Hi,
unfortunately ping 217.8.50.65 fails from any host in 10.0.0.0/24.
root@vm103-db:~# ifconfig
eth0 Link encap:Ethernet Hardware Adresse 32:65:65:39:30:35
inet Adresse:10.0.0.3 Bcast:10.0.0.255 Maske:255.255.255.0
inet6-Adresse: fe80::3065:65ff:fe39:3035/64
Gültigkeitsbereich:Verbindung
UP BROADCAST RUNNING MULTICAST MTU:1500 Metrik:1
RX packets:995 errors:0 dropped:0 overruns:0 frame:0
TX packets:1287 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlänge:1000
RX bytes:81193 (79.2 KiB) TX bytes:138709 (135.4 KiB)
lo Link encap:Lokale Schleife
inet Adresse:127.0.0.1 Maske:255.0.0.0
inet6-Adresse: ::1/128 Gültigkeitsbereich:Maschine
UP LOOPBACK RUNNING MTU:65536 Metrik:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlänge:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
root@vm103-db:~# ping 10.0.0.1
PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=0.024 ms
64 bytes from 10.0.0.1: icmp_seq=2 ttl=64 time=0.033 ms
^C
--- 10.0.0.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.024/0.028/0.033/0.007 ms
root@vm103-db:~# ping 217.8.50.86
PING 217.8.50.86 (217.8.50.86) 56(84) bytes of data.
64 bytes from 217.8.50.86: icmp_seq=1 ttl=64 time=0.030 ms
64 bytes from 217.8.50.86: icmp_seq=2 ttl=64 time=0.037 ms
^C
--- 217.8.50.86 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.030/0.033/0.037/0.006 ms
root@vm103-db:~# ping 217.8.50.65
PING 217.8.50.65 (217.8.50.65) 56(84) bytes of data.
^C
--- 217.8.50.65 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1008ms
root@vm103-db:~#
Shorewall dump attached to email.
Traceroute on the Firewall host shows usage of provider "um_business" =
217.8.50.65 as intended:
root@pc4-svp:/etc/shorewall# traceroute web.de
traceroute to web.de (82.165.229.138), 30 hops max, 60 byte packets
1 192.168.1.1 (192.168.1.1) 0.903 ms
HSI-KBW-217-008-050-065.hsi.kabelbw.de (217.8.50.65) 36.113 ms 44.591 ms
2 HSI-KBW-046-005-128-001.hsi8.kabel-badenwuerttemberg.de
(46.5.128.1) 26.457 ms 172.30.21.33 (172.30.21.33) 21.032 ms 21.034 ms
3 172.30.21.53 (172.30.21.53) 21.652 ms 84.116.191.33
(84.116.191.33) 20.814 ms 19.351 ms
4 84.116.191.53 (84.116.191.53) 21.530 ms 84.116.191.2
(84.116.191.2) 24.691 ms 24.920 ms
5 84.116.191.9 (84.116.191.9) 21.423 ms
de-fra04a-rc1-ae1-0.aorta.net (84.116.132.169) 24.979 ms
de-fra04a-rc1-ae2-0.aorta.net (84.116.132.161) 24.981 ms
6 84.116.191.2 (84.116.191.2) 25.299 ms
de-fra01b-rc1-ae5-0.aorta.net (84.116.133.114) 41.485 ms
de-fra01b-ri1-ae1-0.aorta.net (84.116.134.10) 18.813 ms
7 de-fra01b-rc1-ae6-0.aorta.net (84.116.132.193) 16.349 ms
decix.bb-c.act.fra.de.oneandone.net (80.81.193.123) 25.336 ms 25.386 ms
8 de-fra01b-ri1-ae1-0.aorta.net (84.116.134.10) 23.031 ms
ae-11.bb-c.bs.kae.de.oneandone.net (212.227.120.18) 25.384 ms
decix.bb-c.act.fra.de.oneandone.net (80.81.193.123) 25.309 ms
9 decix.bb-c.act.fra.de.oneandone.net (80.81.193.123) 24.158 ms
ae-11.bb-c.bs.kae.de.oneandone.net (212.227.120.18) 25.371 ms
ae-1-0.gw-diste2-a.bs.kae.de.oneandone.net (212.227.121.212) 26.313 ms
10 decix.bb-c.act.fra.de.oneandone.net (80.81.193.123) 24.234 ms
ae-1-0.gw-diste2-a.bs.kae.de.oneandone.net (212.227.121.212) 26.286 ms
25.646 ms
11 bs.web.de (82.165.229.138) 13.424 ms 40.444 ms 39.264 ms
root@pc4-svp:/etc/shorewall#
THX
Am 22.03.2016 um 16:23 schrieb Tom Eastep:
On 03/21/2016 04:51 PM, Thomas Schneider wrote:
Hi Tom,
unfortunately it still fails.
This is the new configuration:
Please do the following:
a) shorewall reset
That resets the netfilter counters.
b) From a host in 10.0.0.0/24, ping 10.0.0.1 -- I assume that will work.
c) From the same host, ping 217.8.50.86. If that works, then
d) From the same host, ping 217.8.50.65
If that fails, capture and post the output of 'shorewall dump'.
If that works, then the routing configuration is correct. In that case,
please change the loc->net policy entry to log rejected packets,
'shorewall restart' and try whatever it is that "doesn't work",
When that fails:
Tell us *exactly* what you tried to do (including source IP address,
destination IP address or DNS name of the server involved), and tell us
what the result was (all error messages). Please forward that
information along with the output of 'shorewall dump'.
Thanks,
-Tom
PS -- I will try to respond today, but I have a very busy day scheduled,
so it may be this evening.
------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785351&iu=/4140
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
Shorewall 5.0.7 Dump at pc4-svp - Mo 28. Mär 14:25:57 CEST 2016
Shorewall is running
State:Started (Mo 28. Mär 14:18:55 CEST 2016) from /etc/shorewall/
(/var/lib/shorewall/firewall compiled by Shorewall version 5.0.7)
Counters reset Mo 28. Mär 14:18:55 CEST 2016
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
4166 1014K UMP_IF_in all -- vmbr2 * 0.0.0.0/0 0.0.0.0/0
598 208K UMB_IF_in all -- eth0 * 0.0.0.0/0 0.0.0.0/0
112 16367 INT_IF_in all -- vmbr0 * 0.0.0.0/0 0.0.0.0/0
0 0 vpn-fw all -- tun+ * 0.0.0.0/0 0.0.0.0/0
153 16255 dmz-fw all -- vmbr1 * 0.0.0.0/0 0.0.0.0/0
1668 7262K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix "Shorewall:INPUT:REJECT:"
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 UMP_IF_fwd all -- vmbr2 * 0.0.0.0/0 0.0.0.0/0
0 0 UMB_IF_fwd all -- eth0 * 0.0.0.0/0 0.0.0.0/0
26 2184 INT_IF_fwd all -- vmbr0 * 0.0.0.0/0 0.0.0.0/0
0 0 vpn_frwd all -- tun+ * 0.0.0.0/0 0.0.0.0/0
14 944 dmz_frwd all -- vmbr1 * 0.0.0.0/0 0.0.0.0/0
4 240 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
4 240 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix "Shorewall:FORWARD:REJECT:"
4 240 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
2993 7409K ACCEPT all -- * vmbr2 0.0.0.0/0 0.0.0.0/0
18 1344 ACCEPT all -- * eth0 0.0.0.0/0 0.0.0.0/0
170 14054 INT_IF_out all -- * vmbr0 0.0.0.0/0 0.0.0.0/0
1912 7282K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain Broadcast (2 references)
pkts bytes target prot opt in out source destination
23 2546 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type BROADCAST
3 108 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type MULTICAST
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type ANYCAST
Chain Drop (1 references)
pkts bytes target prot opt in out source destination
1 40 all -- * * 0.0.0.0/0 0.0.0.0/0
1 40 Broadcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 3 code 4 /* Needed ICMP types */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 11 /* Needed ICMP types */
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,445 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:137:139 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:137 dpts:1024:65535 /* SMB */
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,139,445 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1900 /* UPnP */
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:!0x17/0x02
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:53 /* Late DNS Replies */
Chain INT_IF_fwd (1 references)
pkts bytes target prot opt in out source destination
26 2184 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
0 0 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
26 2184 loc_frwd all -- * * 10.0.0.0/24 0.0.0.0/0
Chain INT_IF_in (1 references)
pkts bytes target prot opt in out source destination
10 768 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:67:68
98 15239 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp -- * * 0.0.0.0 0.0.0.0/0
udp dpts:67:68
112 16367 ~comb1 all -- * * 10.0.0.0/24 0.0.0.0/0
Chain INT_IF_out (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:67:68
170 14054 ACCEPT all -- * * 0.0.0.0/0 10.0.0.0/24
0 0 ACCEPT all -- * * 0.0.0.0/0
255.255.255.255
0 0 ACCEPT all -- * * 0.0.0.0/0 224.0.0.0/4
Chain Reject (9 references)
pkts bytes target prot opt in out source destination
65 5314 all -- * * 0.0.0.0/0 0.0.0.0/0
65 5314 Broadcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 3 code 4 /* Needed ICMP types */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 11 /* Needed ICMP types */
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,445 /* SMB */
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:137:139 /* SMB */
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:137 dpts:1024:65535 /* SMB */
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,139,445 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1900 /* UPnP */
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:!0x17/0x02
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:53 /* Late DNS Replies */
Chain UMB_IF_fwd (1 references)
pkts bytes target prot opt in out source destination
0 0 sfilter all -- * eth0 0.0.0.0/0 0.0.0.0/0
[goto]
0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
0 0 smurfs all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
0 0 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 net_frwd all -- * * 0.0.0.0/0 0.0.0.0/0
Chain UMB_IF_in (1 references)
pkts bytes target prot opt in out source destination
581 206K dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
581 206K smurfs all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
578 206K ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:67:68
3 136 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
20 2129 net-fw all -- * * 0.0.0.0/0 0.0.0.0/0
Chain UMP_IF_fwd (1 references)
pkts bytes target prot opt in out source destination
0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
0 0 smurfs all -- * * 192.168.178.0/24 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
0 0 smurfs all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
0 0 tcpflags tcp -- * * 192.168.178.0/24 0.0.0.0/0
0 0 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 fb_frwd all -- * * 192.168.178.0/24 0.0.0.0/0
0 0 net_frwd all -- * * 0.0.0.0/0 0.0.0.0/0
Chain UMP_IF_in (1 references)
pkts bytes target prot opt in out source destination
142 9406 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
142 9406 smurfs all -- * * 192.168.178.0/24 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
142 9406 smurfs all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
4150 1012K tcpflags tcp -- * * 192.168.178.0/24 0.0.0.0/0
4150 1012K tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
4164 1014K ~comb1 all -- * * 192.168.178.0/24 0.0.0.0/0
2 286 net-fw all -- * * 0.0.0.0/0 0.0.0.0/0
Chain all-all (7 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
19 2122 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix "Shorewall:all-all:REJECT:"
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain dmz-all (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain dmz-fw (1 references)
pkts bytes target prot opt in out source destination
30 2080 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
121 14007 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
123 14175 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:22
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 4505,4506
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
30 2080 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
23 1548 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain dmz-net (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0
130.89.148.12 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0
195.20.242.89 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0
87.230.23.19 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0
198.199.77.106 tcp dpt:80
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
10 704 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
10 704 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain dmz_frwd (1 references)
pkts bytes target prot opt in out source destination
14 944 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
4 240 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 dmz-all all -- * vmbr2 0.0.0.0/0
192.168.178.0/24
10 704 dmz-net all -- * eth0 0.0.0.0/0 0.0.0.0/0
0 0 dmz-net all -- * vmbr2 0.0.0.0/0 0.0.0.0/0
0 0 dmz-all all -- * tun+ 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * vmbr1 0.0.0.0/0 0.0.0.0/0
Chain dynamic (10 references)
pkts bytes target prot opt in out source destination
Chain fb-net (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 80,443 /* HTTP, HTTPS */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- * * 192.168.178.121 0.0.0.0/0
tcp dpt:5938
0 0 ACCEPT tcp -- * * 192.168.178.48 0.0.0.0/0
tcp dpt:5938
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain fb_frwd (1 references)
pkts bytes target prot opt in out source destination
0 0 fb-net all -- * eth0 0.0.0.0/0 0.0.0.0/0
0 0 fb-net all -- * vmbr2 0.0.0.0/0 0.0.0.0/0
0 0 all-all all -- * tun+ 0.0.0.0/0 0.0.0.0/0
0 0 ~comb0 all -- * vmbr1 0.0.0.0/0 0.0.0.0/0
Chain loc-net (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 80,443,143 /* HTTP, HTTPS, IMAP */
24 2016 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain loc_frwd (1 references)
pkts bytes target prot opt in out source destination
24 2016 loc-net all -- * eth0 0.0.0.0/0 0.0.0.0/0
0 0 loc-net all -- * vmbr2 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * vmbr0 0.0.0.0/0 10.0.0.0/24
0 0 all-all all -- * tun+ 0.0.0.0/0 0.0.0.0/0
2 168 ~comb0 all -- * vmbr1 0.0.0.0/0 0.0.0.0/0
Chain logdrop (0 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logflags (7 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 4 level 6 prefix "Shorewall:logflags:DROP:"
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logreject (0 references)
pkts bytes target prot opt in out source destination
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
Chain net-all (4 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
1 40 Drop all -- * * 0.0.0.0/0 0.0.0.0/0
1 40 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix "Shorewall:net-all:DROP:"
1 40 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain net-dmz (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 143,25,80,443,465,587,993
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 10.1.0.4
tcp dpt:25 limit: avg 5/sec burst 10
0 0 net-all all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain net-fw (2 references)
pkts bytes target prot opt in out source destination
19 2279 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
2 96 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:22
0 0 DROP icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 8 /* Ping */
1 40 net-all all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain net-loc (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 10.0.0.2
multiport dports 80,443 limit: avg 5/sec burst 10
0 0 net-all all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain net_frwd (2 references)
pkts bytes target prot opt in out source destination
0 0 ~comb2 all -- * vmbr2 0.0.0.0/0
192.168.178.0/24
0 0 ACCEPT all -- * eth0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * vmbr2 0.0.0.0/0 0.0.0.0/0
0 0 net-loc all -- * vmbr0 0.0.0.0/0 10.0.0.0/24
0 0 net-loc all -- * vmbr0 0.0.0.0/0 224.0.0.0/4
0 0 ~comb2 all -- * tun+ 0.0.0.0/0 0.0.0.0/0
0 0 net-dmz all -- * vmbr1 0.0.0.0/0 0.0.0.0/0
Chain reject (18 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match src-type BROADCAST
0 0 DROP all -- * * 224.0.0.0/4 0.0.0.0/0
0 0 DROP 2 -- * * 0.0.0.0/0 0.0.0.0/0
4 240 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with tcp-reset
24 1496 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-port-unreachable
11 924 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-unreachable
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-prohibited
Chain sfilter (2 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix "Shorewall:sfilter:DROP:"
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain sha-lh-220bcda30542f36a9a92 (0 references)
pkts bytes target prot opt in out source destination
Chain sha-rh-3b0f56274dfe5cb9024a (0 references)
pkts bytes target prot opt in out source destination
Chain shorewall (0 references)
pkts bytes target prot opt in out source destination
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0
recent: SET name: %CURRENTTIME side: source mask: 255.255.255.255
Chain smurflog (2 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix "Shorewall:smurfs:DROP:"
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain smurfs (6 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- * * 0.0.0.0 0.0.0.0/0
0 0 smurflog all -- * * 0.0.0.0/0 0.0.0.0/0
[goto] ADDRTYPE match src-type BROADCAST
0 0 smurflog all -- * * 224.0.0.0/4 0.0.0.0/0
[goto]
Chain tcpflags (12 references)
pkts bytes target prot opt in out source destination
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x3F/0x29
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x3F/0x00
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x06/0x06
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x05/0x05
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x03/0x03
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x19/0x09
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp spt:0 flags:0x17/0x02
Chain vpn-dmz (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 143,25,80,443,465,587,993
0 0 all-all all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain vpn-fw (1 references)
pkts bytes target prot opt in out source destination
0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
0 0 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:22
0 0 all-all all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain vpn_frwd (1 references)
pkts bytes target prot opt in out source destination
0 0 sfilter all -- * tun+ 0.0.0.0/0 0.0.0.0/0
[goto]
0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
0 0 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 all-all all -- * vmbr0 0.0.0.0/0 10.0.0.0/24
0 0 all-all all -- * vmbr0 0.0.0.0/0 224.0.0.0/4
0 0 vpn-dmz all -- * vmbr1 0.0.0.0/0 0.0.0.0/0
Chain ~comb0 (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 143,25,80,443,465,587,993
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpts:2200:2299
2 168 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
2 168 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain ~comb1 (2 references)
pkts bytes target prot opt in out source destination
4124 1020K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:53 /* DNS */
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 53,2214 /* DNS and others */
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:22
129 7740 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:8006
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 443,5900:5999
3 252 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 8 /* Ping */
1 60 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 4505,4506
19 2122 all-all all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain ~comb2 (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID
0 0 net-all all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Log (/var/log/messages)
Mar 28 10:03:08 net-all:DROP:IN=eth0 OUT= SRC=60.240.5.77 DST=217.8.50.86
LEN=60 TOS=0x00 PREC=0x00 TTL=42 ID=61237 DF PROTO=TCP SPT=36152 DPT=23
WINDOW=5808 RES=0x00 SYN URGP=0 MARK=0x10000
Mar 28 10:03:14 net-all:DROP:IN=eth0 OUT= SRC=60.240.5.77 DST=217.8.50.86
LEN=60 TOS=0x00 PREC=0x00 TTL=42 ID=61238 DF PROTO=TCP SPT=36152 DPT=23
WINDOW=5808 RES=0x00 SYN URGP=0 MARK=0x10000
Mar 28 10:05:30 net-all:DROP:IN=eth0 OUT= SRC=122.52.131.189 DST=217.8.50.86
LEN=56 TOS=0x00 PREC=0x00 TTL=49 ID=55907 DF PROTO=TCP SPT=54815 DPT=23
WINDOW=5808 RES=0x00 SYN URGP=0 MARK=0x10000
Mar 28 10:06:29 net-all:DROP:IN=eth0 OUT= SRC=222.186.31.206 DST=217.8.50.86
LEN=40 TOS=0x00 PREC=0x00 TTL=100 ID=256 PROTO=TCP SPT=6000 DPT=8080
WINDOW=16384 RES=0x00 SYN URGP=0 MARK=0x10000
Mar 28 10:20:20 net-all:DROP:IN=eth0 OUT= SRC=119.90.36.229 DST=217.8.50.86
LEN=40 TOS=0x00 PREC=0x00 TTL=102 ID=256 PROTO=TCP SPT=6000 DPT=1433
WINDOW=16384 RES=0x00 SYN URGP=0 MARK=0x10000
Mar 28 10:21:24 all-all:REJECT:IN=vmbr2 OUT= SRC=192.168.178.48
DST=192.168.178.14 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=2567 DF PROTO=TCP
SPT=53594 DPT=9000 WINDOW=29200 RES=0x00 SYN URGP=0 MARK=0x20000
Mar 28 10:22:07 net-all:DROP:IN=eth0 OUT= SRC=223.4.174.30 DST=217.8.50.86
LEN=40 TOS=0x00 PREC=0x00 TTL=109 ID=256 PROTO=TCP SPT=14508 DPT=5900
WINDOW=16384 RES=0x00 SYN URGP=0 MARK=0x10000
Mar 28 10:22:21 net-all:DROP:IN=eth0 OUT= SRC=117.239.51.155 DST=217.8.50.86
LEN=52 TOS=0x00 PREC=0x00 TTL=47 ID=43913 DF PROTO=TCP SPT=58329 DPT=23
WINDOW=14600 RES=0x00 SYN URGP=0 MARK=0x10000
Mar 28 10:22:47 net-all:DROP:IN=eth0 OUT= SRC=184.105.247.207 DST=217.8.50.86
LEN=74 TOS=0x00 PREC=0x00 TTL=53 ID=8480 DF PROTO=UDP SPT=59511 DPT=5353 LEN=54
MARK=0x10000
Mar 28 10:35:33 net-all:DROP:IN=eth0 OUT= SRC=189.89.15.168 DST=217.8.50.86
LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=6406 DF PROTO=TCP SPT=3952 DPT=4028
WINDOW=5808 RES=0x00 SYN URGP=0 MARK=0x10000
Mar 28 10:35:42 net-all:DROP:IN=eth0 OUT= SRC=189.89.15.168 DST=217.8.50.86
LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=6408 DF PROTO=TCP SPT=3952 DPT=4028
WINDOW=5808 RES=0x00 SYN URGP=0 MARK=0x10000
Mar 28 10:41:27 net-all:DROP:IN=eth0 OUT= SRC=14.162.65.64 DST=217.8.50.86
LEN=52 TOS=0x00 PREC=0x00 TTL=47 ID=62905 DF PROTO=TCP SPT=35193 DPT=23
WINDOW=14600 RES=0x00 SYN URGP=0 MARK=0x10000
Mar 28 10:45:29 net-all:DROP:IN=eth0 OUT= SRC=182.59.130.126 DST=217.8.50.86
LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=40836 DF PROTO=TCP SPT=48424 DPT=23
WINDOW=5840 RES=0x00 SYN URGP=0 MARK=0x10000
Mar 28 10:53:06 net-all:DROP:IN=eth0 OUT= SRC=46.246.124.171 DST=217.8.50.86
LEN=60 TOS=0x00 PREC=0x00 TTL=55 ID=369 DF PROTO=TCP SPT=2991 DPT=23
WINDOW=5840 RES=0x00 SYN URGP=0 MARK=0x10000
Mar 28 10:59:01 net-all:DROP:IN=eth0 OUT= SRC=188.68.224.62 DST=217.8.50.86
LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=64764 PROTO=TCP SPT=55299 DPT=8080
WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x10000
Mar 28 11:52:31 net-all:DROP:IN=eth0 OUT= SRC=101.229.231.15 DST=217.8.50.86
LEN=48 TOS=0x00 PREC=0x00 TTL=46 ID=0 DF PROTO=UDP SPT=16881 DPT=24016 LEN=28
MARK=0x10000
Mar 28 12:00:43 net-all:DROP:IN=eth0 OUT= SRC=79.51.78.79 DST=217.8.50.86
LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=7207 DF PROTO=TCP SPT=3426 DPT=23
WINDOW=5808 RES=0x00 SYN URGP=0 MARK=0x10000
Mar 28 12:28:34 net-all:DROP:IN=eth0 OUT= SRC=116.20.153.8 DST=217.8.50.86
LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=37317 DF PROTO=TCP SPT=58810 DPT=23
WINDOW=5840 RES=0x00 SYN URGP=0 MARK=0x10000
Mar 28 14:19:03 FORWARD:REJECT:IN=vmbr1 OUT=vmbr0 SRC=10.1.0.4 DST=10.0.0.3
LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=9645 DF PROTO=TCP SPT=53072 DPT=3306
WINDOW=29200 RES=0x00 SYN URGP=0
Mar 28 14:21:03 FORWARD:REJECT:IN=vmbr1 OUT=vmbr0 SRC=10.1.0.4 DST=10.0.0.3
LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=65266 DF PROTO=TCP SPT=53096 DPT=3306
WINDOW=29200 RES=0x00 SYN URGP=0
NAT Table
Chain PREROUTING (policy ACCEPT 198 packets, 12974 bytes)
pkts bytes target prot opt in out source destination
1 40 UPnP all -- eth0 * 0.0.0.0/0 0.0.0.0/0
153 9878 UPnP all -- vmbr2 * 0.0.0.0/0 0.0.0.0/0
153 9878 RETURN all -- vmbr2 * 192.168.178.0/24 0.0.0.0/0
1 40 net_dnat all -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 net_dnat all -- vmbr2 * 0.0.0.0/0 0.0.0.0/0
Chain INPUT (policy ACCEPT 133 packets, 8052 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 48 packets, 3322 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 53 packets, 3566 bytes)
pkts bytes target prot opt in out source destination
Chain UPnP (2 references)
pkts bytes target prot opt in out source destination
Chain net_dnat (2 references)
pkts bytes target prot opt in out source destination
0 0 DNAT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0
multiport dports 80,443 to:10.0.0.2
0 0 DNAT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0
tcp dpt:25 to:10.1.0.4
Mangle Table
Chain PREROUTING (policy ACCEPT 6752 packets, 8521K bytes)
pkts bytes target prot opt in out source destination
6752 8521K CONNMARK all -- * * 0.0.0.0/0 0.0.0.0/0
CONNMARK restore mask 0x30000
20 2129 routemark all -- eth0 * 0.0.0.0/0 0.0.0.0/0
mark match 0x0/0x30000
156 10240 routemark all -- vmbr2 * 0.0.0.0/0 0.0.0.0/0
mark match 0x0/0x30000
Chain INPUT (policy ACCEPT 6698 packets, 8517K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 40 packets, 3128 bytes)
pkts bytes target prot opt in out source destination
40 3128 MARK all -- * * 0.0.0.0/0 0.0.0.0/0
MARK and 0xfffcffff
Chain OUTPUT (policy ACCEPT 5093 packets, 15M bytes)
pkts bytes target prot opt in out source destination
5093 15M CONNMARK all -- * * 0.0.0.0/0 0.0.0.0/0
CONNMARK restore mask 0x30000
Chain POSTROUTING (policy ACCEPT 5130 packets, 15M bytes)
pkts bytes target prot opt in out source destination
Chain routemark (2 references)
pkts bytes target prot opt in out source destination
20 2129 MARK all -- eth0 * 0.0.0.0/0 0.0.0.0/0
MARK xset 0x10000/0x30000
156 10240 MARK all -- vmbr2 * 0.0.0.0/0 0.0.0.0/0
MARK xset 0x20000/0x30000
176 12369 CONNMARK all -- * * 0.0.0.0/0 0.0.0.0/0
mark match ! 0x0/0x30000 CONNMARK save mask 0x30000
Raw Table
Chain PREROUTING (policy ACCEPT 6752 packets, 8521K bytes)
pkts bytes target prot opt in out source destination
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:10080 CT helper amanda
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:21 CT helper ftp
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1719 CT helper RAS
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:1720 CT helper Q.931
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:6667 CT helper irc
6 468 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:137 CT helper netbios-ns
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:1723 CT helper pptp
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:6566 CT helper sane
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:5060 CT helper sip
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:161 CT helper snmp
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:69 CT helper tftp
Chain OUTPUT (policy ACCEPT 5093 packets, 15M bytes)
pkts bytes target prot opt in out source destination
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:10080 CT helper amanda
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:21 CT helper ftp
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1719 CT helper RAS
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:1720 CT helper Q.931
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:6667 CT helper irc
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:137 CT helper netbios-ns
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:1723 CT helper pptp
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:6566 CT helper sane
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:5060 CT helper sip
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:161 CT helper snmp
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:69 CT helper tftp
Conntrack Table (39 out of 262144)
IP Configuration
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
default
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
group default qlen 1000
inet 217.8.50.86/26 brd 255.255.255.255 scope global eth0
valid_lft forever preferred_lft forever
5: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
group default
inet 10.0.0.1/24 brd 10.0.0.255 scope global vmbr0
valid_lft forever preferred_lft forever
6: vmbr1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
group default
inet 10.1.0.1/24 brd 10.1.0.255 scope global vmbr1
valid_lft forever preferred_lft forever
7: vmbr2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
group default
inet 192.168.178.14/24 brd 192.168.178.255 scope global vmbr2
valid_lft forever preferred_lft forever
IP Stats
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode
DEFAULT group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
RX: bytes packets errors dropped overrun mcast
10801759 6284 0 0 0 0
TX: bytes packets errors dropped carrier collsns
10801759 6284 0 0 0 0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
mode DEFAULT group default qlen 1000
link/ether 74:d4:35:1a:f6:0f brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
16117921 195196 0 0 0 0
TX: bytes packets errors dropped carrier collsns
45201 484 0 0 0 0
3: eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast master
vmbr1 state DOWN mode DEFAULT group default qlen 1000
link/ether 00:15:17:91:9c:b8 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
0 0 0 0 0 0
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master
vmbr2 state UP mode DEFAULT group default qlen 1000
link/ether 00:15:17:91:9c:b9 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
5772708 32526 0 0 0 1133
TX: bytes packets errors dropped carrier collsns
20925054 28547 0 0 0 0
5: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
mode DEFAULT group default
link/ether fe:32:cd:f2:6d:5d brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
112359 1210 0 0 0 0
TX: bytes packets errors dropped carrier collsns
71661 881 0 0 0 0
6: vmbr1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
mode DEFAULT group default
link/ether 00:15:17:91:9c:b8 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
89285 1312 0 0 0 0
TX: bytes packets errors dropped carrier collsns
65288 735 0 0 0 0
7: vmbr2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
mode DEFAULT group default
link/ether 00:15:17:91:9c:b9 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
5056007 31983 0 3781 0 0
TX: bytes packets errors dropped carrier collsns
17904588 17477 0 0 0 0
8: tap121i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc
pfifo_fast master vmbr2 state UNKNOWN mode DEFAULT group default qlen 500
link/ether 72:3f:23:f2:16:d2 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
2572924 6221 0 0 0 0
TX: bytes packets errors dropped carrier collsns
1001208 7886 0 0 0 0
10: veth103i0@if9: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
master vmbr0 state UP mode DEFAULT group default qlen 1000
link/ether fe:32:cd:f2:6d:5d brd ff:ff:ff:ff:ff:ff link-netnsid 0
RX: bytes packets errors dropped overrun mcast
129299 1210 0 0 0 0
TX: bytes packets errors dropped carrier collsns
71481 879 0 0 0 0
12: veth104i0@if11: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
master vmbr1 state UP mode DEFAULT group default qlen 1000
link/ether fe:aa:b1:54:11:4e brd ff:ff:ff:ff:ff:ff link-netnsid 1
RX: bytes packets errors dropped overrun mcast
107653 1312 0 0 0 0
TX: bytes packets errors dropped carrier collsns
65936 743 0 0 0 0
Bridges
bridge name bridge id STP enabled interfaces
vmbr0 8000.fe32cdf26d5d no veth103i0
vmbr1 8000.001517919cb8 no eth1
veth104i0
vmbr2 8000.001517919cb9 no eth2
tap121i0
Routing Rules
0: from all lookup local
999: from all lookup main
1000: from 217.8.50.86 lookup um_business
1000: from 192.168.178.14 lookup um_private
10000: from all fwmark 0x10000/0x30000 lookup um_business
10001: from all fwmark 0x20000/0x30000 lookup um_private
11000: from all iif vmbr1 lookup um_business
32765: from all lookup balance
32767: from all lookup default
Table balance:
default nexthop via 217.8.50.65 dev eth0 weight 2 nexthop via 192.168.178.1 dev
vmbr2 weight 1
Table default:
Table local:
local 217.8.50.86 dev eth0 proto kernel scope host src 217.8.50.86
local 192.168.178.14 dev vmbr2 proto kernel scope host src 192.168.178.14
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
local 10.1.0.1 dev vmbr1 proto kernel scope host src 10.1.0.1
local 10.0.0.1 dev vmbr0 proto kernel scope host src 10.0.0.1
broadcast 217.8.50.64 dev eth0 proto kernel scope link src 217.8.50.86
broadcast 217.8.50.127 dev eth0 proto kernel scope link src 217.8.50.86
broadcast 192.168.178.255 dev vmbr2 proto kernel scope link src 192.168.178.14
broadcast 192.168.178.0 dev vmbr2 proto kernel scope link src 192.168.178.14
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1
broadcast 10.1.0.255 dev vmbr1 proto kernel scope link src 10.1.0.1
broadcast 10.1.0.0 dev vmbr1 proto kernel scope link src 10.1.0.1
broadcast 10.0.0.255 dev vmbr0 proto kernel scope link src 10.0.0.1
broadcast 10.0.0.0 dev vmbr0 proto kernel scope link src 10.0.0.1
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1
Table main:
217.8.50.65 dev eth0 scope link src 217.8.50.86
192.168.178.1 dev vmbr2 scope link src 192.168.178.14
217.8.50.64/26 dev eth0 proto kernel scope link src 217.8.50.86
192.168.178.0/24 dev vmbr2 proto kernel scope link src 192.168.178.14
10.1.0.0/24 dev vmbr1 proto kernel scope link src 10.1.0.1
10.0.0.0/24 dev vmbr0 proto kernel scope link src 10.0.0.1
blackhole 192.168.0.0/16
blackhole 172.16.0.0/12
blackhole 10.0.0.0/8
Table um_business:
217.8.50.65 dev eth0 scope link src 217.8.50.86
default via 217.8.50.65 dev eth0 src 217.8.50.86
Table um_private:
192.168.178.1 dev vmbr2 scope link src 192.168.178.14
default via 192.168.178.1 dev vmbr2 src 192.168.178.14
Per-IP Counters
iptaccount is not installed
NF Accounting
Events
/proc
/proc/version = Linux version 4.2.8-1-pve (root@elsa) (gcc version 4.9.2
(Debian 4.9.2-10) ) #1 SMP Fri Feb 26 16:37:36 CET 2016
/proc/sys/net/ipv4/ip_forward = 1
/proc/sys/net/ipv4/icmp_echo_ignore_all = 0
/proc/sys/net/ipv4/conf/all/proxy_arp = 0
/proc/sys/net/ipv4/conf/all/arp_filter = 0
/proc/sys/net/ipv4/conf/all/arp_ignore = 0
/proc/sys/net/ipv4/conf/all/rp_filter = 0
/proc/sys/net/ipv4/conf/all/log_martians = 0
/proc/sys/net/ipv4/conf/default/proxy_arp = 0
/proc/sys/net/ipv4/conf/default/arp_filter = 0
/proc/sys/net/ipv4/conf/default/arp_ignore = 0
/proc/sys/net/ipv4/conf/default/rp_filter = 0
/proc/sys/net/ipv4/conf/default/log_martians = 1
/proc/sys/net/ipv4/conf/eth0/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth0/arp_filter = 0
/proc/sys/net/ipv4/conf/eth0/arp_ignore = 1
/proc/sys/net/ipv4/conf/eth0/rp_filter = 0
/proc/sys/net/ipv4/conf/eth0/log_martians = 1
/proc/sys/net/ipv4/conf/eth1/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth1/arp_filter = 0
/proc/sys/net/ipv4/conf/eth1/arp_ignore = 0
/proc/sys/net/ipv4/conf/eth1/rp_filter = 0
/proc/sys/net/ipv4/conf/eth1/log_martians = 1
/proc/sys/net/ipv4/conf/eth2/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth2/arp_filter = 0
/proc/sys/net/ipv4/conf/eth2/arp_ignore = 0
/proc/sys/net/ipv4/conf/eth2/rp_filter = 0
/proc/sys/net/ipv4/conf/eth2/log_martians = 1
/proc/sys/net/ipv4/conf/lo/proxy_arp = 0
/proc/sys/net/ipv4/conf/lo/arp_filter = 0
/proc/sys/net/ipv4/conf/lo/arp_ignore = 0
/proc/sys/net/ipv4/conf/lo/rp_filter = 0
/proc/sys/net/ipv4/conf/lo/log_martians = 1
/proc/sys/net/ipv4/conf/tap121i0/proxy_arp = 0
/proc/sys/net/ipv4/conf/tap121i0/arp_filter = 0
/proc/sys/net/ipv4/conf/tap121i0/arp_ignore = 0
/proc/sys/net/ipv4/conf/tap121i0/rp_filter = 0
/proc/sys/net/ipv4/conf/tap121i0/log_martians = 1
/proc/sys/net/ipv4/conf/veth103i0/proxy_arp = 0
/proc/sys/net/ipv4/conf/veth103i0/arp_filter = 0
/proc/sys/net/ipv4/conf/veth103i0/arp_ignore = 0
/proc/sys/net/ipv4/conf/veth103i0/rp_filter = 0
/proc/sys/net/ipv4/conf/veth103i0/log_martians = 1
/proc/sys/net/ipv4/conf/veth104i0/proxy_arp = 0
/proc/sys/net/ipv4/conf/veth104i0/arp_filter = 0
/proc/sys/net/ipv4/conf/veth104i0/arp_ignore = 0
/proc/sys/net/ipv4/conf/veth104i0/rp_filter = 0
/proc/sys/net/ipv4/conf/veth104i0/log_martians = 1
/proc/sys/net/ipv4/conf/vmbr0/proxy_arp = 0
/proc/sys/net/ipv4/conf/vmbr0/arp_filter = 0
/proc/sys/net/ipv4/conf/vmbr0/arp_ignore = 0
/proc/sys/net/ipv4/conf/vmbr0/rp_filter = 1
/proc/sys/net/ipv4/conf/vmbr0/log_martians = 1
/proc/sys/net/ipv4/conf/vmbr1/proxy_arp = 1
/proc/sys/net/ipv4/conf/vmbr1/arp_filter = 0
/proc/sys/net/ipv4/conf/vmbr1/arp_ignore = 0
/proc/sys/net/ipv4/conf/vmbr1/rp_filter = 0
/proc/sys/net/ipv4/conf/vmbr1/log_martians = 1
/proc/sys/net/ipv4/conf/vmbr2/proxy_arp = 0
/proc/sys/net/ipv4/conf/vmbr2/arp_filter = 0
/proc/sys/net/ipv4/conf/vmbr2/arp_ignore = 1
/proc/sys/net/ipv4/conf/vmbr2/rp_filter = 0
/proc/sys/net/ipv4/conf/vmbr2/log_martians = 1
ARP
? (10.0.0.3) auf 32:65:65:39:30:35 [ether] auf vmbr0
? (192.168.178.1) auf c8:0e:14:de:97:70 [ether] auf vmbr2
? (10.1.0.4) auf 66:62:62:66:65:62 [ether] auf vmbr1
? (192.168.178.48) auf 58:94:6b:a4:2a:cc [ether] auf vmbr2
? (217.8.50.65) auf 00:01:5c:23:8e:01 [ether] auf eth0
Modules
ip_set 45056 0
iptable_filter 16384 2
iptable_mangle 16384 1
iptable_nat 16384 1
iptable_raw 16384 1
ip_tables 28672 4
iptable_filter,iptable_mangle,iptable_nat,iptable_raw
ipt_REJECT 16384 4
nf_conntrack 106496 29
nf_nat_ftp,nf_nat_irc,nf_nat_sip,nf_nat_amanda,xt_CT,nf_nat_snmp_basic,nf_conntrack_netbios_ns,nf_conntrack_proto_gre,nf_conntrack_proto_udplite,nf_nat,nf_nat_h323,nf_nat_ipv4,nf_nat_pptp,nf_nat_tftp,xt_conntrack,nf_conntrack_amanda,nf_conntrack_proto_sctp,nf_conntrack_netlink,nf_conntrack_broadcast,xt_connmark,nf_conntrack_ftp,nf_conntrack_irc,nf_conntrack_sip,nf_conntrack_h323,nf_conntrack_ipv4,nf_conntrack_pptp,nf_conntrack_sane,nf_conntrack_snmp,nf_conntrack_tftp
nf_conntrack_amanda 16384 3 nf_nat_amanda
nf_conntrack_broadcast 16384 2 nf_conntrack_netbios_ns,nf_conntrack_snmp
nf_conntrack_ftp 20480 3 nf_nat_ftp
nf_conntrack_h323 77824 5 nf_nat_h323
nf_conntrack_ipv4 20480 65
nf_conntrack_irc 16384 3 nf_nat_irc
nf_conntrack_netbios_ns 16384 2
nf_conntrack_netlink 36864 0
nf_conntrack_pptp 20480 3 nf_nat_pptp
nf_conntrack_proto_gre 16384 1 nf_conntrack_pptp
nf_conntrack_proto_sctp 20480 0
nf_conntrack_proto_udplite 16384 0
nf_conntrack_sane 16384 2
nf_conntrack_sip 28672 3 nf_nat_sip
nf_conntrack_snmp 16384 3 nf_nat_snmp_basic
nf_conntrack_tftp 16384 3 nf_nat_tftp
nf_defrag_ipv4 16384 1 nf_conntrack_ipv4
nf_log_common 16384 1 nf_log_ipv4
nf_log_ipv4 16384 7
nf_nat 24576 10
nf_nat_ftp,nf_nat_irc,nf_nat_sip,nf_nat_amanda,nf_nat_proto_gre,nf_nat_h323,nf_nat_ipv4,nf_nat_pptp,nf_nat_tftp,xt_nat
nf_nat_amanda 16384 0
nf_nat_ftp 16384 0
nf_nat_h323 20480 0
nf_nat_ipv4 16384 1 iptable_nat
nf_nat_irc 16384 0
nf_nat_pptp 16384 0
nf_nat_proto_gre 16384 1 nf_nat_pptp
nf_nat_sip 20480 0
nf_nat_snmp_basic 20480 0
nf_nat_tftp 16384 0
nf_reject_ipv4 16384 1 ipt_REJECT
xt_addrtype 16384 5
xt_comment 16384 22
xt_connmark 16384 3
xt_conntrack 16384 39
xt_CT 16384 22
xt_limit 16384 2
xt_LOG 16384 7
xt_mark 16384 6
xt_multiport 16384 20
xt_nat 16384 2
xt_NFLOG 16384 0
xt_recent 20480 1
xt_tcpudp 16384 58
Shorewall has detected the following iptables/netfilter capabilities:
ACCOUNT Target (ACCOUNT_TARGET): Not available
Address Type Match (ADDRTYPE): Available
Amanda Helper: Available
Arptables JF (ARPTABLESJF): Not available
AUDIT Target (AUDIT_TARGET): Available
Basic Ematch (BASIC_EMATCH): Available
Basic Filter (BASIC_FILTER): Available
Capabilities Version (CAPVERSION): 50004
Checksum Target (CHECKSUM_TARGET): Available
CLASSIFY Target (CLASSIFY_TARGET): Available
Comments (COMMENTS): Available
Condition Match (CONDITION_MATCH): Not available
Connection Tracking Match (CONNTRACK_MATCH): Available
Connlimit Match (CONNLIMIT_MATCH): Available
Connmark Match (CONNMARK_MATCH): Available
CONNMARK Target (CONNMARK): Available
CT Target (CT_TARGET): Available
DSCP Match (DSCP_MATCH): Available
DSCP Target (DSCP_TARGET): Available
Enhanced Multi-port Match (EMULIPORT): Available
Extended Connection Tracking Match Support (NEW_CONNTRACK_MATCH): Available
Extended Connmark Match (XCONNMARK_MATCH): Available
Extended CONNMARK Target (XCONNMARK): Available
Extended MARK Target 2 (EXMARK): Available
Extended MARK Target (XMARK): Available
Extended Multi-port Match (XMULIPORT): Available
Extended REJECT (ENHANCED_REJECT): Available
FLOW Classifier (FLOW_FILTER): Available
FTP-0 Helper: Not available
FTP Helper: Available
fwmark route mask (FWMARK_RT_MASK): Available
Geo IP Match (GEOIP_MATCH): Not available
Goto Support (GOTO_TARGET): Available
H323 Helper: Available
Hashlimit Match (HASHLIMIT_MATCH): Available
Header Match (HEADER_MATCH): Not available
Helper Match (HELPER_MATCH): Available
Iface Match (IFACE_MATCH): Not available
IMQ Target (IMQ_TARGET): Not available
IPMARK Target (IPMARK_TARGET): Not available
IPP2P Match (IPP2P_MATCH): Not available
IP range Match(IPRANGE_MATCH): Available
Ipset Match Counters (IPSET_MATCH_COUNTERS): Available
Ipset Match (IPSET_MATCH): Available
Ipset Match Nomatch (IPSET_MATCH_NOMATCH): Available
ipset V5 (IPSET_V5): Available
iptables -S (IPTABLES_S): Available
iptables --wait option (WAIT_OPTION): Available
IRC-0 Helper: Not available
IRC Helper: Available
Kernel Version (KERNELVERSION): 40208
LOGMARK Target (LOGMARK_TARGET): Not available
LOG Target (LOG_TARGET): Available
Mangle FORWARD Chain (MANGLE_FORWARD): Available
Mark in the filter table (MARK_ANYWHERE): Available
MARK Target (MARK): Available
MASQUERADE Target (MASQUERADE_TGT): Available
Multi-port Match (MULTIPORT): Available
NAT (NAT_ENABLED): Available
Netbios_ns Helper: Available
New tos Match (NEW_TOS_MATCH): Available
NFAcct Match: Available
NFLOG Target (NFLOG_TARGET): Available
NFQUEUE Target (NFQUEUE_TARGET): Available
Owner Match (OWNER_MATCH): Available
Owner Name Match (OWNER_NAME_MATCH): Available
Packet length Match (LENGTH_MATCH): Available
Packet Mangling (MANGLE_ENABLED): Available
Packet Type Match (USEPKTTYPE): Available
Persistent SNAT (PERSISTENT_SNAT): Available
Physdev-is-bridged Support (PHYSDEV_BRIDGE): Available
Physdev Match (PHYSDEV_MATCH): Available
Policy Match (POLICY_MATCH): Available
PPTP Helper: Available
Rawpost Table (RAWPOST_TABLE): Not available
Raw Table (RAW_TABLE): Available
Realm Match (REALM_MATCH): Available
Recent Match "--reap" option (REAP_OPTION): Available
Recent Match (RECENT_MATCH): Available
Repeat match (KLUDGEFREE): Available
RPFilter Match (RPFILTER_MATCH): Available
SANE-0 Helper: Not available
SANE Helper: Available
SIP-0 Helper: Not available
SIP Helper: Available
SNMP Helper: Available
Statistic Match (STATISTIC_MATCH): Available
TARPIT Target (TARPIT_TARGET): Not available
TCPMSS Match (TCPMSS_MATCH): Available
TCPMSS Target (TCPMSS_TARGET): Available
TFTP-0 Helper: Not available
TFTP Helper: Available
Time Match (TIME_MATCH): Available
TPROXY Target (TPROXY_TARGET): Available
UDPLITE Port Redirection (UDPLITEREDIRECT): Not available
ULOG Target (ULOG_TARGET): Not available
Netid State Recv-Q Send-Q Local Address:Port Peer
Address:Port
udp UNCONN 0 0 *:514 *:*
users:(("rsyslogd",pid=1428,fd=6))
udp UNCONN 0 0 *:833 *:*
users:(("rpcbind",pid=1093,fd=7))
udp UNCONN 0 0 127.0.0.1:938 *:*
users:(("rpc.statd",pid=1186,fd=5))
udp UNCONN 0 0 *:50912 *:*
users:(("systemd-timesyn",pid=512,fd=13))
udp UNCONN 0 0 *:19562 *:*
users:(("dhclient",pid=551,fd=20))
udp UNCONN 0 0 *:48668 *:*
users:(("rpc.statd",pid=1186,fd=8))
udp UNCONN 0 0 *:68 *:*
users:(("dhclient",pid=551,fd=6))
udp UNCONN 0 0 *:111 *:*
users:(("rpcbind",pid=1093,fd=6))
udp UNCONN 0 0 192.168.178.14:123 *:*
users:(("ntpd",pid=1384,fd=22))
udp UNCONN 0 0 10.1.0.1:123 *:*
users:(("ntpd",pid=1384,fd=21))
udp UNCONN 0 0 10.0.0.1:123 *:*
users:(("ntpd",pid=1384,fd=20))
udp UNCONN 0 0 217.8.50.86:123 *:*
users:(("ntpd",pid=1384,fd=19))
udp UNCONN 0 0 127.0.0.1:123 *:*
users:(("ntpd",pid=1384,fd=18))
udp UNCONN 0 0 *:123 *:*
users:(("ntpd",pid=1384,fd=16))
tcp LISTEN 0 100 10.0.0.1:4505 *:*
users:(("salt-master",pid=1821,fd=14))
tcp LISTEN 0 100 127.0.0.1:25 *:*
users:(("master",pid=1556,fd=12))
tcp LISTEN 0 100 10.0.0.1:4506 *:*
users:(("salt-master",pid=1829,fd=22))
tcp LISTEN 0 128 *:8006 *:*
users:(("pveproxy worker",pid=28521,fd=6),("pveproxy
worker",pid=27048,fd=6),("pveproxy
worker",pid=1818,fd=6),("pveproxy",pid=1816,fd=6))
tcp LISTEN 0 128 *:2214 *:*
users:(("sshd",pid=1263,fd=3))
tcp LISTEN 0 128 *:111 *:*
users:(("rpcbind",pid=1093,fd=8))
tcp LISTEN 0 5 127.0.0.1:7634 *:*
users:(("hddtemp",pid=1426,fd=0))
tcp LISTEN 0 128 127.0.0.1:85 *:*
users:(("pvedaemon worke",pid=1808,fd=6),("pvedaemon
worke",pid=1807,fd=6),("pvedaemon
worke",pid=1806,fd=6),("pvedaemon",pid=1805,fd=6))
tcp LISTEN 0 128 *:3128 *:*
users:(("spiceproxy work",pid=1852,fd=6),("spiceproxy",pid=1851,fd=6))
tcp LISTEN 0 128 *:39320 *:*
users:(("rpc.statd",pid=1186,fd=9))
tcp TIME-WAIT 0 0 192.168.178.14:8006
192.168.178.48:49840
tcp TIME-WAIT 0 0 192.168.178.14:8006
192.168.178.48:49856
tcp TIME-WAIT 0 0 192.168.178.14:8006
192.168.178.48:49862
tcp TIME-WAIT 0 0 192.168.178.14:8006
192.168.178.48:49842
tcp ESTAB 0 0 192.168.178.14:2214
192.168.178.48:57574
users:(("sshd",pid=2779,fd=3),("sshd",pid=2777,fd=3))
tcp TIME-WAIT 0 0 192.168.178.14:8006
192.168.178.48:49850
tcp TIME-WAIT 0 0 192.168.178.14:8006
192.168.178.48:49846
tcp ESTAB 0 0 10.0.0.1:53068 10.0.0.3:2203
users:(("ssh",pid=28561,fd=3))
tcp ESTAB 0 0 10.0.0.1:4506 10.0.0.3:50936
users:(("salt-master",pid=1829,fd=29))
tcp ESTAB 0 0 10.1.0.1:46662 10.1.0.4:2204
users:(("ssh",pid=28782,fd=3))
tcp TIME-WAIT 0 0 192.168.178.14:8006
192.168.178.48:49866
tcp TIME-WAIT 0 0 192.168.178.14:8006
192.168.178.48:49858
Traffic Control
Device eth0:
qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1
1 1
Sent 43001 bytes 484 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
Device eth1:
qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1
1 1
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
Device eth2:
qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1
1 1
Sent 20797546 bytes 28547 pkt (dropped 0, overlimits 0 requeues 4)
backlog 0b 0p requeues 4
Device tap121i0:
qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1
1 1
Sent 1001208 bytes 7886 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
Device veth103i0:
qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1
1 1
Sent 71547 bytes 880 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
Device veth104i0:
qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1
1 1
Sent 66002 bytes 744 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
TC Filters
Device eth0:
Device eth1:
Device eth2:
Device tap121i0:
Device veth103i0:
Device veth104i0:
------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785471&iu=/4140
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
