0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       202.101.62.209       0.0.0.0/0
    0     0 LOG        all  --  *      *       202.114.88.96        0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       202.114.88.96        0.0.0.0/0
    0     0 LOG        all  --  *      *       202.231.115.154      0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       202.231.115.154      0.0.0.0/0
    0     0 LOG        all  --  *      *       202.64.28.81         0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       202.64.28.81         0.0.0.0/0
    0     0 LOG        all  --  *      *       203.126.180.77       0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       203.126.180.77       0.0.0.0/0
    0     0 LOG        all  --  *      *       203.98.175.189       0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       203.98.175.189       0.0.0.0/0
    0     0 LOG        all  --  *      *       204.251.212.93       0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       204.251.212.93       0.0.0.0/0
    0     0 LOG        all  --  *      *       206.13.56.94         0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       206.13.56.94         0.0.0.0/0
    0     0 LOG        all  --  *      *       208.133.206.59       0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       208.133.206.59       0.0.0.0/0
    0     0 LOG        all  --  *      *       208.9.142.49         0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       208.9.142.49         0.0.0.0/0
    0     0 LOG        all  --  *      *       209.51.147.214       0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       209.51.147.214       0.0.0.0/0
    0     0 LOG        all  --  *      *       209.67.215.146       0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       209.67.215.146       0.0.0.0/0
    0     0 LOG        all  --  *      *       210.104.160.180      0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       210.104.160.180      0.0.0.0/0
    0     0 LOG        all  --  *      *       210.113.163.139      0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       210.113.163.139      0.0.0.0/0
    0     0 LOG        all  --  *      *       210.116.114.229      0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       210.116.114.229      0.0.0.0/0
    0     0 LOG        all  --  *      *       210.17.235.67        0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       210.17.235.67        0.0.0.0/0
    0     0 LOG        all  --  *      *       210.23.200.133       0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       210.23.200.133       0.0.0.0/0
    0     0 LOG        all  --  *      *       210.98.189.212       0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       210.98.189.212       0.0.0.0/0
    0     0 LOG        all  --  *      *       211.161.82.39        0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       211.161.82.39        0.0.0.0/0
    0     0 LOG        all  --  *      *       211.218.149.7        0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       211.218.149.7        0.0.0.0/0
    0     0 LOG        all  --  *      *       211.239.22.132       0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       211.239.22.132       0.0.0.0/0
    0     0 LOG        all  --  *      *       211.24.132.20        0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       211.24.132.20        0.0.0.0/0
    0     0 LOG        all  --  *      *       211.245.142.178      0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       211.245.142.178      0.0.0.0/0
    0     0 LOG        all  --  *      *       211.33.175.54        0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       211.33.175.54        0.0.0.0/0
    0     0 LOG        all  --  *      *       211.72.131.141       0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       211.72.131.141       0.0.0.0/0
    0     0 LOG        all  --  *      *       212.103.194.146      0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       212.103.194.146      0.0.0.0/0
    0     0 LOG        all  --  *      *       213.82.159.2         0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       213.82.159.2         0.0.0.0/0
    0     0 LOG        all  --  *      *       213.91.211.20        0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       213.91.211.20        0.0.0.0/0
    0     0 LOG        all  --  *      *       216.119.240.156      0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       216.119.240.156      0.0.0.0/0
    0     0 LOG        all  --  *      *       216.170.214.207      0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       216.170.214.207      0.0.0.0/0
    0     0 LOG        all  --  *      *       217.219.159.117      0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       217.219.159.117      0.0.0.0/0
    0     0 LOG        all  --  *      *       218.158.2.161        0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       218.158.2.161        0.0.0.0/0
    0     0 LOG        all  --  *      *       218.189.216.84       0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       218.189.216.84       0.0.0.0/0
    0     0 LOG        all  --  *      *       218.21.129.102       0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       218.21.129.102       0.0.0.0/0
    0     0 LOG        all  --  *      *       218.244.245.185      0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       218.244.245.185      0.0.0.0/0
    0     0 LOG        all  --  *      *       218.30.122.90        0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       218.30.122.90        0.0.0.0/0
    0     0 LOG        all  --  *      *       218.30.21.236        0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       218.30.21.236        0.0.0.0/0
    0     0 LOG        all  --  *      *       218.38.14.54         0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       218.38.14.54         0.0.0.0/0
    0     0 LOG        all  --  *      *       218.4.150.50         0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       218.4.150.50         0.0.0.0/0
    0     0 LOG        all  --  *      *       218.64.63.112        0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       218.64.63.112        0.0.0.0/0
    0     0 LOG        all  --  *      *       218.8.127.193        0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       218.8.127.193        0.0.0.0/0
    0     0 LOG        all  --  *      *       219.147.192.165      0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       219.147.192.165      0.0.0.0/0
    0     0 LOG        all  --  *      *       219.148.139.16       0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       219.148.139.16       0.0.0.0/0
    0     0 LOG        all  --  *      *       219.252.1.125        0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       219.252.1.125        0.0.0.0/0
    0     0 LOG        all  --  *      *       220.124.234.150      0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       220.124.234.150      0.0.0.0/0
    0     0 LOG        all  --  *      *       220.64.223.249       0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       220.64.223.249       0.0.0.0/0
    0     0 LOG        all  --  *      *       220.65.39.165        0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       220.65.39.165        0.0.0.0/0
    0     0 LOG        all  --  *      *       220.70.167.67        0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       220.70.167.67        0.0.0.0/0
    0     0 LOG        all  --  *      *       221.166.169.102      0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       221.166.169.102      0.0.0.0/0
    0     0 LOG        all  --  *      *       222.118.5.179        0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       222.118.5.179        0.0.0.0/0
    0     0 LOG        all  --  *      *       222.33.29.201        0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       222.33.29.201        0.0.0.0/0
    0     0 LOG        all  --  *      *       222.45.45.132        0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       222.45.45.132        0.0.0.0/0
    0     0 LOG        all  --  *      *       24.158.138.126       0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       24.158.138.126       0.0.0.0/0
    0     0 LOG        all  --  *      *       4.12.113.135         0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       4.12.113.135         0.0.0.0/0
    0     0 LOG        all  --  *      *       61.144.224.28        0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       61.144.224.28        0.0.0.0/0
    0     0 LOG        all  --  *      *       61.144.232.29        0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       61.144.232.29        0.0.0.0/0
    0     0 LOG        all  --  *      *       61.166.155.162       0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       61.166.155.162       0.0.0.0/0
    0     0 LOG        all  --  *      *       61.189.145.111       0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       61.189.145.111       0.0.0.0/0
    0     0 LOG        all  --  *      *       61.190.66.139        0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       61.190.66.139        0.0.0.0/0
    0     0 LOG        all  --  *      *       61.211.239.236       0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       61.211.239.236       0.0.0.0/0
    0     0 LOG        all  --  *      *       61.33.21.250         0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       61.33.21.250         0.0.0.0/0
    0     0 LOG        all  --  *      *       63.169.10.252        0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       63.169.10.252        0.0.0.0/0
    0     0 LOG        all  --  *      *       63.84.236.39         0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       63.84.236.39         0.0.0.0/0
    0     0 LOG        all  --  *      *       64.219.20.146        0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       64.219.20.146        0.0.0.0/0
    0     0 LOG        all  --  *      *       65.10.175.250        0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.10.175.250        0.0.0.0/0
    0     0 LOG        all  --  *      *       65.140.4.96          0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.140.4.96          0.0.0.0/0
    0     0 LOG        all  --  *      *       65.144.102.228       0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.144.102.228       0.0.0.0/0
    0     0 LOG        all  --  *      *       65.175.174.140       0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.175.174.140       0.0.0.0/0
    0     0 LOG        all  --  *      *       65.198.211.229       0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.198.211.229       0.0.0.0/0
    0     0 LOG        all  --  *      *       65.201.106.174       0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.201.106.174       0.0.0.0/0
    0     0 LOG        all  --  *      *       65.221.36.76         0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.221.36.76         0.0.0.0/0
    0     0 LOG        all  --  *      *       65.221.49.18         0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.221.49.18         0.0.0.0/0
    0     0 LOG        all  --  *      *       65.221.52.67         0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.221.52.67         0.0.0.0/0
    0     0 LOG        all  --  *      *       65.24.232.44         0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.24.232.44         0.0.0.0/0
    0     0 LOG        all  --  *      *       65.24.237.75         0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.24.237.75         0.0.0.0/0
    0     0 LOG        all  --  *      *       65.2.48.99           0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.2.48.99           0.0.0.0/0
    0     0 LOG        all  --  *      *       65.26.90.215         0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.26.90.215         0.0.0.0/0
    0     0 LOG        all  --  *      *       65.28.148.157        0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.28.148.157        0.0.0.0/0
    0     0 LOG        all  --  *      *       65.30.64.137         0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.30.64.137         0.0.0.0/0
    0     0 LOG        all  --  *      *       65.31.132.71         0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.31.132.71         0.0.0.0/0
    0     0 LOG        all  --  *      *       65.32.137.28         0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.32.137.28         0.0.0.0/0
    0     0 LOG        all  --  *      *       65.33.7.51           0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.33.7.51           0.0.0.0/0
    0     0 LOG        all  --  *      *       65.34.179.167        0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.34.179.167        0.0.0.0/0
    0     0 LOG        all  --  *      *       65.34.224.99         0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.34.224.99         0.0.0.0/0
    0     0 LOG        all  --  *      *       65.34.230.45         0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.34.230.45         0.0.0.0/0
    0     0 LOG        all  --  *      *       65.35.151.46         0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.35.151.46         0.0.0.0/0
    0     0 LOG        all  --  *      *       65.35.50.217         0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.35.50.217         0.0.0.0/0
    0     0 LOG        all  --  *      *       65.43.162.184        0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.43.162.184        0.0.0.0/0
    0     0 LOG        all  --  *      *       65.43.87.173         0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.43.87.173         0.0.0.0/0
    0     0 LOG        all  --  *      *       65.49.171.51         0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.49.171.51         0.0.0.0/0
    0     0 LOG        all  --  *      *       65.50.14.141         0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.50.14.141         0.0.0.0/0
    0     0 LOG        all  --  *      *       65.60.238.24         0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.60.238.24         0.0.0.0/0
    0     0 LOG        all  --  *      *       65.64.102.242        0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.64.102.242        0.0.0.0/0
    0     0 LOG        all  --  *      *       65.64.74.191         0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.64.74.191         0.0.0.0/0
    0     0 LOG        all  --  *      *       65.64.92.195         0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.64.92.195         0.0.0.0/0
    0     0 LOG        all  --  *      *       65.66.109.10         0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.66.109.10         0.0.0.0/0
    0     0 LOG        all  --  *      *       65.66.109.119        0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.66.109.119        0.0.0.0/0
    0     0 LOG        all  --  *      *       65.66.12.150         0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.66.12.150         0.0.0.0/0
    0     0 LOG        all  --  *      *       65.66.126.169        0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.66.126.169        0.0.0.0/0
    0     0 LOG        all  --  *      *       65.66.152.138        0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.66.152.138        0.0.0.0/0
    0     0 LOG        all  --  *      *       65.66.153.112        0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.66.153.112        0.0.0.0/0
    0     0 LOG        all  --  *      *       65.66.153.80         0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.66.153.80         0.0.0.0/0
    0     0 LOG        all  --  *      *       65.66.154.128        0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.66.154.128        0.0.0.0/0
    0     0 LOG        all  --  *      *       65.66.154.252        0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.66.154.252        0.0.0.0/0
    0     0 LOG        all  --  *      *       65.66.154.255        0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.66.154.255        0.0.0.0/0
    0     0 LOG        all  --  *      *       65.66.154.75         0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.66.154.75         0.0.0.0/0
    0     0 LOG        all  --  *      *       65.66.157.86         0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.66.157.86         0.0.0.0/0
    0     0 LOG        all  --  *      *       65.66.158.13         0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.66.158.13         0.0.0.0/0
    0     0 LOG        all  --  *      *       65.66.159.23         0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.66.159.23         0.0.0.0/0
    0     0 LOG        all  --  *      *       65.66.159.61         0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.66.159.61         0.0.0.0/0
    0     0 LOG        all  --  *      *       65.66.172.58         0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.66.172.58         0.0.0.0/0
    0     0 LOG        all  --  *      *       65.66.172.65         0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.66.172.65         0.0.0.0/0
    0     0 LOG        all  --  *      *       65.66.172.86         0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.66.172.86         0.0.0.0/0
    0     0 LOG        all  --  *      *       65.66.184.186        0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.66.184.186        0.0.0.0/0
    0     0 LOG        all  --  *      *       65.66.214.209        0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.66.214.209        0.0.0.0/0
    0     0 LOG        all  --  *      *       65.66.22.107         0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.66.22.107         0.0.0.0/0
    0     0 LOG        all  --  *      *       65.66.226.75         0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.66.226.75         0.0.0.0/0
    0     0 LOG        all  --  *      *       65.66.227.248        0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.66.227.248        0.0.0.0/0
    0     0 LOG        all  --  *      *       65.66.227.253        0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.66.227.253        0.0.0.0/0
    0     0 LOG        all  --  *      *       65.66.232.201        0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.66.232.201        0.0.0.0/0
    0     0 LOG        all  --  *      *       65.66.232.45         0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.66.232.45         0.0.0.0/0
    0     0 LOG        all  --  *      *       65.66.236.190        0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.66.236.190        0.0.0.0/0
    0     0 LOG        all  --  *      *       65.66.237.163        0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.66.237.163        0.0.0.0/0
    0     0 LOG        all  --  *      *       65.66.237.82         0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.66.237.82         0.0.0.0/0
    0     0 LOG        all  --  *      *       65.66.84.117         0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.66.84.117         0.0.0.0/0
    0     0 LOG        all  --  *      *       65.66.88.145         0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.66.88.145         0.0.0.0/0
    0     0 LOG        all  --  *      *       65.66.88.146         0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.66.88.146         0.0.0.0/0
    0     0 LOG        all  --  *      *       65.68.248.50         0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.68.248.50         0.0.0.0/0
    0     0 LOG        all  --  *      *       65.70.215.145        0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.70.215.145        0.0.0.0/0
    0     0 LOG        all  --  *      *       65.78.105.242        0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.78.105.242        0.0.0.0/0
    0     0 LOG        all  --  *      *       65.78.124.181        0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.78.124.181        0.0.0.0/0
    0     0 LOG        all  --  *      *       65.81.108.167        0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.81.108.167        0.0.0.0/0
    0     0 LOG        all  --  *      *       65.86.90.243         0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.86.90.243         0.0.0.0/0
    0     0 LOG        all  --  *      *       65.88.94.31          0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.88.94.31          0.0.0.0/0
    0     0 LOG        all  --  *      *       65.95.143.114        0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.95.143.114        0.0.0.0/0
    0     0 LOG        all  --  *      *       65.96.120.56         0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.96.120.56         0.0.0.0/0
    0     0 LOG        all  --  *      *       65.96.198.121        0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.96.198.121        0.0.0.0/0
    0     0 LOG        all  --  *      *       65.96.4.151          0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.96.4.151          0.0.0.0/0
    0     0 LOG        all  --  *      *       65.96.6.194          0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.96.6.194          0.0.0.0/0
    0     0 LOG        all  --  *      *       65.96.86.214         0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.96.86.214         0.0.0.0/0
    0     0 LOG        all  --  *      *       65.96.92.247         0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       65.96.92.247         0.0.0.0/0
    0     0 LOG        all  --  *      *       66.136.246.72        0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       66.136.246.72        0.0.0.0/0
    0     0 LOG        all  --  *      *       66.141.67.192        0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       66.141.67.192        0.0.0.0/0
    0     0 LOG        all  --  *      *       66.72.207.70         0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       66.72.207.70         0.0.0.0/0
    0     0 LOG        all  --  *      *       67.67.229.229        0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       67.67.229.229        0.0.0.0/0
    0     0 LOG        all  --  *      *       68.81.30.123         0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       68.81.30.123         0.0.0.0/0
    0     0 LOG        all  --  *      *       68.90.67.51          0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       68.90.67.51          0.0.0.0/0
    0     0 LOG        all  --  *      *       69.150.13.187        0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       69.150.13.187        0.0.0.0/0
    0     0 LOG        all  --  *      *       80.53.44.254         0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       80.53.44.254         0.0.0.0/0
    0     0 LOG        all  --  *      *       83.17.56.60          0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:''
    0     0 DROP       all  --  *      *       83.17.56.60          0.0.0.0/0

Chain bogons (32 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0   
LOG flags 0 level 7 prefix `Shorewall:bogons:DROP:''
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain dmz2fw (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
state RELATED,ESTABLISHED
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0   
icmp type 8
    0     0 all2all    all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain dmz2loc (1 references)
 pkts bytes target     prot opt in     out     source               destination
  113 47638 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
state RELATED,ESTABLISHED
    0     0 LOG        tcp  --  *      *       0.0.0.0/0           
192.168.110.42     tcp dpt:21 LOG flags 0 level 6 prefix
`Shorewall:dmz2loc:ACCEPT:''
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
192.168.110.42     tcp dpt:21
    0     0 LOG        tcp  --  *      *       65.66.142.44        
192.168.110.21     tcp dpt:22 LOG flags 0 level 6 prefix
`Shorewall:dmz2loc:ACCEPT:''
    0     0 ACCEPT     tcp  --  *      *       65.66.142.44        
192.168.110.21     tcp dpt:22
    0     0 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp dpt:3389 LOG flags 0 level 6 prefix `Shorewall:dmz2loc:ACCEPT:''
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp dpt:3389
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp dpt:6000
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0   
icmp type 8
    0     0 all2all    all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain dmz2net (1 references)
 pkts bytes target     prot opt in     out     source               destination
   31  2719 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
state RELATED,ESTABLISHED
    0     0 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp dpt:21 LOG flags 0 level 6 prefix `Shorewall:dmz2net:ACCEPT:''
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp dpt:21
    0     0 LOG        tcp  --  *      *       65.66.142.44         0.0.0.0/0   
tcp dpt:25 LOG flags 0 level 6 prefix `Shorewall:dmz2net:ACCEPT:''
    0     0 ACCEPT     tcp  --  *      *       65.66.142.44         0.0.0.0/0   
tcp dpt:25
   22  1888 ACCEPT     udp  --  *      *       65.66.142.44         0.0.0.0/0   
udp dpt:53
    0     0 ACCEPT     tcp  --  *      *       65.66.142.44         0.0.0.0/0   
tcp dpt:53
    0     0 LOG        udp  --  *      *       65.66.142.41         0.0.0.0/0   
udp dpt:53 LOG flags 0 level 6 prefix `Shorewall:dmz2net:ACCEPT:''
    0     0 ACCEPT     udp  --  *      *       65.66.142.41         0.0.0.0/0   
udp dpt:53
    0     0 LOG        tcp  --  *      *       65.66.142.41         0.0.0.0/0   
tcp dpt:53 LOG flags 0 level 6 prefix `Shorewall:dmz2net:ACCEPT:''
    0     0 ACCEPT     tcp  --  *      *       65.66.142.41         0.0.0.0/0   
tcp dpt:53
    0     0 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp dpt:80 LOG flags 0 level 6 prefix `Shorewall:dmz2net:ACCEPT:''
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp dpt:80
    0     0 LOG        udp  --  *      *       65.66.142.41         0.0.0.0/0   
udp dpt:123 LOG flags 0 level 6 prefix `Shorewall:dmz2net:ACCEPT:''
    0     0 ACCEPT     udp  --  *      *       65.66.142.41         0.0.0.0/0   
udp dpt:123
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0   
icmp type 8
    2   120 all2all    all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain dropBcast (2 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       all  --  *      *       0.0.0.0/0            65.66.142.47
    0     0 DROP       all  --  *      *       0.0.0.0/0           
192.168.110.255
    0     0 DROP       all  --  *      *       0.0.0.0/0            10.10.10.255
    0     0 DROP       all  --  *      *       0.0.0.0/0           
255.255.255.255
    0     0 DROP       all  --  *      *       0.0.0.0/0            224.0.0.0/4

Chain dropNonSyn (2 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp flags:!0x16/0x02

Chain dynamic (6 references)
 pkts bytes target     prot opt in     out     source               destination

Chain eth0_fwd (1 references)
 pkts bytes target     prot opt in     out     source               destination
   55  9423 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0
   55  9423 blacklst   all  --  *      *       0.0.0.0/0            0.0.0.0/0
    8   400 smurfs     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW
    8   400 norfc1918  all  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW
    8   400 nobogons   all  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW
   18  2881 tcpflags   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 net2loc    all  --  *      eth1    0.0.0.0/0            0.0.0.0/0
   55  9423 net2dmz    all  --  *      eth2    0.0.0.0/0            0.0.0.0/0

Chain eth0_in (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 blacklst   all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 smurfs     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW
    0     0 norfc1918  all  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW
    0     0 nobogons   all  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW
    0     0 tcpflags   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 net2fw     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain eth1_fwd (1 references)
 pkts bytes target     prot opt in     out     source               destination
  109  8764 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 loc2net    all  --  *      eth0    0.0.0.0/0            0.0.0.0/0
  109  8764 loc2dmz    all  --  *      eth2    0.0.0.0/0            0.0.0.0/0

Chain eth1_in (1 references)
 pkts bytes target     prot opt in     out     source               destination
   24  1920 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0
   24  1920 loc2fw     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain eth2_fwd (1 references)
 pkts bytes target     prot opt in     out     source               destination
  168 52365 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0
  168 52365 blacklst   all  --  *      *       0.0.0.0/0            0.0.0.0/0
   55  4727 dmz2net    all  --  *      eth0    0.0.0.0/0            0.0.0.0/0
  113 47638 dmz2loc    all  --  *      eth1    0.0.0.0/0            0.0.0.0/0

Chain eth2_in (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 blacklst   all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 dmz2fw     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain fw2dmz (1 references)
 pkts bytes target     prot opt in     out     source               destination
    1    40 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
state RELATED,ESTABLISHED
    0     0 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp dpts:137:139 LOG flags 0 level 6 prefix `Shorewall:fw2dmz:REJECT:''
    0     0 reject     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp dpts:137:139
    0     0 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp dpt:22 LOG flags 0 level 6 prefix `Shorewall:fw2dmz:ACCEPT:''
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp dpt:22
    0     0 LOG        tcp  --  *      *       0.0.0.0/0            65.66.142.41
tcp dpt:25 LOG flags 0 level 6 prefix `Shorewall:fw2dmz:ACCEPT:''
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            65.66.142.41
tcp dpt:25
    0     0 LOG        udp  --  *      *       0.0.0.0/0            65.66.142.41
udp dpt:123 LOG flags 0 level 6 prefix `Shorewall:fw2dmz:ACCEPT:''
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            65.66.142.41
udp dpt:123
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            65.66.142.44
tcp dpt:1984
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 all2all    all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain fw2loc (1 references)
 pkts bytes target     prot opt in     out     source               destination
   16  1472 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
state RELATED,ESTABLISHED
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 all2all    all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain fw2net (1 references)
 pkts bytes target     prot opt in     out     source               destination
    4   160 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
state RELATED,ESTABLISHED
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 all2all    all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain icmpdef (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain loc2dmz (1 references)
 pkts bytes target     prot opt in     out     source               destination
  106  8577 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
state RELATED,ESTABLISHED
    0     0 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp dpt:465 LOG flags 0 level 6 prefix `Shorewall:loc2dmz:REJECT:''
    0     0 reject     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp dpt:465
    0     0 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp dpt:22 LOG flags 0 level 6 prefix `Shorewall:loc2dmz:ACCEPT:''
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp dpt:22
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            65.66.142.44
tcp dpt:25
    1    63 ACCEPT     udp  --  *      *       0.0.0.0/0            65.66.142.44
udp dpt:53
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            65.66.142.44
tcp dpt:53
    1    48 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp dpt:80 LOG flags 0 level 6 prefix `Shorewall:loc2dmz:ACCEPT:''
    1    48 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp dpt:80
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            65.66.142.44
tcp dpt:110
    1    76 ACCEPT     udp  --  *      *       0.0.0.0/0            65.66.142.41
udp dpt:123
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            65.66.142.44
tcp dpt:143
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            65.66.142.44
tcp dpt:220
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            65.66.142.41
tcp dpt:443
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            65.66.142.44
tcp dpt:993
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            65.66.142.44
tcp dpt:1984
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            65.66.142.41
tcp dpt:3306
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0   
icmp type 8
    0     0 all2all    all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain loc2fw (1 references)
 pkts bytes target     prot opt in     out     source               destination
   24  1920 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
state RELATED,ESTABLISHED
    0     0 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp dpt:22 LOG flags 0 level 6 prefix `Shorewall:loc2fw:ACCEPT:''
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp dpt:22
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0   
icmp type 8
    0     0 all2all    all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain loc2net (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
state RELATED,ESTABLISHED
    0     0 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp dpt:6667 LOG flags 0 level 6 prefix `Shorewall:loc2net:REJECT:''
    0     0 reject     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp dpt:6667
    0     0 reject     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp dpt:137
    0     0 reject     udp  --  *      *       0.0.0.0/0            0.0.0.0/0   
udp dpts:137:139
    0     0 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp dpt:445 LOG flags 0 level 6 prefix `Shorewall:loc2net:REJECT:''
    0     0 reject     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp dpt:445
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain logflags (5 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0   
LOG flags 4 level 7 prefix `Shorewall:logflags:DROP:''
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain net2all (0 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
state RELATED,ESTABLISHED
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:net2all:REJECT:''
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain net2dmz (1 references)
 pkts bytes target     prot opt in     out     source               destination
   47  9023 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
state RELATED,ESTABLISHED
    2   104 LOG        tcp  --  *      *       0.0.0.0/0            65.66.142.41
tcp dpt:25 LOG flags 0 level 6 prefix `Shorewall:net2dmz:ACCEPT:''
    2   104 ACCEPT     tcp  --  *      *       0.0.0.0/0            65.66.142.41
tcp dpt:25
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            65.66.142.44
udp dpt:53
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            65.66.142.44
tcp dpt:53
    1    56 LOG        udp  --  *      *       0.0.0.0/0            65.66.142.41
udp dpt:53 LOG flags 0 level 6 prefix `Shorewall:net2dmz:ACCEPT:''
    1    56 ACCEPT     udp  --  *      *       0.0.0.0/0            65.66.142.41
udp dpt:53
    0     0 LOG        tcp  --  *      *       0.0.0.0/0            65.66.142.41
tcp dpt:53 LOG flags 0 level 6 prefix `Shorewall:net2dmz:ACCEPT:''
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            65.66.142.41
tcp dpt:53
    0     0 LOG        tcp  --  *      *       0.0.0.0/0            65.66.142.41
tcp dpt:80 LOG flags 0 level 6 prefix `Shorewall:net2dmz:ACCEPT:''
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            65.66.142.41
tcp dpt:80
    0     0 LOG        tcp  --  *      *       0.0.0.0/0            65.66.142.44
tcp dpt:80 LOG flags 0 level 6 prefix `Shorewall:net2dmz:ACCEPT:''
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            65.66.142.44
tcp dpt:80
    0     0 LOG        tcp  --  *      *       0.0.0.0/0            65.66.142.44
tcp dpt:143 LOG flags 0 level 6 prefix `Shorewall:net2dmz:ACCEPT:''
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            65.66.142.44
tcp dpt:143
    0     0 LOG        tcp  --  *      *       0.0.0.0/0            65.66.142.44
tcp dpt:220 LOG flags 0 level 6 prefix `Shorewall:net2dmz:ACCEPT:''
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            65.66.142.44
tcp dpt:220
    0     0 LOG        tcp  --  *      *       0.0.0.0/0            65.66.142.41
tcp dpt:443 LOG flags 0 level 6 prefix `Shorewall:net2dmz:ACCEPT:''
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            65.66.142.41
tcp dpt:443
    0     0 LOG        tcp  --  *      *       0.0.0.0/0            65.66.142.44
tcp dpt:993 LOG flags 0 level 6 prefix `Shorewall:net2dmz:ACCEPT:''
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            65.66.142.44
tcp dpt:993
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            65.66.142.41
tcp dpt:22
    1    40 LOG        icmp --  *      *       0.0.0.0/0            0.0.0.0/0   
icmp type 8 LOG flags 0 level 6 prefix `Shorewall:net2dmz:REJECT:''
    1    40 reject     icmp --  *      *       0.0.0.0/0            0.0.0.0/0   
icmp type 8
    4   200 all2all    all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain net2fw (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
state RELATED,ESTABLISHED
    0     0 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp dpt:22 LOG flags 0 level 6 prefix `Shorewall:net2fw:ACCEPT:''
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp dpt:22
    0     0 LOG        icmp --  *      *       0.0.0.0/0            0.0.0.0/0   
icmp type 8 LOG flags 0 level 6 prefix `Shorewall:net2fw:REJECT:''
    0     0 reject     icmp --  *      *       0.0.0.0/0            0.0.0.0/0   
icmp type 8
    0     0 all2all    all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain net2loc (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
state RELATED,ESTABLISHED
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
192.168.110.47     tcp dpt:3389
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0           
192.168.110.42     tcp dpt:21
    0     0 all2all    all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain nobogons (2 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 RETURN     all  --  *      *       0.0.0.0              0.0.0.0/0
    0     0 RETURN     all  --  *      *       255.255.255.255      0.0.0.0/0
    0     0 DROP       all  --  *      *       169.254.0.0/16       0.0.0.0/0
    0     0 bogons     all  --  *      *       192.0.2.0/24         0.0.0.0/0
    0     0 bogons     all  --  *      *       0.0.0.0/7            0.0.0.0/0
    0     0 bogons     all  --  *      *       2.0.0.0/8            0.0.0.0/0
    0     0 bogons     all  --  *      *       5.0.0.0/8            0.0.0.0/0
    0     0 bogons     all  --  *      *       7.0.0.0/8            0.0.0.0/0
    0     0 bogons     all  --  *      *       23.0.0.0/8           0.0.0.0/0
    0     0 bogons     all  --  *      *       27.0.0.0/8           0.0.0.0/0
    0     0 bogons     all  --  *      *       31.0.0.0/8           0.0.0.0/0
    0     0 bogons     all  --  *      *       36.0.0.0/7           0.0.0.0/0
    0     0 bogons     all  --  *      *       39.0.0.0/8           0.0.0.0/0
    0     0 bogons     all  --  *      *       41.0.0.0/8           0.0.0.0/0
    0     0 bogons     all  --  *      *       42.0.0.0/8           0.0.0.0/0
    0     0 bogons     all  --  *      *       49.0.0.0/8           0.0.0.0/0
    0     0 bogons     all  --  *      *       50.0.0.0/8           0.0.0.0/0
    0     0 bogons     all  --  *      *       73.0.0.0/8           0.0.0.0/0
    0     0 bogons     all  --  *      *       74.0.0.0/7           0.0.0.0/0
    0     0 bogons     all  --  *      *       76.0.0.0/6           0.0.0.0/0
    0     0 bogons     all  --  *      *       89.0.0.0/8           0.0.0.0/0
    0     0 bogons     all  --  *      *       90.0.0.0/7           0.0.0.0/0
    0     0 bogons     all  --  *      *       92.0.0.0/6           0.0.0.0/0
    0     0 bogons     all  --  *      *       96.0.0.0/3           0.0.0.0/0
    0     0 bogons     all  --  *      *       127.0.0.0/8          0.0.0.0/0
    0     0 bogons     all  --  *      *       173.0.0.0/8          0.0.0.0/0
    0     0 bogons     all  --  *      *       174.0.0.0/7          0.0.0.0/0
    0     0 bogons     all  --  *      *       176.0.0.0/5          0.0.0.0/0
    0     0 bogons     all  --  *      *       184.0.0.0/6          0.0.0.0/0
    0     0 bogons     all  --  *      *       189.0.0.0/8          0.0.0.0/0
    0     0 bogons     all  --  *      *       190.0.0.0/8          0.0.0.0/0
    0     0 bogons     all  --  *      *       197.0.0.0/8          0.0.0.0/0
    0     0 bogons     all  --  *      *       198.18.0.0/15        0.0.0.0/0
    0     0 bogons     all  --  *      *       223.0.0.0/8          0.0.0.0/0
    0     0 bogons     all  --  *      *       240.0.0.0/4          0.0.0.0/0

Chain norfc1918 (2 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 rfc1918    all  --  *      *       172.16.0.0/12        0.0.0.0/0
    0     0 rfc1918    all  --  *      *       192.168.0.0/16       0.0.0.0/0
    0     0 rfc1918    all  --  *      *       10.0.0.0/8           0.0.0.0/0

Chain reject (20 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       all  --  *      *       0.0.0.0/0            65.66.142.47
    0     0 DROP       all  --  *      *       0.0.0.0/0           
192.168.110.255
    0     0 DROP       all  --  *      *       0.0.0.0/0            10.10.10.255
    0     0 DROP       all  --  *      *       0.0.0.0/0           
255.255.255.255
    0     0 DROP       all  --  *      *       0.0.0.0/0            224.0.0.0/4
    0     0 DROP       all  --  *      *       65.66.142.47         0.0.0.0/0
    0     0 DROP       all  --  *      *       192.168.110.255      0.0.0.0/0
    0     0 DROP       all  --  *      *       10.10.10.255         0.0.0.0/0
    0     0 DROP       all  --  *      *       255.255.255.255      0.0.0.0/0
    0     0 DROP       all  --  *      *       224.0.0.0/4          0.0.0.0/0
    6   320 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
reject-with tcp-reset
    0     0 REJECT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0   
reject-with icmp-port-unreachable
    1    40 REJECT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0   
reject-with icmp-host-unreachable
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
reject-with icmp-host-prohibited

Chain rfc1918 (3 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0   
LOG flags 0 level 7 prefix `Shorewall:rfc1918:DROP:''
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain shorewall (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain smurfs (2 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 LOG        all  --  *      *       65.66.142.47         0.0.0.0/0   
LOG flags 0 level 7 prefix `Shorewall:smurfs:DROP:''
    0     0 DROP       all  --  *      *       65.66.142.47         0.0.0.0/0
    0     0 LOG        all  --  *      *       192.168.110.255      0.0.0.0/0   
LOG flags 0 level 7 prefix `Shorewall:smurfs:DROP:''
    0     0 DROP       all  --  *      *       192.168.110.255      0.0.0.0/0
    0     0 LOG        all  --  *      *       10.10.10.255         0.0.0.0/0   
LOG flags 0 level 7 prefix `Shorewall:smurfs:DROP:''
    0     0 DROP       all  --  *      *       10.10.10.255         0.0.0.0/0
    0     0 LOG        all  --  *      *       255.255.255.255      0.0.0.0/0   
LOG flags 0 level 7 prefix `Shorewall:smurfs:DROP:''
    0     0 DROP       all  --  *      *       255.255.255.255      0.0.0.0/0
    0     0 LOG        all  --  *      *       224.0.0.0/4          0.0.0.0/0   
LOG flags 0 level 7 prefix `Shorewall:smurfs:DROP:''
    0     0 DROP       all  --  *      *       224.0.0.0/4          0.0.0.0/0

Chain tcpflags (2 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 logflags   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp flags:0x3F/0x29
    0     0 logflags   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp flags:0x3F/0x00
    0     0 logflags   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp flags:0x06/0x06
    0     0 logflags   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp flags:0x03/0x03
    0     0 logflags   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp spt:0 flags:0x16/0x02


NAT Table

Chain PREROUTING (policy ACCEPT 1999K packets, 163M bytes)
 pkts bytes target     prot opt in     out     source               destination
    9   444 net_dnat   all  --  eth0   *       0.0.0.0/0            0.0.0.0/0

Chain POSTROUTING (policy ACCEPT 1600K packets, 98M bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 12756 packets, 863K bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain net_dnat (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 LOG        tcp  --  *      *       0.0.0.0/0            65.66.142.42
tcp dpt:3389 LOG flags 0 level 6 prefix `Shorewall:net_dnat:DNAT:''
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            65.66.142.42
tcp dpt:3389 to:192.168.110.47
    0     0 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp dpt:22 LOG flags 0 level 6 prefix `Shorewall:net_dnat:DNAT:''
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp dpt:22 to:65.66.142.41
    0     0 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp dpt:21 LOG flags 0 level 6 prefix `Shorewall:net_dnat:DNAT:''
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp dpt:21 to:192.168.110.42

Mangle Table

Chain PREROUTING (policy ACCEPT 32M packets, 16G bytes)
 pkts bytes target     prot opt in     out     source               destination
   47  2359 man1918    all  --  eth0   *       0.0.0.0/0            0.0.0.0/0   
state NEW
  396 79941 pretos     all  --  *      *       0.0.0.0/0            0.0.0.0/0
    6   729 MARK       tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0   
tcp dpt:80 MARK set 0xca

Chain OUTPUT (policy ACCEPT 872K packets, 131M bytes)
 pkts bytes target     prot opt in     out     source               destination
   24  1916 outtos     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain man1918 (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 rfc1918    all  --  *      *       0.0.0.0/0           
172.16.0.0/12
    0     0 rfc1918    all  --  *      *       0.0.0.0/0           
192.168.0.0/16
    0     0 rfc1918    all  --  *      *       0.0.0.0/0            10.0.0.0/8

Chain outtos (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp dpt:22 TOS set 0x10
   17  1608 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp spt:22 TOS set 0x10
    0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp dpt:21 TOS set 0x10
    0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp spt:21 TOS set 0x10
    0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp spt:20 TOS set 0x08
    0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp dpt:20 TOS set 0x08

Chain pretos (1 references)
 pkts bytes target     prot opt in     out     source               destination
  127  9896 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp dpt:22 TOS set 0x10
  105 45416 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp spt:22 TOS set 0x10
    0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp dpt:21 TOS set 0x10
    0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp spt:21 TOS set 0x10
    0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp spt:20 TOS set 0x08
    0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp dpt:20 TOS set 0x08

Chain rfc1918 (3 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0   
LOG flags 0 level 7 prefix `Shorewall:rfc1918:DROP:''
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0

udp      17 27 src=65.66.142.44 dst=212.100.249.200 sport=39450 dport=53
src=212.100.249.200 dst=65.66.142.44 sport=53 dport=39450 use=1
udp      17 127 src=65.66.142.44 dst=209.92.188.205 sport=39450 dport=53
src=209.92.188.205 dst=65.66.142.44 sport=53 dport=39450 [ASSURED] use=1
tcp      6 429265 ESTABLISHED src=192.168.110.47 dst=65.66.142.41 sport=1728
dport=22 src=65.66.142.41 dst=192.168.110.47 sport=22 dport=1728 [ASSURED] use=1
tcp      6 431985 ESTABLISHED src=192.168.110.47 dst=65.66.142.44 sport=1725
dport=22 src=65.66.142.44 dst=192.168.110.47 sport=22 dport=1725 [ASSURED] use=1
tcp      6 431998 ESTABLISHED src=192.168.110.47 dst=65.66.142.45 sport=1731
dport=22 src=65.66.142.45 dst=192.168.110.47 sport=22 dport=1731 [ASSURED] use=1
tcp      6 431680 ESTABLISHED src=192.168.110.38 dst=216.155.193.184 sport=2120
dport=5050 src=216.155.193.184 dst=65.66.142.42 sport=5050 dport=2120 [ASSURED]
use=1
tcp      6 392497 ESTABLISHED src=222.156.1.97 dst=65.66.142.41 sport=4258
dport=25 src=65.66.142.41 dst=222.156.1.97 sport=25 dport=4258 [ASSURED] use=1
udp      17 13 src=213.136.52.31 dst=65.66.142.41 sport=28904 dport=53
src=65.66.142.41 dst=213.136.52.31 sport=53 dport=28904 use=1
tcp      6 431720 ESTABLISHED src=192.168.110.47 dst=65.66.142.44 sport=3036
dport=143 src=65.66.142.44 dst=192.168.110.47 sport=143 dport=3036 [ASSURED]
use=1
udp      17 130 src=65.66.142.44 dst=209.133.28.11 sport=39450 dport=53
src=209.133.28.11 dst=65.66.142.44 sport=53 dport=39450 [ASSURED] use=1
udp      17 171 src=65.66.142.44 dst=64.132.253.13 sport=39450 dport=53
src=64.132.253.13 dst=65.66.142.44 sport=53 dport=39450 [ASSURED] use=1
udp      17 171 src=65.66.142.44 dst=66.98.161.17 sport=39450 dport=53
src=66.98.161.17 dst=65.66.142.44 sport=53 dport=39450 [ASSURED] use=1
udp      17 127 src=65.66.142.44 dst=38.116.133.25 sport=39450 dport=53
src=38.116.133.25 dst=65.66.142.44 sport=53 dport=39450 [ASSURED] use=1
udp      17 171 src=65.66.142.44 dst=209.204.159.28 sport=39450 dport=53
src=209.204.159.28 dst=65.66.142.44 sport=53 dport=39450 [ASSURED] use=1
udp      17 126 src=65.66.142.44 dst=192.12.94.30 sport=39450 dport=53
src=192.12.94.30 dst=65.66.142.44 sport=53 dport=39450 [ASSURED] use=1
tcp      6 94 TIME_WAIT src=209.133.29.52 dst=65.66.142.41 sport=4414 dport=25
src=65.66.142.41 dst=209.133.29.52 sport=25 dport=4414 [ASSURED] use=1
tcp      6 431798 ESTABLISHED src=192.168.110.38 dst=69.240.235.15 sport=1901
dport=5101 src=69.240.235.15 dst=65.66.142.42 sport=5101 dport=1901 [ASSURED]
use=1
udp      17 137 src=65.66.142.44 dst=64.125.104.94 sport=39450 dport=53
src=64.125.104.94 dst=65.66.142.44 sport=53 dport=39450 [ASSURED] use=1
tcp      6 431998 ESTABLISHED src=192.168.110.47 dst=192.168.110.41 sport=3166
dport=22 src=192.168.110.41 dst=192.168.110.47 sport=22 dport=3166 [ASSURED]
use=1
udp      17 1 src=192.168.110.39 dst=65.66.142.41 sport=123 dport=123
src=65.66.142.41 dst=192.168.110.39 sport=123 dport=123 use=1
udp      17 171 src=65.66.142.44 dst=69.8.2.162 sport=39450 dport=53
src=69.8.2.162 dst=65.66.142.44 sport=53 dport=39450 [ASSURED] use=1
tcp      6 104 TIME_WAIT src=213.136.52.31 dst=65.66.142.41 sport=34466 dport=25
src=65.66.142.41 dst=213.136.52.31 sport=25 dport=34466 [ASSURED] use=1

IP Configuration

1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
    link/ether 00:60:97:29:7a:62 brd ff:ff:ff:ff:ff:ff
    inet 65.66.142.42/29 brd 65.66.142.47 scope global eth0
3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
    link/ether 00:40:05:9f:5c:9d brd ff:ff:ff:ff:ff:ff
    inet 192.168.110.41/24 brd 192.168.110.255 scope global eth1
4: eth2: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
    link/ether 00:40:05:aa:63:b4 brd ff:ff:ff:ff:ff:ff
    inet 10.10.10.41/24 brd 10.10.10.255 scope global eth2

/proc

   /proc/sys/net/ipv4/ip_forward = 1
   /proc/sys/net/ipv4/conf/all/proxy_arp = 0
   /proc/sys/net/ipv4/conf/all/arp_filter = 0
   /proc/sys/net/ipv4/conf/all/rp_filter = 1
   /proc/sys/net/ipv4/conf/default/proxy_arp = 0
   /proc/sys/net/ipv4/conf/default/arp_filter = 0
   /proc/sys/net/ipv4/conf/default/rp_filter = 0
   /proc/sys/net/ipv4/conf/eth0/proxy_arp = 0
   /proc/sys/net/ipv4/conf/eth0/arp_filter = 0
   /proc/sys/net/ipv4/conf/eth0/rp_filter = 1
   /proc/sys/net/ipv4/conf/eth1/proxy_arp = 0
   /proc/sys/net/ipv4/conf/eth1/arp_filter = 0
   /proc/sys/net/ipv4/conf/eth1/rp_filter = 0
   /proc/sys/net/ipv4/conf/eth2/proxy_arp = 1
   /proc/sys/net/ipv4/conf/eth2/arp_filter = 0
   /proc/sys/net/ipv4/conf/eth2/rp_filter = 0
   /proc/sys/net/ipv4/conf/lo/proxy_arp = 0
   /proc/sys/net/ipv4/conf/lo/arp_filter = 0
   /proc/sys/net/ipv4/conf/lo/rp_filter = 0

Routing Rules

0:	from all lookup local 
32765:	from all fwmark       ca lookup www.out 
32766:	from all lookup main 
32767:	from all lookup 253 

Table local:

broadcast 127.255.255.255 dev lo  proto kernel  scope link  src 127.0.0.1 
broadcast 192.168.110.0 dev eth1  proto kernel  scope link  src 192.168.110.41 
broadcast 10.10.10.0 dev eth2  proto kernel  scope link  src 10.10.10.41 
local 65.66.142.42 dev eth0  proto kernel  scope host  src 65.66.142.42 
broadcast 65.66.142.40 dev eth0  proto kernel  scope link  src 65.66.142.42 
local 192.168.110.41 dev eth1  proto kernel  scope host  src 192.168.110.41 
broadcast 192.168.110.255 dev eth1  proto kernel  scope link  src 192.168.110.41
local 10.10.10.41 dev eth2  proto kernel  scope host  src 10.10.10.41 
broadcast 10.10.10.255 dev eth2  proto kernel  scope link  src 10.10.10.41 
broadcast 65.66.142.47 dev eth0  proto kernel  scope link  src 65.66.142.42 
broadcast 127.0.0.0 dev lo  proto kernel  scope link  src 127.0.0.1 
local 127.0.0.1 dev lo  proto kernel  scope host  src 127.0.0.1 
local 127.0.0.0/8 dev lo  proto kernel  scope host  src 127.0.0.1 

Table www.out:

default via 65.66.142.44 dev eth2 

Table main:

65.66.142.41 dev eth2  scope link 
65.66.142.44 dev eth2  scope link 
65.66.142.45 dev eth2  scope link 
65.66.142.40/29 dev eth0  scope link 
192.168.110.0/24 dev eth1  scope link 
10.10.10.0/24 dev eth2  scope link 
127.0.0.0/8 dev lo  scope link 
default via 65.66.142.46 dev eth0 

Table 253:

ip addr sho
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
    link/ether 00:60:97:29:7a:62 brd ff:ff:ff:ff:ff:ff
    inet 65.66.142.42/29 brd 65.66.142.47 scope global eth0
3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
    link/ether 00:40:05:9f:5c:9d brd ff:ff:ff:ff:ff:ff
    inet 192.168.110.41/24 brd 192.168.110.255 scope global eth1
4: eth2: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
    link/ether 00:40:05:aa:63:b4 brd ff:ff:ff:ff:ff:ff
    inet 10.10.10.41/24 brd 10.10.10.255 scope global eth2

ip route sho
65.66.142.41 dev eth2  scope link 
65.66.142.44 dev eth2  scope link 
65.66.142.45 dev eth2  scope link 
65.66.142.40/29 dev eth0  scope link 
192.168.110.0/24 dev eth1  scope link 
10.10.10.0/24 dev eth2  scope link 
127.0.0.0/8 dev lo  scope link 
default via 65.66.142.46 dev eth0

Tom Eastep

2005-Jan-11 02:22 UTC

head link

Re: Squid and DMZ (ProxyARP)

Shorewall Admin User wrote:> Hello All,
> 
> I have a question about setting up the shorewall firewall for squid, I 
> followed the instructions on "Using Shorewall with Squid" -->
"Squid Running
> in the DMZ" section.  For some reason I am unable to get the program
to work.
> I am able to have the squid work properly by using squidclient program, but
> once I setup the firewall to use the redirect I am unable to get it to run 
> properly. I am looking to see if I have the correct setup for the squid 
> proxy in my firewall.
> 
Have you set up the correct port redirection on system 65.66.142.44?

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

Possibly Parallel Threads

Search for more possibly parallel threads

Shorewall users - Jan 2005 - Squid and DMZ (ProxyARP)

Squid and DMZ (ProxyARP)

Re: Squid and DMZ (ProxyARP)

Possibly Parallel Threads