Discussion:
[Shorewall-users] How can i disable sfilter on 5.1.4.1 ?
kazabe
2017-07-17 16:33:39 UTC
Permalink
Hi.

Im experimenting some issues on my latest firewall upgrade. Some
forwarded connection are restarted many times and the access to the
lan to internet using simply nat are failing.

/etc/shorewall/masq
eth1 192.168.1.0/24

I see in the log a log sfilter DROP messages. I add all our local
networks and the issue continue

/etc/shorewall/interfaces
loc eth0
sfilter=(192.168.0.0/24,192.168.2.0/24,192.168.3.0/24,192.168.4.0/24,192.168.5.0
/24,192.168.6.0/24,192.168.7.0/24,192.168.8.0/24,192.168.9.0/24,192.168.10.0/24)


Jul 17 10:53:47 CompanyFirewall kernel: FIREWALL-sfilter DROP IN=eth1
OUT=eth1 SRC=192.168.1.129 DST=104.154.127.85 LEN=1280 TOS=0x00
PREC=0x00 TTL=63 ID=56231 DF PROTO=TCP SPT=55708 DPT=4070 WINDOW=4414
RES=0x00 ACK URGP=0
Jul 17 10:53:47 CompanyFirewall kernel: FIREWALL-sfilter DROP IN=eth1
OUT=eth1 SRC=192.168.1.111 DST=8.8.8.8 LEN=64 TOS=0x00 PREC=0x00
TTL=127 ID=18895 PROTO=UDP SPT=51820 DPT=53 LEN=44


If we do a ping to the google dns 8.8.8.8 from a lan pc, dont receive
answer (and the network connection icon in the system Tray show
alert). But if i do a tracert to 8.8.8.8, the alert dissapear and can
access to internet again.

How can i solve that?

Thanks a lot

«Existen dos cosas infinitas:
el universo y la estupidez humana... y no estoy muy seguro de la primera» :
Albert Einstein
Roberto C. Sánchez
2017-07-17 16:43:23 UTC
Permalink
Post by kazabe
/etc/shorewall/interfaces
loc eth0
sfilter=(192.168.0.0/24,192.168.2.0/24,192.168.3.0/24,192.168.4.0/24,192.168.5.0
/24,192.168.6.0/24,192.168.7.0/24,192.168.8.0/24,192.168.9.0/24,192.168.10.0/24)
Jul 17 10:53:47 CompanyFirewall kernel: FIREWALL-sfilter DROP IN=eth1
OUT=eth1 SRC=192.168.1.129 DST=104.154.127.85 LEN=1280 TOS=0x00
PREC=0x00 TTL=63 ID=56231 DF PROTO=TCP SPT=55708 DPT=4070 WINDOW=4414
RES=0x00 ACK URGP=0
Jul 17 10:53:47 CompanyFirewall kernel: FIREWALL-sfilter DROP IN=eth1
OUT=eth1 SRC=192.168.1.111 DST=8.8.8.8 LEN=64 TOS=0x00 PREC=0x00
TTL=127 ID=18895 PROTO=UDP SPT=51820 DPT=53 LEN=44
I suspect that you need to add the 'routeback' option to the eth1 entry
in interfaces.
Post by kazabe
If we do a ping to the google dns 8.8.8.8 from a lan pc, dont receive
answer (and the network connection icon in the system Tray show
alert). But if i do a tracert to 8.8.8.8, the alert dissapear and can
access to internet again.
Can you provide the output of 'shorewall dump' run as root after
attempting the ping that fails?

Regards,

-Roberto
--
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
kazabe
2017-07-21 13:31:52 UTC
Permalink
HI.

this is the shorewall dump

Shorewall 5.1.4.1 Dump at CompanyFirewall - vie jul 21 08:22:37 -05 2017

Shorewall is running
State:Started dom jul 16 10:37:02 -05 2017 from /etc/shorewall/
(/var/lib/shorewall/firewall compiled jue jul 6 07:56:38 -05 2017 by
Shorewall version 5.1.4.1)

Counters reset dom jul 16 10:37:02 -05 2017

Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
1009K 95M ~comb0 all -- ppp+ * 0.0.0.0/0
0.0.0.0/0
52M 29G eth0_in all -- eth0 * 0.0.0.0/0
0.0.0.0/0
5838 333K ~comb0 all -- tun+ * 0.0.0.0/0
0.0.0.0/0
29M 73G net-fw all -- eth1 * 0.0.0.0/0
0.0.0.0/0
4107 301K ACCEPT all -- lo * 0.0.0.0/0
0.0.0.0/0
0 0 Broadcast all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0 ADDRTYPE match dst-type MULTICAST
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0
level 6 prefix `FIREWALL-INPUT REJECT '
0 0 reject all -- * * 0.0.0.0/0
0.0.0.0/0 [goto]

Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
8024K 1790M ppp+_fwd all -- ppp+ * 0.0.0.0/0
0.0.0.0/0
35M 16G eth0_fwd all -- eth0 * 0.0.0.0/0
0.0.0.0/0
0 0 tun+_fwd all -- tun+ * 0.0.0.0/0
0.0.0.0/0
35M 35G net_frwd all -- eth1 * 0.0.0.0/0
0.0.0.0/0
0 0 Broadcast all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0 ADDRTYPE match dst-type MULTICAST
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0
level 6 prefix `FIREWALL-FORWARD REJECT '
0 0 reject all -- * * 0.0.0.0/0
0.0.0.0/0 [goto]

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
880K 105M fw-loc all -- * ppp+ 0.0.0.0/0
0.0.0.0/0
41M 79G fw-loc all -- * eth0 0.0.0.0/0
0.0.0.0/0
5861 2239K fw-loc all -- * tun+ 0.0.0.0/0
0.0.0.0/0
12M 3469M fw-net all -- * eth1 0.0.0.0/0
0.0.0.0/0
4107 301K ACCEPT all -- * lo 0.0.0.0/0
0.0.0.0/0
0 0 Broadcast all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0 ADDRTYPE match dst-type MULTICAST
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0
level 6 prefix `FIREWALL-OUTPUT REJECT '
0 0 reject all -- * * 0.0.0.0/0
0.0.0.0/0 [goto]

Chain Broadcast (5 references)
pkts bytes target prot opt in out source
destination
445K 50M DROP all -- * * 0.0.0.0/0
0.0.0.0/0 ADDRTYPE match dst-type BROADCAST
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0 ADDRTYPE match dst-type ANYCAST

Chain dynamic (7 references)
pkts bytes target prot opt in out source
destination

Chain eth0_fwd (1 references)
pkts bytes target prot opt in out source
destination
0 0 sfilter all -- * * 192.168.0.0/24
0.0.0.0/0 [goto]
0 0 sfilter all -- * * 192.168.2.0/24
0.0.0.0/0 [goto]
0 0 sfilter all -- * * 192.168.3.0/24
0.0.0.0/0 [goto]
0 0 sfilter all -- * * 192.168.4.0/24
0.0.0.0/0 [goto]
0 0 sfilter all -- * * 192.168.5.0/24
0.0.0.0/0 [goto]
0 0 sfilter all -- * * 192.168.6.0/24
0.0.0.0/0 [goto]
0 0 sfilter all -- * * 192.168.7.0/24
0.0.0.0/0 [goto]
0 0 sfilter all -- * * 192.168.8.0/24
0.0.0.0/0 [goto]
0 0 sfilter all -- * * 192.168.9.0/24
0.0.0.0/0 [goto]
0 0 sfilter all -- * * 192.168.10.0/24
0.0.0.0/0 [goto]
0 0 sfilter all -- * * 192.168.11.0/24
0.0.0.0/0 [goto]
0 0 sfilter all -- * * 192.168.12.0/24
0.0.0.0/0 [goto]
0 0 sfilter all -- * * 192.168.13.0/24
0.0.0.0/0 [goto]
0 0 sfilter all -- * * 192.168.14.0/24
0.0.0.0/0 [goto]
0 0 sfilter all -- * * 192.168.15.0/24
0.0.0.0/0 [goto]
0 0 sfilter all -- * * 192.168.16.0/24
0.0.0.0/0 [goto]
0 0 sfilter all -- * * 192.168.17.0/24
0.0.0.0/0 [goto]
0 0 sfilter all -- * * 192.168.18.0/24
0.0.0.0/0 [goto]
0 0 sfilter all -- * * 192.168.19.0/24
0.0.0.0/0 [goto]
0 0 sfilter all -- * * 192.168.20.0/24
0.0.0.0/0 [goto]
2941K 647M dynamic all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate INVALID,NEW,UNTRACKED
27M 14G tcpflags tcp -- * * 0.0.0.0/0
0.0.0.0/0
35M 16G loc_frwd all -- * * 0.0.0.0/0
0.0.0.0/0

Chain eth0_in (1 references)
pkts bytes target prot opt in out source
destination
48 2760 sfilter all -- * * 192.168.0.0/24
0.0.0.0/0 [goto]
0 0 sfilter all -- * * 192.168.2.0/24
0.0.0.0/0 [goto]
0 0 sfilter all -- * * 192.168.3.0/24
0.0.0.0/0 [goto]
0 0 sfilter all -- * * 192.168.4.0/24
0.0.0.0/0 [goto]
0 0 sfilter all -- * * 192.168.5.0/24
0.0.0.0/0 [goto]
0 0 sfilter all -- * * 192.168.6.0/24
0.0.0.0/0 [goto]
12 690 sfilter all -- * * 192.168.7.0/24
0.0.0.0/0 [goto]
0 0 sfilter all -- * * 192.168.8.0/24
0.0.0.0/0 [goto]
0 0 sfilter all -- * * 192.168.9.0/24
0.0.0.0/0 [goto]
0 0 sfilter all -- * * 192.168.10.0/24
0.0.0.0/0 [goto]
0 0 sfilter all -- * * 192.168.11.0/24
0.0.0.0/0 [goto]
21 1146 sfilter all -- * * 192.168.12.0/24
0.0.0.0/0 [goto]
0 0 sfilter all -- * * 192.168.13.0/24
0.0.0.0/0 [goto]
24 1380 sfilter all -- * * 192.168.14.0/24
0.0.0.0/0 [goto]
54 2818 sfilter all -- * * 192.168.15.0/24
0.0.0.0/0 [goto]
48 2760 sfilter all -- * * 192.168.16.0/24
0.0.0.0/0 [goto]
0 0 sfilter all -- * * 192.168.17.0/24
0.0.0.0/0 [goto]
0 0 sfilter all -- * * 192.168.18.0/24
0.0.0.0/0 [goto]
12 690 sfilter all -- * * 192.168.19.0/24
0.0.0.0/0 [goto]
0 0 sfilter all -- * * 192.168.20.0/24
0.0.0.0/0 [goto]
455K 52M dynamic all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate INVALID,NEW,UNTRACKED
51M 29G tcpflags tcp -- * * 0.0.0.0/0
0.0.0.0/0
52M 29G loc-fw all -- * * 0.0.0.0/0
0.0.0.0/0

Chain fw-loc (3 references)
pkts bytes target prot opt in out source
destination
42M 79G ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ~log0 all -- * * 186.43.33.122
0.0.0.0/0 [goto]
262 27446 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0
level 6 prefix `FIREWALL-fw-loc ACCEPT '
262 27446 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0

Chain fw-net (1 references)
pkts bytes target prot opt in out source
destination
12M 3468M ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ~log1 all -- * * 186.43.33.122
0.0.0.0/0 [goto]
2067 156K LOG all -- * * 0.0.0.0/0
0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0
level 6 prefix `FIREWALL-fw-net ACCEPT '
3095 221K ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0

Chain loc-fw (2 references)
pkts bytes target prot opt in out source
destination
52M 29G ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ~log2 all -- * * 186.43.33.122
0.0.0.0/0 [goto]
1325K 135M LOG all -- * * 0.0.0.0/0
0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0
level 6 prefix `FIREWALL-loc-fw ACCEPT '
1458K 146M ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0

Chain loc-net (1 references)
pkts bytes target prot opt in out source
destination
26M 13G ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ~log3 all -- * * 186.43.33.122
0.0.0.0/0 [goto]
0 0 ~log8 tcp -- * * 192.168.1.101
0.0.0.0/0 [goto] multiport dports 25,465,587,53 /* :
PUBLICACION VPN PPTP */
0 0 ~log8 udp -- * * 192.168.1.101
0.0.0.0/0 [goto] udp dpt:53 /* : PUBLICACION VPN PPTP */
883K 241M LOG all -- * * 0.0.0.0/0
0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0
level 6 prefix `FIREWALL-loc-net ACCEPT '
1169K 311M ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0

Chain loc_frwd (3 references)
pkts bytes target prot opt in out source
destination
6501K 2714M ACCEPT all -- * ppp+ 0.0.0.0/0
0.0.0.0/0
9522K 2127M ACCEPT all -- * eth0 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT all -- * tun+ 0.0.0.0/0
0.0.0.0/0
27M 13G loc-net all -- * eth1 0.0.0.0/0
0.0.0.0/0

Chain logdrop (0 references)
pkts bytes target prot opt in out source
destination
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0

Chain logflags (7 references)
pkts bytes target prot opt in out source
destination
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 4
level 6 prefix `FIREWALL-logflags DROP '
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0

Chain logreject (0 references)
pkts bytes target prot opt in out source
destination
0 0 reject all -- * * 0.0.0.0/0
0.0.0.0/0

Chain net-fw (1 references)
pkts bytes target prot opt in out source
destination
518K 55M dynamic all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate INVALID,NEW,UNTRACKED
16M 70G tcpflags tcp -- * * 0.0.0.0/0
0.0.0.0/0
28M 73G ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ~log4 all -- * * 186.43.33.122
0.0.0.0/0 [goto]
0 0 ~log6 tcp -- * * 190.249.18.151
0.0.0.0/0 [goto] tcp dpt:22 /* : ACCESO SOPORTE */
768 39792 ~log6 tcp -- * * 0.0.0.0/0
0.0.0.0/0 [goto] tcp dpt:1723 /* : PUBLICACION VPN PPTP */
595 86557 ~log6 47 -- * * 0.0.0.0/0
0.0.0.0/0 [goto] /* : PUBLICACION VPN PPTP */
517K 55M Broadcast all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0 ADDRTYPE match dst-type MULTICAST
70338 4387K LOG all -- * * 0.0.0.0/0
0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0
level 6 prefix `FIREWALL-net-fw DROP '
71434 4515K DROP all -- * * 0.0.0.0/0
0.0.0.0/0

Chain net-loc (3 references)
pkts bytes target prot opt in out source
destination
35M 35G ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ~log5 all -- * * 186.43.33.122
0.0.0.0/0 [goto]
0 0 ~log7 tcp -- * * 190.249.18.151
0.0.0.0/0 [goto] tcp dpt:22 /* : ACCESO SOPORTE */
24735 1265K ACCEPT tcp -- * * 0.0.0.0/0
192.168.1.101 multiport dports 80,8080 /* : PUBLICACION SERVIDOR
DOC */
0 0 ACCEPT tcp -- * * 0.0.0.0/0
192.168.1.101 multiport dports 8787,87 /* : PUBLICACION SERVIDOR
DOC */
0 0 ~log7 tcp -- * * 0.0.0.0/0
0.0.0.0/0 [goto] tcp dpt:1723 /* : PUBLICACION VPN PPTP */
0 0 ~log7 47 -- * * 0.0.0.0/0
0.0.0.0/0 [goto] /* : PUBLICACION VPN PPTP */
0 0 ACCEPT tcp -- * * 64.64.64.64
192.168.1.101 tcp dpt:3389 /* : ACCESO ESCRITORIO REMOTO */
0 0 ACCEPT tcp -- * * 181.52.244.171
192.168.1.101 tcp dpt:3389 /* : ACCESO ESCRITORIO REMOTO */
0 0 ACCEPT tcp -- * * 191.111.132.159
192.168.1.101 tcp dpt:3389 /* : ACCESO ESCRITORIO REMOTO */
0 0 ACCEPT tcp -- * * 191.102.208.74
192.168.1.101 tcp dpt:3389 /* : ACCESO ESCRITORIO REMOTO */
9729 609K Broadcast all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0 ADDRTYPE match dst-type MULTICAST
5618 352K LOG all -- * * 0.0.0.0/0
0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0
level 6 prefix `FIREWALL-net-loc DROP '
9729 609K DROP all -- * * 0.0.0.0/0
0.0.0.0/0

Chain net_frwd (1 references)
pkts bytes target prot opt in out source
destination
415K 33M sfilter all -- * eth1 0.0.0.0/0
0.0.0.0/0 [goto]
34464 1875K dynamic all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate INVALID,NEW,UNTRACKED
23M 22G tcpflags tcp -- * * 0.0.0.0/0
0.0.0.0/0
113K 149M net-loc all -- * ppp+ 0.0.0.0/0
0.0.0.0/0
35M 35G net-loc all -- * eth0 0.0.0.0/0
0.0.0.0/0
0 0 net-loc all -- * tun+ 0.0.0.0/0
0.0.0.0/0

Chain ppp+_fwd (1 references)
pkts bytes target prot opt in out source
destination
158K 9308K sfilter all -- * ppp+ 0.0.0.0/0
0.0.0.0/0 [goto]
348K 29M dynamic all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate INVALID,NEW,UNTRACKED
7178K 1730M tcpflags tcp -- * * 0.0.0.0/0
0.0.0.0/0
7866K 1781M loc_frwd all -- * * 0.0.0.0/0
0.0.0.0/0

Chain reject (4 references)
pkts bytes target prot opt in out source
destination
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0 ADDRTYPE match src-type BROADCAST
0 0 DROP all -- * * 224.0.0.0/4
0.0.0.0/0
0 0 DROP 2 -- * * 0.0.0.0/0
0.0.0.0/0
0 0 REJECT tcp -- * * 0.0.0.0/0
0.0.0.0/0 reject-with tcp-reset
0 0 REJECT udp -- * * 0.0.0.0/0
0.0.0.0/0 reject-with icmp-port-unreachable
0 0 REJECT icmp -- * * 0.0.0.0/0
0.0.0.0/0 reject-with icmp-host-unreachable
0 0 REJECT all -- * * 0.0.0.0/0
0.0.0.0/0 reject-with icmp-host-prohibited

Chain sfilter (43 references)
pkts bytes target prot opt in out source
destination
375K 26M LOG all -- * * 0.0.0.0/0
0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0
level 6 prefix `FIREWALL-sfilter DROP '
573K 43M DROP all -- * * 0.0.0.0/0
0.0.0.0/0

Chain sha-lh-88bc54ae7c8cf9dd0f7a (0 references)
pkts bytes target prot opt in out source
destination

Chain sha-rh-8556c0e3b274c1c0a46d (0 references)
pkts bytes target prot opt in out source
destination

Chain shorewall (0 references)
pkts bytes target prot opt in out source
destination
0 0 all -- * * 0.0.0.0/0
0.0.0.0/0 recent: SET name: %CURRENTTIME side: source

Chain tcpflags (7 references)
pkts bytes target prot opt in out source
destination
0 0 logflags tcp -- * * 0.0.0.0/0
0.0.0.0/0 [goto] tcp flags:0x3F/0x29
0 0 logflags tcp -- * * 0.0.0.0/0
0.0.0.0/0 [goto] tcp flags:0x3F/0x00
0 0 logflags tcp -- * * 0.0.0.0/0
0.0.0.0/0 [goto] tcp flags:0x06/0x06
0 0 logflags tcp -- * * 0.0.0.0/0
0.0.0.0/0 [goto] tcp flags:0x05/0x05
0 0 logflags tcp -- * * 0.0.0.0/0
0.0.0.0/0 [goto] tcp flags:0x03/0x03
0 0 logflags tcp -- * * 0.0.0.0/0
0.0.0.0/0 [goto] tcp flags:0x19/0x09
0 0 logflags tcp -- * * 0.0.0.0/0
0.0.0.0/0 [goto] tcp spt:0 flags:0x17/0x02

Chain tun+_fwd (1 references)
pkts bytes target prot opt in out source
destination
0 0 sfilter all -- * tun+ 0.0.0.0/0
0.0.0.0/0 [goto]
0 0 dynamic all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate INVALID,NEW,UNTRACKED
0 0 tcpflags tcp -- * * 0.0.0.0/0
0.0.0.0/0
0 0 loc_frwd all -- * * 0.0.0.0/0
0.0.0.0/0

Chain ~comb0 (2 references)
pkts bytes target prot opt in out source
destination
1003K 94M dynamic all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate INVALID,NEW,UNTRACKED
18617 1714K tcpflags tcp -- * * 0.0.0.0/0
0.0.0.0/0
1015K 95M loc-fw all -- * * 0.0.0.0/0
0.0.0.0/0

Chain ~log0 (1 references)
pkts bytes target prot opt in out source
destination
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0
level 6 prefix `FIREWALL-fw-loc DROP '
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0

Chain ~log1 (1 references)
pkts bytes target prot opt in out source
destination
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0
level 6 prefix `FIREWALL-fw-net DROP '
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0

Chain ~log2 (1 references)
pkts bytes target prot opt in out source
destination
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0
level 6 prefix `FIREWALL-loc-fw DROP '
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0

Chain ~log3 (1 references)
pkts bytes target prot opt in out source
destination
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0
level 6 prefix `FIREWALL-loc-net DROP '
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0

Chain ~log4 (1 references)
pkts bytes target prot opt in out source
destination
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0
level 6 prefix `FIREWALL-net-fw DROP '
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0

Chain ~log5 (1 references)
pkts bytes target prot opt in out source
destination
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0
level 6 prefix `FIREWALL-net-loc DROP '
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0

Chain ~log6 (3 references)
pkts bytes target prot opt in out source
destination
1178 95647 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip /* : ACCESO
SOPORTE */ LOG flags 0 level 6 prefix `FIREWALL-net-fw ACCEPT '
1363 126K ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 /* : ACCESO SOPORTE */

Chain ~log7 (3 references)
pkts bytes target prot opt in out source
destination
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip /* : ACCESO
SOPORTE */ LOG flags 0 level 6 prefix `FIREWALL-net-loc ACCEPT '
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 /* : ACCESO SOPORTE */

Chain ~log8 (2 references)
pkts bytes target prot opt in out source
destination
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip /* :
PUBLICACION VPN PPTP */ LOG flags 0 level 6 prefix `FIREWALL-loc-net
ACCEPT '
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 /* : PUBLICACION VPN PPTP */

Log (/var/log/messages)

Jul 21 08:22:36 loc-fw ACCEPT IN=eth0 OUT= SRC=192.168.1.70
DST=192.168.1.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=1232 PROTO=UDP
SPT=137 DPT=137 LEN=58
Jul 21 08:22:36 loc-net ACCEPT IN=eth0 OUT=eth1 SRC=192.168.1.72
DST=65.55.252.71 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=13378 DF
PROTO=TCP SPT=49840 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0
Jul 21 08:22:36 loc-fw ACCEPT IN=ppp9 OUT= SRC=192.168.1.234
DST=255.255.255.255 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=169 PROTO=UDP
SPT=137 DPT=137 LEN=58
Jul 21 08:22:36 loc-fw ACCEPT IN=eth0 OUT= SRC=192.168.1.127
DST=192.168.1.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=18136 PROTO=UDP
SPT=137 DPT=137 LEN=58
Jul 21 08:22:36 loc-fw ACCEPT IN=ppp3 OUT= SRC=192.168.1.202
DST=255.255.255.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=32422
PROTO=UDP SPT=137 DPT=137 LEN=58
Jul 21 08:22:37 loc-net ACCEPT IN=eth0 OUT=eth1 SRC=192.168.1.62
DST=65.55.252.71 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=21059 DF
PROTO=TCP SPT=49871 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0
Jul 21 08:22:37 loc-net ACCEPT IN=eth0 OUT=eth1 SRC=192.168.1.45
DST=216.58.222.202 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=19307 DF
PROTO=TCP SPT=49375 DPT=443 WINDOW=16546 RES=0x00 ACK FIN URGP=0
Jul 21 08:22:37 loc-fw ACCEPT IN=eth0 OUT= SRC=192.168.1.50
DST=192.168.1.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=29092 PROTO=UDP
SPT=137 DPT=137 LEN=58
Jul 21 08:22:37 loc-net ACCEPT IN=eth0 OUT=eth1 SRC=192.168.1.19
DST=1.1.1.1 LEN=68 TOS=0x00 PREC=0x00 TTL=63 ID=60235 DF PROTO=UDP
SPT=44989 DPT=53 LEN=48
Jul 21 08:22:37 net-fw DROP IN=eth1 OUT= SRC=95.10.25.173
DST=64.64.64.64 LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=18587 DF
PROTO=TCP SPT=57994 DPT=64453 WINDOW=8192 RES=0x00 SYN URGP=0
Jul 21 08:22:37 loc-fw ACCEPT IN=ppp9 OUT= SRC=192.168.1.234
DST=255.255.255.255 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=171 PROTO=UDP
SPT=137 DPT=137 LEN=58
Jul 21 08:22:37 loc-net ACCEPT IN=eth0 OUT=eth1 SRC=192.168.1.127
DST=65.55.252.71 LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=18137 DF
PROTO=TCP SPT=49407 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0
Jul 21 08:22:37 loc-net ACCEPT IN=eth0 OUT=eth1 SRC=192.168.1.45
DST=216.58.222.202 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=19308 DF
PROTO=TCP SPT=49377 DPT=443 WINDOW=16329 RES=0x00 ACK FIN URGP=0
Jul 21 08:22:37 loc-fw ACCEPT IN=ppp3 OUT= SRC=192.168.1.202
DST=255.255.255.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=32424
PROTO=UDP SPT=137 DPT=137 LEN=58
Jul 21 08:22:37 net-fw DROP IN=eth1 OUT= SRC=95.10.25.173
DST=64.64.64.64 LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=18626 PROTO=UDP
SPT=60934 DPT=64453 LEN=28
Jul 21 08:22:37 sfilter DROP IN=eth1 OUT=eth1 SRC=192.168.1.38
DST=8.8.8.8 LEN=76 TOS=0x00 PREC=0x00 TTL=127 ID=18707 PROTO=UDP
SPT=52125 DPT=53 LEN=56
Jul 21 08:22:37 sfilter DROP IN=eth1 OUT=eth1 SRC=192.168.201.84
DST=200.13.224.254 LEN=64 TOS=0x00 PREC=0x00 TTL=127 ID=15698
PROTO=UDP SPT=62499 DPT=53 LEN=44
Jul 21 08:22:37 loc-net ACCEPT IN=eth0 OUT=eth1 SRC=192.168.1.56
DST=8.8.8.8 LEN=65 TOS=0x00 PREC=0x00 TTL=127 ID=4392 PROTO=UDP
SPT=54314 DPT=53 LEN=45
Jul 21 08:22:37 sfilter DROP IN=eth1 OUT=eth1 SRC=192.168.1.51
DST=200.13.249.101 LEN=61 TOS=0x00 PREC=0x00 TTL=127 ID=26603
PROTO=UDP SPT=56996 DPT=53 LEN=41
Jul 21 08:22:37 sfilter DROP IN=eth1 OUT=eth1 SRC=192.168.1.51
DST=200.13.224.254 LEN=61 TOS=0x00 PREC=0x00 TTL=127 ID=26604
PROTO=UDP SPT=56996 DPT=53 LEN=41

NAT Table

Chain PREROUTING (policy ACCEPT 1200 packets, 201K bytes)
pkts bytes target prot opt in out source
destination
642K 61M net_dnat all -- eth1 * 0.0.0.0/0
0.0.0.0/0

Chain POSTROUTING (policy ACCEPT 42 packets, 3576 bytes)
pkts bytes target prot opt in out source
destination
961K 181M eth1_masq all -- * eth1 0.0.0.0/0
0.0.0.0/0

Chain OUTPUT (policy ACCEPT 1 packets, 76 bytes)
pkts bytes target prot opt in out source
destination

Chain eth1_masq (1 references)
pkts bytes target prot opt in out source
destination
0 0 MASQUERADE all -- * * 192.168.201.80
0.0.0.0/0
0 0 MASQUERADE tcp -- * * 192.168.201.101
0.0.0.0/0 multiport dports 25,587,465,53
0 0 MASQUERADE udp -- * * 192.168.201.101
0.0.0.0/0 udp dpt:53
0 0 MASQUERADE tcp -- * * 192.168.201.100
0.0.0.0/0 multiport dports 25,587,465,53
0 0 MASQUERADE udp -- * * 192.168.201.100
0.0.0.0/0 udp dpt:53
0 0 MASQUERADE all -- * * 192.168.17.0/24
0.0.0.0/0
0 0 MASQUERADE all -- * * 192.168.18.0/24
0.0.0.0/0
0 0 MASQUERADE all -- * * 192.168.19.0/24
0.0.0.0/0
0 0 MASQUERADE all -- * * 192.168.20.0/24
0.0.0.0/0
111K 22M MASQUERADE all -- * * 192.168.201.0/24
0.0.0.0/0 /* Autorizacion para salida del rango LAN */
847K 159M MASQUERADE all -- * * 192.168.1.0/24
0.0.0.0/0 /* Autorizacion para salida del rango LAN */

Chain net_dnat (1 references)
pkts bytes target prot opt in out source
destination
8516 441K ~log0 tcp -- * * 0.0.0.0/0
0.0.0.0/0 [goto] multiport dports 80,8080 /* : PUBLICACION
SERVIDOR DOC */
0 0 ~log0 tcp -- * * 0.0.0.0/0
0.0.0.0/0 [goto] multiport dports 8787,87 /* : PUBLICACION
SERVIDOR DOC */
0 0 ~log0 tcp -- * * 64.64.64.64
0.0.0.0/0 [goto] tcp dpt:3389 /* : ACCESO ESCRITORIO REMOTO
*/
0 0 ~log0 tcp -- * * 181.52.244.171
0.0.0.0/0 [goto] tcp dpt:3389 /* : ACCESO ESCRITORIO REMOTO
*/
0 0 ~log0 tcp -- * * 191.111.132.159
0.0.0.0/0 [goto] tcp dpt:3389 /* : ACCESO ESCRITORIO REMOTO
*/
0 0 ~log0 tcp -- * * 191.102.208.74
0.0.0.0/0 [goto] tcp dpt:3389 /* : ACCESO ESCRITORIO REMOTO
*/

Chain ~log0 (6 references)
pkts bytes target prot opt in out source
destination
5419 280K LOG all -- * * 0.0.0.0/0
0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip /* :
PUBLICACION SERVIDOR DOC */ LOG flags 0 level 6 prefix
`FIREWALL-net_dnat DNAT '
8516 441K DNAT all -- * * 0.0.0.0/0
0.0.0.0/0 /* : PUBLICACION SERVIDOR DOC */ to:192.168.1.101

Mangle Table

Chain PREROUTING (policy ACCEPT 29164 packets, 21M bytes)
pkts bytes target prot opt in out source
destination

Chain INPUT (policy ACCEPT 5166 packets, 4944K bytes)
pkts bytes target prot opt in out source
destination

Chain FORWARD (policy ACCEPT 23953 packets, 16M bytes)
pkts bytes target prot opt in out source
destination
79M 53G MARK all -- * * 0.0.0.0/0
0.0.0.0/0 MARK and 0xffffff00

Chain OUTPUT (policy ACCEPT 2752 packets, 1406K bytes)
pkts bytes target prot opt in out source
destination

Chain POSTROUTING (policy ACCEPT 26348 packets, 17M bytes)
pkts bytes target prot opt in out source
destination

Raw Table

Chain PREROUTING (policy ACCEPT 29165 packets, 21M bytes)
pkts bytes target prot opt in out source
destination

Chain OUTPUT (policy ACCEPT 2751 packets, 1406K bytes)
pkts bytes target prot opt in out source
destination

Conntrack Table (1743 out of 65536)

ipv4 2 tcp 6 431910 ESTABLISHED src=192.168.1.44
dst=216.58.212.131 sport=50179 dport=443 src=216.58.212.131
dst=64.64.64.64 sport=443 dport=50179 [ASSURED] mark=0 secmark=0 use=2
ipv4 2 tcp 6 87 TIME_WAIT src=192.168.1.90 dst=216.155.194.56
sport=50586 dport=443 src=216.155.194.56 dst=64.64.64.64 sport=443
dport=50586 [ASSURED] mark=0 secmark=0 use=2
ipv4 2 tcp 6 29387 ESTABLISHED src=192.168.1.101
dst=192.168.1.188 sport=55909 dport=49160 src=192.168.1.188
dst=192.168.1.101 sport=49160 dport=55909 [ASSURED] mark=0 secmark=0
use=2
ipv4 2 tcp 6 266584 ESTABLISHED src=192.168.1.199
dst=192.168.1.101 sport=50271 dport=3389 src=192.168.1.101
dst=192.168.1.199 sport=3389 dport=50271 [ASSURED] mark=0 secmark=0
use=2
ipv4 2 tcp 6 209086 ESTABLISHED src=192.168.1.101
dst=192.168.1.211 sport=57535 dport=49159 src=192.168.1.211
dst=192.168.1.101 sport=49159 dport=57535 [ASSURED] mark=0 secmark=0
use=2
ipv4 2 tcp 6 266251 ESTABLISHED src=192.168.201.160
dst=108.177.11.188 sport=47690 dport=5228 src=108.177.11.188
dst=64.64.64.64 sport=5228 dport=47690 [ASSURED] mark=0 secmark=0
use=2
ipv4 2 tcp 6 431927 ESTABLISHED src=192.168.1.65
dst=216.58.222.206 sport=49375 dport=443 src=216.58.222.206
dst=64.64.64.64 sport=443 dport=49375 [ASSURED] mark=0 secmark=0 use=2
ipv4 2 udp 17 4 src=192.168.1.91 dst=216.58.222.238
sport=64056 dport=443 src=216.58.222.238 dst=64.64.64.64 sport=443
dport=64056 [ASSURED] mark=0 secmark=0 use=2
ipv4 2 tcp 6 102 TIME_WAIT src=192.168.1.90
dst=92.123.241.123 sport=50605 dport=443 src=92.123.241.123
dst=64.64.64.64 sport=443 dport=50605 [ASSURED] mark=0 secmark=0 use=2
ipv4 2 tcp 6 431971 ESTABLISHED src=192.168.1.24
dst=173.194.210.188 sport=49590 dport=5228 src=173.194.210.188
dst=64.64.64.64 sport=5228 dport=49590 [ASSURED] mark=0 secmark=0
use=2
ipv4 2 udp 17 28 src=192.168.1.18 dst=8.8.8.8 sport=39191
dport=53 src=8.8.8.8 dst=64.64.64.64 sport=53 dport=39191 mark=0
secmark=0 use=2
ipv4 2 tcp 6 96 TIME_WAIT src=192.168.1.56 dst=192.16.48.200
sport=50472 dport=443 src=192.16.48.200 dst=64.64.64.64 sport=443
dport=50472 [ASSURED] mark=0 secmark=0 use=2
ipv4 2 udp 17 3 src=192.168.1.50 dst=192.168.1.255 sport=138
dport=138 [UNREPLIED] src=192.168.1.255 dst=192.168.1.50 sport=138
dport=138 mark=0 secmark=0 use=2
ipv4 2 tcp 6 431988 ESTABLISHED src=192.168.1.43
dst=169.54.129.38 sport=50228 dport=443 src=169.54.129.38
dst=64.64.64.64 sport=443 dport=50228 [ASSURED] mark=0 secmark=0 use=2
ipv4 2 udp 17 178 src=192.168.1.47 dst=216.58.222.238
sport=56554 dport=443 src=216.58.222.238 dst=64.64.64.64 sport=443
dport=56554 [ASSURED] mark=0 secmark=0 use=2
ipv4 2 tcp 6 49 TIME_WAIT src=192.168.1.53 dst=94.31.29.254
sport=49676 dport=443 src=94.31.29.254 dst=64.64.64.64 sport=443
dport=49676 [ASSURED] mark=0 secmark=0 use=2
ipv4 2 tcp 6 431843 ESTABLISHED src=192.168.1.70
dst=216.58.222.206 sport=51918 dport=443 src=216.58.222.206
dst=64.64.64.64 sport=443 dport=51918 [ASSURED] mark=0 secmark=0 use=2
ipv4 2 udp 17 105 src=192.168.201.169 dst=216.58.222.202
sport=40898 dport=443 src=216.58.222.202 dst=64.64.64.64 sport=443
dport=40898 [ASSURED] mark=0 secmark=0 use=2
ipv4 2 tcp 6 102 TIME_WAIT src=192.168.1.90 dst=74.119.119.84
sport=50595 dport=443 src=74.119.119.84 dst=64.64.64.64 sport=443
dport=50595 [ASSURED] mark=0 secmark=0 use=2
ipv4 2 udp 17 64 src=192.168.1.131 dst=216.58.222.193
sport=64544 dport=443 src=216.58.222.193 dst=64.64.64.64 sport=443
dport=64544 [ASSURED] mark=0 secmark=0 use=2
ipv4 2 tcp 6 1 SYN_SENT src=192.168.1.113 dst=192.168.201.69
sport=59040 dport=8080 [UNREPLIED] src=192.168.201.69
dst=192.168.1.113 sport=8080 dport=59040 mark=0 secmark=0 use=2
ipv4 2 tcp 6 33 TIME_WAIT src=192.168.1.73 dst=216.58.222.206
sport=50067 dport=443 src=216.58.222.206 dst=64.64.64.64 sport=443
dport=50067 [ASSURED] mark=0 secmark=0 use=2
ipv4 2 udp 17 114 src=192.168.1.57 dst=216.58.222.198
sport=63058 dport=443 src=216.58.222.198 dst=64.64.64.64 sport=443
dport=63058 [ASSURED] mark=0 secmark=0 use=2
ipv4 2 tcp 6 431937 ESTABLISHED src=192.168.1.57
dst=151.101.1.136 sport=50967 dport=443 src=151.101.1.136
dst=64.64.64.64 sport=443 dport=50967 [ASSURED] mark=0 secmark=0 use=2
ipv4 2 tcp 6 431986 ESTABLISHED src=192.168.1.43
dst=200.13.245.166 sport=50170 dport=80 src=200.13.245.166
dst=64.64.64.64 sport=80 dport=50170 [ASSURED] mark=0 secmark=0 use=2
ipv4 2 tcp 6 207427 ESTABLISHED src=192.168.1.101
dst=192.168.1.197 sport=50900 dport=49160 src=192.168.1.197
dst=192.168.1.101 sport=49160 dport=50900 [ASSURED] mark=0 secmark=0
use=2
ipv4 2 udp 17 109 src=192.168.1.73 dst=216.58.222.206
sport=55229 dport=443 src=216.58.222.206 dst=64.64.64.64 sport=443
dport=55229 [ASSURED] mark=0 secmark=0 use=2
ipv4 2 tcp 6 81 SYN_SENT src=192.168.1.127 dst=65.55.252.71
sport=49379 dport=80 [UNREPLIED] src=65.55.252.71 dst=64.64.64.64
sport=80 dport=49379 mark=0 secmark=0 use=2
ipv4 2 tcp 6 65 TIME_WAIT src=192.168.1.57 dst=104.131.66.245
sport=50969 dport=443 src=104.131.66.245 dst=64.64.64.64 sport=443
dport=50969 [ASSURED] mark=0 secmark=0 use=2
ipv4 2 tcp 6 431961 ESTABLISHED src=192.168.1.148
dst=216.58.222.238 sport=49895 dport=443 src=216.58.222.238
dst=64.64.64.64 sport=443 dport=49895 [ASSURED] mark=0 secmark=0 use=2
ipv4 2 udp 17 65 src=192.168.1.146 dst=216.58.222.238
sport=53106 dport=443 src=216.58.222.238 dst=64.64.64.64 sport=443
dport=53106 [ASSURED] mark=0 secmark=0 use=2
ipv4 2 tcp 6 95 TIME_WAIT src=192.168.1.56 dst=216.58.222.230
sport=50518 dport=443 src=216.58.222.230 dst=64.64.64.64 sport=443
dport=50518 [ASSURED] mark=0 secmark=0 use=2
ipv4 2 udp 17 166 src=192.168.1.65 dst=173.194.212.189
sport=53903 dport=443 src=173.194.212.189 dst=64.64.64.64 sport=443
dport=53903 [ASSURED] mark=0 secmark=0 use=2
ipv4 2 tcp 6 120718 ESTABLISHED src=192.168.201.175
dst=192.168.1.50 sport=52040 dport=2869 src=192.168.1.50
dst=192.168.201.175 sport=2869 dport=52040 [ASSURED] mark=0 secmark=0
use=2
ipv4 2 udp 17 115 src=192.168.1.131 dst=216.58.222.238
sport=57294 dport=443 src=216.58.222.238 dst=64.64.64.64 sport=443
dport=57294 [ASSURED] mark=0 secmark=0 use=2
ipv4 2 udp 17 23 src=192.168.1.70 dst=216.58.222.227
sport=61763 dport=443 src=216.58.222.227 dst=64.64.64.64 sport=443
dport=61763 [ASSURED] mark=0 secmark=0 use=2
ipv4 2 udp 17 4 src=192.168.1.12 dst=69.89.207.199 sport=123
dport=123 src=69.89.207.199 dst=64.64.64.64 sport=123 dport=123 mark=0
secmark=0 use=2
ipv4 2 tcp 6 81953 ESTABLISHED src=192.168.1.85
dst=209.126.107.215 sport=49359 dport=443 src=209.126.107.215
dst=64.64.64.64 sport=443 dport=49359 [ASSURED] mark=0 secmark=0 use=2
ipv4 2 tcp 6 431974 ESTABLISHED src=192.168.1.74
dst=173.194.213.188 sport=49677 dport=5228 src=173.194.213.188
dst=64.64.64.64 sport=5228 dport=49677 [ASSURED] mark=0 secmark=0
use=2
ipv4 2 tcp 6 20764 ESTABLISHED src=192.168.1.101
dst=192.168.1.229 sport=54167 dport=445 src=192.168.1.229
dst=192.168.1.101 sport=445 dport=54167 [ASSURED] mark=0 secmark=0
use=2
ipv4 2 tcp 6 89 TIME_WAIT src=192.168.1.56 dst=216.58.222.202
sport=50481 dport=443 src=216.58.222.202 dst=64.64.64.64 sport=443
dport=50481 [ASSURED] mark=0 secmark=0 use=2
ipv4 2 udp 17 19 src=192.168.1.72 dst=192.168.1.255 sport=137
dport=137 [UNREPLIED] src=192.168.1.255 dst=192.168.1.72 sport=137
dport=137 mark=0 secmark=0 use=2
ipv4 2 tcp 6 16 TIME_WAIT src=192.168.1.90 dst=35.185.44.103
sport=50484 dport=443 src=35.185.44.103 dst=64.64.64.64 sport=443
dport=50484 [ASSURED] mark=0 secmark=0 use=2
ipv4 2 tcp 6 19 TIME_WAIT src=192.168.1.91 dst=216.58.222.206
sport=49891 dport=443 src=216.58.222.206 dst=64.64.64.64 sport=443
dport=49891 [ASSURED] mark=0 secmark=0 use=2
ipv4 2 udp 17 15 src=192.168.1.43 dst=200.13.249.101
sport=63921 dport=53 src=200.13.249.101 dst=64.64.64.64 sport=53
dport=63921 mark=0 secmark=0 use=2
ipv4 2 tcp 6 431973 ESTABLISHED src=192.168.1.90
dst=129.146.13.96 sport=58681 dport=443 src=129.146.13.96
dst=64.64.64.64 sport=443 dport=58681 [ASSURED] mark=0 secmark=0 use=2

IP Configuration

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
inet 127.0.0.1/8 scope host lo
2: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
inet 64.64.64.64/30 brd 190.248.94.223 scope global eth1
3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
inet 192.168.1.1/24 brd 192.168.1.255 scope global eth0
inet 192.168.201.1/24 brd 192.168.201.255 scope global eth0:0
4: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc
pfifo_fast state UNKNOWN qlen 100
inet 192.168.120.34/24 brd 192.168.120.255 scope global tun0
631: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1396 qdisc
pfifo_fast state UNKNOWN qlen 3
inet 192.168.1.201 peer 192.168.1.185/32 scope global ppp0
632: ppp1: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1396 qdisc
pfifo_fast state UNKNOWN qlen 3
inet 192.168.1.201 peer 192.168.1.216/32 scope global ppp1
633: ppp2: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1396 qdisc
pfifo_fast state UNKNOWN qlen 3
inet 192.168.1.201 peer 192.168.1.169/32 scope global ppp2
634: ppp3: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1396 qdisc
pfifo_fast state UNKNOWN qlen 3
inet 192.168.1.201 peer 192.168.1.202/32 scope global ppp3
635: ppp4: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1396 qdisc
pfifo_fast state UNKNOWN qlen 3
inet 192.168.1.201 peer 192.168.1.181/32 scope global ppp4
636: ppp5: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1396 qdisc
pfifo_fast state UNKNOWN qlen 3
inet 192.168.1.201 peer 192.168.1.170/32 scope global ppp5
637: ppp6: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1396 qdisc
pfifo_fast state UNKNOWN qlen 3
inet 192.168.1.201 peer 192.168.1.156/32 scope global ppp6
638: ppp7: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1396 qdisc
pfifo_fast state UNKNOWN qlen 3
inet 192.168.1.201 peer 192.168.1.187/32 scope global ppp7
639: ppp8: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1396 qdisc
pfifo_fast state UNKNOWN qlen 3
inet 192.168.1.201 peer 192.168.1.223/32 scope global ppp8
640: ppp9: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1396 qdisc
pfifo_fast state UNKNOWN qlen 3
inet 192.168.1.201 peer 192.168.1.234/32 scope global ppp9

IP Stats

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
RX: bytes packets errors dropped overrun mcast
301076 4109 0 0 0 0
TX: bytes packets errors dropped carrier collsns
301076 4109 0 0 0 0
2: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether 00:1a:4b:4f:43:50 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
111242432871 102407379 0 0 0 2008
TX: bytes packets errors dropped carrier collsns
17118912574 39604473 0 0 0 0
3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether 00:17:a4:8b:72:b8 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
46744384669 89924592 0 3 0 1574
TX: bytes packets errors dropped carrier collsns
120019872689 124690145 0 0 0 0
4: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc
pfifo_fast state UNKNOWN qlen 100
link/[65534]
RX: bytes packets errors dropped overrun mcast
6095628 35242 0 0 0 0
TX: bytes packets errors dropped carrier collsns
2239566 5863 0 0 0 0
631: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1396 qdisc
pfifo_fast state UNKNOWN qlen 3
link/ppp
RX: bytes packets errors dropped overrun mcast
198894 2031 0 0 0 0
TX: bytes packets errors dropped carrier collsns
228368 1853 0 0 0 0
632: ppp1: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1396 qdisc
pfifo_fast state UNKNOWN qlen 3
link/ppp
RX: bytes packets errors dropped overrun mcast
359046 4424 0 0 0 0
TX: bytes packets errors dropped carrier collsns
776804 4245 3 0 0 0
633: ppp2: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1396 qdisc
pfifo_fast state UNKNOWN qlen 3
link/ppp
RX: bytes packets errors dropped overrun mcast
155000 824 0 0 0 0
TX: bytes packets errors dropped carrier collsns
155899 538 3 0 0 0
634: ppp3: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1396 qdisc
pfifo_fast state UNKNOWN qlen 3
link/ppp
RX: bytes packets errors dropped overrun mcast
2054140 32000 0 0 0 0
TX: bytes packets errors dropped carrier collsns
71665123 55375 7 0 0 0
635: ppp4: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1396 qdisc
pfifo_fast state UNKNOWN qlen 3
link/ppp
RX: bytes packets errors dropped overrun mcast
74721 487 0 0 0 0
TX: bytes packets errors dropped carrier collsns
19196 167 0 0 0 0
636: ppp5: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1396 qdisc
pfifo_fast state UNKNOWN qlen 3
link/ppp
RX: bytes packets errors dropped overrun mcast
322370 1100 0 0 0 0
TX: bytes packets errors dropped carrier collsns
295203 768 0 0 0 0
637: ppp6: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1396 qdisc
pfifo_fast state UNKNOWN qlen 3
link/ppp
RX: bytes packets errors dropped overrun mcast
185368 1346 0 0 0 0
TX: bytes packets errors dropped carrier collsns
930533 1493 3 0 0 0
638: ppp7: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1396 qdisc
pfifo_fast state UNKNOWN qlen 3
link/ppp
RX: bytes packets errors dropped overrun mcast
360415 1467 0 0 0 0
TX: bytes packets errors dropped carrier collsns
399007 1128 3 0 0 0
639: ppp8: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1396 qdisc
pfifo_fast state UNKNOWN qlen 3
link/ppp
RX: bytes packets errors dropped overrun mcast
23632 243 0 0 0 0
TX: bytes packets errors dropped carrier collsns
13822 110 0 0 0 0
640: ppp9: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1396 qdisc
pfifo_fast state UNKNOWN qlen 3
link/ppp
RX: bytes packets errors dropped overrun mcast
19817 183 0 0 0 0
TX: bytes packets errors dropped carrier collsns
15020 105 0 0 0 0

Bridges

bridge name bridge id STP enabled interfaces

Routing Rules

0: from all lookup local
32766: from all lookup main
32767: from all lookup default

Table default:


Table local:

local 192.168.201.1 dev eth0 proto kernel scope host src 192.168.201.1
local 192.168.120.34 dev tun0 proto kernel scope host src 192.168.120.34
local 192.168.1.201 dev ppp9 proto kernel scope host src 192.168.1.201
local 192.168.1.201 dev ppp8 proto kernel scope host src 192.168.1.201
local 192.168.1.201 dev ppp7 proto kernel scope host src 192.168.1.201
local 192.168.1.201 dev ppp6 proto kernel scope host src 192.168.1.201
local 192.168.1.201 dev ppp5 proto kernel scope host src 192.168.1.201
local 192.168.1.201 dev ppp4 proto kernel scope host src 192.168.1.201
local 192.168.1.201 dev ppp3 proto kernel scope host src 192.168.1.201
local 192.168.1.201 dev ppp2 proto kernel scope host src 192.168.1.201
local 192.168.1.201 dev ppp1 proto kernel scope host src 192.168.1.201
local 192.168.1.201 dev ppp0 proto kernel scope host src 192.168.1.201
local 192.168.1.1 dev eth0 proto kernel scope host src 192.168.1.1
local 64.64.64.64 dev eth1 proto kernel scope host src 64.64.64.64
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
broadcast 192.168.201.255 dev eth0 proto kernel scope link src 192.168.201.1
broadcast 192.168.201.0 dev eth0 proto kernel scope link src 192.168.201.1
broadcast 192.168.1.255 dev eth0 proto kernel scope link src 192.168.1.1
broadcast 192.168.120.255 dev tun0 proto kernel scope link src 192.168.120.34
broadcast 192.168.120.0 dev tun0 proto kernel scope link src 192.168.120.34
broadcast 192.168.1.0 dev eth0 proto kernel scope link src 192.168.1.1
broadcast 190.248.94.223 dev eth1 proto kernel scope link src 64.64.64.64
broadcast 190.248.94.220 dev eth1 proto kernel scope link src 64.64.64.64
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1

Table main:

192.168.1.234 dev ppp9 proto kernel scope link src 192.168.1.201
192.168.1.223 dev ppp8 proto kernel scope link src 192.168.1.201
192.168.1.216 dev ppp1 proto kernel scope link src 192.168.1.201
192.168.1.202 dev ppp3 proto kernel scope link src 192.168.1.201
192.168.1.187 dev ppp7 proto kernel scope link src 192.168.1.201
192.168.1.185 dev ppp0 proto kernel scope link src 192.168.1.201
192.168.1.181 dev ppp4 proto kernel scope link src 192.168.1.201
192.168.1.170 dev ppp5 proto kernel scope link src 192.168.1.201
192.168.1.169 dev ppp2 proto kernel scope link src 192.168.1.201
192.168.1.156 dev ppp6 proto kernel scope link src 192.168.1.201
190.248.94.220/30 dev eth1 proto kernel scope link src 64.64.64.64
192.168.201.0/24 dev eth0 proto kernel scope link src 192.168.201.1
192.168.120.0/24 dev tun0 proto kernel scope link src 192.168.120.34
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.1 metric 1
169.254.0.0/16 dev eth1 scope link metric 1002
default via 190.248.94.221 dev eth1 proto static

Per-IP Counters

iptaccount is not installed

NF Accounting

No NF Accounting defined (nfacct not found)

Events


PFKEY SPD


PFKEY SAD


/proc

/proc/version = Linux version 2.6.32-696.3.1.el6.i686
(***@c1bl.rdu2.centos.org) (gcc version 4.4.7 20120313 (Red Hat
4.4.7-18) (GCC) ) #1 SMP Tue May 30 18:45:47 UTC 2017
/proc/sys/net/ipv4/ip_forward = 1
/proc/sys/net/ipv4/icmp_echo_ignore_all = 0
/proc/sys/net/ipv4/conf/all/proxy_arp = 0
/proc/sys/net/ipv4/conf/all/arp_filter = 0
/proc/sys/net/ipv4/conf/all/arp_ignore = 0
/proc/sys/net/ipv4/conf/all/rp_filter = 0
/proc/sys/net/ipv4/conf/all/log_martians = 0
/proc/sys/net/ipv4/conf/default/proxy_arp = 0
/proc/sys/net/ipv4/conf/default/arp_filter = 0
/proc/sys/net/ipv4/conf/default/arp_ignore = 0
/proc/sys/net/ipv4/conf/default/rp_filter = 0
/proc/sys/net/ipv4/conf/default/log_martians = 1
/proc/sys/net/ipv4/conf/eth0/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth0/arp_filter = 0
/proc/sys/net/ipv4/conf/eth0/arp_ignore = 0
/proc/sys/net/ipv4/conf/eth0/rp_filter = 0
/proc/sys/net/ipv4/conf/eth0/log_martians = 1
/proc/sys/net/ipv4/conf/eth1/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth1/arp_filter = 0
/proc/sys/net/ipv4/conf/eth1/arp_ignore = 0
/proc/sys/net/ipv4/conf/eth1/rp_filter = 0
/proc/sys/net/ipv4/conf/eth1/log_martians = 1
/proc/sys/net/ipv4/conf/lo/proxy_arp = 0
/proc/sys/net/ipv4/conf/lo/arp_filter = 0
/proc/sys/net/ipv4/conf/lo/arp_ignore = 0
/proc/sys/net/ipv4/conf/lo/rp_filter = 0
/proc/sys/net/ipv4/conf/lo/log_martians = 1
/proc/sys/net/ipv4/conf/ppp0/proxy_arp = 0
/proc/sys/net/ipv4/conf/ppp0/arp_filter = 0
/proc/sys/net/ipv4/conf/ppp0/arp_ignore = 0
/proc/sys/net/ipv4/conf/ppp0/rp_filter = 0
/proc/sys/net/ipv4/conf/ppp0/log_martians = 1
/proc/sys/net/ipv4/conf/ppp1/proxy_arp = 0
/proc/sys/net/ipv4/conf/ppp1/arp_filter = 0
/proc/sys/net/ipv4/conf/ppp1/arp_ignore = 0
/proc/sys/net/ipv4/conf/ppp1/rp_filter = 0
/proc/sys/net/ipv4/conf/ppp1/log_martians = 1
/proc/sys/net/ipv4/conf/ppp2/proxy_arp = 0
/proc/sys/net/ipv4/conf/ppp2/arp_filter = 0
/proc/sys/net/ipv4/conf/ppp2/arp_ignore = 0
/proc/sys/net/ipv4/conf/ppp2/rp_filter = 0
/proc/sys/net/ipv4/conf/ppp2/log_martians = 1
/proc/sys/net/ipv4/conf/ppp3/proxy_arp = 0
/proc/sys/net/ipv4/conf/ppp3/arp_filter = 0
/proc/sys/net/ipv4/conf/ppp3/arp_ignore = 0
/proc/sys/net/ipv4/conf/ppp3/rp_filter = 0
/proc/sys/net/ipv4/conf/ppp3/log_martians = 1
/proc/sys/net/ipv4/conf/ppp4/proxy_arp = 0
/proc/sys/net/ipv4/conf/ppp4/arp_filter = 0
/proc/sys/net/ipv4/conf/ppp4/arp_ignore = 0
/proc/sys/net/ipv4/conf/ppp4/rp_filter = 0
/proc/sys/net/ipv4/conf/ppp4/log_martians = 1
/proc/sys/net/ipv4/conf/ppp5/proxy_arp = 0
/proc/sys/net/ipv4/conf/ppp5/arp_filter = 0
/proc/sys/net/ipv4/conf/ppp5/arp_ignore = 0
/proc/sys/net/ipv4/conf/ppp5/rp_filter = 0
/proc/sys/net/ipv4/conf/ppp5/log_martians = 1
/proc/sys/net/ipv4/conf/ppp6/proxy_arp = 0
/proc/sys/net/ipv4/conf/ppp6/arp_filter = 0
/proc/sys/net/ipv4/conf/ppp6/arp_ignore = 0
/proc/sys/net/ipv4/conf/ppp6/rp_filter = 0
/proc/sys/net/ipv4/conf/ppp6/log_martians = 1
/proc/sys/net/ipv4/conf/ppp7/proxy_arp = 0
/proc/sys/net/ipv4/conf/ppp7/arp_filter = 0
/proc/sys/net/ipv4/conf/ppp7/arp_ignore = 0
/proc/sys/net/ipv4/conf/ppp7/rp_filter = 0
/proc/sys/net/ipv4/conf/ppp7/log_martians = 1
/proc/sys/net/ipv4/conf/ppp8/proxy_arp = 0
/proc/sys/net/ipv4/conf/ppp8/arp_filter = 0
/proc/sys/net/ipv4/conf/ppp8/arp_ignore = 0
/proc/sys/net/ipv4/conf/ppp8/rp_filter = 0
/proc/sys/net/ipv4/conf/ppp8/log_martians = 1
/proc/sys/net/ipv4/conf/ppp9/proxy_arp = 0
/proc/sys/net/ipv4/conf/ppp9/arp_filter = 0
/proc/sys/net/ipv4/conf/ppp9/arp_ignore = 0
/proc/sys/net/ipv4/conf/ppp9/rp_filter = 0
/proc/sys/net/ipv4/conf/ppp9/log_martians = 1
/proc/sys/net/ipv4/conf/tun0/proxy_arp = 0
/proc/sys/net/ipv4/conf/tun0/arp_filter = 0
/proc/sys/net/ipv4/conf/tun0/arp_ignore = 0
/proc/sys/net/ipv4/conf/tun0/rp_filter = 0
/proc/sys/net/ipv4/conf/tun0/log_martians = 1

ARP

? (192.168.1.113) at 44:d9:e7:4c:f9:3b [ether] on eth1
? (192.168.1.8) at 4c:11:bf:5a:90:ab [ether] on eth0
? (192.168.1.82) at 00:21:86:16:9d:d0 [ether] on eth0
? (192.168.1.93) at ac:22:0b:2c:11:8d [ether] on eth0
? (192.168.201.168) at 68:fb:7e:65:08:5c [ether] on eth0
? (192.168.1.114) at 44:d9:e7:4e:02:c8 [ether] on eth0
? (192.168.1.72) at 40:16:7e:72:0a:51 [ether] on eth0
? (192.168.201.150) at 80:01:84:71:0e:a6 [ether] on eth1
? (192.168.201.84) at 00:25:11:7f:49:68 [ether] on eth1
? (192.168.1.85) at c8:60:00:e0:99:14 [ether] on eth0
? (192.168.1.66) at c8:60:00:e0:95:fa [ether] on eth0
? (192.168.201.165) at fc:42:03:3f:8c:a9 [ether] on eth0
? (192.168.1.99) at 48:5a:b6:93:38:72 [ether] on eth0
? (192.168.1.37) at 90:fb:a6:35:e1:34 [ether] on eth1
? (192.168.1.70) at 08:9e:01:31:8a:ce [ether] on eth0
? (192.168.1.43) at b8:97:5a:8b:f1:03 [ether] on eth0
? (192.168.1.16) at 00:0e:c4:cc:a1:c6 [ether] on eth0
? (192.168.1.91) at 20:1a:06:32:ed:06 [ether] on eth0
? (192.168.1.38) at 00:30:67:d7:82:a4 [ether] on eth0
? (192.168.201.169) at c0:d3:c0:06:3f:e9 [ether] on eth0
? (192.168.1.146) at b8:97:5a:8b:f0:4f [ether] on eth0
? (192.168.201.150) at 80:01:84:71:0e:a6 [ether] on eth0
? (192.168.1.74) at d8:50:e6:bb:6c:68 [ether] on eth0
? (192.168.1.237) at <incomplete> on eth0
? (192.168.1.103) at b8:ae:ed:ac:e3:aa [ether] on eth0
? (192.168.1.29) at b8:97:5a:6e:c3:e4 [ether] on eth1
? (192.168.1.68) at d8:cb:8a:35:47:e7 [ether] on eth0
? (192.168.201.66) at c8:60:00:e0:95:fa [ether] on eth0
? (192.168.1.36) at 00:13:8f:d6:52:7e [ether] on eth1
? (192.168.201.165) at fc:42:03:3f:8c:a9 [ether] on eth1
? (190.248.94.221) at 24:4c:07:9a:96:44 [ether] on eth1
? (192.168.1.115) at 44:d9:e7:4c:f5:fe [ether] on eth1
? (192.168.201.94) at 00:25:11:02:3d:0e [ether] on eth1
? (192.168.1.142) at a4:5d:36:5d:5a:ca [ether] on eth0
? (192.168.1.38) at 00:30:67:d7:82:a4 [ether] on eth1
? (192.168.1.65) at f4:4d:30:4e:bf:91 [ether] on eth0
? (192.168.1.56) at 30:0e:d5:1a:e0:f1 [ether] on eth0
? (192.168.1.55) at 0c:54:a5:55:b0:f9 [ether] on eth0
? (192.168.201.172) at 00:87:01:36:43:85 [ether] on eth0
? (192.168.1.3) at e8:94:f6:02:89:71 [ether] on eth0
? (192.168.1.129) at ac:5f:3e:2d:71:80 [ether] on eth0
? (192.168.1.23) at c8:60:00:ee:42:4d [ether] on eth0
? (192.168.1.39) at d8:cb:8a:35:46:c2 [ether] on eth0
? (192.168.1.148) at 10:60:4b:91:23:c4 [ether] on eth0
? (192.168.1.2) at 00:24:81:aa:30:74 [ether] on eth0
? (192.168.1.46) at 00:30:67:d6:92:08 [ether] on eth0
? (192.168.1.114) at 44:d9:e7:4e:02:c8 [ether] on eth1
? (192.168.201.175) at a4:ba:76:be:2c:4b [ether] on eth0
? (192.168.1.51) at 00:e0:4d:88:6a:31 [ether] on eth0
? (192.168.201.66) at c8:60:00:e0:95:fa [ether] on eth1
? (192.168.201.94) at 00:25:11:02:3d:0e [ether] on eth0
? (192.168.1.131) at 00:25:11:47:15:ff [ether] on eth0
? (192.168.1.36) at 00:13:8f:d6:52:7e [ether] on eth0
? (192.168.1.81) at 90:fb:a6:10:9a:1a [ether] on eth0
? (192.168.1.24) at 00:30:67:df:a2:4e [ether] on eth0
? (192.168.1.17) at 00:0e:c4:cc:cd:1c [ether] on eth0
? (192.168.1.76) at 00:27:0e:01:31:2c [ether] on eth0
? (192.168.1.50) at 00:22:68:71:d2:91 [ether] on eth0
? (192.168.1.90) at f4:6d:04:74:db:93 [ether] on eth0
? (192.168.1.12) at 00:0e:c4:cc:c1:97 [ether] on eth0
? (192.168.1.100) at 9c:b6:54:8c:1d:2b [ether] on eth0
? (192.168.1.51) at 00:e0:4d:88:6a:31 [ether] on eth1
? (192.168.1.104) at 30:f9:ed:b6:c6:24 [ether] on eth0
? (192.168.1.59) at c0:3f:d5:bf:ec:42 [ether] on eth0
? (192.168.1.73) at b8:97:5a:8b:f5:fc [ether] on eth0
? (192.168.1.47) at c8:60:00:c4:3c:17 [ether] on eth0
? (192.168.201.68) at d8:cb:8a:35:47:e7 [ether] on eth0
? (192.168.1.57) at 40:16:7e:72:09:ae [ether] on eth0
? (192.168.1.138) at 54:04:a6:b2:88:74 [ether] on eth0
? (192.168.1.78) at 30:0e:d5:1a:e8:c5 [ether] on eth0
? (192.168.201.69) at <incomplete> on eth0
? (192.168.1.25) at 30:0e:d5:1a:e1:49 [ether] on eth0
? (192.168.1.115) at 44:d9:e7:4c:f5:fe [ether] on eth0
? (192.168.1.129) at ac:5f:3e:2d:71:80 [ether] on eth1
? (192.168.1.62) at 10:78:d2:8c:12:23 [ether] on eth0
? (192.168.1.45) at d0:27:88:01:8c:70 [ether] on eth0
? (192.168.1.95) at d8:50:e6:bb:6c:99 [ether] on eth0
? (192.168.1.18) at 22:4f:40:6b:3e:d4 [ether] on eth0
? (192.168.1.127) at c0:3f:d5:bf:eb:d4 [ether] on eth0
? (192.168.1.132) at 30:e1:71:cd:a5:4a [ether] on eth0
? (192.168.1.53) at 00:1a:4d:3e:48:96 [ether] on eth0
? (192.168.1.58) at 80:01:84:71:0e:a4 [ether] on eth0
? (192.168.1.60) at 00:25:11:0e:7b:51 [ether] on eth0
? (192.168.1.21) at 10:78:d2:10:6c:e2 [ether] on eth0
? (192.168.1.75) at 90:fb:a6:10:9f:6c [ether] on eth0
? (192.168.1.113) at 44:d9:e7:4c:f9:3b [ether] on eth0
? (192.168.1.39) at d8:cb:8a:35:46:c2 [ether] on eth1
? (192.168.1.101) at fc:15:b4:10:77:53 [ether] on eth0
? (192.168.1.44) at 50:46:5d:50:eb:15 [ether] on eth0
? (192.168.1.37) at 90:fb:a6:35:e1:34 [ether] on eth0
? (192.168.201.101) at fc:15:b4:10:77:53 [ether] on eth0
? (192.168.1.181) at * PERM PUP on eth0
? (192.168.1.202) at * PERM PUP on eth0
? (192.168.1.156) at * PERM PUP on eth0
? (192.168.1.216) at * PERM PUP on eth0
? (192.168.1.234) at * PERM PUP on eth0
? (192.168.1.169) at * PERM PUP on eth0
? (192.168.1.223) at * PERM PUP on eth0
? (192.168.1.185) at * PERM PUP on eth0
? (192.168.1.187) at * PERM PUP on eth0
? (192.168.1.170) at * PERM PUP on eth0

Modules

ip_set 26143 2 xt_set,ip_set_hash_ip
ip_set_hash_ip 21285 0
iptable_filter 2173 1
iptable_mangle 2641 1
iptable_nat 4858 1
iptable_raw 1740 0
ip_tables 9599 4
iptable_raw,iptable_filter,iptable_mangle,iptable_nat
ipt_addrtype 1597 8
ipt_LOG 6790 21
ipt_MASQUERADE 1726 11
ipt_NETMAP 1292 0
ipt_REJECT 1899 4
ipt_ULOG 7132 0
nf_conntrack 65336 34
xt_connlimit,xt_helper,xt_CONNMARK,xt_connmark,xt_conntrack,ipt_MASQUERADE,nf_nat_tftp,nf_nat_snmp_basic,nf_conntrack_snmp,nf_nat_sip,nf_nat_pptp,nf_nat_irc,nf_nat_h323,nf_nat_ftp,nf_nat_amanda,nf_conntrack_amanda,nf_conntrack_sane,nf_conntrack_tftp,nf_conntrack_sip,nf_conntrack_proto_udplite,nf_conntrack_proto_sctp,nf_conntrack_pptp,nf_conntrack_proto_gre,nf_conntrack_netlink,nf_conntrack_netbios_ns,nf_conntrack_broadcast,nf_conntrack_irc,nf_conntrack_h323,nf_conntrack_ftp,iptable_nat,nf_nat,nf_conntrack_ipv4,nf_conntrack_ipv6,xt_state
nf_conntrack_amanda 2279 1 nf_nat_amanda
nf_conntrack_broadcast 1123 2 nf_conntrack_snmp,nf_conntrack_netbios_ns
nf_conntrack_ftp 9515 1 nf_nat_ftp
nf_conntrack_h323 55842 1 nf_nat_h323
nf_conntrack_ipv4 7374 16 iptable_nat,nf_nat
nf_conntrack_ipv6 6588 3
nf_conntrack_irc 4165 1 nf_nat_irc
nf_conntrack_netbios_ns 943 0
nf_conntrack_netlink 14358 0
nf_conntrack_pptp 9281 1 nf_nat_pptp
nf_conntrack_proto_gre 5334 1 nf_conntrack_pptp
nf_conntrack_proto_sctp 10627 0
nf_conntrack_proto_udplite 2648 0
nf_conntrack_sane 4039 0
nf_conntrack_sip 16190 1 nf_nat_sip
nf_conntrack_snmp 1203 1 nf_nat_snmp_basic
nf_conntrack_tftp 3566 1 nf_nat_tftp
nf_defrag_ipv4 1039 2 xt_TPROXY,nf_conntrack_ipv4
nf_defrag_ipv6 16175 2 xt_TPROXY,nf_conntrack_ipv6
nf_nat 18678 11
ipt_NETMAP,ipt_MASQUERADE,nf_nat_tftp,nf_nat_sip,nf_nat_pptp,nf_nat_proto_gre,nf_nat_irc,nf_nat_h323,nf_nat_ftp,nf_nat_amanda,iptable_nat
nf_nat_amanda 812 0
nf_nat_ftp 2538 0
nf_nat_h323 7285 0
nf_nat_irc 1314 0
nf_nat_pptp 3748 0
nf_nat_proto_gre 2124 1 nf_nat_pptp
nf_nat_sip 5234 0
nf_nat_snmp_basic 7495 0
nf_nat_tftp 650 0
nf_tproxy_core 976 1 xt_TPROXY,[permanent]
xt_AUDIT 2548 0
xt_CHECKSUM 947 0
xt_CLASSIFY 721 0
xt_comment 686 30
xt_connlimit 2562 0
xt_CONNMARK 1079 0
xt_connmark 919 0
xt_conntrack 2236 13
xt_dscp 1267 0
xt_DSCP 1643 0
xt_hashlimit 7562 21
xt_helper 1037 0
xt_iprange 1772 0
xt_length 902 0
xt_MARK 709 1
xt_multiport 2216 7
xt_NFLOG 839 0
xt_NFQUEUE 1673 0
xt_owner 904 0
xt_physdev 1441 0
xt_pkttype 814 0
xt_policy 2156 0
xt_realm 712 0
xt_recent 6431 1
xt_set 3236 0
xt_state 1064 3
xt_statistic 1084 0
xt_tcpmss 1163 0
xt_TCPMSS 2993 0
xt_time 1803 0
xt_TPROXY 7579 0

Shorewall has detected the following iptables/netfilter capabilities:
ACCOUNT Target (ACCOUNT_TARGET): Not available
Address Type Match (ADDRTYPE): Available
Amanda Helper: Available
Arptables JF (ARPTABLESJF): Not available
AUDIT Target (AUDIT_TARGET): Available
Basic Ematch (BASIC_EMATCH): Available
Basic Filter (BASIC_FILTER): Available
Capabilities Version (CAPVERSION): 50100
Checksum Target (CHECKSUM_TARGET): Available
CLASSIFY Target (CLASSIFY_TARGET): Available
Comments (COMMENTS): Available
Condition Match (CONDITION_MATCH): Not available
Connection Tracking Match (CONNTRACK_MATCH): Available
Connlimit Match (CONNLIMIT_MATCH): Available
Connmark Match (CONNMARK_MATCH): Available
CONNMARK Target (CONNMARK): Available
CT Target (CT_TARGET): Not available
DSCP Match (DSCP_MATCH): Available
DSCP Target (DSCP_TARGET): Available
Enhanced Multi-port Match (EMULIPORT): Available
Extended Connection Tracking Match Support (NEW_CONNTRACK_MATCH): Available
Extended Connmark Match (XCONNMARK_MATCH): Available
Extended CONNMARK Target (XCONNMARK): Available
Extended MARK Target 2 (EXMARK): Available
Extended MARK Target (XMARK): Available
Extended Multi-port Match (XMULIPORT): Available
Extended REJECT (ENHANCED_REJECT): Available
FLOW Classifier (FLOW_FILTER): Available
FTP-0 Helper: Not available
FTP Helper: Available
fwmark route mask (FWMARK_RT_MASK): Available
Geo IP Match (GEOIP_MATCH): Not available
Goto Support (GOTO_TARGET): Available
H323 Helper: Available
Hashlimit Match (HASHLIMIT_MATCH): Available
Header Match (HEADER_MATCH): Not available
Helper Match (HELPER_MATCH): Available
Iface Match (IFACE_MATCH): Not available
IMQ Target (IMQ_TARGET): Not available
IPMARK Target (IPMARK_TARGET): Not available
IPP2P Match (IPP2P_MATCH): Not available
IP range Match(IPRANGE_MATCH): Available
Ipset Match (IPSET_MATCH): Available
ipset V5 (IPSET_V5): Available
iptables -S (IPTABLES_S): Available
iptables --wait option (WAIT_OPTION): Not available
IRC-0 Helper: Not available
IRC Helper: Available
Kernel Version (KERNELVERSION): 20632
LOGMARK Target (LOGMARK_TARGET): Not available
LOG Target (LOG_TARGET): Available
Mangle FORWARD Chain (MANGLE_FORWARD): Available
Mark in the filter table (MARK_ANYWHERE): Available
MARK Target (MARK): Available
MASQUERADE Target (MASQUERADE_TGT): Available
Multi-port Match (MULTIPORT): Available
NAT (NAT_ENABLED): Available
Netbios_ns Helper: Not available
NETMAP Target (NETMAP_TARGET): Available
New tos Match (NEW_TOS_MATCH): Available
NFAcct Match: Not available
NFLOG Target (NFLOG_TARGET): Available
NFQUEUE CPU Fanout (CPU_FANOUT): Not available
NFQUEUE Target (NFQUEUE_TARGET): Available
Owner Match (OWNER_MATCH): Available
Owner Name Match (OWNER_NAME_MATCH): Available
Packet length Match (LENGTH_MATCH): Available
Packet Mangling (MANGLE_ENABLED): Available
Packet Type Match (USEPKTTYPE): Available
Persistent SNAT (PERSISTENT_SNAT): Available
Physdev-is-bridged Support (PHYSDEV_BRIDGE): Available
Physdev Match (PHYSDEV_MATCH): Available
Policy Match (POLICY_MATCH): Available
PPTP Helper: Available
Raw Table (RAW_TABLE): Available
Realm Match (REALM_MATCH): Available
Recent Match "--reap" option (REAP_OPTION): Not available
Recent Match (RECENT_MATCH): Available
Repeat match (KLUDGEFREE): Available
RPFilter Match (RPFILTER_MATCH): Not available
SANE-0 Helper: Not available
SANE Helper: Available
SIP-0 Helper: Not available
SIP Helper: Available
SNMP Helper: Available
Statistic Match (STATISTIC_MATCH): Available
TARPIT Target (TARPIT_TARGET): Not available
TCPMSS Match (TCPMSS_MATCH): Available
TCPMSS Target (TCPMSS_TARGET): Available
TFTP-0 Helper: Not available
TFTP Helper: Available
Time Match (TIME_MATCH): Available
TPROXY Target (TPROXY_TARGET): Available
UDPLITE Port Redirection (UDPLITEREDIRECT): Not available
ULOG Target (ULOG_TARGET): Available

Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
udp UNCONN 0 0 *:10000
*:* users:(("miniserv.pl",2142,6))
udp UNCONN 0 0 *:42168
*:* users:(("openvpn",1547,3))
udp UNCONN 0 0 *:67
*:* users:(("dhcpd",1978,8))
udp UNCONN 0 0 *:631
*:* users:(("cupsd",1567,9))
udp UNCONN 0 0 192.168.1.201:123
*:* users:(("ntpd",1939,27))
udp UNCONN 0 0 192.168.201.1:123
*:* users:(("ntpd",1939,21))
udp UNCONN 0 0 192.168.1.1:123
*:* users:(("ntpd",1939,20))
udp UNCONN 0 0 192.168.120.34:123
*:* users:(("ntpd",1939,22))
udp UNCONN 0 0 64.64.64.64:123
*:* users:(("ntpd",1939,19))
udp UNCONN 0 0 127.0.0.1:123
*:* users:(("ntpd",1939,18))
udp UNCONN 0 0 *:123
*:* users:(("ntpd",1939,16))
tcp LISTEN 0 50 *:139
*:* users:(("smbd",2101,29))
tcp LISTEN 0 128 *:10000
*:* users:(("miniserv.pl",2142,5))
tcp LISTEN 0 2 127.0.0.1:3350
*:* users:(("xrdp-sesman",1963,6))
tcp LISTEN 0 128 *:22
*:* users:(("sshd",1928,3))
tcp LISTEN 0 128 127.0.0.1:631
*:* users:(("cupsd",1567,7))
tcp LISTEN 0 100 127.0.0.1:25
*:* users:(("master",2064,12))
tcp LISTEN 0 3 *:1723
*:* users:(("pptpd",2077,6))
tcp LISTEN 0 50 *:445
*:* users:(("smbd",2101,28))
tcp LISTEN 0 2 *:3389
*:* users:(("xrdp",1958,6))
tcp ESTAB 0 0 192.168.1.1:445
192.168.1.25:51328 users:(("smbd",10253,31))
tcp ESTAB 0 0 64.64.64.64:1723
186.116.155.102:49368 users:(("pptpctrl",7027,0))
tcp ESTAB 0 0 64.64.64.64:1723
190.130.98.167:33836 users:(("pptpctrl",10084,0))
tcp ESTAB 0 0 64.64.64.64:1723
186.29.251.27:21488 users:(("pptpctrl",9969,0))
tcp ESTAB 0 0 64.64.64.64:1723
200.89.254.40:49185 users:(("pptpctrl",10255,0))
tcp ESTAB 0 0 192.168.1.1:445
192.168.1.23:49968 users:(("smbd",10172,31))
tcp ESTAB 0 0 64.64.64.64:1723
186.29.251.27:20684 users:(("pptpctrl",9899,0))
tcp ESTAB 0 0 64.64.64.64:1723
186.118.112.173:49170 users:(("pptpctrl",10403,0))
tcp ESTAB 0 40 192.168.120.34:22
192.168.120.1:43326 users:(("sshd",10417,3))
tcp ESTAB 0 0 64.64.64.64:1723
186.112.35.41:49283 users:(("pptpctrl",8631,0))
tcp ESTAB 0 0 64.64.64.64:1723
181.232.94.192:21082 users:(("pptpctrl",10059,0))
tcp ESTAB 0 0 64.64.64.64:1723
181.141.196.59:49218 users:(("pptpctrl",10158,0))
tcp ESTAB 0 0 64.64.64.64:1723
201.236.252.136:49189 users:(("pptpctrl",10173,0))

Traffic Control

Device eth1:
qdisc mq 0: root
Sent 16868773541 bytes 39520048 pkt (dropped 0, overlimits 0 requeues 1)
rate 0bit 0pps backlog 0b 0p requeues 1
qdisc pfifo_fast 0: parent :1 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
Sent 16868773541 bytes 39520048 pkt (dropped 0, overlimits 0 requeues 1)
rate 0bit 0pps backlog 0b 0p requeues 1

class mq :1 root
Sent 16868773630 bytes 39520049 pkt (dropped 0, overlimits 0 requeues 1)
backlog 0b 0p requeues 1
class mq :2 root
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
class mq :3 root
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
class mq :4 root
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
class mq :5 root
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0

Device eth0:
qdisc mq 0: root
Sent 117267463551 bytes 85676783 pkt (dropped 0, overlimits 0 requeues 15)
rate 0bit 0pps backlog 0b 0p requeues 15
qdisc pfifo_fast 0: parent :1 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
Sent 117267463551 bytes 85676783 pkt (dropped 0, overlimits 0 requeues 15)
rate 0bit 0pps backlog 0b 0p requeues 15

class mq :1 root
Sent 117267463551 bytes 85676783 pkt (dropped 0, overlimits 0 requeues 15)
backlog 0b 0p requeues 15
class mq :2 root
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
class mq :3 root
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
class mq :4 root
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
class mq :5 root
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0

Device tun0:
qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1
1 1 1 1 1 1
Sent 2239838 bytes 5867 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0


Device ppp0:
qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1
1 1 1 1 1 1
Sent 228240 bytes 1845 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0


Device ppp1:
qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1
1 1 1 1 1 1
Sent 769880 bytes 4065 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0


Device ppp2:
qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1
1 1 1 1 1 1
Sent 154291 bytes 493 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0


Device ppp3:
qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1
1 1 1 1 1 1
Sent 70414511 bytes 24104 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0


Device ppp4:
qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1
1 1 1 1 1 1
Sent 19068 bytes 159 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0


Device ppp5:
qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1
1 1 1 1 1 1
Sent 290075 bytes 635 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0


Device ppp6:
qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1
1 1 1 1 1 1
Sent 917769 bytes 1167 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0


Device ppp7:
qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1
1 1 1 1 1 1
Sent 392439 bytes 959 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0


Device ppp8:
qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1
1 1 1 1 1 1
Sent 13800 bytes 103 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0


Device ppp9:
qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1
1 1 1 1 1 1
Sent 15050 bytes 99 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0



TC Filters

Device eth1:

Device eth0:

Device tun0:

Device ppp0:

Device ppp1:

Device ppp2:

Device ppp3:

Device ppp4:

Device ppp5:

Device ppp6:

Device ppp7:

Device ppp8:

Device ppp9:

Thanks
«Existen dos cosas infinitas:
el universo y la estupidez humana... y no estoy muy seguro de la primera» :
Albert Einstein
Post by Roberto C. Sánchez
Post by kazabe
/etc/shorewall/interfaces
loc eth0
sfilter=(192.168.0.0/24,192.168.2.0/24,192.168.3.0/24,192.168.4.0/24,192.168.5.0
/24,192.168.6.0/24,192.168.7.0/24,192.168.8.0/24,192.168.9.0/24,192.168.10.0/24)
Jul 17 10:53:47 CompanyFirewall kernel: FIREWALL-sfilter DROP IN=eth1
OUT=eth1 SRC=192.168.1.129 DST=104.154.127.85 LEN=1280 TOS=0x00
PREC=0x00 TTL=63 ID=56231 DF PROTO=TCP SPT=55708 DPT=4070 WINDOW=4414
RES=0x00 ACK URGP=0
Jul 17 10:53:47 CompanyFirewall kernel: FIREWALL-sfilter DROP IN=eth1
OUT=eth1 SRC=192.168.1.111 DST=8.8.8.8 LEN=64 TOS=0x00 PREC=0x00
TTL=127 ID=18895 PROTO=UDP SPT=51820 DPT=53 LEN=44
I suspect that you need to add the 'routeback' option to the eth1 entry
in interfaces.
Post by kazabe
If we do a ping to the google dns 8.8.8.8 from a lan pc, dont receive
answer (and the network connection icon in the system Tray show
alert). But if i do a tracert to 8.8.8.8, the alert dissapear and can
access to internet again.
Can you provide the output of 'shorewall dump' run as root after
attempting the ping that fails?
Regards,
-Roberto
--
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
https://lists.sourceforge.net/lists/listinfo/shorewall-users
Tom Eastep
2017-07-24 15:15:54 UTC
Permalink
Post by kazabe
HI.
this is the shorewall dump
In the future, please send dumps as an attachment. It's a pain trying to
read a dump that is folded to a 76-character width. Thanks.
Post by kazabe
Shorewall 5.1.4.1 Dump at CompanyFirewall - vie jul 21 08:22:37 -05 2017
Shorewall is running
State:Started dom jul 16 10:37:02 -05 2017 from /etc/shorewall/
(/var/lib/shorewall/firewall compiled jue jul 6 07:56:38 -05 2017 by
Shorewall version 5.1.4.1)
Jul 21 08:22:37 sfilter DROP IN=eth1 OUT=eth1 SRC=192.168.201.84
DST=200.13.224.254 LEN=64 TOS=0x00 PREC=0x00 TTL=127 ID=15698
PROTO=UDP SPT=62499 DPT=53 LEN=44
Jul 21 08:22:37 loc-net ACCEPT IN=eth0 OUT=eth1 SRC=192.168.1.56
DST=8.8.8.8 LEN=65 TOS=0x00 PREC=0x00 TTL=127 ID=4392 PROTO=UDP
SPT=54314 DPT=53 LEN=45
Jul 21 08:22:37 sfilter DROP IN=eth1 OUT=eth1 SRC=192.168.1.51
DST=200.13.249.101 LEN=61 TOS=0x00 PREC=0x00 TTL=127 ID=26603
PROTO=UDP SPT=56996 DPT=53 LEN=41
Jul 21 08:22:37 sfilter DROP IN=eth1 OUT=eth1 SRC=192.168.1.51
DST=200.13.224.254 LEN=61 TOS=0x00 PREC=0x00 TTL=127 ID=26604
PROTO=UDP SPT=56996 DPT=53 LEN=41
IP Configuration
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
inet 127.0.0.1/8 scope host lo
2: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
inet 64.64.64.64/30 brd 190.248.94.223 scope global eth1
3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
inet 192.168.1.1/24 brd 192.168.1.255 scope global eth0
inet 192.168.201.1/24 brd 192.168.201.255 scope global eth0:0
Note that 192.168.1.51 should interface via eth0, yet the packets from
that host are entering the firewall on eth1! So it looks like you may
have both of the firewall's interfaces connected to the same switch.

-Tom
--
Tom Eastep \ Q: What do you get when you cross a mobster with
Shoreline, \ an international standard?
Washington, USA \ A: Someone who makes you an offer you can't
http://shorewall.org \ understand
\_______________________________________________
Loading...