Thanks again. Attached are 2 dump files. The first, last night wasn't
immediately after a reboot but it was at a point when the UDP NAT was
working correctly. By this morning UDP NAT was no longer working and I took
the second dump.
Best, Norm
On Fri, Apr 27, 2018 at 7:45 PM, Tom Eastep <teas...@shorewall.net> wrote:
> On 04/26/2018 06:53 PM, Norman Henderson wrote:
> > Thank you Tom. Actually I have RESTART=reload in shorewall.conf and, I'm
> > 90% sure I've seen this happen without any intervention to the system
> > (shorewall restart, or anything else). Are there other potential causes?
>
> Not that I can think of. What I suggest is that you capture the output
> of 'shorewall dump' immediately after reboot, then capture it again when
> you see unmodified packets. We can then compare the two.
>
> -Tom
> --
> Tom Eastep \ Q: What do you get when you cross a mobster with
> Shoreline, \ an international standard?
> Washington, USA \ A: Someone who makes you an offer you can't
> http://shorewall.org \ understand
> \_______________________________________________
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
Shorewall 5.1.12.3 Dump at voyage3 - Sat Apr 28 08:11:28 WAT 2018
Shorewall is running
State:Started Wed Apr 25 18:49:09 WAT 2018 from /etc/shorewall/
(/var/lib/shorewall/firewall compiled Wed Apr 25 18:49:03 WAT 2018 by Shorewall
version 5.1.12.3)
Counters reset Wed Apr 25 18:49:09 WAT 2018
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
14M 28G clean2fwall all -- vlan1 * 0.0.0.0/0 0.0.0.0/0
8174 2551K isavi2fwall all -- wlan1 * 0.0.0.0/0 0.0.0.0/0
97 5266 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type BROADCAST /* @@@
/usr/share/shorewall/action.Broadcast:32 @@@ */
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type ANYCAST /* @@@
/usr/share/shorewall/action.Broadcast:33 @@@ */
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type MULTICAST /* @@@
/usr/share/shorewall/action.Multicast:32 @@@ */
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix "Shorewall:INPUT:DROP:"
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
28041 13M clean_frwd all -- vlan1 * 0.0.0.0/0 0.0.0.0/0
1331 562K isavi_frwd all -- wlan1 * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type BROADCAST /* @@@
/usr/share/shorewall/action.Broadcast:32 @@@ */
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type ANYCAST /* @@@
/usr/share/shorewall/action.Broadcast:33 @@@ */
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type MULTICAST /* @@@
/usr/share/shorewall/action.Multicast:32 @@@ */
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix "Shorewall:FORWARD:REJECT:"
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
12M 1450M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
22436 1806K ACCEPT all -- * vlan1 0.0.0.0/0 0.0.0.0/0
/* @@@ /etc/shorewall/rules:9 @@@ */
4210 376K ACCEPT all -- * wlan1 0.0.0.0/0 0.0.0.0/0
/* @@@ /etc/shorewall/rules:9 @@@ */
47 2820 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
/* @@@ /etc/shorewall/rules:9 @@@ */
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type BROADCAST /* @@@
/usr/share/shorewall/action.Broadcast:32 @@@ */
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type ANYCAST /* @@@
/usr/share/shorewall/action.Broadcast:33 @@@ */
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type MULTICAST /* @@@
/usr/share/shorewall/action.Multicast:32 @@@ */
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix "Shorewall:OUTPUT:REJECT:"
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain clean2fwall (1 references)
pkts bytes target prot opt in out source destination
186K 32M dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED /* @@@ /etc/shorewall/interfaces:3 @@@ */
14M 28G ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
352 67508 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
/* @@@ /etc/shorewall/interfaces:3 @@@ */
186K 32M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
/* @@@ /etc/shorewall/rules:9 @@@ */
Chain clean_frwd (1 references)
pkts bytes target prot opt in out source destination
27048 13M dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED /* @@@ /etc/shorewall/interfaces:3 @@@ */
993 228K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
11 572 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
/* @@@ /etc/shorewall/interfaces:3 @@@ */
26 11631 ACCEPT all -- * vlan1 0.0.0.0/0 0.0.0.0/0
/* @@@ /etc/shorewall/rules:9 @@@ */
27022 13M ACCEPT all -- * wlan1 0.0.0.0/0 0.0.0.0/0
/* @@@ /etc/shorewall/rules:9 @@@ */
Chain dynamic (4 references)
pkts bytes target prot opt in out source destination
Chain isavi2fwall (1 references)
pkts bytes target prot opt in out source destination
692 96961 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED /* @@@ /etc/shorewall/interfaces:4 @@@ */
7482 2454K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
1 40 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
/* @@@ /etc/shorewall/interfaces:4 @@@ */
692 96961 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
/* @@@ /etc/shorewall/rules:9 @@@ */
Chain isavi_frwd (1 references)
pkts bytes target prot opt in out source destination
64 20992 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED /* @@@ /etc/shorewall/interfaces:4 @@@ */
1267 541K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
/* @@@ /etc/shorewall/interfaces:4 @@@ */
64 20992 ACCEPT all -- * vlan1 0.0.0.0/0 0.0.0.0/0
/* @@@ /etc/shorewall/rules:9 @@@ */
0 0 ACCEPT all -- * wlan1 0.0.0.0/0 0.0.0.0/0
/* @@@ /etc/shorewall/rules:9 @@@ */
Chain logdrop (0 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logflags (7 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 4 level 6 prefix "Shorewall:logflags:DROP:"
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logreject (0 references)
pkts bytes target prot opt in out source destination
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
Chain reject (3 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match src-type BROADCAST
0 0 DROP all -- * * 224.0.0.0/4 0.0.0.0/0
0 0 DROP 2 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with tcp-reset
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-port-unreachable
0 0 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-unreachable
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-prohibited
Chain sha-lh-21cc48e836dc7b7b7d38 (0 references)
pkts bytes target prot opt in out source destination
Chain sha-rh-543888c88f3181afa0ba (0 references)
pkts bytes target prot opt in out source destination
Chain shorewall (0 references)
pkts bytes target prot opt in out source destination
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0
recent: SET name: %CURRENTTIME side: source mask: 255.255.255.255
Chain tcpflags (4 references)
pkts bytes target prot opt in out source destination
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x3F/0x29
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x3F/0x00
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x06/0x06
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x05/0x05
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x03/0x03
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x19/0x09
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp spt:0 flags:0x17/0x02
Log (/var/log/messages)
NAT Table
Chain PREROUTING (policy ACCEPT 11748 packets, 2125K bytes)
pkts bytes target prot opt in out source destination
18 1634 DNAT all -- vlan1 * 0.0.0.0/0 10.1.0.252
/* @@@ /etc/shorewall/nat:3 @@@ */ to:192.168.1.35
Chain INPUT (policy ACCEPT 11389 packets, 2106K bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 4838 packets, 380K bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 4141 packets, 326K bytes)
pkts bytes target prot opt in out source destination
29 9512 SNAT all -- * vlan1 192.168.1.35 0.0.0.0/0
/* @@@ /etc/shorewall/nat:3 @@@ */ to:10.1.0.252
3716 296K MASQUERADE all -- * wlan1 0.0.0.0/0 0.0.0.0/0
/* @@@ /etc/shorewall/snat:488 @@@ */
Mangle Table
Chain PREROUTING (policy ACCEPT 7050K packets, 17G bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 7022K packets, 17G bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 27873 packets, 13M bytes)
pkts bytes target prot opt in out source destination
29372 13M MARK all -- * * 0.0.0.0/0 0.0.0.0/0
MARK and 0xffffff00
Chain OUTPUT (policy ACCEPT 5831K packets, 487M bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 5860K packets, 500M bytes)
pkts bytes target prot opt in out source destination
Raw Table
Chain PREROUTING (policy ACCEPT 7050K packets, 17G bytes)
pkts bytes target prot opt in out source destination
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:10080 /* @@@ /etc/shorewall/conntrack:13 @@@ */ CT helper
amanda
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:21 flags:0x17/0x02 /* @@@ /etc/shorewall/conntrack:17 @@@ */
CT helper ftp
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1719 /* @@@ /etc/shorewall/conntrack:21 @@@ */ CT helper RAS
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:1720 flags:0x17/0x02 /* @@@ /etc/shorewall/conntrack:22 @@@ */
CT helper Q.931
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:6667 flags:0x17/0x02 /* @@@ /etc/shorewall/conntrack:26 @@@ */
CT helper irc
28646 2242K CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:137 /* @@@ /etc/shorewall/conntrack:30 @@@ */ CT helper
netbios-ns
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:1723 flags:0x17/0x02 /* @@@ /etc/shorewall/conntrack:34 @@@ */
CT helper pptp
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:6566 flags:0x17/0x02 /* @@@ /etc/shorewall/conntrack:38 @@@ */
CT helper sane
27857 13M CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:5060 /* @@@ /etc/shorewall/conntrack:42 @@@ */ CT helper sip
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:161 /* @@@ /etc/shorewall/conntrack:46 @@@ */ CT helper snmp
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:69 /* @@@ /etc/shorewall/conntrack:50 @@@ */ CT helper tftp
Chain OUTPUT (policy ACCEPT 5831K packets, 487M bytes)
pkts bytes target prot opt in out source destination
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:10080 /* @@@ /etc/shorewall/conntrack:13 @@@ */ CT helper
amanda
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:21 flags:0x17/0x02 /* @@@ /etc/shorewall/conntrack:17 @@@ */
CT helper ftp
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1719 /* @@@ /etc/shorewall/conntrack:21 @@@ */ CT helper RAS
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:1720 flags:0x17/0x02 /* @@@ /etc/shorewall/conntrack:22 @@@ */
CT helper Q.931
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:6667 flags:0x17/0x02 /* @@@ /etc/shorewall/conntrack:26 @@@ */
CT helper irc
335 55081 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:137 /* @@@ /etc/shorewall/conntrack:30 @@@ */ CT helper
netbios-ns
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:1723 flags:0x17/0x02 /* @@@ /etc/shorewall/conntrack:34 @@@ */
CT helper pptp
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:6566 flags:0x17/0x02 /* @@@ /etc/shorewall/conntrack:38 @@@ */
CT helper sane
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:5060 /* @@@ /etc/shorewall/conntrack:42 @@@ */ CT helper sip
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:161 /* @@@ /etc/shorewall/conntrack:46 @@@ */ CT helper snmp
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:69 /* @@@ /etc/shorewall/conntrack:50 @@@ */ CT helper tftp
Conntrack Table (25 out of 262144)
udp 17 3599 src=10.1.0.3 dst=10.1.0.252 sport=5060 dport=5060 [UNREPLIED]
src=192.168.1.35 dst=10.1.0.3 sport=5060 dport=5060 mark=0 helper=sip use=1
unknown 2 230 src=10.1.0.41 dst=224.0.0.251 [UNREPLIED] src=224.0.0.251
dst=10.1.0.41 mark=0 use=1
udp 17 18 src=10.1.0.210 dst=224.0.0.251 sport=5353 dport=5353 [UNREPLIED]
src=224.0.0.251 dst=10.1.0.210 sport=5353 dport=5353 mark=0 use=1
udp 17 1 src=10.1.0.210 dst=255.255.255.255 sport=17500 dport=17500
[UNREPLIED] src=255.255.255.255 dst=10.1.0.210 sport=17500 dport=17500 mark=0
use=1
udp 17 24 src=10.1.0.210 dst=255.255.255.255 sport=55506 dport=8612
[UNREPLIED] src=255.255.255.255 dst=10.1.0.210 sport=8612 dport=55506 mark=0
use=1
tcp 6 431999 ESTABLISHED src=10.1.0.210 dst=10.1.0.251 sport=12037
dport=22 src=10.1.0.251 dst=10.1.0.210 sport=22 dport=12037 [ASSURED] mark=0
use=1
udp 17 18 src=10.1.0.211 dst=224.0.0.251 sport=5353 dport=5353 [UNREPLIED]
src=224.0.0.251 dst=10.1.0.211 sport=5353 dport=5353 mark=0 use=1
udp 17 13 src=192.168.1.40 dst=224.0.1.1 sport=123 dport=123 [UNREPLIED]
src=224.0.1.1 dst=192.168.1.40 sport=123 dport=123 mark=0 use=1
udp 17 24 src=10.1.0.211 dst=255.255.255.255 sport=55505 dport=8612
[UNREPLIED] src=255.255.255.255 dst=10.1.0.211 sport=8612 dport=55505 mark=0
use=1
udp 17 6 src=10.1.0.208 dst=10.1.0.255 sport=17500 dport=17500 [UNREPLIED]
src=10.1.0.255 dst=10.1.0.208 sport=17500 dport=17500 mark=0 use=1
udp 17 1 src=10.1.0.210 dst=10.1.0.255 sport=17500 dport=17500 [UNREPLIED]
src=10.1.0.255 dst=10.1.0.210 sport=17500 dport=17500 mark=0 use=1
udp 17 18 src=10.1.0.208 dst=10.1.0.255 sport=138 dport=138 [UNREPLIED]
src=10.1.0.255 dst=10.1.0.208 sport=138 dport=138 mark=0 use=1
unknown 2 353 src=10.1.0.2 dst=224.0.0.251 [UNREPLIED] src=224.0.0.251
dst=10.1.0.2 mark=0 use=1
tcp 6 431999 ESTABLISHED src=10.1.0.210 dst=10.1.0.251 sport=58746
dport=22 src=10.1.0.251 dst=10.1.0.210 sport=22 dport=58746 [ASSURED] mark=0
use=1
unknown 2 562 src=10.1.0.254 dst=224.0.0.1 [UNREPLIED] src=224.0.0.1
dst=10.1.0.254 mark=0 use=1
unknown 2 478 src=10.1.0.44 dst=224.0.0.251 [UNREPLIED] src=224.0.0.251
dst=10.1.0.44 mark=0 use=1
tcp 6 299 ESTABLISHED src=10.1.0.251 dst=10.0.69.2 sport=33962 dport=445
src=10.0.69.2 dst=10.1.0.251 sport=445 dport=33962 [ASSURED] mark=0 use=1
udp 17 6 src=10.1.0.208 dst=255.255.255.255 sport=17500 dport=17500
[UNREPLIED] src=255.255.255.255 dst=10.1.0.208 sport=17500 dport=17500 mark=0
use=1
unknown 2 566 src=10.1.0.251 dst=224.0.0.251 [UNREPLIED] src=224.0.0.251
dst=10.1.0.251 mark=0 use=1
udp 17 13 src=10.1.0.252 dst=224.0.1.1 sport=123 dport=123 [UNREPLIED]
src=224.0.1.1 dst=10.1.0.252 sport=123 dport=123 mark=0 use=1
udp 17 13 src=10.1.0.251 dst=224.0.1.1 sport=123 dport=123 [UNREPLIED]
src=224.0.1.1 dst=10.1.0.251 sport=123 dport=123 mark=0 use=1
tcp 6 38 TIME_WAIT src=10.1.0.251 dst=91.198.22.70 sport=50980 dport=80
src=91.198.22.70 dst=10.1.0.251 sport=80 dport=50980 [ASSURED] mark=0 use=1
udp 17 19 src=10.1.0.251 dst=10.1.0.255 sport=123 dport=123 [UNREPLIED]
src=10.1.0.255 dst=10.1.0.251 sport=123 dport=123 mark=0 use=2
udp 17 179 src=192.168.1.40 dst=192.168.1.35 sport=68 dport=67
src=192.168.1.35 dst=192.168.1.40 sport=67 dport=68 [ASSURED] mark=0 use=1
unknown 2 105 src=10.1.0.1 dst=224.0.0.251 [UNREPLIED] src=224.0.0.251
dst=10.1.0.1 mark=0 use=1
IP Configuration
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
default qlen 1
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
4: vlan1@p4p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state
UP group default qlen 1000
inet 10.1.0.251/24 brd 10.1.0.255 scope global vlan1
valid_lft forever preferred_lft forever
inet 10.1.0.252/24 brd 10.1.0.255 scope global secondary vlan1:1
valid_lft forever preferred_lft forever
5: wlan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group
default qlen 1000
inet 192.168.1.40/24 brd 192.168.1.255 scope global wlan1
valid_lft forever preferred_lft forever
IP Stats
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode
DEFAULT group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
RX: bytes packets errors dropped overrun mcast
15763702 46568 0 0 0 0
TX: bytes packets errors dropped carrier collsns
15763702 46568 0 0 0 0
2: p4p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
mode DEFAULT group default qlen 1000
link/ether 78:45:c4:17:55:91 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
29328620379 36613216 0 1528 0 164179
TX: bytes packets errors dropped carrier collsns
1616654694 11830166 0 0 0 0
3: bond0: <BROADCAST,MULTICAST,MASTER> mtu 1500 qdisc noop state DOWN mode
DEFAULT group default qlen 1000
link/ether 72:1f:69:c6:01:2b brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
0 0 0 0 0 0
4: vlan1@p4p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state
UP mode DEFAULT group default qlen 1000
link/ether 78:45:c4:17:55:91 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
27710817376 13838109 0 3 0 91091
TX: bytes packets errors dropped carrier collsns
1616081896 11826616 0 0 0 0
5: wlan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode
DORMANT group default qlen 1000
link/ether f4:f2:6d:1e:a1:05 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
3480222 14054 0 0 0 0
TX: bytes packets errors dropped carrier collsns
18812834 50142 0 0 0 0
Bridges
bridge name bridge id STP enabled interfaces
Routing Rules
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
Table default:
Table local:
local 192.168.1.40 dev wlan1 proto kernel scope host src 192.168.1.40
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
local 10.1.0.252 dev vlan1 proto kernel scope host src 10.1.0.251
local 10.1.0.251 dev vlan1 proto kernel scope host src 10.1.0.251
broadcast 192.168.1.255 dev wlan1 proto kernel scope link src 192.168.1.40
broadcast 192.168.1.0 dev wlan1 proto kernel scope link src 192.168.1.40
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1
broadcast 10.1.0.255 dev vlan1 proto kernel scope link src 10.1.0.251
broadcast 10.1.0.0 dev vlan1 proto kernel scope link src 10.1.0.251
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1
Table main:
192.168.1.0/24 dev wlan1 proto kernel scope link src 192.168.1.40
10.1.0.0/24 dev vlan1 proto kernel scope link src 10.1.0.251
default via 10.1.0.1 dev vlan1 onlink
Per-IP Counters
iptaccount is not installed
NF Accounting
No NF Accounting defined (nfacct not found)
Events
PFKEY SPD
PFKEY SAD
/proc
/proc/version = Linux version 4.4.0-121-generic (buildd@lcy01-amd64-004)
(gcc version 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.9) ) #145-Ubuntu SMP
Fri Apr 13 13:47:23 UTC 2018
/proc/sys/net/ipv4/ip_forward = 1
/proc/sys/net/ipv4/icmp_echo_ignore_all = 0
/proc/sys/net/ipv4/conf/all/proxy_arp = 0
/proc/sys/net/ipv4/conf/all/arp_filter = 0
/proc/sys/net/ipv4/conf/all/arp_ignore = 0
/proc/sys/net/ipv4/conf/all/rp_filter = 0
/proc/sys/net/ipv4/conf/all/log_martians = 0
/proc/sys/net/ipv4/conf/bond0/proxy_arp = 0
/proc/sys/net/ipv4/conf/bond0/arp_filter = 0
/proc/sys/net/ipv4/conf/bond0/arp_ignore = 0
/proc/sys/net/ipv4/conf/bond0/rp_filter = 0
/proc/sys/net/ipv4/conf/bond0/log_martians = 0
/proc/sys/net/ipv4/conf/default/proxy_arp = 0
/proc/sys/net/ipv4/conf/default/arp_filter = 0
/proc/sys/net/ipv4/conf/default/arp_ignore = 0
/proc/sys/net/ipv4/conf/default/rp_filter = 0
/proc/sys/net/ipv4/conf/default/log_martians = 0
/proc/sys/net/ipv4/conf/lo/proxy_arp = 0
/proc/sys/net/ipv4/conf/lo/arp_filter = 0
/proc/sys/net/ipv4/conf/lo/arp_ignore = 0
/proc/sys/net/ipv4/conf/lo/rp_filter = 0
/proc/sys/net/ipv4/conf/lo/log_martians = 0
/proc/sys/net/ipv4/conf/p4p1/proxy_arp = 0
/proc/sys/net/ipv4/conf/p4p1/arp_filter = 0
/proc/sys/net/ipv4/conf/p4p1/arp_ignore = 0
/proc/sys/net/ipv4/conf/p4p1/rp_filter = 0
/proc/sys/net/ipv4/conf/p4p1/log_martians = 0
/proc/sys/net/ipv4/conf/vlan1/proxy_arp = 0
/proc/sys/net/ipv4/conf/vlan1/arp_filter = 0
/proc/sys/net/ipv4/conf/vlan1/arp_ignore = 0
/proc/sys/net/ipv4/conf/vlan1/rp_filter = 0
/proc/sys/net/ipv4/conf/vlan1/log_martians = 0
/proc/sys/net/ipv4/conf/wlan1/proxy_arp = 0
/proc/sys/net/ipv4/conf/wlan1/arp_filter = 0
/proc/sys/net/ipv4/conf/wlan1/arp_ignore = 0
/proc/sys/net/ipv4/conf/wlan1/rp_filter = 0
/proc/sys/net/ipv4/conf/wlan1/log_martians = 0
ARP
? (10.1.0.126) at 7c:04:d0:da:2d:f2 [ether] on vlan1
? (10.1.0.2) at 08:00:27:64:2f:3a [ether] on vlan1
? (10.1.0.181) at 30:35:ad:c4:6b:02 [ether] on vlan1
? (10.1.0.195) at 78:4f:43:4f:34:37 [ether] on vlan1
? (10.1.0.210) at d8:9d:67:d1:bd:64 [ether] on vlan1
? (10.1.0.3) at 08:00:27:e6:9f:f5 [ether] on vlan1
? (10.1.0.211) at 3c:a9:f4:15:82:04 [ether] on vlan1
? (10.1.0.1) at 8c:dc:d4:38:cc:12 [ether] on vlan1
? (10.1.0.15) at f0:03:8c:4f:b4:0b [ether] on vlan1
? (192.168.1.35) at 00:0b:68:01:f5:12 [ether] on wlan1
? (10.1.0.189) at d0:81:7a:bf:72:4e [ether] on vlan1
Modules
ip_set 45056 1 xt_set
iptable_filter 16384 1
iptable_mangle 16384 1
iptable_nat 16384 1
iptable_raw 16384 1
ip_tables 24576 4
iptable_filter,iptable_mangle,iptable_nat,iptable_raw
ipt_ah 16384 0
ipt_CLUSTERIP 16384 0
ipt_ECN 16384 0
ipt_MASQUERADE 16384 1
ipt_REJECT 16384 4
ipt_rpfilter 16384 0
nf_conntrack 106496 34
nf_nat_ftp,nf_nat_irc,nf_nat_sip,nf_nat_amanda,xt_CT,nf_nat_snmp_basic,nf_conntrack_netbios_ns,nf_conntrack_proto_gre,xt_helper,nf_conntrack_proto_udplite,nf_nat,xt_state,xt_connlimit,nf_nat_h323,nf_nat_ipv4,nf_nat_pptp,nf_nat_tftp,xt_conntrack,nf_conntrack_amanda,nf_nat_masquerade_ipv4,ipt_CLUSTERIP,nf_conntrack_proto_sctp,nf_conntrack_netlink,nf_conntrack_broadcast,xt_connmark,nf_conntrack_ftp,nf_conntrack_irc,nf_conntrack_sip,nf_conntrack_h323,nf_conntrack_ipv4,nf_conntrack_pptp,nf_conntrack_sane,nf_conntrack_snmp,nf_conntrack_tftp
nf_conntrack_amanda 16384 3 nf_nat_amanda
nf_conntrack_broadcast 16384 2 nf_conntrack_netbios_ns,nf_conntrack_snmp
nf_conntrack_ftp 20480 3 nf_nat_ftp
nf_conntrack_h323 77824 5 nf_nat_h323
nf_conntrack_ipv4 16384 32
nf_conntrack_irc 16384 3 nf_nat_irc
nf_conntrack_netbios_ns 16384 2
nf_conntrack_netlink 40960 0
nf_conntrack_pptp 20480 3 nf_nat_pptp
nf_conntrack_proto_gre 16384 1 nf_conntrack_pptp
nf_conntrack_proto_sctp 20480 0
nf_conntrack_proto_udplite 16384 0
nf_conntrack_sane 16384 2
nf_conntrack_sip 32768 3 nf_nat_sip
nf_conntrack_snmp 16384 3 nf_nat_snmp_basic
nf_conntrack_tftp 16384 3 nf_nat_tftp
nf_defrag_ipv4 16384 2 xt_TPROXY,nf_conntrack_ipv4
nf_defrag_ipv6 36864 1 xt_TPROXY
nf_log_common 16384 1 nf_log_ipv4
nf_log_ipv4 16384 4
nf_nat 28672 13
nf_nat_ftp,nf_nat_irc,nf_nat_sip,nf_nat_amanda,nf_nat_redirect,nf_nat_proto_gre,nf_nat_h323,nf_nat_ipv4,nf_nat_pptp,nf_nat_tftp,xt_nat,nf_nat_masquerade_ipv4,xt_NETMAP
nf_nat_amanda 16384 0
nf_nat_ftp 16384 0
nf_nat_h323 20480 0
nf_nat_ipv4 16384 1 iptable_nat
nf_nat_irc 16384 0
nf_nat_masquerade_ipv4 16384 1 ipt_MASQUERADE
nf_nat_pptp 16384 0
nf_nat_proto_gre 16384 1 nf_nat_pptp
nf_nat_redirect 16384 1 xt_REDIRECT
nf_nat_sip 20480 0
nf_nat_snmp_basic 20480 0
nf_nat_tftp 16384 0
nf_reject_ipv4 16384 1 ipt_REJECT
xt_addrtype 16384 10
xt_AUDIT 16384 0
xt_CHECKSUM 16384 0
xt_CLASSIFY 16384 0
xt_comment 16384 51
xt_connlimit 16384 0
xt_connmark 16384 0
xt_conntrack 16384 9
xt_CT 16384 22
xt_dccp 16384 0
xt_DSCP 16384 0
xt_dscp 16384 0
xt_ecn 16384 0
xt_esp 16384 0
xt_hashlimit 20480 0
xt_helper 16384 0
xt_HL 16384 0
xt_hl 16384 0
xt_iprange 16384 0
xt_length 16384 0
xt_limit 16384 0
xt_LOG 16384 4
xt_mac 16384 0
xt_mark 16384 1
xt_multiport 16384 0
xt_nat 16384 2
xt_NETMAP 16384 0
xt_NFLOG 16384 0
xt_NFQUEUE 16384 0
xt_owner 16384 0
xt_physdev 16384 0
xt_pkttype 16384 0
xt_policy 16384 0
xt_realm 16384 0
xt_recent 20480 1
xt_REDIRECT 16384 0
xt_sctp 16384 0
xt_set 16384 0
xt_state 16384 0
xt_statistic 16384 0
xt_TCPMSS 16384 0
xt_tcpmss 16384 0
xt_tcpudp 16384 29
xt_time 16384 0
xt_TPROXY 20480 0
Shorewall has detected the following iptables/netfilter capabilities:
ACCOUNT Target (ACCOUNT_TARGET): Not available
Address Type Match (ADDRTYPE): Available
Amanda Helper: Available
Arptables JF (ARPTABLESJF): Not available
AUDIT Target (AUDIT_TARGET): Available
Basic Ematch (BASIC_EMATCH): Available
Basic Filter (BASIC_FILTER): Available
Capabilities Version (CAPVERSION): 50112
Checksum Target (CHECKSUM_TARGET): Available
CLASSIFY Target (CLASSIFY_TARGET): Available
Comments (COMMENTS): Available
Condition Match (CONDITION_MATCH): Not available
Connection Tracking Match (CONNTRACK_MATCH): Available
Connlimit Match (CONNLIMIT_MATCH): Available
Connmark Match (CONNMARK_MATCH): Available
CONNMARK Target (CONNMARK): Available
CT Target (CT_TARGET): Available
DSCP Match (DSCP_MATCH): Available
DSCP Target (DSCP_TARGET): Available
Enhanced Multi-port Match (EMULIPORT): Available
Extended Connection Tracking Match Support (NEW_CONNTRACK_MATCH): Available
Extended Connmark Match (XCONNMARK_MATCH): Available
Extended CONNMARK Target (XCONNMARK): Available
Extended MARK Target 2 (EXMARK): Available
Extended MARK Target (XMARK): Available
Extended Multi-port Match (XMULIPORT): Available
Extended REJECT (ENHANCED_REJECT): Available
FLOW Classifier (FLOW_FILTER): Available
FTP-0 Helper: Not available
FTP Helper: Available
fwmark route mask (FWMARK_RT_MASK): Available
Geo IP Match (GEOIP_MATCH): Not available
Goto Support (GOTO_TARGET): Available
H323 Helper: Available
Hashlimit Match (HASHLIMIT_MATCH): Available
Header Match (HEADER_MATCH): Not available
Helper Match (HELPER_MATCH): Available
Iface Match (IFACE_MATCH): Not available
IMQ Target (IMQ_TARGET): Not available
INPUT chain in nat table (NAT_INPUT_CHAIN): Available
IPMARK Target (IPMARK_TARGET): Not available
IPP2P Match (IPP2P_MATCH): Not available
IP range Match(IPRANGE_MATCH): Available
Ipset Match (IPSET_MATCH): Not available
ipset V5 (IPSET_V5): Not available
iptables-restore --wait option (RESTORE_WAIT_OPTION): Not available
iptables -S (IPTABLES_S): Available
iptables --wait option (WAIT_OPTION): Available
IRC-0 Helper: Not available
IRC Helper: Available
Kernel Version (KERNELVERSION): 40400
LOGMARK Target (LOGMARK_TARGET): Not available
LOG Target (LOG_TARGET): Available
Mangle FORWARD Chain (MANGLE_FORWARD): Available
Mark in the filter table (MARK_ANYWHERE): Available
MARK Target (MARK): Available
MASQUERADE Target (MASQUERADE_TGT): Available
Multi-port Match (MULTIPORT): Available
NAT (NAT_ENABLED): Available
Netbios_ns Helper: Available
NETMAP Target (NETMAP_TARGET): Available
New tos Match (NEW_TOS_MATCH): Available
NFAcct Match: Not available
--nflog-size support (NFLOG_SIZE): Not available
NFLOG Target (NFLOG_TARGET): Available
NFQUEUE CPU Fanout (CPU_FANOUT): Available
NFQUEUE Target (NFQUEUE_TARGET): Available
Owner Match (OWNER_MATCH): Available
Owner Name Match (OWNER_NAME_MATCH): Available
Packet length Match (LENGTH_MATCH): Available
Packet Mangling (MANGLE_ENABLED): Available
Packet Type Match (USEPKTTYPE): Available
Persistent SNAT (PERSISTENT_SNAT): Available
Physdev-is-bridged Support (PHYSDEV_BRIDGE): Available
Physdev Match (PHYSDEV_MATCH): Available
Policy Match (POLICY_MATCH): Available
PPTP Helper: Available
Raw Table (RAW_TABLE): Available
Realm Match (REALM_MATCH): Available
Recent Match "--reap" option (REAP_OPTION): Available
Recent Match (RECENT_MATCH): Available
Repeat match (KLUDGEFREE): Available
RPFilter Match (RPFILTER_MATCH): Available
SANE-0 Helper: Not available
SANE Helper: Available
SIP-0 Helper: Not available
SIP Helper: Available
SNMP Helper: Available
Statistic Match (STATISTIC_MATCH): Available
TARPIT Target (TARPIT_TARGET): Not available
TCPMSS Match (TCPMSS_MATCH): Available
TCPMSS Target (TCPMSS_TARGET): Available
TFTP-0 Helper: Not available
TFTP Helper: Available
Time Match (TIME_MATCH): Available
TPROXY Target (TPROXY_TARGET): Available
UDPLITE Port Redirection (UDPLITEREDIRECT): Not available
ULOG Target (ULOG_TARGET): Not available
Netid State Recv-Q Send-Q Local Address:Port Peer
Address:Port
udp UNCONN 0 0 *:514 *:*
users:(("rsyslogd",pid=1083,fd=6))
udp UNCONN 0 0 *:631 *:*
users:(("cups-browsed",pid=22883,fd=8))
udp UNCONN 0 0 *:5353 *:*
users:(("avahi-daemon",pid=959,fd=12))
udp UNCONN 0 0 *:54953 *:*
users:(("avahi-daemon",pid=959,fd=14))
udp UNCONN 0 0 *:10000 *:*
users:(("miniserv.pl",pid=2707,fd=7))
udp UNCONN 0 0 127.0.0.1:53 *:*
users:(("named",pid=1779,fd=513),("named",pid=1779,fd=512))
udp UNCONN 0 0 *:68 *:*
users:(("dhclient",pid=1671,fd=6))
udp UNCONN 0 0 192.168.1.40:123 *:*
users:(("ntpd",pid=2774,fd=21))
udp UNCONN 0 0 10.1.0.252:123 *:*
users:(("ntpd",pid=2774,fd=20))
udp UNCONN 0 0 10.1.0.251:123 *:*
users:(("ntpd",pid=2774,fd=19))
udp UNCONN 0 0 127.0.0.1:123 *:*
users:(("ntpd",pid=2774,fd=18))
udp UNCONN 0 0 *:123 *:*
users:(("ntpd",pid=2774,fd=17))
udp UNCONN 0 0 10.1.0.255:137 *:*
users:(("nmbd",pid=1917,fd=19))
udp UNCONN 0 0 10.1.0.251:137 *:*
users:(("nmbd",pid=1917,fd=18))
udp UNCONN 0 0 *:137 *:*
users:(("nmbd",pid=1917,fd=16))
udp UNCONN 0 0 10.1.0.255:138 *:*
users:(("nmbd",pid=1917,fd=21))
udp UNCONN 0 0 10.1.0.251:138 *:*
users:(("nmbd",pid=1917,fd=20))
udp UNCONN 0 0 *:138 *:*
users:(("nmbd",pid=1917,fd=17))
tcp LISTEN 0 5 127.0.0.1:631 *:*
users:(("cupsd",pid=22881,fd=11))
tcp LISTEN 0 128 127.0.0.1:5432 *:*
users:(("postgres",pid=1581,fd=7))
tcp LISTEN 0 128 127.0.0.1:953 *:*
users:(("named",pid=1779,fd=22))
tcp LISTEN 0 128 127.0.0.1:5433 *:*
users:(("postgres",pid=1582,fd=7))
tcp LISTEN 0 50 *:445 *:*
users:(("smbd",pid=1621,fd=37))
tcp LISTEN 0 25 *:514 *:*
users:(("rsyslogd",pid=1083,fd=8))
tcp LISTEN 0 80 127.0.0.1:3306 *:*
users:(("mysqld",pid=1923,fd=19))
tcp LISTEN 0 50 *:139 *:*
users:(("smbd",pid=1621,fd=38))
tcp LISTEN 0 128 *:10000 *:*
users:(("miniserv.pl",pid=2707,fd=5))
tcp LISTEN 0 10 127.0.0.1:53 *:*
users:(("named",pid=1779,fd=21))
tcp LISTEN 0 128 *:22 *:*
users:(("sshd",pid=1781,fd=3))
tcp ESTAB 0 0 10.1.0.251:22 10.1.0.210:12037
users:(("sshd",pid=16871,fd=3),("sshd",pid=16804,fd=3))
tcp ESTAB 0 0 10.1.0.251:22 10.1.0.210:58746
users:(("sshd",pid=10112,fd=3),("sshd",pid=10048,fd=3))
tcp ESTAB 0 188 10.1.0.251:33962 10.0.69.2:445
Traffic Control
Device lo:
qdisc noqueue 0: root refcnt 2
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
Device p4p1:
qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1
1 1
Sent 1616478492 bytes 11830191 pkt (dropped 0, overlimits 0 requeues 4)
backlog 0b 0p requeues 4
Device vlan1:
qdisc noqueue 0: root refcnt 2
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
Device wlan1:
qdisc mq 0: root
Sent 17810292 bytes 50145 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
qdisc pfifo_fast 0: parent :1 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
Sent 24518 bytes 153 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
qdisc pfifo_fast 0: parent :2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
Sent 672970 bytes 6729 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
qdisc pfifo_fast 0: parent :3 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
Sent 17112804 bytes 43263 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
qdisc pfifo_fast 0: parent :4 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
class mq :1 root
Sent 24518 bytes 153 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
class mq :2 root
Sent 672970 bytes 6729 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
class mq :3 root
Sent 17112804 bytes 43263 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
class mq :4 root
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
TC Filters
Device lo:
Device p4p1:
Device vlan1:
Device wlan1:
Shorewall 5.1.12.3 Dump at voyage3 - Fri Apr 27 20:15:59 WAT 2018
Shorewall is running
State:Started Wed Apr 25 18:49:09 WAT 2018 from /etc/shorewall/
(/var/lib/shorewall/firewall compiled Wed Apr 25 18:49:03 WAT 2018 by Shorewall
version 5.1.12.3)
Counters reset Wed Apr 25 18:49:09 WAT 2018
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
6704K 11G clean2fwall all -- vlan1 * 0.0.0.0/0 0.0.0.0/0
6629 2060K isavi2fwall all -- wlan1 * 0.0.0.0/0 0.0.0.0/0
92 4600 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type BROADCAST /* @@@
/usr/share/shorewall/action.Broadcast:32 @@@ */
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type ANYCAST /* @@@
/usr/share/shorewall/action.Broadcast:33 @@@ */
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type MULTICAST /* @@@
/usr/share/shorewall/action.Multicast:32 @@@ */
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix "Shorewall:INPUT:DROP:"
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
658 117K clean_frwd all -- vlan1 * 0.0.0.0/0 0.0.0.0/0
841 408K isavi_frwd all -- wlan1 * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type BROADCAST /* @@@
/usr/share/shorewall/action.Broadcast:32 @@@ */
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type ANYCAST /* @@@
/usr/share/shorewall/action.Broadcast:33 @@@ */
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type MULTICAST /* @@@
/usr/share/shorewall/action.Multicast:32 @@@ */
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix "Shorewall:FORWARD:REJECT:"
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
5972K 964M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
18198 1464K ACCEPT all -- * vlan1 0.0.0.0/0 0.0.0.0/0
/* @@@ /etc/shorewall/rules:9 @@@ */
3445 310K ACCEPT all -- * wlan1 0.0.0.0/0 0.0.0.0/0
/* @@@ /etc/shorewall/rules:9 @@@ */
46 2760 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
/* @@@ /etc/shorewall/rules:9 @@@ */
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type BROADCAST /* @@@
/usr/share/shorewall/action.Broadcast:32 @@@ */
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type ANYCAST /* @@@
/usr/share/shorewall/action.Broadcast:33 @@@ */
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type MULTICAST /* @@@
/usr/share/shorewall/action.Multicast:32 @@@ */
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix "Shorewall:OUTPUT:REJECT:"
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain clean2fwall (1 references)
pkts bytes target prot opt in out source destination
153K 26M dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED /* @@@ /etc/shorewall/interfaces:3 @@@ */
6551K 11G ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
322 41188 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
/* @@@ /etc/shorewall/interfaces:3 @@@ */
153K 26M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
/* @@@ /etc/shorewall/rules:9 @@@ */
Chain clean_frwd (1 references)
pkts bytes target prot opt in out source destination
21 1628 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED /* @@@ /etc/shorewall/interfaces:3 @@@ */
637 115K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
11 572 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
/* @@@ /etc/shorewall/interfaces:3 @@@ */
0 0 ACCEPT all -- * vlan1 0.0.0.0/0 0.0.0.0/0
/* @@@ /etc/shorewall/rules:9 @@@ */
21 1628 ACCEPT all -- * wlan1 0.0.0.0/0 0.0.0.0/0
/* @@@ /etc/shorewall/rules:9 @@@ */
Chain dynamic (4 references)
pkts bytes target prot opt in out source destination
Chain isavi2fwall (1 references)
pkts bytes target prot opt in out source destination
602 83623 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED /* @@@ /etc/shorewall/interfaces:4 @@@ */
6027 1977K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
1 40 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
/* @@@ /etc/shorewall/interfaces:4 @@@ */
602 83623 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
/* @@@ /etc/shorewall/rules:9 @@@ */
Chain isavi_frwd (1 references)
pkts bytes target prot opt in out source destination
50 16400 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED /* @@@ /etc/shorewall/interfaces:4 @@@ */
791 391K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
/* @@@ /etc/shorewall/interfaces:4 @@@ */
50 16400 ACCEPT all -- * vlan1 0.0.0.0/0 0.0.0.0/0
/* @@@ /etc/shorewall/rules:9 @@@ */
0 0 ACCEPT all -- * wlan1 0.0.0.0/0 0.0.0.0/0
/* @@@ /etc/shorewall/rules:9 @@@ */
Chain logdrop (0 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logflags (7 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 4 level 6 prefix "Shorewall:logflags:DROP:"
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logreject (0 references)
pkts bytes target prot opt in out source destination
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
Chain reject (3 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match src-type BROADCAST
0 0 DROP all -- * * 224.0.0.0/4 0.0.0.0/0
0 0 DROP 2 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with tcp-reset
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-port-unreachable
0 0 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-unreachable
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-prohibited
Chain sha-lh-21cc48e836dc7b7b7d38 (0 references)
pkts bytes target prot opt in out source destination
Chain sha-rh-543888c88f3181afa0ba (0 references)
pkts bytes target prot opt in out source destination
Chain shorewall (0 references)
pkts bytes target prot opt in out source destination
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0
recent: SET name: %CURRENTTIME side: source mask: 255.255.255.255
Chain tcpflags (4 references)
pkts bytes target prot opt in out source destination
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x3F/0x29
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x3F/0x00
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x06/0x06
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x05/0x05
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x03/0x03
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x19/0x09
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp spt:0 flags:0x17/0x02
Log (/var/log/messages)
NAT Table
Chain PREROUTING (policy ACCEPT 7 packets, 1145 bytes)
pkts bytes target prot opt in out source destination
15 783 DNAT all -- vlan1 * 0.0.0.0/0 10.1.0.252
/* @@@ /etc/shorewall/nat:3 @@@ */ to:192.168.1.35
Chain INPUT (policy ACCEPT 7 packets, 1145 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 6 packets, 442 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 5 packets, 366 bytes)
pkts bytes target prot opt in out source destination
24 7872 SNAT all -- * vlan1 192.168.1.35 0.0.0.0/0
/* @@@ /etc/shorewall/nat:3 @@@ */ to:10.1.0.252
3016 241K MASQUERADE all -- * wlan1 0.0.0.0/0 0.0.0.0/0
/* @@@ /etc/shorewall/snat:488 @@@ */
Mangle Table
Chain PREROUTING (policy ACCEPT 98 packets, 10413 bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 93 packets, 8901 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 5 packets, 1512 bytes)
pkts bytes target prot opt in out source destination
1499 524K MARK all -- * * 0.0.0.0/0 0.0.0.0/0
MARK and 0xffffff00
Chain OUTPUT (policy ACCEPT 63 packets, 7384 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 70 packets, 9034 bytes)
pkts bytes target prot opt in out source destination
Raw Table
Chain PREROUTING (policy ACCEPT 98 packets, 10413 bytes)
pkts bytes target prot opt in out source destination
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:10080 /* @@@ /etc/shorewall/conntrack:13 @@@ */ CT helper
amanda
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:21 flags:0x17/0x02 /* @@@ /etc/shorewall/conntrack:17 @@@ */
CT helper ftp
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1719 /* @@@ /etc/shorewall/conntrack:21 @@@ */ CT helper RAS
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:1720 flags:0x17/0x02 /* @@@ /etc/shorewall/conntrack:22 @@@ */
CT helper Q.931
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:6667 flags:0x17/0x02 /* @@@ /etc/shorewall/conntrack:26 @@@ */
CT helper irc
27746 2171K CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:137 /* @@@ /etc/shorewall/conntrack:30 @@@ */ CT helper
netbios-ns
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:1723 flags:0x17/0x02 /* @@@ /etc/shorewall/conntrack:34 @@@ */
CT helper pptp
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:6566 flags:0x17/0x02 /* @@@ /etc/shorewall/conntrack:38 @@@ */
CT helper sane
12 3766 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:5060 /* @@@ /etc/shorewall/conntrack:42 @@@ */ CT helper sip
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:161 /* @@@ /etc/shorewall/conntrack:46 @@@ */ CT helper snmp
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:69 /* @@@ /etc/shorewall/conntrack:50 @@@ */ CT helper tftp
Chain OUTPUT (policy ACCEPT 63 packets, 7384 bytes)
pkts bytes target prot opt in out source destination
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:10080 /* @@@ /etc/shorewall/conntrack:13 @@@ */ CT helper
amanda
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:21 flags:0x17/0x02 /* @@@ /etc/shorewall/conntrack:17 @@@ */
CT helper ftp
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1719 /* @@@ /etc/shorewall/conntrack:21 @@@ */ CT helper RAS
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:1720 flags:0x17/0x02 /* @@@ /etc/shorewall/conntrack:22 @@@ */
CT helper Q.931
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:6667 flags:0x17/0x02 /* @@@ /etc/shorewall/conntrack:26 @@@ */
CT helper irc
324 52922 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:137 /* @@@ /etc/shorewall/conntrack:30 @@@ */ CT helper
netbios-ns
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:1723 flags:0x17/0x02 /* @@@ /etc/shorewall/conntrack:34 @@@ */
CT helper pptp
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:6566 flags:0x17/0x02 /* @@@ /etc/shorewall/conntrack:38 @@@ */
CT helper sane
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:5060 /* @@@ /etc/shorewall/conntrack:42 @@@ */ CT helper sip
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:161 /* @@@ /etc/shorewall/conntrack:46 @@@ */ CT helper snmp
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:69 /* @@@ /etc/shorewall/conntrack:50 @@@ */ CT helper tftp
Conntrack Table (26 out of 262144)
udp 17 6 src=10.1.0.22 dst=255.255.255.255 sport=2860 dport=30303
[UNREPLIED] src=255.255.255.255 dst=10.1.0.22 sport=30303 dport=2860 mark=0
use=1
udp 17 3573 src=10.1.0.3 dst=10.1.0.252 sport=5060 dport=5060
src=192.168.1.35 dst=192.168.1.40 sport=5060 dport=5060 [ASSURED] mark=0
helper=sip use=1
unknown 2 534 src=10.1.0.41 dst=224.0.0.251 [UNREPLIED] src=224.0.0.251
dst=10.1.0.41 mark=0 use=1
unknown 2 51 src=10.1.0.43 dst=224.0.0.251 [UNREPLIED] src=224.0.0.251
dst=10.1.0.43 mark=0 use=1
udp 17 2 src=10.1.0.210 dst=255.255.255.255 sport=17500 dport=17500
[UNREPLIED] src=255.255.255.255 dst=10.1.0.210 sport=17500 dport=17500 mark=0
use=1
unknown 2 282 src=10.1.0.42 dst=224.0.0.251 [UNREPLIED] src=224.0.0.251
dst=10.1.0.42 mark=0 use=1
tcp 6 299 ESTABLISHED src=10.1.0.210 dst=10.1.0.251 sport=12037 dport=22
src=10.1.0.251 dst=10.1.0.210 sport=22 dport=12037 [ASSURED] mark=0 use=1
tcp 6 21 TIME_WAIT src=10.1.0.251 dst=216.146.43.71 sport=38662 dport=80
src=216.146.43.71 dst=10.1.0.251 sport=80 dport=38662 [ASSURED] mark=0 use=1
unknown 2 156 src=10.1.0.3 dst=224.0.0.251 [UNREPLIED] src=224.0.0.251
dst=10.1.0.3 mark=0 use=1
udp 17 3 src=192.168.1.40 dst=224.0.1.1 sport=123 dport=123 [UNREPLIED]
src=224.0.1.1 dst=192.168.1.40 sport=123 dport=123 mark=0 use=1
udp 17 20 src=10.1.0.208 dst=10.1.0.255 sport=17500 dport=17500
[UNREPLIED] src=10.1.0.255 dst=10.1.0.208 sport=17500 dport=17500 mark=0 use=1
udp 17 2 src=10.1.0.210 dst=10.1.0.255 sport=17500 dport=17500 [UNREPLIED]
src=10.1.0.255 dst=10.1.0.210 sport=17500 dport=17500 mark=0 use=1
unknown 2 407 src=10.1.0.2 dst=224.0.0.251 [UNREPLIED] src=224.0.0.251
dst=10.1.0.2 mark=0 use=1
tcp 6 431995 ESTABLISHED src=10.1.0.210 dst=10.1.0.251 sport=58746
dport=22 src=10.1.0.251 dst=10.1.0.210 sport=22 dport=58746 [ASSURED] mark=0
use=1
unknown 2 531 src=10.1.0.254 dst=224.0.0.1 [UNREPLIED] src=224.0.0.1
dst=10.1.0.254 mark=0 use=1
udp 17 13 src=10.1.0.211 dst=255.255.255.255 sport=61439 dport=8612
[UNREPLIED] src=255.255.255.255 dst=10.1.0.211 sport=8612 dport=61439 mark=0
use=1
tcp 6 431995 ESTABLISHED src=10.1.0.251 dst=10.0.69.2 sport=33962
dport=445 src=10.0.69.2 dst=10.1.0.251 sport=445 dport=33962 [ASSURED] mark=0
use=1
udp 17 20 src=10.1.0.208 dst=255.255.255.255 sport=17500 dport=17500
[UNREPLIED] src=255.255.255.255 dst=10.1.0.208 sport=17500 dport=17500 mark=0
use=1
udp 17 14 src=10.1.0.251 dst=10.1.10.255 sport=123 dport=123 [UNREPLIED]
src=10.1.10.255 dst=10.1.0.251 sport=123 dport=123 mark=0 use=1
unknown 2 350 src=10.1.0.210 dst=224.0.0.251 [UNREPLIED] src=224.0.0.251
dst=10.1.0.210 mark=0 use=1
udp 17 3 src=10.1.0.252 dst=224.0.1.1 sport=123 dport=123 [UNREPLIED]
src=224.0.1.1 dst=10.1.0.252 sport=123 dport=123 mark=0 use=1
udp 17 3 src=10.1.0.251 dst=224.0.1.1 sport=123 dport=123 [UNREPLIED]
src=224.0.1.1 dst=10.1.0.251 sport=123 dport=123 mark=0 use=1
udp 17 13 src=10.1.0.210 dst=255.255.255.255 sport=61440 dport=8612
[UNREPLIED] src=255.255.255.255 dst=10.1.0.210 sport=8612 dport=61440 mark=0
use=1
udp 17 22 src=10.1.0.251 dst=224.0.0.251 sport=5353 dport=5353 [UNREPLIED]
src=224.0.0.251 dst=10.1.0.251 sport=5353 dport=5353 mark=0 use=2
udp 17 22 src=10.1.0.251 dst=10.1.0.255 sport=123 dport=123 [UNREPLIED]
src=10.1.0.255 dst=10.1.0.251 sport=123 dport=123 mark=0 use=1
udp 17 175 src=192.168.1.40 dst=192.168.1.35 sport=68 dport=67
src=192.168.1.35 dst=192.168.1.40 sport=67 dport=68 [ASSURED] mark=0 use=1
IP Configuration
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
default qlen 1
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
4: vlan1@p4p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state
UP group default qlen 1000
inet 10.1.0.251/24 brd 10.1.0.255 scope global vlan1
valid_lft forever preferred_lft forever
inet 10.1.0.252/24 brd 10.1.0.255 scope global secondary vlan1:1
valid_lft forever preferred_lft forever
5: wlan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group
default qlen 1000
inet 192.168.1.40/24 brd 192.168.1.255 scope global wlan1
valid_lft forever preferred_lft forever
IP Stats
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode
DEFAULT group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
RX: bytes packets errors dropped overrun mcast
12715596 37596 0 0 0 0
TX: bytes packets errors dropped carrier collsns
12715596 37596 0 0 0 0
2: p4p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
mode DEFAULT group default qlen 1000
link/ether 78:45:c4:17:55:91 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
11586606705 22344772 0 1257 0 137513
TX: bytes packets errors dropped carrier collsns
1048203585 5995253 0 0 0 0
3: bond0: <BROADCAST,MULTICAST,MASTER> mtu 1500 qdisc noop state DOWN mode
DEFAULT group default qlen 1000
link/ether 72:1f:69:c6:01:2b brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
0 0 0 0 0 0
4: vlan1@p4p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state
UP mode DEFAULT group default qlen 1000
link/ether 78:45:c4:17:55:91 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
10533402060 6776463 0 3 0 78449
TX: bytes packets errors dropped carrier collsns
1047781591 5992374 0 0 0 0
5: wlan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode
DORMANT group default qlen 1000
link/ether f4:f2:6d:1e:a1:05 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
2743144 10866 0 0 0 0
TX: bytes packets errors dropped carrier collsns
3835819 18278 0 0 0 0
Bridges
bridge name bridge id STP enabled interfaces
Routing Rules
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
Table default:
Table local:
local 192.168.1.40 dev wlan1 proto kernel scope host src 192.168.1.40
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
local 10.1.0.252 dev vlan1 proto kernel scope host src 10.1.0.251
local 10.1.0.251 dev vlan1 proto kernel scope host src 10.1.0.251
broadcast 192.168.1.255 dev wlan1 proto kernel scope link src 192.168.1.40
broadcast 192.168.1.0 dev wlan1 proto kernel scope link src 192.168.1.40
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1
broadcast 10.1.0.255 dev vlan1 proto kernel scope link src 10.1.0.251
broadcast 10.1.0.0 dev vlan1 proto kernel scope link src 10.1.0.251
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1
Table main:
192.168.1.0/24 dev wlan1 proto kernel scope link src 192.168.1.40
10.1.0.0/24 dev vlan1 proto kernel scope link src 10.1.0.251
default via 10.1.0.1 dev vlan1 onlink
Per-IP Counters
iptaccount is not installed
NF Accounting
No NF Accounting defined (nfacct not found)
Events
PFKEY SPD
PFKEY SAD
/proc
/proc/version = Linux version 4.4.0-121-generic (buildd@lcy01-amd64-004)
(gcc version 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.9) ) #145-Ubuntu SMP
Fri Apr 13 13:47:23 UTC 2018
/proc/sys/net/ipv4/ip_forward = 1
/proc/sys/net/ipv4/icmp_echo_ignore_all = 0
/proc/sys/net/ipv4/conf/all/proxy_arp = 0
/proc/sys/net/ipv4/conf/all/arp_filter = 0
/proc/sys/net/ipv4/conf/all/arp_ignore = 0
/proc/sys/net/ipv4/conf/all/rp_filter = 0
/proc/sys/net/ipv4/conf/all/log_martians = 0
/proc/sys/net/ipv4/conf/bond0/proxy_arp = 0
/proc/sys/net/ipv4/conf/bond0/arp_filter = 0
/proc/sys/net/ipv4/conf/bond0/arp_ignore = 0
/proc/sys/net/ipv4/conf/bond0/rp_filter = 0
/proc/sys/net/ipv4/conf/bond0/log_martians = 0
/proc/sys/net/ipv4/conf/default/proxy_arp = 0
/proc/sys/net/ipv4/conf/default/arp_filter = 0
/proc/sys/net/ipv4/conf/default/arp_ignore = 0
/proc/sys/net/ipv4/conf/default/rp_filter = 0
/proc/sys/net/ipv4/conf/default/log_martians = 0
/proc/sys/net/ipv4/conf/lo/proxy_arp = 0
/proc/sys/net/ipv4/conf/lo/arp_filter = 0
/proc/sys/net/ipv4/conf/lo/arp_ignore = 0
/proc/sys/net/ipv4/conf/lo/rp_filter = 0
/proc/sys/net/ipv4/conf/lo/log_martians = 0
/proc/sys/net/ipv4/conf/p4p1/proxy_arp = 0
/proc/sys/net/ipv4/conf/p4p1/arp_filter = 0
/proc/sys/net/ipv4/conf/p4p1/arp_ignore = 0
/proc/sys/net/ipv4/conf/p4p1/rp_filter = 0
/proc/sys/net/ipv4/conf/p4p1/log_martians = 0
/proc/sys/net/ipv4/conf/vlan1/proxy_arp = 0
/proc/sys/net/ipv4/conf/vlan1/arp_filter = 0
/proc/sys/net/ipv4/conf/vlan1/arp_ignore = 0
/proc/sys/net/ipv4/conf/vlan1/rp_filter = 0
/proc/sys/net/ipv4/conf/vlan1/log_martians = 0
/proc/sys/net/ipv4/conf/wlan1/proxy_arp = 0
/proc/sys/net/ipv4/conf/wlan1/arp_filter = 0
/proc/sys/net/ipv4/conf/wlan1/arp_ignore = 0
/proc/sys/net/ipv4/conf/wlan1/rp_filter = 0
/proc/sys/net/ipv4/conf/wlan1/log_martians = 0
ARP
? (10.1.0.126) at 7c:04:d0:da:2d:f2 [ether] on vlan1
? (10.1.0.2) at 08:00:27:64:2f:3a [ether] on vlan1
? (10.1.0.181) at 30:35:ad:c4:6b:02 [ether] on vlan1
? (10.1.0.195) at 78:4f:43:4f:34:37 [ether] on vlan1
? (10.1.0.210) at d8:9d:67:d1:bd:64 [ether] on vlan1
? (10.1.0.3) at 08:00:27:e6:9f:f5 [ether] on vlan1
? (10.1.0.211) at 3c:a9:f4:15:82:04 [ether] on vlan1
? (10.1.0.1) at 8c:dc:d4:38:cc:12 [ether] on vlan1
? (10.1.0.15) at f0:03:8c:4f:b4:0b [ether] on vlan1
? (192.168.1.35) at 00:0b:68:01:f5:12 [ether] on wlan1
? (10.1.0.189) at d0:81:7a:bf:72:4e [ether] on vlan1
Modules
ip_set 45056 1 xt_set
iptable_filter 16384 1
iptable_mangle 16384 1
iptable_nat 16384 1
iptable_raw 16384 1
ip_tables 24576 4
iptable_filter,iptable_mangle,iptable_nat,iptable_raw
ipt_ah 16384 0
ipt_CLUSTERIP 16384 0
ipt_ECN 16384 0
ipt_MASQUERADE 16384 1
ipt_REJECT 16384 4
ipt_rpfilter 16384 0
nf_conntrack 106496 34
nf_nat_ftp,nf_nat_irc,nf_nat_sip,nf_nat_amanda,xt_CT,nf_nat_snmp_basic,nf_conntrack_netbios_ns,nf_conntrack_proto_gre,xt_helper,nf_conntrack_proto_udplite,nf_nat,xt_state,xt_connlimit,nf_nat_h323,nf_nat_ipv4,nf_nat_pptp,nf_nat_tftp,xt_conntrack,nf_conntrack_amanda,nf_nat_masquerade_ipv4,ipt_CLUSTERIP,nf_conntrack_proto_sctp,nf_conntrack_netlink,nf_conntrack_broadcast,xt_connmark,nf_conntrack_ftp,nf_conntrack_irc,nf_conntrack_sip,nf_conntrack_h323,nf_conntrack_ipv4,nf_conntrack_pptp,nf_conntrack_sane,nf_conntrack_snmp,nf_conntrack_tftp
nf_conntrack_amanda 16384 3 nf_nat_amanda
nf_conntrack_broadcast 16384 2 nf_conntrack_netbios_ns,nf_conntrack_snmp
nf_conntrack_ftp 20480 3 nf_nat_ftp
nf_conntrack_h323 77824 5 nf_nat_h323
nf_conntrack_ipv4 16384 32
nf_conntrack_irc 16384 3 nf_nat_irc
nf_conntrack_netbios_ns 16384 2
nf_conntrack_netlink 40960 0
nf_conntrack_pptp 20480 3 nf_nat_pptp
nf_conntrack_proto_gre 16384 1 nf_conntrack_pptp
nf_conntrack_proto_sctp 20480 0
nf_conntrack_proto_udplite 16384 0
nf_conntrack_sane 16384 2
nf_conntrack_sip 32768 3 nf_nat_sip
nf_conntrack_snmp 16384 3 nf_nat_snmp_basic
nf_conntrack_tftp 16384 3 nf_nat_tftp
nf_defrag_ipv4 16384 2 xt_TPROXY,nf_conntrack_ipv4
nf_defrag_ipv6 36864 1 xt_TPROXY
nf_log_common 16384 1 nf_log_ipv4
nf_log_ipv4 16384 4
nf_nat 28672 13
nf_nat_ftp,nf_nat_irc,nf_nat_sip,nf_nat_amanda,nf_nat_redirect,nf_nat_proto_gre,nf_nat_h323,nf_nat_ipv4,nf_nat_pptp,nf_nat_tftp,xt_nat,nf_nat_masquerade_ipv4,xt_NETMAP
nf_nat_amanda 16384 0
nf_nat_ftp 16384 0
nf_nat_h323 20480 0
nf_nat_ipv4 16384 1 iptable_nat
nf_nat_irc 16384 0
nf_nat_masquerade_ipv4 16384 1 ipt_MASQUERADE
nf_nat_pptp 16384 0
nf_nat_proto_gre 16384 1 nf_nat_pptp
nf_nat_redirect 16384 1 xt_REDIRECT
nf_nat_sip 20480 0
nf_nat_snmp_basic 20480 0
nf_nat_tftp 16384 0
nf_reject_ipv4 16384 1 ipt_REJECT
xt_addrtype 16384 10
xt_AUDIT 16384 0
xt_CHECKSUM 16384 0
xt_CLASSIFY 16384 0
xt_comment 16384 51
xt_connlimit 16384 0
xt_connmark 16384 0
xt_conntrack 16384 9
xt_CT 16384 22
xt_dccp 16384 0
xt_DSCP 16384 0
xt_dscp 16384 0
xt_ecn 16384 0
xt_esp 16384 0
xt_hashlimit 20480 0
xt_helper 16384 0
xt_HL 16384 0
xt_hl 16384 0
xt_iprange 16384 0
xt_length 16384 0
xt_limit 16384 0
xt_LOG 16384 4
xt_mac 16384 0
xt_mark 16384 1
xt_multiport 16384 0
xt_nat 16384 2
xt_NETMAP 16384 0
xt_NFLOG 16384 0
xt_NFQUEUE 16384 0
xt_owner 16384 0
xt_physdev 16384 0
xt_pkttype 16384 0
xt_policy 16384 0
xt_realm 16384 0
xt_recent 20480 1
xt_REDIRECT 16384 0
xt_sctp 16384 0
xt_set 16384 0
xt_state 16384 0
xt_statistic 16384 0
xt_TCPMSS 16384 0
xt_tcpmss 16384 0
xt_tcpudp 16384 29
xt_time 16384 0
xt_TPROXY 20480 0
Shorewall has detected the following iptables/netfilter capabilities:
ACCOUNT Target (ACCOUNT_TARGET): Not available
Address Type Match (ADDRTYPE): Available
Amanda Helper: Available
Arptables JF (ARPTABLESJF): Not available
AUDIT Target (AUDIT_TARGET): Available
Basic Ematch (BASIC_EMATCH): Available
Basic Filter (BASIC_FILTER): Available
Capabilities Version (CAPVERSION): 50112
Checksum Target (CHECKSUM_TARGET): Available
CLASSIFY Target (CLASSIFY_TARGET): Available
Comments (COMMENTS): Available
Condition Match (CONDITION_MATCH): Not available
Connection Tracking Match (CONNTRACK_MATCH): Available
Connlimit Match (CONNLIMIT_MATCH): Available
Connmark Match (CONNMARK_MATCH): Available
CONNMARK Target (CONNMARK): Available
CT Target (CT_TARGET): Available
DSCP Match (DSCP_MATCH): Available
DSCP Target (DSCP_TARGET): Available
Enhanced Multi-port Match (EMULIPORT): Available
Extended Connection Tracking Match Support (NEW_CONNTRACK_MATCH): Available
Extended Connmark Match (XCONNMARK_MATCH): Available
Extended CONNMARK Target (XCONNMARK): Available
Extended MARK Target 2 (EXMARK): Available
Extended MARK Target (XMARK): Available
Extended Multi-port Match (XMULIPORT): Available
Extended REJECT (ENHANCED_REJECT): Available
FLOW Classifier (FLOW_FILTER): Available
FTP-0 Helper: Not available
FTP Helper: Available
fwmark route mask (FWMARK_RT_MASK): Available
Geo IP Match (GEOIP_MATCH): Not available
Goto Support (GOTO_TARGET): Available
H323 Helper: Available
Hashlimit Match (HASHLIMIT_MATCH): Available
Header Match (HEADER_MATCH): Not available
Helper Match (HELPER_MATCH): Available
Iface Match (IFACE_MATCH): Not available
IMQ Target (IMQ_TARGET): Not available
INPUT chain in nat table (NAT_INPUT_CHAIN): Available
IPMARK Target (IPMARK_TARGET): Not available
IPP2P Match (IPP2P_MATCH): Not available
IP range Match(IPRANGE_MATCH): Available
Ipset Match (IPSET_MATCH): Not available
ipset V5 (IPSET_V5): Not available
iptables-restore --wait option (RESTORE_WAIT_OPTION): Not available
iptables -S (IPTABLES_S): Available
iptables --wait option (WAIT_OPTION): Available
IRC-0 Helper: Not available
IRC Helper: Available
Kernel Version (KERNELVERSION): 40400
LOGMARK Target (LOGMARK_TARGET): Not available
LOG Target (LOG_TARGET): Available
Mangle FORWARD Chain (MANGLE_FORWARD): Available
Mark in the filter table (MARK_ANYWHERE): Available
MARK Target (MARK): Available
MASQUERADE Target (MASQUERADE_TGT): Available
Multi-port Match (MULTIPORT): Available
NAT (NAT_ENABLED): Available
Netbios_ns Helper: Available
NETMAP Target (NETMAP_TARGET): Available
New tos Match (NEW_TOS_MATCH): Available
NFAcct Match: Not available
--nflog-size support (NFLOG_SIZE): Not available
NFLOG Target (NFLOG_TARGET): Available
NFQUEUE CPU Fanout (CPU_FANOUT): Available
NFQUEUE Target (NFQUEUE_TARGET): Available
Owner Match (OWNER_MATCH): Available
Owner Name Match (OWNER_NAME_MATCH): Available
Packet length Match (LENGTH_MATCH): Available
Packet Mangling (MANGLE_ENABLED): Available
Packet Type Match (USEPKTTYPE): Available
Persistent SNAT (PERSISTENT_SNAT): Available
Physdev-is-bridged Support (PHYSDEV_BRIDGE): Available
Physdev Match (PHYSDEV_MATCH): Available
Policy Match (POLICY_MATCH): Available
PPTP Helper: Available
Raw Table (RAW_TABLE): Available
Realm Match (REALM_MATCH): Available
Recent Match "--reap" option (REAP_OPTION): Available
Recent Match (RECENT_MATCH): Available
Repeat match (KLUDGEFREE): Available
RPFilter Match (RPFILTER_MATCH): Available
SANE-0 Helper: Not available
SANE Helper: Available
SIP-0 Helper: Not available
SIP Helper: Available
SNMP Helper: Available
Statistic Match (STATISTIC_MATCH): Available
TARPIT Target (TARPIT_TARGET): Not available
TCPMSS Match (TCPMSS_MATCH): Available
TCPMSS Target (TCPMSS_TARGET): Available
TFTP-0 Helper: Not available
TFTP Helper: Available
Time Match (TIME_MATCH): Available
TPROXY Target (TPROXY_TARGET): Available
UDPLITE Port Redirection (UDPLITEREDIRECT): Not available
ULOG Target (ULOG_TARGET): Not available
Netid State Recv-Q Send-Q Local Address:Port Peer
Address:Port
udp UNCONN 0 0 *:514 *:*
users:(("rsyslogd",pid=1083,fd=6))
udp UNCONN 0 0 *:631 *:*
users:(("cups-browsed",pid=349,fd=8))
udp UNCONN 0 0 *:5353 *:*
users:(("avahi-daemon",pid=959,fd=12))
udp UNCONN 0 0 *:54953 *:*
users:(("avahi-daemon",pid=959,fd=14))
udp UNCONN 0 0 *:10000 *:*
users:(("miniserv.pl",pid=2707,fd=7))
udp UNCONN 0 0 127.0.0.1:53 *:*
users:(("named",pid=1779,fd=513),("named",pid=1779,fd=512))
udp UNCONN 0 0 *:68 *:*
users:(("dhclient",pid=1671,fd=6))
udp UNCONN 0 0 192.168.1.40:123 *:*
users:(("ntpd",pid=2774,fd=21))
udp UNCONN 0 0 10.1.0.252:123 *:*
users:(("ntpd",pid=2774,fd=20))
udp UNCONN 0 0 10.1.0.251:123 *:*
users:(("ntpd",pid=2774,fd=19))
udp UNCONN 0 0 127.0.0.1:123 *:*
users:(("ntpd",pid=2774,fd=18))
udp UNCONN 0 0 *:123 *:*
users:(("ntpd",pid=2774,fd=17))
udp UNCONN 0 0 10.1.0.255:137 *:*
users:(("nmbd",pid=1917,fd=19))
udp UNCONN 0 0 10.1.0.251:137 *:*
users:(("nmbd",pid=1917,fd=18))
udp UNCONN 0 0 *:137 *:*
users:(("nmbd",pid=1917,fd=16))
udp UNCONN 0 0 10.1.0.255:138 *:*
users:(("nmbd",pid=1917,fd=21))
udp UNCONN 0 0 10.1.0.251:138 *:*
users:(("nmbd",pid=1917,fd=20))
udp UNCONN 0 0 *:138 *:*
users:(("nmbd",pid=1917,fd=17))
tcp LISTEN 0 5 127.0.0.1:631 *:*
users:(("cupsd",pid=347,fd=11))
tcp LISTEN 0 128 127.0.0.1:5432 *:*
users:(("postgres",pid=1581,fd=7))
tcp LISTEN 0 128 127.0.0.1:953 *:*
users:(("named",pid=1779,fd=22))
tcp LISTEN 0 128 127.0.0.1:5433 *:*
users:(("postgres",pid=1582,fd=7))
tcp LISTEN 0 50 *:445 *:*
users:(("smbd",pid=1621,fd=37))
tcp LISTEN 0 25 *:514 *:*
users:(("rsyslogd",pid=1083,fd=8))
tcp LISTEN 0 80 127.0.0.1:3306 *:*
users:(("mysqld",pid=1923,fd=19))
tcp LISTEN 0 50 *:139 *:*
users:(("smbd",pid=1621,fd=38))
tcp LISTEN 0 128 *:10000 *:*
users:(("miniserv.pl",pid=2707,fd=5))
tcp LISTEN 0 10 127.0.0.1:53 *:*
users:(("named",pid=1779,fd=21))
tcp LISTEN 0 128 *:22 *:*
users:(("sshd",pid=1781,fd=3))
tcp ESTAB 0 0 10.1.0.251:22 10.1.0.210:12037
users:(("sshd",pid=16871,fd=3),("sshd",pid=16804,fd=3))
tcp ESTAB 0 0 10.1.0.251:22 10.1.0.210:58746
users:(("sshd",pid=10112,fd=3),("sshd",pid=10048,fd=3))
tcp ESTAB 0 0 10.1.0.251:33962 10.0.69.2:445
Traffic Control
Device lo:
qdisc noqueue 0: root refcnt 2
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
Device p4p1:
qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1
1 1
Sent 1048098102 bytes 5995254 pkt (dropped 0, overlimits 0 requeues 1)
backlog 0b 0p requeues 1
Device vlan1:
qdisc noqueue 0: root refcnt 2
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
Device wlan1:
qdisc mq 0: root
Sent 3470557 bytes 18281 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
qdisc pfifo_fast 0: parent :1 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
Sent 20008 bytes 128 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
qdisc pfifo_fast 0: parent :2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
Sent 542040 bytes 5420 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
qdisc pfifo_fast 0: parent :3 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
Sent 2908509 bytes 12733 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
qdisc pfifo_fast 0: parent :4 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
class mq :1 root
Sent 20008 bytes 128 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
class mq :2 root
Sent 542040 bytes 5420 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
class mq :3 root
Sent 2908509 bytes 12733 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
class mq :4 root
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
TC Filters
Device lo:
Device p4p1:
Device vlan1:
Device wlan1:
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
