Discussion:
[Shorewall-users] Shorewall ARP issue
Kade W. Hampson
2016-07-31 19:47:14 UTC
Permalink
Greetings!

I am having an issue with my VPN bridge sitting in the DMZ of my network.
Pretty much how it works it creates a virtual interface and assigns it an
IP address that it uses as the gateway between the two edges of the
bridge.
The issue is that I can't access the IP address in any other zones except
the DMZ, even though Shorewall contains the IP in its ARP.

(192.168.100.254) at 00:a3:8d:73:0f:1b [ether] on DMZ I have allowed all
traffic through to and from the DMZ and that still hasn't fixed the issue.
Tom Eastep
2016-08-01 15:44:22 UTC
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Post by Kade W. Hampson
Greetings!
I am having an issue with my VPN bridge sitting in the DMZ of my network.
Pretty much how it works it creates a virtual interface and assigns it
an IP address that it uses as the gateway between the two edges of the
bridge.
The issue is that I can't access the IP address in any other zones
except the DMZ, even though Shorewall contains the IP in its ARP.
(192.168.100.254) at 00:a3:8d:73:0f:1b [ether] on DMZ
I have allowed all traffic through to and from the DMZ and that still
hasn't fixed the issue.
Please forward the output of 'shorewall dump' collected as described at
http://www.shorewall.org/support.htm#Guidelines

Thanks,
- -Tom

- --
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJXn25WAAoJEJbms/JCOk0QOtgQAKV4Yq5AKf34hBITrzWE0kd7
feHWb+E8P2NH4SlZ9qWsAff//YqpEEtLyh8GjK/YbXjN+igY4edIcu/DnqQ556cx
ThK67/bQXTc2vinnU9PNnn7afgAGYt6L0USPN7L/XEbLQ/IyVORm6uUP+6z3b5A1
qNk8hzZcclc5xAVKRcU4x2cqgUWWjRCzFsNkRC0DA/28IkRuZIkj0Sfglew+MyOT
2lzTLytsHd/wC2o7JEkcYdYFFhMY1hDz21JzwO9gStDYCLmHCC9jXwTjmiAX615Z
QBJL+gzDUMlvqgWcJvCHqz9mJedVn449TA9cpBKa9of72SRob4M8UH6a7nNa1Deg
ccbIY7n4kPLYfETva2SbeasOqdlQKXBYGL29ZlcFTClZvk5oiYrcTsqJbKVVrPqI
zEHMlyJLLzWKNCfl2NMRzjmHjRN7Qmdgo2IP3aJ6uQIZLW2yCl+p3AYJOTsM4LJC
gVyAp4TzoF+/nqHnLYGvZAjXk3qXtvg7VL5SDCo/Fe63bkTnFp/HIUPQszUvmoo4
ZqhLe5idP/7Js6eiUwglPV9Z0uOW6lUkGjqSiQ9ZzliLGA96817GxsiLOBF1EXkU
TP7NbcX+n1uAt8GGgN05qAvKR4xlTrd2kDvgkt4nr+l5fNzEMXO0KlS6oKAzYbz7
deD8r9fDGHtf2k0ohZ4X
=95X2
-----END PGP SIGNATURE-----

------------------------------------------------------------------------------
Kade W. Hampson
2016-08-01 15:51:34 UTC
Permalink
It's a big one, here you go.


Shorewall 5.0.8.2 Dump at EXGA-FIREWALL-001 - Tue Aug 2 01:47:52 AEST 2016

Shorewall is running
State:Started (Tue Aug 2 00:29:54 AEST 2016) from /etc/shorewall/
(/var/lib/shorewall/firewall compiled by Shorewall version 5.0.8.2)

Counters reset Tue Aug 2 00:29:54 AEST 2016

Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
125K 44M loc2fw all -- eth1 * 0.0.0.0/0
0.0.0.0/0
422K 544M net2fw all -- eth0 * 0.0.0.0/0
0.0.0.0/0
140K 10M V152fw all -- eth1.15 * 0.0.0.0/0
0.0.0.0/0
916 66142 V1002fw all -- eth1.100 * 0.0.0.0/0
0.0.0.0/0
0 0 V1012fw all -- eth1.101 * 0.0.0.0/0
0.0.0.0/0
3928 489K ACCEPT all -- lo * 0.0.0.0/0
0.0.0.0/0
0 0 Reject all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 reject all -- * * 0.0.0.0/0
0.0.0.0/0 [goto]

Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
7738K 11G loc_frwd all -- eth1 * 0.0.0.0/0
0.0.0.0/0
50646 13M net_frwd all -- eth0 * 0.0.0.0/0
0.0.0.0/0
178K 18M V15_frwd all -- eth1.15 * 0.0.0.0/0
0.0.0.0/0
209K 28M V100_frwd all -- eth1.100 * 0.0.0.0/0
0.0.0.0/0
0 0 V101_frwd all -- eth1.101 * 0.0.0.0/0
0.0.0.0/0
399 69255 Reject all -- * * 0.0.0.0/0
0.0.0.0/0
399 69255 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 6 prefix "Shorewall:FORWARD:REJECT:"
399 69255 reject all -- * * 0.0.0.0/0
0.0.0.0/0 [goto]

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
129K 151M fw2loc all -- * eth1 0.0.0.0/0
0.0.0.0/0
378K 64M fw2net all -- * eth0 0.0.0.0/0
0.0.0.0/0
251K 390M fw2V15 all -- * eth1.15 0.0.0.0/0
0.0.0.0/0
0 0 fw2V100 all -- * eth1.100 0.0.0.0/0
0.0.0.0/0
0 0 fw2V101 all -- * eth1.101 0.0.0.0/0
0.0.0.0/0
3928 489K ACCEPT all -- * lo 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0

Chain Broadcast (1 references)
pkts bytes target prot opt in out source
destination
1039 86490 DROP all -- * * 0.0.0.0/0
0.0.0.0/0 ADDRTYPE match dst-type BROADCAST
38 1216 DROP all -- * * 0.0.0.0/0
0.0.0.0/0 ADDRTYPE match dst-type MULTICAST
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0 ADDRTYPE match dst-type ANYCAST

Chain Reject (11 references)
pkts bytes target prot opt in out source
destination
1832 173K all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmptype 3 code 4 /* Needed ICMP types */
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmptype 11 /* Needed ICMP types */
1832 173K Broadcast all -- * * 0.0.0.0/0
0.0.0.0/0
184 7360 DROP all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate INVALID
0 0 reject udp -- * * 0.0.0.0/0
0.0.0.0/0 [goto] multiport dports 135,445 /* SMB */
0 0 reject udp -- * * 0.0.0.0/0
0.0.0.0/0 [goto] udp dpts:137:139 /* SMB */
0 0 reject udp -- * * 0.0.0.0/0
0.0.0.0/0 [goto] udp spt:137 dpts:1024:65535 /* SMB */
165 8360 reject tcp -- * * 0.0.0.0/0
0.0.0.0/0 [goto] multiport dports 135,139,445 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:1900 /* UPnP */
0 0 DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:!0x17/0x02
0 0 DROP udp -- * * 0.0.0.0/0
0.0.0.0/0 udp spt:53 /* Late DNS Replies */

Chain V1002V101 (1 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0

Chain V1002V15 (1 references)
pkts bytes target prot opt in out source
destination
71039 9229K ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0

Chain V1002fw (1 references)
pkts bytes target prot opt in out source
destination
916 66142 dynamic all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate INVALID,NEW,UNTRACKED
0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpts:67:68
0 0 tcpflags tcp -- * * 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 192.168.100.2
0.0.0.0/0 tcp dpt:22
916 66142 Reject all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 reject all -- * * 0.0.0.0/0
0.0.0.0/0 [goto]

Chain V1002loc (1 references)
pkts bytes target prot opt in out source
destination
104K 13M ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate RELATED,ESTABLISHED
202 14640 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0

Chain V1002net (1 references)
pkts bytes target prot opt in out source
destination
33077 5445K ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate RELATED,ESTABLISHED
122 7533 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0

Chain V100_frwd (1 references)
pkts bytes target prot opt in out source
destination
324 22173 dynamic all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate INVALID,NEW,UNTRACKED
14235 6709K tcpflags tcp -- * * 0.0.0.0/0
0.0.0.0/0
104K 13M V1002loc all -- * eth1 0.0.0.0/0
0.0.0.0/0
33199 5453K V1002net all -- * eth0 0.0.0.0/0
0.0.0.0/0
71039 9229K V1002V15 all -- * eth1.15 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT all -- * eth1.100 0.0.0.0/0
0.0.0.0/0
0 0 V1002V101 all -- * eth1.101 0.0.0.0/0
0.0.0.0/0

Chain V1012V100 (1 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0

Chain V1012V15 (1 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0

Chain V1012fw (1 references)
pkts bytes target prot opt in out source
destination
0 0 dynamic all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate INVALID,NEW,UNTRACKED
0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpts:67:68
0 0 tcpflags tcp -- * * 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 Reject all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 reject all -- * * 0.0.0.0/0
0.0.0.0/0 [goto]

Chain V1012loc (1 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0

Chain V101_frwd (1 references)
pkts bytes target prot opt in out source
destination
0 0 dynamic all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate INVALID,NEW,UNTRACKED
0 0 tcpflags tcp -- * * 0.0.0.0/0
0.0.0.0/0
0 0 V1012loc all -- * eth1 0.0.0.0/0
0.0.0.0/0
0 0 V1012V15 all -- * eth1.15 0.0.0.0/0
0.0.0.0/0
0 0 V1012V100 all -- * eth1.100 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT all -- * eth1.101 0.0.0.0/0
0.0.0.0/0

Chain V152V100 (1 references)
pkts bytes target prot opt in out source
destination
103K 11M ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT udp -- * * 192.168.160.100
0.0.0.0/0 udp dpts:27000:27015 /* STEAM */
0 0 ACCEPT udp -- * * 192.168.160.100
0.0.0.0/0 udp dpts:27015:27030 /* STEAM */
0 0 ACCEPT tcp -- * * 192.168.160.100
0.0.0.0/0 tcp dpts:27014:27050 /* STEAM */
0 0 ACCEPT udp -- * * 192.168.160.100
0.0.0.0/0 udp dpt:27031 /* STEAM */
0 0 ACCEPT udp -- * * 192.168.160.100
0.0.0.0/0 udp dpt:27036 /* STEAM */
0 0 ACCEPT tcp -- * * 192.168.160.100
0.0.0.0/0 tcp dpt:27036 /* STEAM */
0 0 ACCEPT tcp -- * * 192.168.160.100
0.0.0.0/0 tcp dpt:27037 /* STEAM */
0 0 ACCEPT udp -- * * 192.168.160.100
0.0.0.0/0 udp dpt:4380 /* STEAM */
1 52 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0

Chain V152V101 (1 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT udp -- * * 192.168.160.100
0.0.0.0/0 udp dpts:27000:27015 /* STEAM */
0 0 ACCEPT udp -- * * 192.168.160.100
0.0.0.0/0 udp dpts:27015:27030 /* STEAM */
0 0 ACCEPT tcp -- * * 192.168.160.100
0.0.0.0/0 tcp dpts:27014:27050 /* STEAM */
0 0 ACCEPT udp -- * * 192.168.160.100
0.0.0.0/0 udp dpt:27031 /* STEAM */
0 0 ACCEPT udp -- * * 192.168.160.100
0.0.0.0/0 udp dpt:27036 /* STEAM */
0 0 ACCEPT tcp -- * * 192.168.160.100
0.0.0.0/0 tcp dpt:27036 /* STEAM */
0 0 ACCEPT tcp -- * * 192.168.160.100
0.0.0.0/0 tcp dpt:27037 /* STEAM */
0 0 ACCEPT udp -- * * 192.168.160.100
0.0.0.0/0 udp dpt:4380 /* STEAM */
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0

Chain V152fw (1 references)
pkts bytes target prot opt in out source
destination
447 27303 dynamic all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate INVALID,NEW,UNTRACKED
140K 10M tcpflags tcp -- * * 0.0.0.0/0
0.0.0.0/0
140K 10M ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate RELATED,ESTABLISHED
404 21008 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:3128
0 0 ACCEPT udp -- * * 192.168.160.100
0.0.0.0/0 udp dpts:27000:27015 /* STEAM */
0 0 ACCEPT udp -- * * 192.168.160.100
0.0.0.0/0 udp dpts:27015:27030 /* STEAM */
0 0 ACCEPT tcp -- * * 192.168.160.100
0.0.0.0/0 tcp dpts:27014:27050 /* STEAM */
0 0 ACCEPT udp -- * * 192.168.160.100
0.0.0.0/0 udp dpt:27031 /* STEAM */
0 0 ACCEPT udp -- * * 192.168.160.100
0.0.0.0/0 udp dpt:27036 /* STEAM */
0 0 ACCEPT tcp -- * * 192.168.160.100
0.0.0.0/0 tcp dpt:27036 /* STEAM */
0 0 ACCEPT tcp -- * * 192.168.160.100
0.0.0.0/0 tcp dpt:27037 /* STEAM */
0 0 ACCEPT udp -- * * 192.168.160.100
0.0.0.0/0 udp dpt:4380 /* STEAM */
43 6295 Reject all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 reject all -- * * 0.0.0.0/0
0.0.0.0/0 [goto]

Chain V152loc (1 references)
pkts bytes target prot opt in out source
destination
34677 2863K ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT udp -- * * 192.168.160.100
0.0.0.0/0 udp dpts:27000:27015 /* STEAM */
0 0 ACCEPT udp -- * * 192.168.160.100
0.0.0.0/0 udp dpts:27015:27030 /* STEAM */
0 0 ACCEPT tcp -- * * 192.168.160.100
0.0.0.0/0 tcp dpts:27014:27050 /* STEAM */
0 0 ACCEPT udp -- * * 192.168.160.100
0.0.0.0/0 udp dpt:27031 /* STEAM */
0 0 ACCEPT udp -- * * 192.168.160.100
0.0.0.0/0 udp dpt:27036 /* STEAM */
0 0 ACCEPT tcp -- * * 192.168.160.100
0.0.0.0/0 tcp dpt:27036 /* STEAM */
0 0 ACCEPT tcp -- * * 192.168.160.100
0.0.0.0/0 tcp dpt:27037 /* STEAM */
0 0 ACCEPT udp -- * * 192.168.160.100
0.0.0.0/0 udp dpt:4380 /* STEAM */
38314 3558K ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0

Chain V152net (1 references)
pkts bytes target prot opt in out source
destination
954 133K ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT udp -- * * 192.168.160.100
0.0.0.0/0 udp dpts:27000:27015 /* STEAM */
80 2560 ACCEPT udp -- * * 192.168.160.100
0.0.0.0/0 udp dpts:27015:27030 /* STEAM */
0 0 ACCEPT tcp -- * * 192.168.160.100
0.0.0.0/0 tcp dpts:27014:27050 /* STEAM */
0 0 ACCEPT udp -- * * 192.168.160.100
0.0.0.0/0 udp dpt:27031 /* STEAM */
0 0 ACCEPT udp -- * * 192.168.160.100
0.0.0.0/0 udp dpt:27036 /* STEAM */
0 0 ACCEPT tcp -- * * 192.168.160.100
0.0.0.0/0 tcp dpt:27036 /* STEAM */
0 0 ACCEPT tcp -- * * 192.168.160.100
0.0.0.0/0 tcp dpt:27037 /* STEAM */
0 0 ACCEPT udp -- * * 192.168.160.100
0.0.0.0/0 udp dpt:4380 /* STEAM */
54 2800 ACCEPT all -- * * 192.168.160.100
0.0.0.0/0

Chain V15_frwd (1 references)
pkts bytes target prot opt in out source
destination
38794 3629K dynamic all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate INVALID,NEW,UNTRACKED
25209 1393K tcpflags tcp -- * * 0.0.0.0/0
0.0.0.0/0
72991 6420K V152loc all -- * eth1 0.0.0.0/0
0.0.0.0/0
1433 205K V152net all -- * eth0 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT all -- * eth1.15 0.0.0.0/0
0.0.0.0/0
103K 11M V152V100 all -- * eth1.100 0.0.0.0/0
0.0.0.0/0
0 0 V152V101 all -- * eth1.101 0.0.0.0/0
0.0.0.0/0

Chain dynamic (10 references)
pkts bytes target prot opt in out source
destination

Chain fw2V100 (1 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpts:67:68
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0

Chain fw2V101 (1 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpts:67:68
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0

Chain fw2V15 (1 references)
pkts bytes target prot opt in out source
destination
251K 390M ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0

Chain fw2loc (1 references)
pkts bytes target prot opt in out source
destination
3 989 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpts:67:68
129K 151M ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate RELATED,ESTABLISHED
260 8870 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0

Chain fw2net (1 references)
pkts bytes target prot opt in out source
destination
373K 63M ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate RELATED,ESTABLISHED
5356 379K ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0

Chain loc2V100 (1 references)
pkts bytes target prot opt in out source
destination
73539 7436K ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate RELATED,ESTABLISHED
122 8509 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0

Chain loc2V101 (1 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0

Chain loc2V15 (1 references)
pkts bytes target prot opt in out source
destination
37655 136M ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate RELATED,ESTABLISHED
7612K 11G ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0

Chain loc2fw (1 references)
pkts bytes target prot opt in out source
destination
3593 252K dynamic all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate INVALID,NEW,UNTRACKED
9 3059 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpts:67:68
123K 44M tcpflags tcp -- * * 0.0.0.0/0
0.0.0.0/0
121K 44M ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate RELATED,ESTABLISHED
2361 144K ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:3128
148 8880 ACCEPT icmp -- * * 192.168.0.2
0.0.0.0/0 icmptype 8 /* Ping */
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:22
13 676 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:443
775 73416 ACCEPT udp -- * * 192.168.0.2
0.0.0.0/0 udp dpt:161 /* SNMP */
290 23909 Reject all -- * * 0.0.0.0/0
0.0.0.0/0
7 280 reject all -- * * 0.0.0.0/0
0.0.0.0/0 [goto]

Chain loc2net (1 references)
pkts bytes target prot opt in out source
destination
8566 937K ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- * * 192.168.0.22
0.0.0.0/0
1629 135K ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 source IP range 192.168.0.100-192.168.0.101
4064 316K ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 source IP range 192.168.0.1-192.168.0.4
0 0 ACCEPT icmp -- * * 192.168.0.2
0.0.0.0/0 icmptype 8 /* Ping */
0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:53 /* DNS */
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:53 /* DNS */
0 0 ACCEPT udp -- * * 192.168.0.2
192.168.10.1 udp dpt:161 /* SNMP */
0 0 ACCEPT all -- * * 192.168.0.24
0.0.0.0/0
0 0 ACCEPT all -- * * 192.168.0.26
0.0.0.0/0
0 0 ACCEPT all -- * * 192.168.0.28
0.0.0.0/0
0 0 ACCEPT all -- * * 192.168.0.104
0.0.0.0/0
26 1736 ACCEPT all -- * * 192.168.0.111
0.0.0.0/0

Chain loc_frwd (1 references)
pkts bytes target prot opt in out source
destination
7618K 11G dynamic all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate INVALID,NEW,UNTRACKED
34378 136M tcpflags tcp -- * * 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT all -- * eth1 0.0.0.0/0
0.0.0.0/0
14339 1393K loc2net all -- * eth0 0.0.0.0/0
0.0.0.0/0
7650K 11G loc2V15 all -- * eth1.15 0.0.0.0/0
0.0.0.0/0
73661 7444K loc2V100 all -- * eth1.100 0.0.0.0/0
0.0.0.0/0
0 0 loc2V101 all -- * eth1.101 0.0.0.0/0
0.0.0.0/0

Chain logdrop (0 references)
pkts bytes target prot opt in out source
destination
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0

Chain logflags (7 references)
pkts bytes target prot opt in out source
destination
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 4 level 6 prefix "Shorewall:logflags:DROP:"
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0

Chain logreject (0 references)
pkts bytes target prot opt in out source
destination
0 0 reject all -- * * 0.0.0.0/0
0.0.0.0/0

Chain net2V100 (1 references)
pkts bytes target prot opt in out source
destination
35813 6146K ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT udp -- * * 0.0.0.0/0
192.168.100.1 udp dpt:9987
0 0 ACCEPT tcp -- * * 0.0.0.0/0
192.168.100.1 tcp dpt:10011
0 0 ACCEPT tcp -- * * 0.0.0.0/0
192.168.100.1 tcp dpt:30033
0 0 ACCEPT tcp -- * * 0.0.0.0/0
192.168.100.21 tcp dpt:992
0 0 ACCEPT tcp -- * * 0.0.0.0/0
192.168.100.21 tcp dpt:1194
0 0 ACCEPT tcp -- * * 0.0.0.0/0
192.168.100.21 tcp dpt:5555
0 0 ACCEPT tcp -- * * 0.0.0.0/0
192.168.100.1 tcp dpt:5222
3 1332 ACCEPT udp -- * * 0.0.0.0/0
192.168.100.1 udp dpt:5060
0 0 ACCEPT udp -- * * 0.0.0.0/0
192.168.100.20 udp dpt:500
0 0 ACCEPT udp -- * * 0.0.0.0/0
192.168.100.20 udp dpt:4500
0 0 Reject all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 reject all -- * * 0.0.0.0/0
0.0.0.0/0 [goto]

Chain net2V101 (1 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 Reject all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 reject all -- * * 0.0.0.0/0
0.0.0.0/0 [goto]

Chain net2V15 (1 references)
pkts bytes target prot opt in out source
destination
703 279K ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 Reject all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 reject all -- * * 0.0.0.0/0
0.0.0.0/0 [goto]

Chain net2fw (1 references)
pkts bytes target prot opt in out source
destination
184 7360 dynamic all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate INVALID,NEW,UNTRACKED
420K 543M tcpflags tcp -- * * 0.0.0.0/0
0.0.0.0/0
422K 544M ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate RELATED,ESTABLISHED
184 7360 Reject all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 reject all -- * * 0.0.0.0/0
0.0.0.0/0 [goto]

Chain net2loc (1 references)
pkts bytes target prot opt in out source
destination
13574 6099K ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate RELATED,ESTABLISHED
553 59093 ACCEPT all -- * * 0.0.0.0/0
192.168.0.3
0 0 Reject all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 reject all -- * * 0.0.0.0/0
0.0.0.0/0 [goto]

Chain net_frwd (1 references)
pkts bytes target prot opt in out source
destination
556 60425 dynamic all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate INVALID,NEW,UNTRACKED
21872 7549K tcpflags tcp -- * * 0.0.0.0/0
0.0.0.0/0
14127 6158K net2loc all -- * eth1 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT all -- * eth0 0.0.0.0/0
0.0.0.0/0
703 279K net2V15 all -- * eth1.15 0.0.0.0/0
0.0.0.0/0
35816 6147K net2V100 all -- * eth1.100 0.0.0.0/0
0.0.0.0/0
0 0 net2V101 all -- * eth1.101 0.0.0.0/0
0.0.0.0/0

Chain reject (16 references)
pkts bytes target prot opt in out source
destination
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0 ADDRTYPE match src-type BROADCAST
0 0 DROP all -- * * 224.0.0.0/4
0.0.0.0/0
0 0 DROP 2 -- * * 0.0.0.0/0
0.0.0.0/0
226 12112 REJECT tcp -- * * 0.0.0.0/0
0.0.0.0/0 reject-with tcp-reset
345 65783 REJECT udp -- * * 0.0.0.0/0
0.0.0.0/0 reject-with icmp-port-unreachable
0 0 REJECT icmp -- * * 0.0.0.0/0
0.0.0.0/0 reject-with icmp-host-unreachable
0 0 REJECT all -- * * 0.0.0.0/0
0.0.0.0/0 reject-with icmp-host-prohibited

Chain sha-lh-96944a9c5c45155d78a9 (0 references)
pkts bytes target prot opt in out source
destination

Chain sha-rh-801fcf03a6de201ab67c (0 references)
pkts bytes target prot opt in out source
destination

Chain shorewall (0 references)
pkts bytes target prot opt in out source
destination
0 0 all -- * * 0.0.0.0/0
0.0.0.0/0 recent: SET name: %CURRENTTIME side: source mask:
255.255.255.255

Chain tcpflags (10 references)
pkts bytes target prot opt in out source
destination
0 0 logflags tcp -- * * 0.0.0.0/0
0.0.0.0/0 [goto] tcp flags:0x3F/0x29
0 0 logflags tcp -- * * 0.0.0.0/0
0.0.0.0/0 [goto] tcp flags:0x3F/0x00
0 0 logflags tcp -- * * 0.0.0.0/0
0.0.0.0/0 [goto] tcp flags:0x06/0x06
0 0 logflags tcp -- * * 0.0.0.0/0
0.0.0.0/0 [goto] tcp flags:0x05/0x05
0 0 logflags tcp -- * * 0.0.0.0/0
0.0.0.0/0 [goto] tcp flags:0x03/0x03
0 0 logflags tcp -- * * 0.0.0.0/0
0.0.0.0/0 [goto] tcp flags:0x19/0x09
0 0 logflags tcp -- * * 0.0.0.0/0
0.0.0.0/0 [goto] tcp spt:0 flags:0x17/0x02

Log (/var/log/shorewall.log)


NAT Table

Chain PREROUTING (policy ACCEPT 76 packets, 6027 bytes)
pkts bytes target prot opt in out source
destination
525 66720 net_dnat all -- eth0 * 0.0.0.0/0
0.0.0.0/0

Chain INPUT (policy ACCEPT 26 packets, 1492 bytes)
pkts bytes target prot opt in out source
destination

Chain OUTPUT (policy ACCEPT 45 packets, 3266 bytes)
pkts bytes target prot opt in out source
destination

Chain POSTROUTING (policy ACCEPT 65 packets, 5019 bytes)
pkts bytes target prot opt in out source
destination
11134 833K eth0_masq all -- * eth0 0.0.0.0/0
0.0.0.0/0

Chain eth0_masq (1 references)
pkts bytes target prot opt in out source
destination
122 7533 MASQUERADE all -- * * 192.168.100.0/24
0.0.0.0/0
5582 445K MASQUERADE all -- * * 192.168.0.0/24
0.0.0.0/0
130 5160 MASQUERADE all -- * * 192.168.160.0/24
0.0.0.0/0

Chain net_dnat (1 references)
pkts bytes target prot opt in out source
destination
0 0 DNAT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:9987 to:192.168.100.1
0 0 DNAT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:10011 to:192.168.100.1
0 0 DNAT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:30033 to:192.168.100.1
0 0 DNAT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:992 to:192.168.100.21
0 0 DNAT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:1194 to:192.168.100.21
0 0 DNAT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:5555 to:192.168.100.21
0 0 DNAT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:5222 to:192.168.100.1
3 1332 DNAT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:5060 to:192.168.100.1
0 0 DNAT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:500 to:192.168.100.20
0 0 DNAT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:4500 to:192.168.100.20
522 65388 DNAT all -- * * 0.0.0.0/0
0.0.0.0/0 to:192.168.0.3

Mangle Table

Chain PREROUTING (policy ACCEPT 57491 packets, 75M bytes)
pkts bytes target prot opt in out source
destination
8867K 12G tcpre all -- * * 0.0.0.0/0
0.0.0.0/0

Chain INPUT (policy ACCEPT 4623 packets, 2934K bytes)
pkts bytes target prot opt in out source
destination
692K 599M tcin all -- * * 0.0.0.0/0
0.0.0.0/0

Chain FORWARD (policy ACCEPT 52868 packets, 72M bytes)
pkts bytes target prot opt in out source
destination
8175K 11G MARK all -- * * 0.0.0.0/0
0.0.0.0/0 MARK and 0xffffff00
8175K 11G tcfor all -- * * 0.0.0.0/0
0.0.0.0/0

Chain OUTPUT (policy ACCEPT 6092 packets, 5793K bytes)
pkts bytes target prot opt in out source
destination
763K 605M tcout all -- * * 0.0.0.0/0
0.0.0.0/0

Chain POSTROUTING (policy ACCEPT 58953 packets, 78M bytes)
pkts bytes target prot opt in out source
destination
8937K 12G tcpost all -- * * 0.0.0.0/0
0.0.0.0/0

Chain tcfor (1 references)
pkts bytes target prot opt in out source
destination
48 2664 MARK tcp -- * * 0.0.0.0/0
0.0.0.0/0 multiport dports 20,21,22,23,220,222,2222 MARK set 0x1
0 0 MARK udp -- * * 0.0.0.0/0
0.0.0.0/0 multiport dports 20,21,22,23,220,222,2222 MARK set 0x1
0 0 MARK tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:53 MARK set 0x2
17696 1799K MARK udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:53 MARK set 0x2
0 0 MARK tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:110 MARK set 0x3
0 0 MARK udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:110 MARK set 0x3
7893 830K MARK tcp -- * * 0.0.0.0/0
0.0.0.0/0 multiport dports 80,443 MARK set 0x4

Chain tcin (1 references)
pkts bytes target prot opt in out source
destination

Chain tcout (1 references)
pkts bytes target prot opt in out source
destination

Chain tcpost (1 references)
pkts bytes target prot opt in out source
destination

Chain tcpre (1 references)
pkts bytes target prot opt in out source
destination

Raw Table

Chain PREROUTING (policy ACCEPT 57259 packets, 74M bytes)
pkts bytes target prot opt in out source
destination
0 0 CT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:10080 CT helper amanda
0 0 CT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:21 CT helper ftp
0 0 CT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:1719 CT helper RAS
0 0 CT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:1720 CT helper Q.931
0 0 CT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:6667 CT helper irc
183 15810 CT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:137 CT helper netbios-ns
0 0 CT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:1723 CT helper pptp
0 0 CT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:6566 CT helper sane
3 1332 CT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:5060 CT helper sip
775 73416 CT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:161 CT helper snmp
0 0 CT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:69 CT helper tftp

Chain OUTPUT (policy ACCEPT 6096 packets, 5795K bytes)
pkts bytes target prot opt in out source
destination
0 0 CT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:10080 CT helper amanda
0 0 CT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:21 CT helper ftp
0 0 CT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:1719 CT helper RAS
0 0 CT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:1720 CT helper Q.931
0 0 CT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:6667 CT helper irc
0 0 CT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:137 CT helper netbios-ns
0 0 CT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:1723 CT helper pptp
0 0 CT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:6566 CT helper sane
0 0 CT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:5060 CT helper sip
0 0 CT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:161 CT helper snmp
0 0 CT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:69 CT helper tftp

Conntrack Table (267 out of 262144)

tcp 6 431994 ESTABLISHED src=192.168.160.1 dst=192.168.0.4 sport=52451
dport=445 src=192.168.0.4 dst=192.168.160.1 sport=445 dport=52451 [ASSURED]
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 7 SYN_SENT src=192.168.160.1 dst=192.168.0.3 sport=52440
dport=5555 [UNREPLIED] src=192.168.0.3 dst=192.168.160.1 sport=5555
dport=52440 mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 57 TIME_WAIT src=192.168.0.101 dst=192.168.10.1 sport=53419
dport=80 src=192.168.10.1 dst=192.168.10.2 sport=80 dport=53419 [ASSURED]
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 299 ESTABLISHED src=192.168.0.101 dst=192.168.0.10 sport=53440
dport=443 src=192.168.0.10 dst=192.168.0.101 sport=443 dport=53440 [ASSURED]
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 431992 ESTABLISHED src=192.168.160.100 dst=192.168.0.10
sport=50403 dport=3128 src=192.168.0.10 dst=192.168.160.100 sport=3128
dport=50403 [ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 99 TIME_WAIT src=192.168.0.101 dst=192.168.0.10 sport=53365
dport=3128 src=192.168.0.10 dst=192.168.0.101 sport=3128 dport=53365
[ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 84 TIME_WAIT src=192.168.0.101 dst=192.168.10.1 sport=53429
dport=80 src=192.168.10.1 dst=192.168.10.2 sport=80 dport=53429 [ASSURED]
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 19 TIME_WAIT src=192.168.0.101 dst=192.168.0.10 sport=53362
dport=3128 src=192.168.0.10 dst=192.168.0.101 sport=3128 dport=53362
[ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 431996 ESTABLISHED src=192.168.0.21 dst=192.168.0.10 sport=55262
dport=3128 src=192.168.0.10 dst=192.168.0.21 sport=3128 dport=55262
[ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 65 TIME_WAIT src=192.168.10.2 dst=184.51.15.77 sport=51738
dport=443 src=184.51.15.77 dst=192.168.10.2 sport=443 dport=51738 [ASSURED]
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 15 TIME_WAIT src=192.168.0.101 dst=192.168.10.1 sport=53405
dport=80 src=192.168.10.1 dst=192.168.10.2 sport=80 dport=53405 [ASSURED]
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 431990 ESTABLISHED src=192.168.160.100 dst=192.168.0.10
sport=50578 dport=3128 src=192.168.0.10 dst=192.168.160.100 sport=3128
dport=50578 [ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 15 src=192.168.0.1 dst=168.1.92.91 sport=57428 dport=53
src=168.1.92.91 dst=192.168.10.2 sport=53 dport=57428 mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 431991 ESTABLISHED src=192.168.10.2 dst=107.21.254.19 sport=48318
dport=80 src=107.21.254.19 dst=192.168.10.2 sport=80 dport=48318 [ASSURED]
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 100 TIME_WAIT src=192.168.10.2 dst=60.254.143.159 sport=46308
dport=443 src=60.254.143.159 dst=192.168.10.2 sport=443 dport=46308
[ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=2
tcp 6 431996 ESTABLISHED src=192.168.0.101 dst=192.168.0.10 sport=53446
dport=443 src=192.168.0.10 dst=192.168.0.101 sport=443 dport=53446 [ASSURED]
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 431988 ESTABLISHED src=192.168.0.101 dst=192.168.160.1
sport=51662 dport=445 src=192.168.160.1 dst=192.168.0.101 sport=445
dport=51662 [ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 41 TIME_WAIT src=192.168.0.101 dst=192.168.10.1 sport=53416
dport=80 src=192.168.10.1 dst=192.168.10.2 sport=80 dport=53416 [ASSURED]
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 29 src=192.168.100.254 dst=192.168.100.255 sport=7 dport=7
[UNREPLIED] src=192.168.100.255 dst=192.168.100.254 sport=7 dport=7 mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 20 src=127.0.0.1 dst=127.0.0.1 sport=33186 dport=53
src=127.0.0.1 dst=127.0.0.1 sport=53 dport=33186 mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 21 TIME_WAIT src=192.168.0.101 dst=104.97.78.169 sport=53396
dport=80 src=104.97.78.169 dst=192.168.10.2 sport=80 dport=53396 [ASSURED]
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 15 TIME_WAIT src=192.168.10.2 dst=60.254.143.166 sport=40998
dport=443 src=60.254.143.166 dst=192.168.10.2 sport=443 dport=40998
[ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 8 TIME_WAIT src=192.168.10.2 dst=60.254.143.166 sport=40996
dport=443 src=60.254.143.166 dst=192.168.10.2 sport=443 dport=40996
[ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 179 src=192.168.160.100 dst=192.168.100.1 sport=52347 dport=9987
src=192.168.100.1 dst=192.168.160.100 sport=9987 dport=52347 [ASSURED]
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 38 TIME_WAIT src=192.168.160.100 dst=192.168.0.10 sport=50572
dport=3128 src=192.168.0.10 dst=192.168.160.100 sport=3128 dport=50572
[ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 113 TIME_WAIT src=192.168.10.2 dst=60.254.143.159 sport=46330
dport=443 src=60.254.143.159 dst=192.168.10.2 sport=443 dport=46330
[ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 15 src=192.168.0.101 dst=211.44.189.174 sport=15646 dport=52601
[UNREPLIED] src=211.44.189.174 dst=192.168.10.2 sport=52601 dport=15646
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 4 CLOSE src=192.168.0.101 dst=192.168.0.10 sport=53439 dport=443
src=192.168.0.10 dst=192.168.0.101 sport=443 dport=53439 [ASSURED] mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 299 ESTABLISHED src=192.168.10.2 dst=31.13.70.7 sport=50018
dport=443 src=31.13.70.7 dst=192.168.10.2 sport=443 dport=50018 [ASSURED]
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 76 TIME_WAIT src=192.168.0.4 dst=192.168.160.1 sport=61211
dport=49158 src=192.168.160.1 dst=192.168.0.4 sport=49158 dport=61211
[ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 105 TIME_WAIT src=192.168.0.101 dst=192.168.0.10 sport=53368
dport=3128 src=192.168.0.10 dst=192.168.0.101 sport=3128 dport=53368
[ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 24 src=192.168.160.1 dst=192.168.0.1 sport=52907 dport=389
src=192.168.0.1 dst=192.168.160.1 sport=389 dport=52907 mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 426621 ESTABLISHED src=192.168.0.101 dst=50.17.232.255
sport=51433 dport=443 src=50.17.232.255 dst=192.168.10.2 sport=443
dport=51433 [ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 77 TIME_WAIT src=192.168.10.2 dst=60.254.143.159 sport=46302
dport=443 src=60.254.143.159 dst=192.168.10.2 sport=443 dport=46302
[ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 431990 ESTABLISHED src=192.168.10.2 dst=144.131.81.18 sport=59874
dport=443 src=144.131.81.18 dst=192.168.10.2 sport=443 dport=59874 [ASSURED]
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 431998 ESTABLISHED src=144.139.243.204 dst=192.168.10.2
sport=61602 dport=5555 src=192.168.100.21 dst=144.139.243.204 sport=5555
dport=61602 [ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 431384 ESTABLISHED src=192.168.160.100 dst=111.221.29.130
sport=49761 dport=443 src=111.221.29.130 dst=192.168.10.2 sport=443
dport=49761 [ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 179 src=192.168.0.101 dst=192.168.100.1 sport=53259 dport=9987
src=192.168.100.1 dst=192.168.0.101 sport=9987 dport=53259 [ASSURED] mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
icmp 1 21 src=192.168.0.2 dst=192.168.0.10 type=8 code=0 id=32
src=192.168.0.10 dst=192.168.0.2 type=0 code=0 id=32 mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 431995 ESTABLISHED src=144.139.243.204 dst=192.168.10.2
sport=61603 dport=5555 src=192.168.100.21 dst=144.139.243.204 sport=5555
dport=61603 [ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 431974 ESTABLISHED src=192.168.0.101 dst=192.168.0.10 sport=52188
dport=3128 src=192.168.0.10 dst=192.168.0.101 sport=3128 dport=52188
[ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 20 src=192.168.0.4 dst=8.8.8.8 sport=56167 dport=53 src=8.8.8.8
dst=192.168.10.2 sport=53 dport=56167 mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 16 src=192.168.10.2 dst=8.8.8.8 sport=49096 dport=53 src=8.8.8.8
dst=192.168.10.2 sport=53 dport=49096 mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 431972 ESTABLISHED src=192.168.10.2 dst=31.13.70.7 sport=48084
dport=443 src=31.13.70.7 dst=192.168.10.2 sport=443 dport=48084 [ASSURED]
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 431999 ESTABLISHED src=144.139.243.204 dst=192.168.10.2
sport=61601 dport=5555 src=192.168.100.21 dst=144.139.243.204 sport=5555
dport=61601 [ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 431999 ESTABLISHED src=144.139.243.204 dst=192.168.10.2
sport=61605 dport=5555 src=192.168.100.21 dst=144.139.243.204 sport=5555
dport=61605 [ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 87 SYN_SENT src=192.168.160.1 dst=192.168.0.3 sport=52447
dport=5555 [UNREPLIED] src=192.168.0.3 dst=192.168.160.1 sport=5555
dport=52447 mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 431406 ESTABLISHED src=192.168.100.21 dst=192.168.0.3 sport=49836
dport=8027 src=192.168.0.3 dst=192.168.100.21 sport=8027 dport=49836
[ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=2
tcp 6 109 TIME_WAIT src=192.168.10.2 dst=60.254.143.159 sport=46326
dport=443 src=60.254.143.159 dst=192.168.10.2 sport=443 dport=46326
[ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 38 TIME_WAIT src=192.168.160.100 dst=192.168.0.10 sport=50595
dport=3128 src=192.168.0.10 dst=192.168.160.100 sport=3128 dport=50595
[ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 20 src=127.0.0.1 dst=127.0.0.1 sport=55580 dport=53
src=127.0.0.1 dst=127.0.0.1 sport=53 dport=55580 mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 111 TIME_WAIT src=192.168.0.101 dst=192.168.10.1 sport=53444
dport=80 src=192.168.10.1 dst=192.168.10.2 sport=80 dport=53444 [ASSURED]
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 431991 ESTABLISHED src=192.168.0.101 dst=192.168.0.10 sport=51437
dport=3128 src=192.168.0.10 dst=192.168.0.101 sport=3128 dport=51437
[ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 64 TIME_WAIT src=192.168.10.2 dst=60.254.148.32 sport=44144
dport=443 src=60.254.148.32 dst=192.168.10.2 sport=443 dport=44144 [ASSURED]
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 24 src=192.168.160.1 dst=192.168.0.1 sport=56020 dport=53
src=192.168.0.1 dst=192.168.160.1 sport=53 dport=56020 mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 23 src=192.168.0.1 dst=168.1.92.91 sport=56774 dport=53
src=168.1.92.91 dst=192.168.10.2 sport=53 dport=56774 mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 169 src=127.0.0.1 dst=127.0.0.1 sport=40681 dport=53
src=127.0.0.1 dst=127.0.0.1 sport=53 dport=40681 [ASSURED] mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 0 CLOSE src=192.168.0.101 dst=192.168.0.10 sport=53441 dport=443
src=192.168.0.10 dst=192.168.0.101 sport=443 dport=53441 [ASSURED] mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 16 src=128.73.91.25 dst=192.168.10.2 sport=52247 dport=15646
[UNREPLIED] src=192.168.0.3 dst=128.73.91.25 sport=15646 dport=52247 mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 20 src=127.0.0.1 dst=127.0.0.1 sport=44486 dport=53
src=127.0.0.1 dst=127.0.0.1 sport=53 dport=44486 mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 104 TIME_WAIT src=192.168.0.101 dst=192.168.0.10 sport=53369
dport=3128 src=192.168.0.10 dst=192.168.0.101 sport=3128 dport=53369
[ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 3137 src=178.162.198.132 dst=192.168.10.2 sport=5648 dport=5060
[UNREPLIED] src=192.168.100.1 dst=178.162.198.132 sport=5060 dport=5648
mark=0 secctx=system_u:object_r:unlabeled_t:s0 helper=sip use=1
tcp 6 431997 ESTABLISHED src=144.139.243.204 dst=192.168.10.2
sport=61604 dport=5555 src=192.168.100.21 dst=144.139.243.204 sport=5555
dport=61604 [ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 106 TIME_WAIT src=192.168.0.101 dst=192.168.10.1 sport=53438
dport=80 src=192.168.10.1 dst=192.168.10.2 sport=80 dport=53438 [ASSURED]
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 159 src=192.168.100.21 dst=130.158.6.115 sport=57682 dport=5004
src=130.158.6.115 dst=192.168.10.2 sport=5004 dport=57682 [ASSURED] mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 431981 ESTABLISHED src=192.168.10.2 dst=31.13.95.8 sport=39246
dport=443 src=31.13.95.8 dst=192.168.10.2 sport=443 dport=39246 [ASSURED]
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 77 TIME_WAIT src=192.168.10.2 dst=60.254.143.159 sport=46304
dport=443 src=60.254.143.159 dst=192.168.10.2 sport=443 dport=46304
[ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 6 CLOSE src=192.168.0.101 dst=192.168.0.10 sport=53434 dport=443
src=192.168.0.10 dst=192.168.0.101 sport=443 dport=53434 [ASSURED] mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 50 TIME_WAIT src=192.168.160.100 dst=192.168.0.10 sport=50564
dport=3128 src=192.168.0.10 dst=192.168.160.100 sport=3128 dport=50564
[ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 25 TIME_WAIT src=192.168.10.2 dst=184.51.15.118 sport=42462
dport=443 src=184.51.15.118 dst=192.168.10.2 sport=443 dport=42462 [ASSURED]
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 9 TIME_WAIT src=192.168.0.101 dst=192.168.10.1 sport=53404
dport=80 src=192.168.10.1 dst=192.168.10.2 sport=80 dport=53404 [ASSURED]
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 431999 ESTABLISHED src=192.168.0.101 dst=192.168.0.10 sport=53427
dport=3128 src=192.168.0.10 dst=192.168.0.101 sport=3128 dport=53427
[ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 119 SYN_SENT src=192.168.160.1 dst=192.168.0.3 sport=52455
dport=5555 [UNREPLIED] src=192.168.0.3 dst=192.168.160.1 sport=5555
dport=52455 mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 179 src=192.168.100.21 dst=144.139.243.204 sport=40000
dport=49883 src=144.139.243.204 dst=192.168.10.2 sport=49883 dport=40000
[ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 151 src=192.168.0.101 dst=24.43.69.30 sport=15646 dport=50321
src=24.43.69.30 dst=192.168.10.2 sport=50321 dport=15646 [ASSURED] mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 4 src=192.168.0.1 dst=168.1.92.91 sport=56095 dport=53
src=168.1.92.91 dst=192.168.10.2 sport=53 dport=56095 mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 8 TIME_WAIT src=192.168.10.2 dst=60.254.143.166 sport=40994
dport=443 src=60.254.143.166 dst=192.168.10.2 sport=443 dport=40994
[ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 11 src=192.168.0.1 dst=168.1.92.91 sport=55809 dport=53
src=168.1.92.91 dst=192.168.10.2 sport=53 dport=55809 mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 10 src=192.168.10.2 dst=8.8.8.8 sport=41980 dport=53 src=8.8.8.8
dst=192.168.10.2 sport=53 dport=41980 mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 16 TIME_WAIT src=192.168.160.100 dst=192.168.0.10 sport=50587
dport=3128 src=192.168.0.10 dst=192.168.160.100 sport=3128 dport=50587
[ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 431981 ESTABLISHED src=192.168.0.101 dst=192.168.0.10 sport=52297
dport=3128 src=192.168.0.10 dst=192.168.0.101 sport=3128 dport=52297
[ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 431800 ESTABLISHED src=192.168.100.1 dst=192.168.0.4 sport=58831
dport=389 src=192.168.0.4 dst=192.168.100.1 sport=389 dport=58831 [ASSURED]
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=2
tcp 6 4 CLOSE src=192.168.160.1 dst=192.168.0.4 sport=52454 dport=88
src=192.168.0.4 dst=192.168.160.1 sport=88 dport=52454 [ASSURED] mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 65 TIME_WAIT src=192.168.0.101 dst=192.168.0.10 sport=53411
dport=3128 src=192.168.0.10 dst=192.168.0.101 sport=3128 dport=53411
[ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 431994 ESTABLISHED src=192.168.160.1 dst=192.168.0.1 sport=52453
dport=49157 src=192.168.0.1 dst=192.168.160.1 sport=49157 dport=52453
[ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 431999 ESTABLISHED src=192.168.0.21 dst=192.168.0.10 sport=55286
dport=3128 src=192.168.0.10 dst=192.168.0.21 sport=3128 dport=55286
[ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 431996 ESTABLISHED src=192.168.0.101 dst=192.168.0.10 sport=53445
dport=443 src=192.168.0.10 dst=192.168.0.101 sport=443 dport=53445 [ASSURED]
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 43 SYN_SENT src=209.58.129.109 dst=192.168.10.2 sport=40126
dport=2010 [UNREPLIED] src=192.168.0.3 dst=209.58.129.109 sport=2010
dport=40126 mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 64 TIME_WAIT src=192.168.10.2 dst=60.254.143.166 sport=41014
dport=443 src=60.254.143.166 dst=192.168.10.2 sport=443 dport=41014
[ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 24 src=192.168.160.1 dst=192.168.0.1 sport=55859 dport=53
src=192.168.0.1 dst=192.168.160.1 sport=53 dport=55859 mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 36 TIME_WAIT src=192.168.0.101 dst=192.168.10.1 sport=53415
dport=80 src=192.168.10.1 dst=192.168.10.2 sport=80 dport=53415 [ASSURED]
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 63 TIME_WAIT src=192.168.0.101 dst=192.168.10.1 sport=53421
dport=80 src=192.168.10.1 dst=192.168.10.2 sport=80 dport=53421 [ASSURED]
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 166 src=127.0.0.1 dst=127.0.0.1 sport=50824 dport=53
src=127.0.0.1 dst=127.0.0.1 sport=53 dport=50824 [ASSURED] mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 431996 ESTABLISHED src=192.168.0.101 dst=192.168.0.10 sport=53448
dport=443 src=192.168.0.10 dst=192.168.0.101 sport=443 dport=53448 [ASSURED]
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 9 src=192.168.0.1 dst=168.1.92.91 sport=55876 dport=53
src=168.1.92.91 dst=192.168.10.2 sport=53 dport=55876 mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 101 src=192.168.160.100 dst=192.168.0.1 sport=137 dport=137
src=192.168.0.1 dst=192.168.160.100 sport=137 dport=137 [ASSURED] mark=0
secctx=system_u:object_r:unlabeled_t:s0 helper=netbios-ns use=1
udp 17 23 src=192.168.160.1 dst=192.168.0.4 sport=56820 dport=389
src=192.168.0.4 dst=192.168.160.1 sport=389 dport=56820 mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 24 src=127.0.0.1 dst=127.0.0.1 sport=49081 dport=53
src=127.0.0.1 dst=127.0.0.1 sport=53 dport=49081 mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 15 TIME_WAIT src=192.168.10.2 dst=60.254.143.166 sport=41002
dport=443 src=60.254.143.166 dst=192.168.10.2 sport=443 dport=41002
[ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 174 src=127.0.0.1 dst=127.0.0.1 sport=46218 dport=53
src=127.0.0.1 dst=127.0.0.1 sport=53 dport=46218 [ASSURED] mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 20 TIME_WAIT src=192.168.0.101 dst=192.168.10.1 sport=53407
dport=80 src=192.168.10.1 dst=192.168.10.2 sport=80 dport=53407 [ASSURED]
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 100 TIME_WAIT src=192.168.10.2 dst=60.254.143.159 sport=46314
dport=443 src=60.254.143.159 dst=192.168.10.2 sport=443 dport=46314
[ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 4 TIME_WAIT src=192.168.0.101 dst=192.168.10.1 sport=53403
dport=80 src=192.168.10.1 dst=192.168.10.2 sport=80 dport=53403 [ASSURED]
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 15 src=192.168.0.4 dst=8.8.8.8 sport=57607 dport=53 src=8.8.8.8
dst=192.168.10.2 sport=53 dport=57607 mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 431818 ESTABLISHED src=192.168.100.1 dst=192.168.0.1 sport=52502
dport=389 src=192.168.0.1 dst=192.168.100.1 sport=389 dport=52502 [ASSURED]
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 23 src=192.168.0.4 dst=8.8.8.8 sport=56301 dport=53 src=8.8.8.8
dst=192.168.10.2 sport=53 dport=56301 mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 431905 ESTABLISHED src=192.168.160.100 dst=192.168.0.1
sport=49724 dport=445 src=192.168.0.1 dst=192.168.160.100 sport=445
dport=49724 [ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 15 src=192.168.0.4 dst=8.8.8.8 sport=56980 dport=53 src=8.8.8.8
dst=192.168.10.2 sport=53 dport=56980 mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 109 TIME_WAIT src=192.168.160.100 dst=111.221.29.253 sport=50601
dport=443 src=111.221.29.253 dst=192.168.10.2 sport=443 dport=50601
[ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 431413 ESTABLISHED src=192.168.0.21 dst=192.168.0.10 sport=55169
dport=3128 src=192.168.0.10 dst=192.168.0.21 sport=3128 dport=55169
[ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 17 TIME_WAIT src=192.168.10.2 dst=184.51.15.77 sport=51732
dport=443 src=184.51.15.77 dst=192.168.10.2 sport=443 dport=51732 [ASSURED]
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 169 src=127.0.0.1 dst=127.0.0.1 sport=57200 dport=53
src=127.0.0.1 dst=127.0.0.1 sport=53 dport=57200 [ASSURED] mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
icmp 1 29 src=192.168.160.1 dst=192.168.0.3 type=15 code=0 id=33987
[UNREPLIED] src=192.168.0.3 dst=192.168.160.1 type=16 code=0 id=33987 mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 100 TIME_WAIT src=192.168.10.2 dst=60.254.143.159 sport=46310
dport=443 src=60.254.143.159 dst=192.168.10.2 sport=443 dport=46310
[ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 5 TIME_WAIT src=192.168.10.2 dst=60.254.143.153 sport=42058
dport=443 src=60.254.143.153 dst=192.168.10.2 sport=443 dport=42058
[ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 47 TIME_WAIT src=192.168.0.101 dst=192.168.10.1 sport=53417
dport=80 src=192.168.10.1 dst=192.168.10.2 sport=80 dport=53417 [ASSURED]
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=2
udp 17 20 src=192.168.160.1 dst=192.168.0.4 sport=54872 dport=53
src=192.168.0.4 dst=192.168.160.1 sport=53 dport=54872 mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 20 src=192.168.0.1 dst=168.1.92.91 sport=57110 dport=53
src=168.1.92.91 dst=192.168.10.2 sport=53 dport=57110 mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 35 TIME_WAIT src=192.168.0.1 dst=192.168.160.1 sport=52165
dport=135 src=192.168.160.1 dst=192.168.0.1 sport=135 dport=52165 [ASSURED]
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 19 src=127.0.0.1 dst=127.0.0.1 sport=50956 dport=53
src=127.0.0.1 dst=127.0.0.1 sport=53 dport=50956 mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 11 src=192.168.0.1 dst=168.1.92.91 sport=55559 dport=53
src=168.1.92.91 dst=192.168.10.2 sport=53 dport=55559 mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 10 SYN_SENT src=188.173.166.215 dst=192.168.10.2 sport=40052
dport=23 [UNREPLIED] src=192.168.0.3 dst=188.173.166.215 sport=23
dport=40052 mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 20 TIME_WAIT src=192.168.0.1 dst=192.168.160.1 sport=52167
dport=49158 src=192.168.160.1 dst=192.168.0.1 sport=49158 dport=52167
[ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 4 src=192.168.0.4 dst=8.8.8.8 sport=56782 dport=53 src=8.8.8.8
dst=192.168.10.2 sport=53 dport=56782 mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 431740 ESTABLISHED src=192.168.100.1 dst=192.168.0.4 sport=33861
dport=389 src=192.168.0.4 dst=192.168.100.1 sport=389 dport=33861 [ASSURED]
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 160 src=127.0.0.1 dst=127.0.0.1 sport=59808 dport=53
src=127.0.0.1 dst=127.0.0.1 sport=53 dport=59808 [ASSURED] mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 431996 ESTABLISHED src=192.168.10.2 dst=31.13.95.8 sport=42212
dport=443 src=31.13.95.8 dst=192.168.10.2 sport=443 dport=42212 [ASSURED]
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 431987 ESTABLISHED src=192.168.10.2 dst=54.230.141.251
sport=52206 dport=80 src=54.230.141.251 dst=192.168.10.2 sport=80
dport=52206 [ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 431647 ESTABLISHED src=192.168.160.100 dst=192.168.0.3
sport=50583 dport=8027 src=192.168.0.3 dst=192.168.160.100 sport=8027
dport=50583 [ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 15 TIME_WAIT src=192.168.10.2 dst=144.131.81.35 sport=47806
dport=443 src=144.131.81.35 dst=192.168.10.2 sport=443 dport=47806 [ASSURED]
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 16 src=192.168.10.2 dst=8.8.8.8 sport=36520 dport=53 src=8.8.8.8
dst=192.168.10.2 sport=53 dport=36520 mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 165 src=127.0.0.1 dst=127.0.0.1 sport=33959 dport=53
src=127.0.0.1 dst=127.0.0.1 sport=53 dport=33959 [ASSURED] mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 431990 ESTABLISHED src=192.168.160.100 dst=192.168.0.10
sport=50486 dport=3128 src=192.168.0.10 dst=192.168.160.100 sport=3128
dport=50486 [ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 166 src=127.0.0.1 dst=127.0.0.1 sport=59280 dport=53
src=127.0.0.1 dst=127.0.0.1 sport=53 dport=59280 [ASSURED] mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 14 TIME_WAIT src=192.168.160.100 dst=192.168.0.10 sport=50586
dport=3128 src=192.168.0.10 dst=192.168.160.100 sport=3128 dport=50586
[ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 169 src=127.0.0.1 dst=127.0.0.1 sport=39483 dport=53
src=127.0.0.1 dst=127.0.0.1 sport=53 dport=39483 [ASSURED] mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 23 TIME_WAIT src=192.168.10.2 dst=60.254.143.153 sport=42106
dport=443 src=60.254.143.153 dst=192.168.10.2 sport=443 dport=42106
[ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
icmp 1 13 src=192.168.0.2 dst=8.8.8.8 type=8 code=0 id=32 src=8.8.8.8
dst=192.168.10.2 type=0 code=0 id=32 mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 431950 ESTABLISHED src=192.168.10.2 dst=31.13.95.36 sport=55804
dport=443 src=31.13.95.36 dst=192.168.10.2 sport=443 dport=55804 [ASSURED]
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 73 TIME_WAIT src=192.168.0.101 dst=192.168.10.1 sport=53425
dport=80 src=192.168.10.1 dst=192.168.10.2 sport=80 dport=53425 [ASSURED]
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 431992 ESTABLISHED src=192.168.10.2 dst=58.162.61.20 sport=37754
dport=443 src=58.162.61.20 dst=192.168.10.2 sport=443 dport=37754 [ASSURED]
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 431994 ESTABLISHED src=192.168.160.1 dst=192.168.0.1 sport=52452
dport=135 src=192.168.0.1 dst=192.168.160.1 sport=135 dport=52452 [ASSURED]
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 25 TIME_WAIT src=192.168.0.101 dst=192.168.10.1 sport=53409
dport=80 src=192.168.10.1 dst=192.168.10.2 sport=80 dport=53409 [ASSURED]
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 109 TIME_WAIT src=192.168.10.2 dst=60.254.143.159 sport=46324
dport=443 src=60.254.143.159 dst=192.168.10.2 sport=443 dport=46324
[ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 31 TIME_WAIT src=192.168.0.101 dst=192.168.10.1 sport=53410
dport=80 src=192.168.10.1 dst=192.168.10.2 sport=80 dport=53410 [ASSURED]
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
icmp 1 29 src=192.168.160.1 dst=192.168.0.3 type=8 code=0 id=33987
src=192.168.0.3 dst=192.168.160.1 type=0 code=0 id=33987 mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 15 src=192.168.0.1 dst=168.1.92.91 sport=55844 dport=53
src=168.1.92.91 dst=192.168.10.2 sport=53 dport=55844 mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 22 src=192.168.0.101 dst=47.92.124.237 sport=15646 dport=42260
[UNREPLIED] src=47.92.124.237 dst=192.168.10.2 sport=42260 dport=15646
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 160 src=127.0.0.1 dst=127.0.0.1 sport=48913 dport=53
src=127.0.0.1 dst=127.0.0.1 sport=53 dport=48913 [ASSURED] mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 1679 src=67.211.222.81 dst=192.168.10.2 sport=5060 dport=5060
[UNREPLIED] src=192.168.100.1 dst=67.211.222.81 sport=5060 dport=5060 mark=0
secctx=system_u:object_r:unlabeled_t:s0 helper=sip use=2
tcp 6 43 TIME_WAIT src=192.168.10.2 dst=60.254.143.166 sport=41018
dport=443 src=60.254.143.166 dst=192.168.10.2 sport=443 dport=41018
[ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 29 src=192.168.160.1 dst=192.168.0.3 sport=58586 dport=53
[UNREPLIED] src=192.168.0.3 dst=192.168.160.1 sport=53 dport=58586 mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 16 src=192.168.10.2 dst=8.8.8.8 sport=63003 dport=53 src=8.8.8.8
dst=192.168.10.2 sport=53 dport=63003 mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 431770 ESTABLISHED src=192.168.100.1 dst=192.168.0.4 sport=43126
dport=389 src=192.168.0.4 dst=192.168.100.1 sport=389 dport=43126 [ASSURED]
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 33 TIME_WAIT src=192.168.10.2 dst=60.254.143.166 sport=41008
dport=443 src=60.254.143.166 dst=192.168.10.2 sport=443 dport=41008
[ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 25 TIME_WAIT src=192.168.10.2 dst=184.51.15.76 sport=39696
dport=443 src=184.51.15.76 dst=192.168.10.2 sport=443 dport=39696 [ASSURED]
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 68 TIME_WAIT src=192.168.0.101 dst=192.168.10.1 sport=53424
dport=80 src=192.168.10.1 dst=192.168.10.2 sport=80 dport=53424 [ASSURED]
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 15 TIME_WAIT src=192.168.10.2 dst=60.254.143.166 sport=41004
dport=443 src=60.254.143.166 dst=192.168.10.2 sport=443 dport=41004
[ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 431770 ESTABLISHED src=192.168.100.1 dst=192.168.0.4 sport=42991
dport=389 src=192.168.0.4 dst=192.168.100.1 sport=389 dport=42991 [ASSURED]
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 4 CLOSE src=192.168.160.100 dst=192.168.0.10 sport=50598
dport=3128 src=192.168.0.10 dst=192.168.160.100 sport=3128 dport=50598
[ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 431740 ESTABLISHED src=192.168.100.1 dst=192.168.0.4 sport=32898
dport=389 src=192.168.0.4 dst=192.168.100.1 sport=389 dport=32898 [ASSURED]
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 15 src=192.168.0.1 dst=168.1.92.91 sport=57173 dport=53
src=168.1.92.91 dst=192.168.10.2 sport=53 dport=57173 mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 95 TIME_WAIT src=192.168.0.101 dst=192.168.10.1 sport=53431
dport=80 src=192.168.10.1 dst=192.168.10.2 sport=80 dport=53431 [ASSURED]
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 100 TIME_WAIT src=192.168.10.2 dst=60.254.143.159 sport=46312
dport=443 src=60.254.143.159 dst=192.168.10.2 sport=443 dport=46312
[ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 16 src=192.168.10.2 dst=8.8.8.8 sport=19990 dport=53 src=8.8.8.8
dst=192.168.10.2 sport=53 dport=19990 mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 431999 ESTABLISHED src=192.168.10.2 dst=31.13.95.36 sport=32960
dport=443 src=31.13.95.36 dst=192.168.10.2 sport=443 dport=32960 [ASSURED]
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 10 src=192.168.10.2 dst=8.8.8.8 sport=57760 dport=53 src=8.8.8.8
dst=192.168.10.2 sport=53 dport=57760 mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 169 src=127.0.0.1 dst=127.0.0.1 sport=45760 dport=53
src=127.0.0.1 dst=127.0.0.1 sport=53 dport=45760 [ASSURED] mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 16 src=192.168.10.2 dst=8.8.8.8 sport=42873 dport=53 src=8.8.8.8
dst=192.168.10.2 sport=53 dport=42873 mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 174 src=127.0.0.1 dst=127.0.0.1 sport=33481 dport=53
src=127.0.0.1 dst=127.0.0.1 sport=53 dport=33481 [ASSURED] mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 23 src=192.168.160.1 dst=192.168.0.1 sport=55792 dport=53
src=192.168.0.1 dst=192.168.160.1 sport=53 dport=55792 mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 109 TIME_WAIT src=192.168.10.2 dst=60.254.143.159 sport=46320
dport=443 src=60.254.143.159 dst=192.168.10.2 sport=443 dport=46320
[ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 171 src=192.168.0.101 dst=103.10.125.17 sport=65048 dport=27019
src=103.10.125.17 dst=192.168.10.2 sport=27019 dport=65048 [ASSURED] mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 431955 ESTABLISHED src=192.168.160.1 dst=192.168.0.1 sport=65094
dport=389 src=192.168.0.1 dst=192.168.160.1 sport=389 dport=65094 [ASSURED]
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 79 TIME_WAIT src=192.168.0.101 dst=192.168.10.1 sport=53426
dport=80 src=192.168.10.1 dst=192.168.10.2 sport=80 dport=53426 [ASSURED]
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 3 src=1.224.224.196 dst=192.168.10.2 sport=44670 dport=1024
[UNREPLIED] src=192.168.0.3 dst=1.224.224.196 sport=1024 dport=44670 mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 29 src=192.168.0.101 dst=120.59.149.147 sport=15646 dport=14530
[UNREPLIED] src=120.59.149.147 dst=192.168.10.2 sport=14530 dport=15646
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 21 TIME_WAIT src=192.168.0.1 dst=192.168.160.1 sport=52169
dport=49158 src=192.168.160.1 dst=192.168.0.1 sport=49158 dport=52169
[ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 431997 ESTABLISHED src=192.168.0.101 dst=192.168.0.10 sport=53437
dport=3128 src=192.168.0.10 dst=192.168.0.101 sport=3128 dport=53437
[ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 109 TIME_WAIT src=192.168.10.2 dst=60.254.143.159 sport=46322
dport=443 src=60.254.143.159 dst=192.168.10.2 sport=443 dport=46322
[ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 299 ESTABLISHED src=144.139.243.204 dst=192.168.10.2 sport=61607
dport=5555 src=192.168.100.21 dst=144.139.243.204 sport=5555 dport=61607
[ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 431818 ESTABLISHED src=192.168.100.1 dst=192.168.0.1 sport=39620
dport=389 src=192.168.0.1 dst=192.168.100.1 sport=389 dport=39620 [ASSURED]
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 3 CLOSE src=192.168.0.21 dst=192.168.0.10 sport=55341 dport=3128
src=192.168.0.10 dst=192.168.0.21 sport=3128 dport=55341 [ASSURED] mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 420766 ESTABLISHED src=120.156.40.217 dst=192.168.10.2
sport=56771 dport=8027 src=192.168.0.3 dst=120.156.40.217 sport=8027
dport=56771 [ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=2
udp 17 19 src=127.0.0.1 dst=127.0.0.1 sport=41893 dport=53
src=127.0.0.1 dst=127.0.0.1 sport=53 dport=41893 mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 19 src=127.0.0.1 dst=127.0.0.1 sport=38746 dport=53
src=127.0.0.1 dst=127.0.0.1 sport=53 dport=38746 mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 299 ESTABLISHED src=144.139.243.204 dst=192.168.10.2 sport=61599
dport=5555 src=192.168.100.21 dst=144.139.243.204 sport=5555 dport=61599
[ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 114 TIME_WAIT src=192.168.10.2 dst=144.131.81.50 sport=59488
dport=443 src=144.131.81.50 dst=192.168.10.2 sport=443 dport=59488 [ASSURED]
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 431788 ESTABLISHED src=192.168.100.1 dst=192.168.0.1 sport=54953
dport=389 src=192.168.0.1 dst=192.168.1/usr/share/shorewall/lib.cli: line
900: /proc/net/xt_recent/%CURRENTTIME: Permission denied
00.1 sport=389 dport=54953 [ASSURED] mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 431773 ESTABLISHED src=192.168.160.1 dst=192.168.0.3 sport=52433
dport=8027 src=192.168.0.3 dst=192.168.160.1 sport=8027 dport=52433
[ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 8 src=192.168.0.101 dst=124.62.69.170 sport=15646 dport=53990
[UNREPLIED] src=124.62.69.170 dst=192.168.10.2 sport=53990 dport=15646
mark=0 secctx=system_u:object_r:unl/usr/share/shorewall/lib.cli: line 901:
/proc/net/xt_recent/%CURRENTTIME: Permission denied
abeled_t:s0 use=1
tcp 6 77 TIME_WAIT src=192.168.10.2 dst=60.254.143.159 sport=46300
dport=443 src=60.254.143.159 dst=192.168.10.2 sport=443 dport=46300
[ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 431818 ESTABLISHED src=192.168.100.1 dst=192.168.0.1 sport=45827
dport=389 src=192.168.0.1 dst=192.168.100.1 sport=389 dport=45827 [ASSURED]
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 431972 ESTABLISHED src=192.168.0.101 dst=192.168.0.10 sport=52758
dport=3128 src=192.168.0.10 dst=192.168.0.101 sport=3128 dport=52758
[ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 179 src=127.0.0.1 dst=127.0.0.1 sport=59321 dport=53
src=127.0.0.1 dst=127.0.0.1 sport=53 dport=59321 [ASSURED] mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 19 TIME_WAIT src=192.168.0.1 dst=192.168.160.1 sport=52166
dport=49158 src=192.168.160.1 dst=192.168.0.1 sport=49158 dport=52166
[ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 431770 ESTABLISHED src=192.168.100.1 dst=192.168.0.4 sport=57989
dport=389 src=192.168.0.4 dst=192.168.100.1 sport=389 dport=57989 [ASSURED]
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 67 SYN_SENT src=192.168.160.1 dst=192.168.0.3 sport=52445
dport=5555 [UNREPLIED] src=192.168.0.3 dst=192.168.160.1 sport=5555
dport=52445 mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 4 src=192.168.0.1 dst=168.1.92.91 sport=55462 dport=53
src=168.1.92.91 dst=192.168.10.2 sport=53 dport=55462 mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 117 TIME_WAIT src=192.168.0.101 dst=192.168.10.1 sport=53449
dport=80 src=192.168.10.1 dst=192.168.10.2 sport=80 dport=53449 [ASSURED]
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 431771 ESTABLISHED src=192.168.0.111 dst=17.252.156.62
sport=53492 dport=5223 src=17.252.156.62 dst=192.168.10.2 sport=5223
dport=53492 [ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 179 src=127.0.0.1 dst=127.0.0.1 sport=32774 dport=53
src=127.0.0.1 dst=127.0.0.1 sport=53 dport=32774 [ASSURED] mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 68 TIME_WAIT src=192.168.160.100 dst=192.168.0.10 sport=50563
dport=3128 src=192.168.0.10 dst=192.168.160.100 sport=3128 dport=50563
[ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 431800 ESTABLISHED src=192.168.100.1 dst=192.168.0.4 sport=48465
dport=389 src=192.168.0.4 dst=192.168.100.1 sport=389 dport=48465 [ASSURED]
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 431413 ESTABLISHED src=192.168.10.2 dst=40.96.13.194 sport=41862
dport=443 src=40.96.13.194 dst=192.168.10.2 sport=443 dport=41862 [ASSURED]
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 431990 ESTABLISHED src=192.168.10.2 dst=31.13.95.8 sport=41110
dport=443 src=31.13.95.8 dst=192.168.10.2 sport=443 dport=41110 [ASSURED]
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 51 TIME_WAIT src=192.168.10.2 dst=54.235.104.83 sport=54558
dport=80 src=54.235.104.83 dst=192.168.10.2 sport=80 dport=54558 [ASSURED]
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 431800 ESTABLISHED src=192.168.100.1 dst=192.168.0.4 sport=46743
dport=389 src=192.168.0.4 dst=192.168.100.1 sport=389 dport=46743 [ASSURED]
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 77 SYN_SENT src=192.168.0.2 dst=8.8.8.8 sport=50944 dport=135
[UNREPLIED] src=8.8.8.8 dst=192.168.10.2 sport=135 dport=50944 mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 431818 ESTABLISHED src=192.168.100.1 dst=192.168.0.1 sport=60672
dport=389 src=192.168.0.1 dst=192.168.100.1 sport=389 dport=60672 [ASSURED]
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 431998 ESTABLISHED src=144.139.243.204 dst=192.168.10.2
sport=61606 dport=5555 src=192.168.100.21 dst=144.139.243.204 sport=5555
dport=61606 [ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 52 TIME_WAIT src=192.168.0.101 dst=192.168.10.1 sport=53418
dport=80 src=192.168.10.1 dst=192.168.10.2 sport=80 dport=53418 [ASSURED]
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 431959 ESTABLISHED src=192.168.10.2 dst=23.23.164.218 sport=36020
dport=443 src=23.23.164.218 dst=192.168.10.2 sport=443 dport=36020 [ASSURED]
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 176 src=127.0.0.1 dst=127.0.0.1 sport=42068 dport=53
src=127.0.0.1 dst=127.0.0.1 sport=53 dport=42068 [ASSURED] mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 24 src=127.0.0.1 dst=127.0.0.1 sport=36850 dport=53
src=127.0.0.1 dst=127.0.0.1 sport=53 dport=36850 mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 176 src=127.0.0.1 dst=127.0.0.1 sport=60162 dport=53
src=127.0.0.1 dst=127.0.0.1 sport=53 dport=60162 [ASSURED] mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 27 SYN_SENT src=192.168.160.1 dst=192.168.0.3 sport=52442
dport=5555 [UNREPLIED] src=192.168.0.3 dst=192.168.160.1 sport=5555
dport=52442 mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=2
tcp 6 430322 ESTABLISHED src=192.168.0.101 dst=111.221.29.115
sport=61146 dport=443 src=111.221.29.115 dst=192.168.10.2 sport=443
dport=61146 [ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 89 TIME_WAIT src=192.168.0.101 dst=192.168.10.1 sport=53430
dport=80 src=192.168.10.1 dst=192.168.10.2 sport=80 dport=53430 [ASSURED]
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 16 src=192.168.10.2 dst=8.8.8.8 sport=39422 dport=53 src=8.8.8.8
dst=192.168.10.2 sport=53 dport=39422 mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 431986 ESTABLISHED src=192.168.0.1 dst=192.168.100.21 sport=445
dport=49186 src=192.168.100.21 dst=192.168.0.1 sport=49186 dport=445
[ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 24 src=127.0.0.1 dst=127.0.0.1 sport=50228 dport=53
src=127.0.0.1 dst=127.0.0.1 sport=53 dport=50228 mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 431996 ESTABLISHED src=192.168.0.101 dst=192.168.0.10 sport=53447
dport=443 src=192.168.0.10 dst=192.168.0.101 sport=443 dport=53447 [ASSURED]
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 29 src=192.168.0.101 dst=192.168.160.100 sport=58773 dport=6980
[UNREPLIED] src=192.168.160.100 dst=192.168.0.101 sport=6980 dport=58773
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 173 src=192.168.160.100 dst=103.10.125.17 sport=63330
dport=27018 src=103.10.125.17 dst=192.168.10.2 sport=27018 dport=63330
[ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 100 TIME_WAIT src=192.168.10.2 dst=60.254.143.159 sport=46316
dport=443 src=60.254.143.159 dst=192.168.10.2 sport=443 dport=46316
[ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 4 src=192.168.0.4 dst=8.8.8.8 sport=56510 dport=53 src=8.8.8.8
dst=192.168.10.2 sport=53 dport=56510 mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 431788 ESTABLISHED src=192.168.100.1 dst=192.168.0.1 sport=36458
dport=389 src=192.168.0.1 dst=192.168.100.1 sport=389 dport=36458 [ASSURED]
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 431990 ESTABLISHED src=192.168.0.101 dst=192.168.0.10 sport=51466
dport=22 src=192.168.0.10 dst=192.168.0.101 sport=22 dport=51466 [ASSURED]
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 15 TIME_WAIT src=192.168.10.2 dst=60.254.143.166 sport=41000
dport=443 src=60.254.143.166 dst=192.168.10.2 sport=443 dport=41000
[ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 431999 ESTABLISHED src=192.168.0.21 dst=192.168.0.10 sport=55264
dport=3128 src=192.168.0.10 dst=192.168.0.21 sport=3128 dport=55264
[ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 431818 ESTABLISHED src=192.168.100.1 dst=192.168.0.1 sport=55996
dport=389 src=192.168.0.1 dst=192.168.100.1 sport=389 dport=55996 [ASSURED]
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 25 src=192.168.0.4 dst=8.8.8.8 sport=55894 dport=53 src=8.8.8.8
dst=192.168.10.2 sport=53 dport=55894 mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 431974 ESTABLISHED src=192.168.10.2 dst=31.13.95.36 sport=58020
dport=443 src=31.13.95.36 dst=192.168.10.2 sport=443 dport=58020 [ASSURED]
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 100 TIME_WAIT src=192.168.0.101 dst=192.168.10.1 sport=53436
dport=80 src=192.168.10.1 dst=192.168.10.2 sport=80 dport=53436 [ASSURED]
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 47 SYN_SENT src=192.168.160.1 dst=192.168.0.3 sport=52443
dport=5555 [UNREPLIED] src=192.168.0.3 dst=192.168.160.1 sport=5555
dport=52443 mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 169 src=127.0.0.1 dst=127.0.0.1 sport=37832 dport=53
src=127.0.0.1 dst=127.0.0.1 sport=53 dport=37832 [ASSURED] mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 42 TIME_WAIT src=192.168.10.2 dst=60.254.143.166 sport=41020
dport=443 src=60.254.143.166 dst=192.168.10.2 sport=443 dport=41020
[ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 431950 ESTABLISHED src=192.168.160.100 dst=192.168.0.10
sport=50141 dport=3128 src=192.168.0.10 dst=192.168.160.100 sport=3128
dport=50141 [ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 431788 ESTABLISHED src=192.168.100.1 dst=192.168.0.1 sport=38896
dport=389 src=192.168.0.1 dst=192.168.100.1 sport=389 dport=38896 [ASSURED]
mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 108 SYN_SENT src=192.168.160.1 dst=192.168.0.3 sport=52449
dport=5555 [UNREPLIED] src=192.168.0.3 dst=192.168.160.1 sport=5555
dport=52449 mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 20 TIME_WAIT src=192.168.0.1 dst=192.168.160.1 sport=52168
dport=49158 src=192.168.160.1 dst=192.168.0.1 sport=49158 dport=52168
[ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 109 TIME_WAIT src=192.168.10.2 dst=60.254.143.159 sport=46328
dport=443 src=60.254.143.159 dst=192.168.10.2 sport=443 dport=46328
[ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 169 src=127.0.0.1 dst=127.0.0.1 sport=59874 dport=53
src=127.0.0.1 dst=127.0.0.1 sport=53 dport=59874 [ASSURED] mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 18 src=192.168.160.1 dst=192.168.0.3 sport=50733 dport=53
[UNREPLIED] src=192.168.0.3 dst=192.168.160.1 sport=53 dport=50733 mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1

IP Configuration

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc htb state UP qlen
1000
inet 192.168.10.2/24 brd 192.168.10.255 scope global eth0
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
UP qlen 1000
inet 192.168.0.10/24 brd 192.168.0.255 scope global eth1
valid_lft forever preferred_lft forever
4: ***@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
state UP
inet 192.168.100.10/24 brd 192.168.100.255 scope global eth1.100
valid_lft forever preferred_lft forever
5: ***@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
state UP
inet 192.168.101.10/24 brd 192.168.101.255 scope global eth1.101
valid_lft forever preferred_lft forever
6: ***@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
state UP
inet 192.168.160.10/24 brd 192.168.160.255 scope global eth1.15
valid_lft forever preferred_lft forever

IP Stats

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode
DEFAULT
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
RX: bytes packets errors dropped overrun mcast
2029261 17114 0 0 0 0
TX: bytes packets errors dropped carrier collsns
2029261 17114 0 0 0 0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc htb state UP mode
DEFAULT qlen 1000
link/ether 50:e5:49:64:4c:53 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
10839390775 7766950 0 9986 0 0
TX: bytes packets errors dropped carrier collsns
560976695 6125630 0 0 0 0
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
UP mode DEFAULT qlen 1000
link/ether 90:e2:ba:ae:c3:a4 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
49155140756 39224922 2 9 0 370
TX: bytes packets errors dropped carrier collsns
59278022636 41144592 0 0 0 0
4: ***@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
state UP mode DEFAULT
link/ether 90:e2:ba:ae:c3:a4 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
80473816 673405 0 0 0 0
TX: bytes packets errors dropped carrier collsns
79161756 611907 0 0 0 0
5: ***@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
state UP mode DEFAULT
link/ether 90:e2:ba:ae:c3:a4 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
816 12 0 0 0 0
6: ***@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
state UP mode DEFAULT
link/ether 90:e2:ba:ae:c3:a4 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
164557410 2241697 0 0 0 1
TX: bytes packets errors dropped carrier collsns
51983748339 35035002 0 0 0 0

Routing Rules

0: from all lookup local
32766: from all lookup main
32767: from all lookup default

Table default:


Table local:

local 192.168.160.10 dev eth1.15 proto kernel scope host src 192.168.160.10
local 192.168.101.10 dev eth1.101 proto kernel scope host src 192.168.101.10
local 192.168.100.10 dev eth1.100 proto kernel scope host src 192.168.100.10
local 192.168.10.2 dev eth0 proto kernel scope host src 192.168.10.2
local 192.168.0.10 dev eth1 proto kernel scope host src 192.168.0.10
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
broadcast 192.168.160.255 dev eth1.15 proto kernel scope link src
192.168.160.10
broadcast 192.168.160.0 dev eth1.15 proto kernel scope link src
192.168.160.10
broadcast 192.168.101.255 dev eth1.101 proto kernel scope link src
192.168.101.10
broadcast 192.168.101.0 dev eth1.101 proto kernel scope link src
192.168.101.10
broadcast 192.168.100.255 dev eth1.100 proto kernel scope link src
192.168.100.10
broadcast 192.168.100.0 dev eth1.100 proto kernel scope link src
192.168.100.10
broadcast 192.168.10.255 dev eth0 proto kernel scope link src 192.168.10.2
broadcast 192.168.10.0 dev eth0 proto kernel scope link src 192.168.10.2
broadcast 192.168.0.255 dev eth1 proto kernel scope link src 192.168.0.10
broadcast 192.168.0.0 dev eth1 proto kernel scope link src 192.168.0.10
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1

Table main:

192.168.160.0/24 dev eth1.15 proto kernel scope link src 192.168.160.10
192.168.101.0/24 dev eth1.101 proto kernel scope link src 192.168.101.10
192.168.100.0/24 dev eth1.100 proto kernel scope link src 192.168.100.10
192.168.10.0/24 dev eth0 proto kernel scope link src 192.168.10.2 metric 100
192.168.1.0/24 via 192.168.100.254 dev eth1.100
192.168.0.0/24 dev eth1 proto kernel scope link src 192.168.0.10 metric 100
169.254.0.0/16 dev eth1.15 scope link metric 1006
169.254.0.0/16 dev eth1.101 scope link metric 1005
169.254.0.0/16 dev eth1.100 scope link metric 1004
default via 192.168.10.1 dev eth0 proto static metric 100

Per-IP Counters

iptaccount is not installed

NF Accounting

No NF Accounting defined (nfacct not found)

Events


/proc

/proc/version = Linux version 3.10.0-327.22.2.el7.x86_64
(***@kbuilder.dev.centos.org) (gcc version 4.8.3 20140911 (Red Hat
4.8.3-9) (GCC) ) #1 SMP Thu Jun 23 17:05:11 UTC 2016
/proc/sys/net/ipv4/ip_forward = 1
/proc/sys/net/ipv4/icmp_echo_ignore_all = 0
/proc/sys/net/ipv4/conf/all/proxy_arp = 0
/proc/sys/net/ipv4/conf/all/arp_filter = 0
/proc/sys/net/ipv4/conf/all/arp_ignore = 0
/proc/sys/net/ipv4/conf/all/rp_filter = 0
/proc/sys/net/ipv4/conf/all/log_martians = 0
/proc/sys/net/ipv4/conf/default/proxy_arp = 0
/proc/sys/net/ipv4/conf/default/arp_filter = 0
/proc/sys/net/ipv4/conf/default/arp_ignore = 0
/proc/sys/net/ipv4/conf/default/rp_filter = 0
/proc/sys/net/ipv4/conf/default/log_martians = 1
/proc/sys/net/ipv4/conf/eth0/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth0/arp_filter = 0
/proc/sys/net/ipv4/conf/eth0/arp_ignore = 0
/proc/sys/net/ipv4/conf/eth0/rp_filter = 0
/proc/sys/net/ipv4/conf/eth0/log_martians = 1
/proc/sys/net/ipv4/conf/eth1/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth1/arp_filter = 0
/proc/sys/net/ipv4/conf/eth1/arp_ignore = 0
/proc/sys/net/ipv4/conf/eth1/rp_filter = 0
/proc/sys/net/ipv4/conf/eth1/log_martians = 1
/proc/sys/net/ipv4/conf/eth1.100/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth1.100/arp_filter = 0
/proc/sys/net/ipv4/conf/eth1.100/arp_ignore = 0
/proc/sys/net/ipv4/conf/eth1.100/rp_filter = 0
/proc/sys/net/ipv4/conf/eth1.100/log_martians = 1
/proc/sys/net/ipv4/conf/eth1.101/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth1.101/arp_filter = 0
/proc/sys/net/ipv4/conf/eth1.101/arp_ignore = 0
/proc/sys/net/ipv4/conf/eth1.101/rp_filter = 0
/proc/sys/net/ipv4/conf/eth1.101/log_martians = 1
/proc/sys/net/ipv4/conf/eth1.15/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth1.15/arp_filter = 0
/proc/sys/net/ipv4/conf/eth1.15/arp_ignore = 0
/proc/sys/net/ipv4/conf/eth1.15/rp_filter = 0
/proc/sys/net/ipv4/conf/eth1.15/log_martians = 1
/proc/sys/net/ipv4/conf/lo/proxy_arp = 0
/proc/sys/net/ipv4/conf/lo/arp_filter = 0
/proc/sys/net/ipv4/conf/lo/arp_ignore = 0
/proc/sys/net/ipv4/conf/lo/rp_filter = 0
/proc/sys/net/ipv4/conf/lo/log_martians = 1

ARP

? (192.168.100.254) at 00:a3:8d:73:0f:1b [ether] on eth1.100
? (192.168.0.1) at 00:24:8c:bf:e6:53 [ether] on eth1
? (192.168.100.21) at 00:15:5d:00:03:1e [ether] on eth1.100
? (192.168.0.11) at 30:91:8f:a3:fe:42 [ether] on eth1
? (192.168.0.2) at 00:1b:78:8f:35:c0 [ether] on eth1
? (192.168.10.1) at 00:60:64:ce:69:54 [ether] on eth0
? (192.168.0.4) at 00:15:5d:00:03:12 [ether] on eth1
? (192.168.0.101) at 1c:6f:65:9e:08:2a [ether] on eth1
? (192.168.100.1) at 00:15:5d:00:03:1c [ether] on eth1.100
? (192.168.0.111) at 88:63:df:1d:b0:46 [ether] on eth1
? (192.168.160.1) at e8:39:35:5e:f2:35 [ether] on eth1.15
? (192.168.0.3) at 6c:f0:49:68:11:9b [ether] on eth1
? (192.168.0.5) at a0:63:91:94:cc:a9 [ether] on eth1
? (192.168.160.100) at d8:cb:8a:c4:23:3d [ether] on eth1.15
? (192.168.0.6) at a0:63:91:7a:ed:0b [ether] on eth1
? (172.31.82.140) at 00:ae:51:8b:f0:0a [ether] on eth1.100
? (192.168.0.21) at e4:8b:7f:e4:d9:34 [ether] on eth1
? (192.168.0.12) at 18:e3:bc:33:09:ec [ether] on eth1

Modules

ip_set 36439 2 ip_set_hash_ip,xt_set
ip_set_hash_ip 27260 0
ip_tables 27240 4
iptable_filter,iptable_mangle,iptable_nat,iptable_raw
ipt_CLUSTERIP 13508 0
ipt_ECN 12529 0
ipt_MASQUERADE 12678 3
ipt_REJECT 12541 4
ipt_ah 12806 0
ipt_rpfilter 12546 0
iptable_filter 12810 1
iptable_mangle 12695 1
iptable_nat 12875 1
iptable_raw 12678 1
nf_conntrack 105745 34
nf_nat_ftp,nf_nat_irc,nf_nat_sip,nf_nat_amanda,xt_CT,nf_nat_snmp_basic,nf_co
nntrack_netbios_ns,nf_conntrack_proto_gre,xt_helper,nf_conntrack_proto_udpli
te,nf_nat,xt_state,xt_connlimit,nf_nat_h323,nf_nat_ipv4,nf_nat_pptp,nf_nat_t
ftp,xt_conntrack,nf_conntrack_amanda,nf_nat_masquerade_ipv4,ipt_CLUSTERIP,nf
_conntrack_proto_sctp,nf_conntrack_netlink,nf_conntrack_broadcast,xt_connmar
k,nf_conntrack_ftp,nf_conntrack_irc,nf_conntrack_sip,nf_conntrack_h323,nf_co
nntrack_ipv4,nf_conntrack_pptp,nf_conntrack_sane,nf_conntrack_snmp,nf_conntr
ack_tftp
nf_conntrack_amanda 13041 3 nf_nat_amanda
nf_conntrack_broadcast 12589 2 nf_conntrack_netbios_ns,nf_conntrack_snmp
nf_conntrack_ftp 18638 3 nf_nat_ftp
nf_conntrack_h323 73895 5 nf_nat_h323
nf_conntrack_ipv4 14862 63
nf_conntrack_irc 13518 3 nf_nat_irc
nf_conntrack_netbios_ns 12665 2
nf_conntrack_netlink 36150 0
nf_conntrack_pptp 19257 3 nf_nat_pptp
nf_conntrack_proto_gre 14287 1 nf_conntrack_pptp
nf_conntrack_proto_sctp 18877 0
nf_conntrack_proto_udplite 13122 0
nf_conntrack_sane 13143 2
nf_conntrack_sip 33860 3 nf_nat_sip
nf_conntrack_snmp 12857 3 nf_nat_snmp_basic
nf_conntrack_tftp 13121 3 nf_nat_tftp
nf_defrag_ipv4 12729 2 xt_TPROXY,nf_conntrack_ipv4
nf_defrag_ipv6 34768 1 xt_TPROXY
nf_log_common 13317 1 nf_log_ipv4
nf_log_ipv4 12767 2
nf_nat 26146 11
nf_nat_ftp,nf_nat_irc,nf_nat_sip,nf_nat_amanda,nf_nat_proto_gre,nf_nat_h323,
nf_nat_ipv4,nf_nat_pptp,nf_nat_tftp,xt_nat,nf_nat_masquerade_ipv4
nf_nat_amanda 12491 0
nf_nat_ftp 12770 0
nf_nat_h323 17720 0
nf_nat_ipv4 14115 1 iptable_nat
nf_nat_irc 12723 0
nf_nat_masquerade_ipv4 13412 1 ipt_MASQUERADE
nf_nat_pptp 13115 0
nf_nat_proto_gre 13009 1 nf_nat_pptp
nf_nat_sip 17152 0
nf_nat_snmp_basic 17302 0
nf_nat_tftp 12489 0
xt_AUDIT 12678 0
xt_CHECKSUM 12549 0
xt_CLASSIFY 12507 0
xt_CT 12956 22
xt_DSCP 12629 0
xt_LOG 12690 2
xt_NFLOG 12537 0
xt_NFQUEUE 12697 0
xt_TCPMSS 12664 0
xt_TPROXY 17327 0
xt_addrtype 12635 4
xt_comment 12504 54
xt_connlimit 12917 0
xt_connmark 12755 0
xt_conntrack 12760 40
xt_dccp 12606 0
xt_dscp 12597 0
xt_hashlimit 17569 0
xt_helper 12583 0
xt_iprange 12783 2
xt_length 12536 0
xt_limit 12711 0
xt_mac 12492 0
xt_mark 12563 8
xt_multiport 12798 5
xt_nat 12681 11
xt_owner 12534 0
xt_physdev 12587 0
xt_pkttype 12504 0
xt_policy 12582 0
xt_realm 12498 0
xt_recent 18542 1
xt_sctp 12853 0
xt_set 13181 0
xt_state 12578 0
xt_statistic 12601 0
xt_tcpmss 12501 0
xt_time 12661 0

Shorewall has detected the following iptables/netfilter capabilities:
ACCOUNT Target (ACCOUNT_TARGET): Not available
AUDIT Target (AUDIT_TARGET): Available
Address Type Match (ADDRTYPE): Available
Amanda Helper: Available
Arptables JF (ARPTABLESJF): Not available
Basic Ematch (BASIC_EMATCH): Available
Basic Filter (BASIC_FILTER): Available
CLASSIFY Target (CLASSIFY_TARGET): Available
CONNMARK Target (CONNMARK): Available
CT Target (CT_TARGET): Available
Capabilities Version (CAPVERSION): 50004
Checksum Target (CHECKSUM_TARGET): Available
Comments (COMMENTS): Available
Condition Match (CONDITION_MATCH): Not available
Connection Tracking Match (CONNTRACK_MATCH): Available
Connlimit Match (CONNLIMIT_MATCH): Available
Connmark Match (CONNMARK_MATCH): Available
DSCP Match (DSCP_MATCH): Available
DSCP Target (DSCP_TARGET): Available
Enhanced Multi-port Match (EMULIPORT): Available
Extended CONNMARK Target (XCONNMARK): Available
Extended Connection Tracking Match Support (NEW_CONNTRACK_MATCH):
Available
Extended Connmark Match (XCONNMARK_MATCH): Available
Extended MARK Target (XMARK): Available
Extended MARK Target 2 (EXMARK): Available
Extended Multi-port Match (XMULIPORT): Available
Extended REJECT (ENHANCED_REJECT): Available
FLOW Classifier (FLOW_FILTER): Available
FTP Helper: Available
FTP-0 Helper: Not available
Geo IP Match (GEOIP_MATCH): Not available
Goto Support (GOTO_TARGET): Available
H323 Helper: Available
Hashlimit Match (HASHLIMIT_MATCH): Available
Header Match (HEADER_MATCH): Not available
Helper Match (HELPER_MATCH): Available
IMQ Target (IMQ_TARGET): Not available
IP range Match(IPRANGE_MATCH): Available
IPMARK Target (IPMARK_TARGET): Not available
IPP2P Match (IPP2P_MATCH): Not available
IRC Helper: Available
IRC-0 Helper: Not available
Iface Match (IFACE_MATCH): Not available
Ipset Match (IPSET_MATCH): Available
Ipset Match Counters (IPSET_MATCH_COUNTERS): Available
Ipset Match Nomatch (IPSET_MATCH_NOMATCH): Available
Kernel Version (KERNELVERSION): 31000
LOG Target (LOG_TARGET): Available
LOGMARK Target (LOGMARK_TARGET): Not available
MARK Target (MARK): Available
MASQUERADE Target (MASQUERADE_TGT): Available
Mangle FORWARD Chain (MANGLE_FORWARD): Available
Mark in the filter table (MARK_ANYWHERE): Available
Multi-port Match (MULTIPORT): Available
NAT (NAT_ENABLED): Available
NFAcct Match: Not available
NFLOG Target (NFLOG_TARGET): Available
NFQUEUE Target (NFQUEUE_TARGET): Available
Netbios_ns Helper: Available
New tos Match (NEW_TOS_MATCH): Available
Owner Match (OWNER_MATCH): Available
Owner Name Match (OWNER_NAME_MATCH): Available
PPTP Helper: Available
Packet Mangling (MANGLE_ENABLED): Available
Packet Type Match (USEPKTTYPE): Available
Packet length Match (LENGTH_MATCH): Available
Persistent SNAT (PERSISTENT_SNAT): Available
Physdev Match (PHYSDEV_MATCH): Available
Physdev-is-bridged Support (PHYSDEV_BRIDGE): Available
Policy Match (POLICY_MATCH): Available
RPFilter Match (RPFILTER_MATCH): Available
Raw Table (RAW_TABLE): Available
Rawpost Table (RAWPOST_TABLE): Not available
Realm Match (REALM_MATCH): Available
Recent Match "--reap" option (REAP_OPTION): Available
Recent Match (RECENT_MATCH): Available
Repeat match (KLUDGEFREE): Available
SANE Helper: Available
SANE-0 Helper: Not available
SIP Helper: Available
SIP-0 Helper: Not available
SNMP Helper: Available
Statistic Match (STATISTIC_MATCH): Available
TARPIT Target (TARPIT_TARGET): Not available
TCPMSS Match (TCPMSS_MATCH): Available
TCPMSS Target (TCPMSS_TARGET): Available
TFTP Helper: Available
TFTP-0 Helper: Not available
TPROXY Target (TPROXY_TARGET): Available
Time Match (TIME_MATCH): Available
UDPLITE Port Redirection (UDPLITEREDIRECT): Not available
ULOG Target (ULOG_TARGET): Not available
fwmark route mask (FWMARK_RT_MASK): Available
ipset V5 (IPSET_V5): Available
iptables --wait option (WAIT_OPTION): Available
iptables -S (IPTABLES_S): Available

Netid State Recv-Q Send-Q Local Address:Port Peer
Address:Port
Cannot open netlink socket: Permission denied
Cannot open netlink socket: Permission denied
udp UNCONN 0 0 *:10000 *:*
users:(("miniserv.pl",pid=2313,fd=5))
udp UNCONN 0 0 127.0.0.1:53 *:*

udp UNCONN 0 0 *:67 *:*
users:(("dhcrelay",pid=1156,fd=9))
udp UNCONN 0 0 *:161 *:*
users:(("snmpd",pid=1154,fd=6))
udp UNCONN 0 0 *:16931 *:*
users:(("dhcrelay",pid=1156,fd=20))
udp UNCONN 0 0 *:33959 *:*

tcp LISTEN 0 0 127.0.0.1:53 *:*

tcp LISTEN 0 0 *:22 *:*
users:(("sshd",pid=1153,fd=3))
tcp LISTEN 0 0 127.0.0.1:953 *:*

tcp LISTEN 0 0 *:443 *:*
users:(("miniserv.pl",pid=2313,fd=4))
tcp LISTEN 0 0 127.0.0.1:199 *:*
users:(("snmpd",pid=1154,fd=7))
tcp ESTAB 0 0 192.168.0.10:443
192.168.0.101:53446 users:(("miniserv.pl",pid=10702,fd=8))
tcp ESTAB 0 0 192.168.10.2:36020
23.23.164.218:443
tcp ESTAB 0 351 192.168.0.10:443
192.168.0.101:53440 users:(("/usr/libexec/we",pid=10653,fd=8))
tcp ESTAB 0 0 192.168.10.2:55804
31.13.95.36:443
tcp ESTAB 0 0 192.168.0.10:22
192.168.0.101:51466 users:(("sshd",pid=6531,fd=3))
tcp ESTAB 0 0 192.168.10.2:41862
40.96.13.194:443
tcp ESTAB 0 0 192.168.10.2:48084
31.13.70.7:443
tcp ESTAB 0 0 192.168.10.2:58020
31.13.95.36:443
tcp ESTAB 0 0 192.168.0.10:443
192.168.0.101:53448 users:(("miniserv.pl",pid=10704,fd=8))
tcp ESTAB 0 0 192.168.10.2:59874
144.131.81.18:443
tcp ESTAB 0 0 192.168.10.2:50018
31.13.70.7:443
tcp ESTAB 0 0 192.168.0.10:443
192.168.0.101:53445 users:(("miniserv.pl",pid=10701,fd=8))
tcp ESTAB 0 0 192.168.10.2:48318
107.21.254.19:80
tcp ESTAB 0 0 192.168.10.2:41110
31.13.95.8:443
tcp ESTAB 0 0 192.168.10.2:37754
58.162.61.20:443
tcp ESTAB 0 0 192.168.10.2:42212
31.13.95.8:443
tcp ESTAB 0 0 192.168.10.2:39246
31.13.95.8:443
tcp ESTAB 0 0 192.168.0.10:443
192.168.0.101:53447 users:(("miniserv.pl",pid=10703,fd=8))
tcp ESTAB 0 0 192.168.10.2:32960
31.13.95.36:443
tcp ESTAB 0 0 192.168.10.2:52206
54.230.141.251:80

Traffic Control

Device eth0:
qdisc htb 1: root refcnt 2 r2q 7 default 15 direct_packets_stat 0 ver 3.17
Sent 76609573 bytes 426953 pkt (dropped 0, overlimits 21230 requeues 0)
backlog 0b 0p requeues 0
qdisc sfq 2: parent 1:11 limit 127p quantum 1500b depth 127 flows 127/1024
divisor 1024 perturb 10sec
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
qdisc sfq 3: parent 1:12 limit 127p quantum 5000b depth 127 flows 127/1024
divisor 1024 perturb 10sec
Sent 340052 bytes 3568 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
qdisc sfq 4: parent 1:13 limit 127p quantum 2500b depth 127 flows 127/1024
divisor 1024 perturb 10sec
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
qdisc sfq 5: parent 1:14 limit 127p quantum 16000b depth 127 flows 127/1024
divisor 1024 perturb 10sec
Sent 934757 bytes 7821 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
qdisc sfq 6: parent 1:15 limit 127p quantum 1500b depth 127 flows 127/1024
divisor 1024 perturb 10sec
Sent 75334764 bytes 415564 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
qdisc ingress ffff: parent ffff:fff1 ----------------
Sent 559150464 bytes 479723 pkt (dropped 900, overlimits 0 requeues 0)
backlog 0b 0p requeues 0

class htb 1:11 parent 1:1 leaf 2: prio 1 quantum 1500 rate 30000bit ceil
1500Kbit burst 1599b/1 mpu 0b overhead 0b cburst 1599b/1 mpu 0b overhead 0b
level 0
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
lended: 0 borrowed: 0 giants: 0
tokens: 6666656 ctokens: 133328

class htb 1:1 root rate 1500Kbit ceil 1500Kbit burst 1599b/1 mpu 0b overhead
0b cburst 1599b/1 mpu 0b overhead 0b level 7
Sent 76609573 bytes 426953 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
lended: 307635 borrowed: 0 giants: 0
tokens: 115078 ctokens: 115078

class htb 1:13 parent 1:1 leaf 4: prio 3 quantum 2500 rate 150000bit ceil
1500Kbit burst 1599b/1 mpu 0b overhead 0b cburst 1599b/1 mpu 0b overhead 0b
level 0
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
lended: 0 borrowed: 0 giants: 0
tokens: 1333328 ctokens: 133328

class htb 1:12 parent 1:1 leaf 3: prio 2 quantum 5000 rate 300000bit ceil
1500Kbit burst 1599b/1 mpu 0b overhead 0b cburst 1599b/1 mpu 0b overhead 0b
level 0
Sent 340052 bytes 3568 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
lended: 3568 borrowed: 0 giants: 0
tokens: 627906 ctokens: 125578

class htb 1:15 parent 1:1 leaf 6: prio 5 quantum 1500 rate 45000bit ceil
1500Kbit burst 1599b/1 mpu 0b overhead 0b cburst 1599b/1 mpu 0b overhead 0b
level 0
Sent 75334764 bytes 415564 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
lended: 107945 borrowed: 307612 giants: 0
tokens: 3836103 ctokens: 115078

class htb 1:14 parent 1:1 leaf 5: prio 4 quantum 16000 rate 960000bit ceil
1500Kbit burst 1599b/1 mpu 0b overhead 0b cburst 1599b/1 mpu 0b overhead 0b
level 0
Sent 934757 bytes 7821 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
lended: 7789 borrowed: 23 giants: 0
tokens: 196740 ctokens: 126803


Device eth1:
qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1
1 1 1
Sent 58789979434 bytes 41147317 pkt (dropped 0, overlimits 0 requeues
18307)
backlog 0b 0p requeues 18307



TC Filters

Device eth0:
filter parent ffff: protocol all pref 10 basic
filter parent ffff: protocol all pref 10 basic handle 0x1
police 0x9 rate 14000Kbit burst 10Kb mtu 2Kb action drop overhead 0b
ref 1 bind 1
Sent 559150672 bytes 479724 pkts (dropped 900, overlimits 900)
filter parent 1: protocol all pref 276 fw
filter parent 1: protocol all pref 276 fw handle 0x1 classid 1:11
filter parent 1: protocol all pref 532 fw
filter parent 1: protocol all pref 532 fw handle 0x2 classid 1:12
filter parent 1: protocol all pref 788 fw
filter parent 1: protocol all pref 788 fw handle 0x3 classid 1:13
filter parent 1: protocol all pref 1044 fw
filter parent 1: protocol all pref 1044 fw handle 0x4 classid 1:14
filter parent 1: protocol all pref 1300 fw
filter parent 1: protocol all pref 1300 fw handle 0x5 classid 1:15

Node 2:

Node 4:

Node 3:

Node 6:

Node 5:

Device eth1:


-----Original Message-----
From: Tom Eastep [mailto:***@shorewall.net]
Sent: Tuesday, 2 August 2016 1:44 AM
To: shorewall-***@lists.sourceforge.net
Subject: Re: [Shorewall-users] Shorewall ARP issue

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Post by Kade W. Hampson
Greetings!
I am having an issue with my VPN bridge sitting in the DMZ of my network.
Pretty much how it works it creates a virtual interface and assigns it
an IP address that it uses as the gateway between the two edges of the
bridge.
The issue is that I can't access the IP address in any other zones
except the DMZ, even though Shorewall contains the IP in its ARP.
(192.168.100.254) at 00:a3:8d:73:0f:1b [ether] on DMZ
I have allowed all traffic through to and from the DMZ and that still
hasn't fixed the issue.
Please forward the output of 'shorewall dump' collected as described at
http://www.shorewall.org/support.htm#Guidelines

Thanks,
- -Tom

- --
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJXn25WAAoJEJbms/JCOk0QOtgQAKV4Yq5AKf34hBITrzWE0kd7
feHWb+E8P2NH4SlZ9qWsAff//YqpEEtLyh8GjK/YbXjN+igY4edIcu/DnqQ556cx
ThK67/bQXTc2vinnU9PNnn7afgAGYt6L0USPN7L/XEbLQ/IyVORm6uUP+6z3b5A1
qNk8hzZcclc5xAVKRcU4x2cqgUWWjRCzFsNkRC0DA/28IkRuZIkj0Sfglew+MyOT
2lzTLytsHd/wC2o7JEkcYdYFFhMY1hDz21JzwO9gStDYCLmHCC9jXwTjmiAX615Z
QBJL+gzDUMlvqgWcJvCHqz9mJedVn449TA9cpBKa9of72SRob4M8UH6a7nNa1Deg
ccbIY7n4kPLYfETva2SbeasOqdlQKXBYGL29ZlcFTClZvk5oiYrcTsqJbKVVrPqI
zEHMlyJLLzWKNCfl2NMRzjmHjRN7Qmdgo2IP3aJ6uQIZLW2yCl+p3AYJOTsM4LJC
gVyAp4TzoF+/nqHnLYGvZAjXk3qXtvg7VL5SDCo/Fe63bkTnFp/HIUPQszUvmoo4
ZqhLe5idP/7Js6eiUwglPV9Z0uOW6lUkGjqSiQ9ZzliLGA96817GxsiLOBF1EXkU
TP7NbcX+n1uAt8GGgN05qAvKR4xlTrd2kDvgkt4nr+l5fNzEMXO0KlS6oKAzYbz7
deD8r9fDGHtf2k0ohZ4X
=95X2
-----END PGP SIGNATURE-----

----------------------------------------------------------------------------
--
_______________________________________________
Shorewall-users mailing list
Shorewall-***@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users



------------------------------------------------------------------------------
Tom Eastep
2016-08-02 03:32:54 UTC
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Post by Kade W. Hampson
It's a big one, here you go.
Two things:

a) The instructions at http://www.shorewall.net/suport.htm#Guidelines
say:

Post the /tmp/status.txt file as an attachment compressed with
gzip or bzip2.

Post the /tmp/shorewall_dump.txt file as an attachment
compressed with gzip or bzip2.

You apparently just copied it into your email where your mailer
folded it into an unreadable mess.

b) The output of the dump shows no bridges. But it also shows no rules
referring to any interfaces other than eth*. Have you defined your
bridge to Shorewall in /etc/shorewall/interfaces?

- -Tom
- --
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJXoBRmAAoJEJbms/JCOk0QI1wQAJsgXIXpobArgH4Y1oqUTb55
aklhWCJZz/XSMB8c9HTWXZMnZx30RWiYWa5F5oDwDxgqn6U0XBtkHNGEGqpkQoAH
qoN4wK7CzwcFTtAJGnnhMR1dY9f0AGncaMzL15Vp/KBQPfir9XnjpZYYm5Cu8xTM
eJ3N2Bmjg29cOfZz2KxNxc4RUuol4MF1jnhAzpWtE+Ul2apGCjBRF9woXoeez14C
sBubnlRpIiNa500ck6OtXtym7u1eHQ+/QZK2Nv+VaXMGau88pDzuWXMwfj4zvZw4
nb9vBFvDBUDir2w5ti3A1bvkMi2CMIMrkh4VcIa9KpfBkpQmuV4osobMhHJq+fDP
YpQj4ev0Zi+JHKsmRttqRgmgC08ZKGAgQvgQolPS9TQqpo9FpRAOyu1UT7r2mjWo
k+sQgp3bfWeyu7K7mPAFB5RlIPcegh6wOHgvSeQ0PHxuosc1/7YscxT70aiFEwme
MYXKSP7Jmb28mDbHq57NiP+RK7iTWoiuyzKRjbosPrQ5WvokX8OX0JGO1Hu8hUy/
rCWxQLlhTZgDrM9L/qPO2xYuM72dpPm4lpF+xKuA/cWvXzqyAtibvr05Cb658qVw
ytzUd/l8EIMprcViaQIn6o7O3ZgvVoQuGXqNFyCTbPd9D7a1vuctxTIOaFk8Biut
7b7Zn41B3SkUWwy6z1E1
=/X3k
-----END PGP SIGNATURE-----

------------------------------------------------------------------------------
Loading...