Unable to find KLIPS messages, typically found in /var/log/messages or equivalent. You may need to run Openswan for the first time; alternatively, your log files have been emptied (ie, logwatch) or we do not understand your logging configuration. Unable to find Pluto messages, typically found in /var/log/secure or equivalent. You may need to run Openswan for the first time; alternatively, your log files have been emptied (ie, logwatch) or we do not understand your logging configuration. app Sat Dec 6 14:48:25 EET 2008 + _________________________ version + ipsec --version Linux Openswan U2.6.14/K2.6.18-lbr5.std.3 (netkey) See `ipsec --copyright' for copyright information. + _________________________ /proc/version + cat /proc/version Linux version 2.6.18-lbr5.std.3 (developer@robin-playground.labristeknoloji.com) (gcc version 4.1.1 20070105 (Red Hat 4.1.1-52)) #1 SMP Fri Oct 31 11:44:34 EET 2008 + _________________________ /proc/net/ipsec_eroute + test -r /proc/net/ipsec_eroute + _________________________ netstat-rn + netstat -nr + head -n 100 Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 85.85.85.1 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 169.254.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 0.0.0.0 85.85.85.1 0.0.0.0 UG 0 0 0 ppp0 + _________________________ /proc/net/ipsec_spi + test -r /proc/net/ipsec_spi + _________________________ /proc/net/ipsec_spigrp + test -r /proc/net/ipsec_spigrp + _________________________ /proc/net/ipsec_tncfg + test -r /proc/net/ipsec_tncfg + _________________________ /proc/net/pfkey + test -r /proc/net/pfkey + cat /proc/net/pfkey sk RefCnt Rmem Wmem User Inode + _________________________ ip-xfrm-state + ip xfrm state + _________________________ ip-xfrm-policy + ip xfrm policy src 0.0.0.0/0 dst 0.0.0.0/0 dir in priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir in priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir in priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir in priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir in priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir in priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir in priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir in priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir in priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir in priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir out priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir out priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir out priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir out priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir out priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir out priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir out priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir out priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir out priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir out priority 0 + _________________________ /proc/crypto + test -r /proc/crypto + cat /proc/crypto name : deflate driver : deflate-generic module : deflate priority : 0 type : compression name : tnepres driver : tnepres-generic module : serpent priority : 0 type : cipher blocksize : 16 min keysize : 0 max keysize : 32 name : serpent driver : serpent-generic module : serpent priority : 0 type : cipher blocksize : 16 min keysize : 0 max keysize : 32 name : blowfish driver : blowfish-generic module : blowfish priority : 0 type : cipher blocksize : 8 min keysize : 4 max keysize : 56 name : twofish driver : twofish-generic module : twofish priority : 0 type : cipher blocksize : 16 min keysize : 16 max keysize : 32 name : md5 driver : md5-generic module : md5 priority : 0 type : digest blocksize : 64 digestsize : 16 name : sha256 driver : sha256-generic module : sha256 priority : 0 type : digest blocksize : 64 digestsize : 32 name : sha512 driver : sha512-generic module : sha512 priority : 0 type : digest blocksize : 128 digestsize : 64 name : sha384 driver : sha384-generic module : sha512 priority : 0 type : digest blocksize : 96 digestsize : 48 name : des3_ede driver : des3_ede-generic module : des priority : 0 type : cipher blocksize : 8 min keysize : 24 max keysize : 24 name : des driver : des-generic module : des priority : 0 type : cipher blocksize : 8 min keysize : 8 max keysize : 8 name : aes driver : aes-generic module : aes_generic priority : 100 type : cipher blocksize : 16 min keysize : 16 max keysize : 32 name : aes driver : aes-i586 module : aes_i586 priority : 200 type : cipher blocksize : 16 min keysize : 16 max keysize : 32 name : crc32c driver : crc32c-generic module : kernel priority : 0 type : digest blocksize : 32 digestsize : 4 name : sha1 driver : sha1-generic module : kernel priority : 0 type : digest blocksize : 64 digestsize : 20 + __________________________/proc/sys/net/core/xfrm-star /usr/libexec/ipsec/barf: line 191: __________________________/proc/sys/net/core/xfrm-star: No such file or directory + for i in '/proc/sys/net/core/xfrm_*' + echo -n '/proc/sys/net/core/xfrm_acq_expires: ' /proc/sys/net/core/xfrm_acq_expires: + cat /proc/sys/net/core/xfrm_acq_expires 30 + for i in '/proc/sys/net/core/xfrm_*' + echo -n '/proc/sys/net/core/xfrm_aevent_etime: ' /proc/sys/net/core/xfrm_aevent_etime: + cat /proc/sys/net/core/xfrm_aevent_etime 10 + for i in '/proc/sys/net/core/xfrm_*' + echo -n '/proc/sys/net/core/xfrm_aevent_rseqth: ' /proc/sys/net/core/xfrm_aevent_rseqth: + cat /proc/sys/net/core/xfrm_aevent_rseqth 2 + for i in '/proc/sys/net/core/xfrm_*' + echo -n '/proc/sys/net/core/xfrm_larval_drop: ' /proc/sys/net/core/xfrm_larval_drop: + cat /proc/sys/net/core/xfrm_larval_drop 0 + _________________________ /proc/sys/net/ipsec-star + test -d /proc/sys/net/ipsec + _________________________ ipsec/status + ipsec auto --status 000 using kernel interface: netkey 000 interface lo/lo 127.0.0.1 000 interface lo/lo 127.0.0.1 000 interface eth0/eth0 169.254.1.1 000 interface eth0/eth0 169.254.1.1 000 interface eth1/eth1 192.168.0.254 000 interface eth1/eth1 192.168.0.254 000 interface eth2/eth2 10.0.0.254 000 interface eth2/eth2 10.0.0.254 000 interface ppp0/ppp0 85.85.85.85 000 interface ppp0/ppp0 85.85.85.85 000 %myid = (none) 000 debug raw+crypt+parsing+emitting+control+lifecycle+klips+dns+oppo+controlmore+pfkey+nattraversal+x509 000 000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64, keysizemax=64 000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192, keysizemax=192 000 algorithm ESP encrypt: id=6, name=ESP_CAST, ivlen=8, keysizemin=40, keysizemax=128 000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8, keysizemin=40, keysizemax=448 000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0, keysizemax=0 000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: id=13, name=ESP_AES_CTR, ivlen=8, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: id=14, name=ESP_AES_CCM_A, ivlen=8, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: id=15, name=ESP_AES_CCM_B, ivlen=8, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: id=16, name=ESP_AES_CCM_C, ivlen=8, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: id=18, name=ESP_AES_GCM_A, ivlen=8, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: id=19, name=ESP_AES_GCM_B, ivlen=8, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: id=20, name=ESP_AES_GCM_C, ivlen=8, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=8, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8, keysizemin=128, keysizemax=256 000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128 000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160 000 algorithm ESP auth attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256, keysizemin=256, keysizemax=256 000 algorithm ESP auth attr: id=8, name=AUTH_ALGORITHM_HMAC_RIPEMD, keysizemin=160, keysizemax=160 000 algorithm ESP auth attr: id=9, name=AUTH_ALGORITHM_AES_CBC, keysizemin=128, keysizemax=128 000 algorithm ESP auth attr: id=251, name=(null), keysizemin=0, keysizemax=0 000 000 algorithm IKE encrypt: id=0, name=(null), blocksize=16, keydeflen=131 000 algorithm IKE encrypt: id=3, name=OAKLEY_BLOWFISH_CBC, blocksize=8, keydeflen=128 000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8, keydeflen=192 000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16, keydeflen=128 000 algorithm IKE encrypt: id=65004, name=OAKLEY_SERPENT_CBC, blocksize=16, keydeflen=128 000 algorithm IKE encrypt: id=65005, name=OAKLEY_TWOFISH_CBC, blocksize=16, keydeflen=128 000 algorithm IKE encrypt: id=65289, name=OAKLEY_TWOFISH_CBC_SSH, blocksize=16, keydeflen=128 000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16 000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20 000 algorithm IKE hash: id=4, name=OAKLEY_SHA2_256, hashsize=32 000 algorithm IKE hash: id=6, name=OAKLEY_SHA2_512, hashsize=64 000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024 000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536 000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048 000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072 000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096 000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144 000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192 000 000 stats db_ops: {curr_cnt, total_cnt, maxsz} :context={0,2,36} trans={0,2,1080} attrs={0,2,1440} 000 000 "product": 10.0.0.0/24===85.85.85.85<85.85.85.85>[+S=C]---85.85.85.1...85.105.105.105<85.105.105.105>[+S=C]===192.168.1.0/24; unrouted; eroute owner: #0 000 "product": myip=unset; hisip=unset; 000 "product": ike_life: 28800s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3 000 "product": policy: PSK+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW+lKOD+rKOD; prio: 24,24; interface: ppp0; 000 "product": newest ISAKMP SA: #0; newest IPsec SA: #0; 000 "product": ESP algorithms wanted: 3DES(3)_000-MD5(1); flags=-strict 000 "product": ESP algorithms loaded: 3DES(3)_192-MD5(1)_096 000 000 #2: "product":500 STATE_QUICK_I1 (sent QI1, expecting QR1); EVENT_CRYPTO_FAILED in 82s; nodpd; idle; import:admin initiate 000 + _________________________ ifconfig-a + ifconfig -a eth0 Link encap:Ethernet HWaddr 00:1D:92:26:BD:C2 inet addr:169.254.1.1 Bcast:169.254.1.255 Mask:255.255.255.0 UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) Interrupt:233 Base address:0x2800 eth1 Link encap:Ethernet HWaddr 00:0C:42:07:48:0C inet addr:192.168.0.254 Bcast:192.168.0.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:727381 errors:0 dropped:0 overruns:0 frame:0 TX packets:613391 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:735101802 (701.0 MiB) TX bytes:120147368 (114.5 MiB) Interrupt:50 Base address:0x4c00 eth2 Link encap:Ethernet HWaddr 00:0C:42:07:48:0D inet addr:10.0.0.254 Bcast:10.0.0.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:646562 errors:0 dropped:0 overruns:0 frame:0 TX packets:741828 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:108466049 (103.4 MiB) TX bytes:728851608 (695.0 MiB) Interrupt:58 Base address:0x6800 eth3 Link encap:Ethernet HWaddr 00:0C:42:07:48:0E BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) Interrupt:66 Base address:0x8400 eth4 Link encap:Ethernet HWaddr 00:0C:42:07:48:0F BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) Interrupt:74 Base address:0xa000 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:466865 errors:0 dropped:0 overruns:0 frame:0 TX packets:466865 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:65724782 (62.6 MiB) TX bytes:65724782 (62.6 MiB) ppp0 Link encap:Point-to-Point Protocol inet addr:85.85.85.85 P-t-P:85.85.85.1 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1 RX packets:722536 errors:0 dropped:0 overruns:0 frame:0 TX packets:608081 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:3 RX bytes:718910768 (685.6 MiB) TX bytes:106548724 (101.6 MiB) + _________________________ ip-addr-list + ip addr list 1: lo: mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo 2: eth0: mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:1d:92:26:bd:c2 brd ff:ff:ff:ff:ff:ff inet 169.254.1.1/24 brd 169.254.1.255 scope global eth0 3: eth1: mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:0c:42:07:48:0c brd ff:ff:ff:ff:ff:ff inet 192.168.0.254/24 brd 192.168.0.255 scope global eth1 4: eth2: mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:0c:42:07:48:0d brd ff:ff:ff:ff:ff:ff inet 10.0.0.254/24 brd 10.0.0.255 scope global eth2 5: eth3: mtu 1500 qdisc noop qlen 1000 link/ether 00:0c:42:07:48:0e brd ff:ff:ff:ff:ff:ff 6: eth4: mtu 1500 qdisc noop qlen 1000 link/ether 00:0c:42:07:48:0f brd ff:ff:ff:ff:ff:ff 8: ppp0: mtu 1492 qdisc pfifo_fast qlen 3 link/ppp inet 85.85.85.85 peer 85.85.85.1/32 scope global ppp0 + _________________________ ip-route-list + ip route list 85.85.85.1 dev ppp0 scope link 10.0.0.0/24 dev eth2 proto kernel scope link src 10.0.0.254 192.168.0.0/24 dev eth1 proto kernel scope link src 192.168.0.254 169.254.1.0/24 dev eth0 proto kernel scope link src 169.254.1.1 169.254.0.0/16 dev eth0 scope link default via 85.85.85.1 dev ppp0 + _________________________ ip-rule-list + ip rule list 0: from all lookup 255 32766: from all lookup main 32767: from all lookup default + _________________________ ipsec_verify + ipsec verify --nocolour Checking your system to see if IPsec got installed and started correctly: Version check and ipsec on-path [OK] Linux Openswan U2.6.14/K2.6.18-lbr5.std.3 (netkey) Checking for IPsec support in kernel [OK] NETKEY detected, testing for disabled ICMP send_redirects [FAILED] Please disable /proc/sys/net/ipv4/conf/*/send_redirects or NETKEY will cause the sending of bogus ICMP redirects! NETKEY detected, testing for disabled ICMP accept_redirects [FAILED] Please disable /proc/sys/net/ipv4/conf/*/accept_redirects or NETKEY will accept bogus ICMP redirects! Checking for RSA private key (/etc/ipsec.secrets) [OK] Checking that pluto is running [OK] Two or more interfaces found, checking IP forwarding [OK] Checking NAT and MASQUERADEing Checking for 'ip' command [OK] Checking for 'iptables' command [OK] Opportunistic Encryption Support [DISABLED] + _________________________ mii-tool + '[' -x /sbin/mii-tool ']' + /sbin/mii-tool -v eth0: no link product info: vendor 00:00:20, model 32 rev 1 basic mode: autonegotiation enabled basic status: no link capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD eth1: negotiated 100baseTx-FD, link ok product info: vendor 00:40:63, model 52 rev 5 basic mode: autonegotiation enabled basic status: autonegotiation complete, link ok capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control link partner: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD eth2: negotiated 100baseTx-FD, link ok product info: vendor 00:40:63, model 52 rev 5 basic mode: autonegotiation enabled basic status: autonegotiation complete, link ok capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control link partner: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD SIOCGMIIPHY on 'eth3' failed: Invalid argument SIOCGMIIPHY on 'eth4' failed: Invalid argument + _________________________ ipsec/directory + ipsec --directory /usr/libexec/ipsec + _________________________ hostname/fqdn + hostname --fqdn localhost.localdomain + _________________________ hostname/ipaddress + hostname --ip-address 127.0.0.1 + _________________________ uptime + uptime 14:48:26 up 22:59, 2 users, load average: 1.35, 1.14, 1.08 + _________________________ ps + ps alxwf + egrep -i 'ppid|pluto|ipsec|klips' F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME COMMAND 0 0 17069 23358 25 0 4484 1128 wait S+ pts/3 0:00 | \_ /bin/sh /usr/libexec/ipsec/barf 0 0 17239 17069 25 0 1832 480 stext S+ pts/3 0:00 | \_ egrep -i ppid|pluto|ipsec|klips 1 0 15357 1 25 0 2444 416 wait S pts/3 0:00 /bin/sh /usr/libexec/ipsec/_plutorun --debug all raw crypt parsing emitting control lifecycle klips dns oppo controlmore x509 pfkey nattraversal --uniqueids yes --force_busy no --nocrsend no --strictcrlpolicy --nat_traversal yes --keep_alive --protostack netkey --force_keepalive --disable_port_floating --virtual_private --crlcheckinterval 0 --ocspuri --nhelpers --dump --opts --stderrlog --wait no --pre --post --log daemon.error --plutorestartoncrash false --pid /var/run/pluto/pluto.pid 1 0 15358 15357 25 0 2444 548 wait S pts/3 0:00 \_ /bin/sh /usr/libexec/ipsec/_plutorun --debug all raw crypt parsing emitting control lifecycle klips dns oppo controlmore x509 pfkey nattraversal --uniqueids yes --force_busy no --nocrsend no --strictcrlpolicy --nat_traversal yes --keep_alive --protostack netkey --force_keepalive --disable_port_floating --virtual_private --crlcheckinterval 0 --ocspuri --nhelpers --dump --opts --stderrlog --wait no --pre --post --log daemon.error --plutorestartoncrash false --pid /var/run/pluto/pluto.pid 4 0 15359 15358 17 0 3168 1508 - S pts/3 0:00 | \_ /usr/libexec/ipsec/pluto --nofork --secretsfile /etc/ipsec.secrets --debug-all --debug-raw --debug-crypt --debug-parsing --debug-emitting --debug-control --debug-lifecycle --debug-klips --debug-dns --debug-oppo --debug-controlmore --debug-x509 --debug-pfkey --debug-nattraversal --use-netkey --uniqueids --nat_traversal 1 0 15369 15359 26 10 3108 748 - SN pts/3 0:00 | \_ pluto helper # 0 0 0 15383 15359 25 0 1588 288 - S pts/3 0:00 | \_ _pluto_adns -d 0 0 15360 15357 25 0 2444 1036 pipe_w S pts/3 0:00 \_ /bin/sh /usr/libexec/ipsec/_plutoload --wait no --post 0 0 15361 1 24 0 1652 492 pipe_w S pts/3 0:00 logger -s -p daemon.error -t ipsec__plutorun + _________________________ ipsec/showdefaults + ipsec showdefaults ipsec showdefaults: cannot find defaults file `/var/run/pluto/ipsec.info' + _________________________ ipsec/conf + ipsec _include /etc/ipsec.conf + ipsec _keycensor #< /etc/ipsec.conf 1 # Created by Labris Management Console / VPN. # Do NOT change settings in this file. # 12.06.2008 - 12:17:52 PM version 2.0 config setup interfaces="ipsec0=ppp0" klipsdebug=all plutodebug=all nat_traversal=yes uniqueids=yes protostack=netkey conn %default auto=add conn product authby=secret auth=esp esp=3des-md5-96 left=85.85.85.85 leftsubnet=10.0.0.0/24 right=85.105.105.105 rightsubnet=192.168.1.0/24 leftnexthop=85.85.85.1 disablearrivalcheck=no pfs=yes auto=add keyexchange=ike keyingtries=3 ikelifetime=28800s keylife=28800s ##conn labris.l2tp #< /etc/ipsec.d/no_oe.conf 1 # 'include' this file to disable Opportunistic Encryption. # See /usr/share/doc/openswan/policygroups.html for details. # # RCSID $Id: no_oe.conf.in,v 1.2 2004/10/03 19:33:10 paul Exp $ conn block auto=ignore conn private auto=ignore conn private-or-clear auto=ignore conn clear-or-private auto=ignore conn clear auto=ignore conn packetdefault auto=ignore #> /etc/ipsec.conf 39 + _________________________ ipsec/secrets + ipsec _include /etc/ipsec.secrets + ipsec _secretcensor #< /etc/ipsec.secrets 1 85.85.85.85 85.105.105.105 : PSK "[sums to 9a70...]" #:cannot open configuration file \'/etc/ipsec.*.secrets\' #> /etc/ipsec.secrets 4 + _________________________ ipsec/listall + ipsec auto --listall 000 000 List of Public Keys: 000 000 List of Pre-shared secrets (from /etc/ipsec.secrets) 000 1: PSK 85.105.105.105 85.85.85.85 000 000 List of X.509 CA Certificates: 000 000 Dec 06 14:44:12 2008, count: 1 000 subject: 'C=TR, L=Istanbul, O=Soya, OU=Bim, CN=labris, E=soya@labris.com' 000 issuer: 'C=TR, L=Istanbul, O=Soya, OU=Bim, CN=labris, E=soya@labris.com' 000 serial: 00 000 pubkey: 1024 RSA Key AwEAAaJ/h 000 validity: not before Aug 08 15:40:42 2005 ok 000 not after Aug 08 15:40:42 2006 fatal (expired) 000 subjkey: 79:2a:e1:92:9f:ee:84:40:5d:83:66:cb:8d:28:63:ec:d4:55:ab:0a 000 authkey: 79:2a:e1:92:9f:ee:84:40:5d:83:66:cb:8d:28:63:ec:d4:55:ab:0a 000 aserial: 00 + '[' /etc/ipsec.d/policies ']' + for policy in '$POLICIES/*' ++ basename /etc/ipsec.d/policies/block + base=block + _________________________ ipsec/policies/block + cat /etc/ipsec.d/policies/block # This file defines the set of CIDRs (network/mask-length) to which # communication should never be allowed. # # See /usr/share/doc/openswan/policygroups.html for details. # # $Id: block.in,v 1.4 2003/02/17 02:22:15 mcr Exp $ # + for policy in '$POLICIES/*' ++ basename /etc/ipsec.d/policies/clear + base=clear + _________________________ ipsec/policies/clear + cat /etc/ipsec.d/policies/clear # This file defines the set of CIDRs (network/mask-length) to which # communication should always be in the clear. # # See /usr/share/doc/openswan/policygroups.html for details. # # root name servers should be in the clear 192.58.128.30/32 198.41.0.4/32 192.228.79.201/32 192.33.4.12/32 128.8.10.90/32 192.203.230.10/32 192.5.5.241/32 192.112.36.4/32 128.63.2.53/32 192.36.148.17/32 193.0.14.129/32 199.7.83.42/32 202.12.27.33/32 + for policy in '$POLICIES/*' ++ basename /etc/ipsec.d/policies/clear-or-private + base=clear-or-private + _________________________ ipsec/policies/clear-or-private + cat /etc/ipsec.d/policies/clear-or-private # This file defines the set of CIDRs (network/mask-length) to which # we will communicate in the clear, or, if the other side initiates IPSEC, # using encryption. This behaviour is also called "Opportunistic Responder". # # See /usr/share/doc/openswan/policygroups.html for details. # # $Id: clear-or-private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $ # + for policy in '$POLICIES/*' ++ basename /etc/ipsec.d/policies/private + base=private + _________________________ ipsec/policies/private + cat /etc/ipsec.d/policies/private # This file defines the set of CIDRs (network/mask-length) to which # communication should always be private (i.e. encrypted). # See /usr/share/doc/openswan/policygroups.html for details. # # $Id: private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $ # + for policy in '$POLICIES/*' ++ basename /etc/ipsec.d/policies/private-or-clear + base=private-or-clear + _________________________ ipsec/policies/private-or-clear + cat /etc/ipsec.d/policies/private-or-clear # This file defines the set of CIDRs (network/mask-length) to which # communication should be private, if possible, but in the clear otherwise. # # If the target has a TXT (later IPSECKEY) record that specifies # authentication material, we will require private (i.e. encrypted) # communications. If no such record is found, communications will be # in the clear. # # See /usr/share/doc/openswan/policygroups.html for details. # # $Id: private-or-clear.in,v 1.5 2003/02/17 02:22:15 mcr Exp $ # 0.0.0.0/0 + _________________________ ipsec/ls-libdir + ls -l /usr/libexec/ipsec total 2272 -rwxr-xr-x 1 root root 5996 Jun 22 05:03 _copyright -rwxr-xr-x 1 root root 2379 Jun 22 05:03 _include -rwxr-xr-x 1 root root 1475 Jun 22 05:03 _keycensor -rwxr-xr-x 1 root root 10028 Jun 22 05:03 _pluto_adns -rwxr-xr-x 1 root root 2632 Jun 22 05:03 _plutoload -rwxr-xr-x 1 root root 7602 Jun 22 05:03 _plutorun -rwxr-xr-x 1 root root 13746 Jun 22 05:03 _realsetup -rwxr-xr-x 1 root root 1975 Jun 22 05:03 _secretcensor -rwxr-xr-x 1 root root 9752 Jun 22 05:03 _startklips -rwxr-xr-x 1 root root 9752 Jun 22 05:03 _startklips.old -rwxr-xr-x 1 root root 4988 Jun 22 05:03 _startnetkey -rwxr-xr-x 1 root root 4949 Jun 22 05:03 _updown -rwxr-xr-x 1 root root 14030 Jun 22 05:03 _updown.klips -rwxr-xr-x 1 root root 14030 Jun 22 05:03 _updown.klips.old -rwxr-xr-x 1 root root 13739 Jun 22 05:03 _updown.mast -rwxr-xr-x 1 root root 13739 Jun 22 05:03 _updown.mast.old -rwxr-xr-x 1 root root 8337 Jun 22 05:03 _updown.netkey -rwxr-xr-x 1 root root 183808 Jun 22 05:03 addconn -rwxr-xr-x 1 root root 6129 Jun 22 05:03 auto -rwxr-xr-x 1 root root 10758 Jun 22 05:03 barf -rwxr-xr-x 1 root root 90028 Jun 22 05:03 eroute -rwxr-xr-x 1 root root 20072 Jun 22 05:03 ikeping -rwxr-xr-x 1 root root 69744 Jun 22 05:03 klipsdebug -rwxr-xr-x 1 root root 1836 Jun 22 05:03 livetest -rwxr-xr-x 1 root root 2591 Jun 22 05:03 look -rwxr-xr-x 1 root root 1921 Jun 22 05:03 newhostkey -rwxr-xr-x 1 root root 60780 Jun 22 05:03 pf_key -rwxr-xr-x 1 root root 982244 Jun 22 05:03 pluto -rwxr-xr-x 1 root root 10176 Jun 22 05:03 ranbits -rwxr-xr-x 1 root root 20532 Jun 22 05:03 rsasigkey -rwxr-xr-x 1 root root 766 Jun 22 05:03 secrets lrwxrwxrwx 1 root root 30 Dec 6 14:31 setup -> ../../../etc/rc.d/init.d/ipsec -rwxr-xr-x 1 root root 1054 Jun 22 05:03 showdefaults -rwxr-xr-x 1 root root 219660 Jun 22 05:03 showhostkey -rwxr-xr-x 1 root root 22684 Jun 22 05:03 showpolicy -rwxr-xr-x 1 root root 148008 Jun 22 05:03 spi -rwxr-xr-x 1 root root 77276 Jun 22 05:03 spigrp -rwxr-xr-x 1 root root 69384 Jun 22 05:03 tncfg -rwxr-xr-x 1 root root 12526 Jun 22 05:03 verify -rwxr-xr-x 1 root root 50568 Jun 22 05:03 whack + _________________________ ipsec/ls-execdir + ls -l /usr/libexec/ipsec total 2272 -rwxr-xr-x 1 root root 5996 Jun 22 05:03 _copyright -rwxr-xr-x 1 root root 2379 Jun 22 05:03 _include -rwxr-xr-x 1 root root 1475 Jun 22 05:03 _keycensor -rwxr-xr-x 1 root root 10028 Jun 22 05:03 _pluto_adns -rwxr-xr-x 1 root root 2632 Jun 22 05:03 _plutoload -rwxr-xr-x 1 root root 7602 Jun 22 05:03 _plutorun -rwxr-xr-x 1 root root 13746 Jun 22 05:03 _realsetup -rwxr-xr-x 1 root root 1975 Jun 22 05:03 _secretcensor -rwxr-xr-x 1 root root 9752 Jun 22 05:03 _startklips -rwxr-xr-x 1 root root 9752 Jun 22 05:03 _startklips.old -rwxr-xr-x 1 root root 4988 Jun 22 05:03 _startnetkey -rwxr-xr-x 1 root root 4949 Jun 22 05:03 _updown -rwxr-xr-x 1 root root 14030 Jun 22 05:03 _updown.klips -rwxr-xr-x 1 root root 14030 Jun 22 05:03 _updown.klips.old -rwxr-xr-x 1 root root 13739 Jun 22 05:03 _updown.mast -rwxr-xr-x 1 root root 13739 Jun 22 05:03 _updown.mast.old -rwxr-xr-x 1 root root 8337 Jun 22 05:03 _updown.netkey -rwxr-xr-x 1 root root 183808 Jun 22 05:03 addconn -rwxr-xr-x 1 root root 6129 Jun 22 05:03 auto -rwxr-xr-x 1 root root 10758 Jun 22 05:03 barf -rwxr-xr-x 1 root root 90028 Jun 22 05:03 eroute -rwxr-xr-x 1 root root 20072 Jun 22 05:03 ikeping -rwxr-xr-x 1 root root 69744 Jun 22 05:03 klipsdebug -rwxr-xr-x 1 root root 1836 Jun 22 05:03 livetest -rwxr-xr-x 1 root root 2591 Jun 22 05:03 look -rwxr-xr-x 1 root root 1921 Jun 22 05:03 newhostkey -rwxr-xr-x 1 root root 60780 Jun 22 05:03 pf_key -rwxr-xr-x 1 root root 982244 Jun 22 05:03 pluto -rwxr-xr-x 1 root root 10176 Jun 22 05:03 ranbits -rwxr-xr-x 1 root root 20532 Jun 22 05:03 rsasigkey -rwxr-xr-x 1 root root 766 Jun 22 05:03 secrets lrwxrwxrwx 1 root root 30 Dec 6 14:31 setup -> ../../../etc/rc.d/init.d/ipsec -rwxr-xr-x 1 root root 1054 Jun 22 05:03 showdefaults -rwxr-xr-x 1 root root 219660 Jun 22 05:03 showhostkey -rwxr-xr-x 1 root root 22684 Jun 22 05:03 showpolicy -rwxr-xr-x 1 root root 148008 Jun 22 05:03 spi -rwxr-xr-x 1 root root 77276 Jun 22 05:03 spigrp -rwxr-xr-x 1 root root 69384 Jun 22 05:03 tncfg -rwxr-xr-x 1 root root 12526 Jun 22 05:03 verify -rwxr-xr-x 1 root root 50568 Jun 22 05:03 whack + _________________________ /proc/net/dev + cat /proc/net/dev Inter-| Receive | Transmit face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed lo:65724782 466865 0 0 0 0 0 0 65724782 466865 0 0 0 0 0 0 eth0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 eth1:735126767 727400 0 0 0 0 0 0 120148705 613403 0 0 0 0 0 0 eth2:108467344 646574 0 0 0 0 0 0 728876421 741847 0 0 0 0 0 0 eth3: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 eth4: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ppp0:718935315 722555 0 0 0 0 0 0 106549797 608093 0 0 0 0 0 0 + _________________________ /proc/net/route + cat /proc/net/route Iface Destination Gateway Flags RefCnt Use Metric Mask MTU Window IRTT ppp0 01946955 00000000 0005 0 0 0 FFFFFFFF 0 0 0 eth2 0000000A 00000000 0001 0 0 0 00FFFFFF 0 0 0 eth1 0000A8C0 00000000 0001 0 0 0 00FFFFFF 0 0 0 eth0 0001FEA9 00000000 0001 0 0 0 00FFFFFF 0 0 0 eth0 0000FEA9 00000000 0001 0 0 0 0000FFFF 0 0 0 ppp0 00000000 01946955 0003 0 0 0 00000000 0 0 0 + _________________________ /proc/sys/net/ipv4/ip_no_pmtu_disc + cat /proc/sys/net/ipv4/ip_no_pmtu_disc 0 + _________________________ /proc/sys/net/ipv4/ip_forward + cat /proc/sys/net/ipv4/ip_forward 1 + _________________________ /proc/sys/net/ipv4/tcp_ecn + cat /proc/sys/net/ipv4/tcp_ecn 0 + _________________________ /proc/sys/net/ipv4/conf/star-rp_filter + cd /proc/sys/net/ipv4/conf + egrep '^' all/rp_filter default/rp_filter eth0/rp_filter eth1/rp_filter eth2/rp_filter lo/rp_filter ppp0/rp_filter all/rp_filter:0 default/rp_filter:1 eth0/rp_filter:1 eth1/rp_filter:1 eth2/rp_filter:1 lo/rp_filter:0 ppp0/rp_filter:1 + _________________________ /proc/sys/net/ipv4/conf/star-star-redirects + cd /proc/sys/net/ipv4/conf + egrep '^' all/accept_redirects all/secure_redirects all/send_redirects default/accept_redirects default/secure_redirects default/send_redirects eth0/accept_redirects eth0/secure_redirects eth0/send_redirects eth1/accept_redirects eth1/secure_redirects eth1/send_redirects eth2/accept_redirects eth2/secure_redirects eth2/send_redirects lo/accept_redirects lo/secure_redirects lo/send_redirects ppp0/accept_redirects ppp0/secure_redirects ppp0/send_redirects all/accept_redirects:0 all/secure_redirects:1 all/send_redirects:1 default/accept_redirects:1 default/secure_redirects:1 default/send_redirects:1 eth0/accept_redirects:1 eth0/secure_redirects:1 eth0/send_redirects:1 eth1/accept_redirects:1 eth1/secure_redirects:1 eth1/send_redirects:1 eth2/accept_redirects:1 eth2/secure_redirects:1 eth2/send_redirects:1 lo/accept_redirects:1 lo/secure_redirects:1 lo/send_redirects:1 ppp0/accept_redirects:1 ppp0/secure_redirects:1 ppp0/send_redirects:1 + _________________________ /proc/sys/net/ipv4/tcp_window_scaling + cat /proc/sys/net/ipv4/tcp_window_scaling 1 + _________________________ /proc/sys/net/ipv4/tcp_adv_win_scale + cat /proc/sys/net/ipv4/tcp_adv_win_scale 2 + _________________________ uname-a + uname -a Linux app 2.6.18-lbr5.std.3 #1 SMP Fri Oct 31 11:44:34 EET 2008 i686 i686 i386 GNU/Linux + _________________________ config-built-with + test -r /proc/config_built_with + _________________________ distro-release + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release + test -f /etc/redhat-release + cat /etc/redhat-release Labris release 1.5.5 + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release + test -f /etc/debian-release + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release + test -f /etc/SuSE-release + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release + test -f /etc/mandrake-release + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release + test -f /etc/mandriva-release + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release + test -f /etc/gentoo-release + _________________________ /proc/net/ipsec_version + test -r /proc/net/ipsec_version + test -r /proc/net/pfkey ++ uname -r + echo 'NETKEY (2.6.18-lbr5.std.3) support detected ' NETKEY (2.6.18-lbr5.std.3) support detected + _________________________ iptables + test -r /sbin/iptables + iptables -L -v -n Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 33647 6151K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 48314 6634K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 108 5171 console_input_custom_chain icmp -- * * 0.0.0.0/0 0.0.0.0/0 10094 705K console_input_custom_chain tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 0 0 console_input_custom_chain tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:81 392 37991 console_input_custom_chain tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:4000 11524 1255K BADPACKETS all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- eth1 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 4614 515K ACCEPT all -- eth2 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT all -- eth3 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT all -- eth4 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT all -- eth0 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 6905 739K BADPACKETS all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- eth1 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT all -- eth2 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT all -- eth3 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT all -- eth4 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT all -- eth0 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 6905 739K auto-auth all -- * * 0.0.0.0/0 0.0.0.0/0 6905 739K Application_Rules all -- * * 0.0.0.0/0 0.0.0.0/0 1159 159K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 19 2811 General_Rule_0 all -- * * 10.0.0.24 0.0.0.0/0 state NEW 74 9852 General_Rule_0 all -- * * 10.0.0.100 0.0.0.0/0 state NEW 35 3966 General_Rule_0 all -- * * 10.0.0.21 0.0.0.0/0 state NEW 0 0 General_Rule_1 all -- * * 81.81.81.81 0.0.0.0/0 state NEW 0 0 General_Rule_1 all -- * * 85.85.85.85 0.0.0.0/0 state NEW 24 6024 General_Rule_1 all -- * * 10.0.0.254 0.0.0.0/0 state NEW 24 6024 General_Rule_1 all -- * * 192.168.0.254 0.0.0.0/0 state NEW 0 0 General_Rule_2 tcp -- * * 0.0.0.0/0 10.0.0.200 tcp dpt:25 state NEW 0 0 General_Rule_2 tcp -- * * 0.0.0.0/0 10.0.0.200 tcp dpt:80 state NEW 0 0 General_Rule_2 tcp -- * * 0.0.0.0/0 85.85.85.85 tcp dpt:25 state NEW 0 0 General_Rule_2 tcp -- * * 0.0.0.0/0 85.85.85.85 tcp dpt:80 state NEW 0 0 General_Rule_3 tcp -- * * 10.0.0.0/24 0.0.0.0/0 tcp dpt:3389 state NEW 2012 196K General_Rule_4 all -- * * 10.0.0.0/24 10.0.0.0/24 state NEW 0 0 General_Rule_4 all -- * * 10.0.0.0/24 192.168.1.0/24 state NEW 0 0 General_Rule_4 all -- * * 192.168.1.0/24 10.0.0.0/24 state NEW 0 0 General_Rule_4 all -- * * 192.168.1.0/24 192.168.1.0/24 state NEW 0 0 General_Rule_5 tcp -- * * 10.0.0.0/24 0.0.0.0/0 tcp dpt:80 state NEW 0 0 General_Rule_5 tcp -- * * 10.0.0.0/24 0.0.0.0/0 tcp dpt:443 state NEW 0 0 General_Rule_5 tcp -- * * 10.0.0.0/24 0.0.0.0/0 tcp dpt:25 state NEW 0 0 General_Rule_5 tcp -- * * 10.0.0.0/24 0.0.0.0/0 tcp dpt:465 state NEW 0 0 General_Rule_5 udp -- * * 10.0.0.0/24 0.0.0.0/0 udp dpt:53 state NEW 0 0 General_Rule_5 tcp -- * * 10.0.0.0/24 0.0.0.0/0 tcp dpt:53 state NEW 0 0 General_Rule_6 tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1352 state NEW 0 0 General_Rule_7 udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:1700:1702 state NEW 0 0 General_Rule_7 udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:4500 state NEW 0 0 General_Rule_7 udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:500 state NEW 0 0 General_Rule_7 esp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW 0 0 General_Rule_7 ah -- * * 0.0.0.0/0 0.0.0.0/0 state NEW 0 0 General_Rule_7 tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:4500 state NEW 0 0 General_Rule_7 tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:500 state NEW 0 0 General_Rule_7 tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:1700:1702 state NEW 0 0 General_Rule_8 tcp -- * * 0.0.0.0/0 10.0.0.111 tcp dpt:3366 state NEW 0 0 General_Rule_8 tcp -- * * 0.0.0.0/0 10.0.0.111 tcp dpt:4866 state NEW 0 0 General_Rule_10 tcp -- * * 0.0.0.0/0 10.0.0.200 tcp dpt:3355 state NEW 0 0 General_Rule_12 tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1863 state NEW 0 0 General_Rule_12 tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:6891:6900 state NEW 3558 356K General_Rule_13 all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `_lfp_ Default --DENY' Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 153K 89M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 353K 236M BADPACKETS all -- * * 0.0.0.0/0 0.0.0.0/0 191K 213M ppp0_custom_chain all -- ppp0 * 0.0.0.0/0 0.0.0.0/0 0 0 eth4_custom_chain all -- eth4 * 0.0.0.0/0 0.0.0.0/0 0 0 eth3_custom_chain all -- eth3 * 0.0.0.0/0 0.0.0.0/0 162K 23M eth2_custom_chain all -- eth2 * 0.0.0.0/0 0.0.0.0/0 191K 213M ppp0_custom_chain all -- ppp0 * 0.0.0.0/0 0.0.0.0/0 0 0 eth1_custom_chain all -- eth1 * 0.0.0.0/0 0.0.0.0/0 0 0 eth0_custom_chain all -- eth0 * 0.0.0.0/0 0.0.0.0/0 353K 236M BADPACKETS all -- * * 0.0.0.0/0 0.0.0.0/0 191K 213M ppp0_custom_chain all -- ppp0 * 0.0.0.0/0 0.0.0.0/0 0 0 eth4_custom_chain all -- eth4 * 0.0.0.0/0 0.0.0.0/0 0 0 eth3_custom_chain all -- eth3 * 0.0.0.0/0 0.0.0.0/0 162K 23M eth2_custom_chain all -- eth2 * 0.0.0.0/0 0.0.0.0/0 191K 213M ppp0_custom_chain all -- ppp0 * 0.0.0.0/0 0.0.0.0/0 0 0 eth1_custom_chain all -- eth1 * 0.0.0.0/0 0.0.0.0/0 0 0 eth0_custom_chain all -- eth0 * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- lo lo 0.0.0.0/0 0.0.0.0/0 353K 236M auto-auth all -- * * 0.0.0.0/0 0.0.0.0/0 353K 236M Application_Rules all -- * * 0.0.0.0/0 0.0.0.0/0 342K 235M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 General_Rule_0 all -- * * 10.0.0.24 0.0.0.0/0 state NEW 0 0 General_Rule_0 all -- * * 10.0.0.100 0.0.0.0/0 state NEW 5317 686K General_Rule_0 all -- * * 10.0.0.21 0.0.0.0/0 state NEW 0 0 General_Rule_1 all -- * * 81.81.81.81 0.0.0.0/0 state NEW 0 0 General_Rule_1 all -- * * 85.85.85.85 0.0.0.0/0 state NEW 0 0 General_Rule_1 all -- * * 10.0.0.254 0.0.0.0/0 state NEW 0 0 General_Rule_1 all -- * * 192.168.0.254 0.0.0.0/0 state NEW 25 1260 General_Rule_2 tcp -- * * 0.0.0.0/0 10.0.0.200 tcp dpt:25 state NEW 2 96 General_Rule_2 tcp -- * * 0.0.0.0/0 10.0.0.200 tcp dpt:80 state NEW 0 0 General_Rule_2 tcp -- * * 0.0.0.0/0 85.85.85.85 tcp dpt:25 state NEW 0 0 General_Rule_2 tcp -- * * 0.0.0.0/0 85.85.85.85 tcp dpt:80 state NEW 0 0 General_Rule_3 tcp -- * * 10.0.0.0/24 0.0.0.0/0 tcp dpt:3389 state NEW 0 0 General_Rule_4 all -- * * 10.0.0.0/24 10.0.0.0/24 state NEW 2 96 General_Rule_4 all -- * * 10.0.0.0/24 192.168.1.0/24 state NEW 0 0 General_Rule_4 all -- * * 192.168.1.0/24 10.0.0.0/24 state NEW 0 0 General_Rule_4 all -- * * 192.168.1.0/24 192.168.1.0/24 state NEW 2905 143K General_Rule_5 tcp -- * * 10.0.0.0/24 0.0.0.0/0 tcp dpt:80 state NEW 177 8968 General_Rule_5 tcp -- * * 10.0.0.0/24 0.0.0.0/0 tcp dpt:443 state NEW 3 144 General_Rule_5 tcp -- * * 10.0.0.0/24 0.0.0.0/0 tcp dpt:25 state NEW 0 0 General_Rule_5 tcp -- * * 10.0.0.0/24 0.0.0.0/0 tcp dpt:465 state NEW 991 67954 General_Rule_5 udp -- * * 10.0.0.0/24 0.0.0.0/0 udp dpt:53 state NEW 0 0 General_Rule_5 tcp -- * * 10.0.0.0/24 0.0.0.0/0 tcp dpt:53 state NEW 21 1028 General_Rule_6 tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1352 state NEW 0 0 General_Rule_7 udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:1700:1702 state NEW 0 0 General_Rule_7 udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:4500 state NEW 0 0 General_Rule_7 udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:500 state NEW 0 0 General_Rule_7 esp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW 0 0 General_Rule_7 ah -- * * 0.0.0.0/0 0.0.0.0/0 state NEW 0 0 General_Rule_7 tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:4500 state NEW 0 0 General_Rule_7 tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:500 state NEW 0 0 General_Rule_7 tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:1700:1702 state NEW 0 0 General_Rule_8 tcp -- * * 0.0.0.0/0 10.0.0.111 tcp dpt:3366 state NEW 0 0 General_Rule_8 tcp -- * * 0.0.0.0/0 10.0.0.111 tcp dpt:4866 state NEW 0 0 General_Rule_10 tcp -- * * 0.0.0.0/0 10.0.0.200 tcp dpt:3355 state NEW 2 96 General_Rule_12 tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1863 state NEW 0 0 General_Rule_12 tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:6891:6900 state NEW 1159 85029 General_Rule_13 all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `_lfp_ Default --DENY' Chain OUTPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 28714 4658K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 3057 398K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 48314 6634K ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0 1400 129K console_output_custom_chain icmp -- * * 0.0.0.0/0 0.0.0.0/0 7502 1190K console_output_custom_chain tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:22 0 0 console_output_custom_chain tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:81 433 69397 console_output_custom_chain tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:4000 0 0 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- * eth1 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 4431 421K ACCEPT all -- * eth2 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT all -- * eth3 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT all -- * eth4 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT all -- * eth0 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- * eth1 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT all -- * eth2 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT all -- * eth3 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT all -- * eth4 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT all -- * eth0 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0 1609 354K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 General_Rule_0 all -- * * 10.0.0.24 0.0.0.0/0 state NEW 0 0 General_Rule_0 all -- * * 10.0.0.100 0.0.0.0/0 state NEW 0 0 General_Rule_0 all -- * * 10.0.0.21 0.0.0.0/0 state NEW 0 0 General_Rule_1 all -- * * 81.81.81.81 0.0.0.0/0 state NEW 2129 144K General_Rule_1 all -- * * 85.85.85.85 0.0.0.0/0 state NEW 600 40584 General_Rule_1 all -- * * 10.0.0.254 0.0.0.0/0 state NEW 24 6024 General_Rule_1 all -- * * 192.168.0.254 0.0.0.0/0 state NEW 0 0 General_Rule_2 tcp -- * * 0.0.0.0/0 10.0.0.200 tcp dpt:25 state NEW 0 0 General_Rule_2 tcp -- * * 0.0.0.0/0 10.0.0.200 tcp dpt:80 state NEW 0 0 General_Rule_2 tcp -- * * 0.0.0.0/0 85.85.85.85 tcp dpt:25 state NEW 0 0 General_Rule_2 tcp -- * * 0.0.0.0/0 85.85.85.85 tcp dpt:80 state NEW 0 0 General_Rule_3 tcp -- * * 10.0.0.0/24 0.0.0.0/0 tcp dpt:3389 state NEW 0 0 General_Rule_4 all -- * * 10.0.0.0/24 10.0.0.0/24 state NEW 0 0 General_Rule_4 all -- * * 10.0.0.0/24 192.168.1.0/24 state NEW 0 0 General_Rule_4 all -- * * 192.168.1.0/24 10.0.0.0/24 state NEW 0 0 General_Rule_4 all -- * * 192.168.1.0/24 192.168.1.0/24 state NEW 0 0 General_Rule_5 tcp -- * * 10.0.0.0/24 0.0.0.0/0 tcp dpt:80 state NEW 0 0 General_Rule_5 tcp -- * * 10.0.0.0/24 0.0.0.0/0 tcp dpt:443 state NEW 0 0 General_Rule_5 tcp -- * * 10.0.0.0/24 0.0.0.0/0 tcp dpt:25 state NEW 0 0 General_Rule_5 tcp -- * * 10.0.0.0/24 0.0.0.0/0 tcp dpt:465 state NEW 0 0 General_Rule_5 udp -- * * 10.0.0.0/24 0.0.0.0/0 udp dpt:53 state NEW 0 0 General_Rule_5 tcp -- * * 10.0.0.0/24 0.0.0.0/0 tcp dpt:53 state NEW 0 0 General_Rule_6 tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1352 state NEW 0 0 General_Rule_7 udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:1700:1702 state NEW 0 0 General_Rule_7 udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:4500 state NEW 0 0 General_Rule_7 udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:500 state NEW 0 0 General_Rule_7 esp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW 0 0 General_Rule_7 ah -- * * 0.0.0.0/0 0.0.0.0/0 state NEW 0 0 General_Rule_7 tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:4500 state NEW 0 0 General_Rule_7 tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:500 state NEW 0 0 General_Rule_7 tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:1700:1702 state NEW 0 0 General_Rule_8 tcp -- * * 0.0.0.0/0 10.0.0.111 tcp dpt:3366 state NEW 0 0 General_Rule_8 tcp -- * * 0.0.0.0/0 10.0.0.111 tcp dpt:4866 state NEW 0 0 General_Rule_10 tcp -- * * 0.0.0.0/0 10.0.0.200 tcp dpt:3355 state NEW 0 0 General_Rule_12 tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1863 state NEW 0 0 General_Rule_12 tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:6891:6900 state NEW 24 6024 General_Rule_13 all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `_lfp_ --DENY' Chain Application_Rules (2 references) pkts bytes target prot opt in out source destination Chain BADPACKETS (4 references) pkts bytes target prot opt in out source destination 0 0 PSCAN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x29 0 0 PSCAN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x37 0 0 PSCAN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00 0 0 PSCAN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x3F 0 0 PSCAN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x01 0 0 PSCAN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x06 0 0 PSCAN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x03/0x03 0 0 PSCAN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp option=64 0 0 PSCAN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp option=128 0 0 DOS all -f * * 0.0.0.0/0 0.0.0.0/0 29 1591 DOS all -- !eth0 * 0.0.0.0/0 0.0.0.0/0 state INVALID 0 0 SMALL udp -- * * 0.0.0.0/0 0.0.0.0/0 length 0:27 0 0 SMALL tcp -- * * 0.0.0.0/0 0.0.0.0/0 length 0:39 0 0 SMALL icmp -- * * 0.0.0.0/0 0.0.0.0/0 length 0:27 10 11016 NEWNOTSYN tcp -- !eth0 * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02 state NEW 0 0 PSCAN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x29 0 0 PSCAN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x37 0 0 PSCAN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00 0 0 PSCAN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x3F 0 0 PSCAN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x01 0 0 PSCAN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x06 0 0 PSCAN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x03/0x03 0 0 PSCAN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp option=64 0 0 PSCAN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp option=128 0 0 DOS all -f * * 0.0.0.0/0 0.0.0.0/0 0 0 DOS all -- !eth0 * 0.0.0.0/0 0.0.0.0/0 state INVALID 0 0 SMALL udp -- * * 0.0.0.0/0 0.0.0.0/0 length 0:27 0 0 SMALL tcp -- * * 0.0.0.0/0 0.0.0.0/0 length 0:39 0 0 SMALL icmp -- * * 0.0.0.0/0 0.0.0.0/0 length 0:27 0 0 NEWNOTSYN tcp -- !eth0 * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02 state NEW Chain DOS (4 references) pkts bytes target prot opt in out source destination 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix `_lfp_ ICMP DoS DENY ' 29 1591 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix `_lfp_ TCP DoS DENY ' 0 0 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix `_lfp_ UDP DoS DENY ' 29 1591 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix `_lfp_ ICMP DoS DENY ' 0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix `_lfp_ TCP DoS DENY ' 0 0 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix `_lfp_ UDP DoS DENY ' 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain General_Rule_0 (9 references) pkts bytes target prot opt in out source destination 5445 703K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain General_Rule_1 (12 references) pkts bytes target prot opt in out source destination 2801 203K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain General_Rule_10 (3 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain General_Rule_12 (6 references) pkts bytes target prot opt in out source destination 2 96 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `_lfp_ Rule 12 -- DENY' 2 96 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain General_Rule_13 (3 references) pkts bytes target prot opt in out source destination 4741 447K DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain General_Rule_2 (12 references) pkts bytes target prot opt in out source destination 27 1356 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain General_Rule_3 (3 references) pkts bytes target prot opt in out source destination 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain General_Rule_4 (12 references) pkts bytes target prot opt in out source destination 2014 196K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain General_Rule_5 (18 references) pkts bytes target prot opt in out source destination 4076 220K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain General_Rule_6 (3 references) pkts bytes target prot opt in out source destination 21 1028 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain General_Rule_7 (24 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain General_Rule_8 (6 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain NEWNOTSYN (2 references) pkts bytes target prot opt in out source destination 10 11016 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix `_lfp_ NEW not SYN DENY ' 10 11016 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix `_lfp_ NEW not SYN DENY ' 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain PSCAN (18 references) pkts bytes target prot opt in out source destination 0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix `_lfp_ TCP Scan DENY ' 0 0 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix `_lfp_ UDP Scan DENY ' 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix `_lfp_ ICMP Scan DENY ' 0 0 LOG all -f * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix `_lfp_ FRAG Scan DENY ' 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix `_lfp_ TCP Scan DENY ' 0 0 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix `_lfp_ UDP Scan DENY ' 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix `_lfp_ ICMP Scan DENY ' 0 0 LOG all -f * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix `_lfp_ FRAG Scan DENY ' 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain SMALL (6 references) pkts bytes target prot opt in out source destination 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix `_lfp_ Too small DENY ' 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix `_lfp_ Too small DENY ' 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain auto-auth (2 references) pkts bytes target prot opt in out source destination Chain console_input_custom_chain (4 references) pkts bytes target prot opt in out source destination 10486 743K ACCEPT all -- * * 81.81.81.81 0.0.0.0/0 0 0 ACCEPT all -- * * 10.0.0.100 0.0.0.0/0 108 5171 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- * * 169.254.1.11 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix `_lfp_DROP' 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain console_output_custom_chain (4 references) pkts bytes target prot opt in out source destination 7935 1260K ACCEPT all -- * * 0.0.0.0/0 81.81.81.81 0 0 ACCEPT all -- * * 0.0.0.0/0 10.0.0.100 1400 129K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- * * 0.0.0.0/0 169.254.1.11 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix `_lfp_DROP' 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain eth0_custom_chain (2 references) pkts bytes target prot opt in out source destination 0 0 LOG all -- eth0 * 127.0.0.0/8 0.0.0.0/0 LOG flags 0 level 4 prefix `_lfp_DROP' 0 0 DROP all -- eth0 * 127.0.0.0/8 0.0.0.0/0 0 0 LOG all -- eth0 * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match src-type BROADCAST LOG flags 0 level 4 prefix `_lfp_DROP' 0 0 DROP all -- eth0 * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match src-type BROADCAST 0 0 LOG all -- eth0 * 0.0.0.0/0 0.0.0.0/0 PKTTYPE = broadcast LOG flags 0 level 4 prefix `_lfp_DROP' 0 0 DROP all -- eth0 * 0.0.0.0/0 0.0.0.0/0 PKTTYPE = broadcast 0 0 RETURN all -- eth0 * 169.254.1.0/24 0.0.0.0/0 Chain eth1_custom_chain (2 references) pkts bytes target prot opt in out source destination 0 0 LOG all -- eth1 * 127.0.0.0/8 0.0.0.0/0 LOG flags 0 level 4 prefix `_lfp_DROP' 0 0 DROP all -- eth1 * 127.0.0.0/8 0.0.0.0/0 0 0 LOG all -- eth1 * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match src-type BROADCAST LOG flags 0 level 4 prefix `_lfp_DROP' 0 0 DROP all -- eth1 * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match src-type BROADCAST 0 0 LOG all -- eth1 * 0.0.0.0/0 0.0.0.0/0 PKTTYPE = broadcast LOG flags 0 level 4 prefix `_lfp_DROP' 0 0 DROP all -- eth1 * 0.0.0.0/0 0.0.0.0/0 PKTTYPE = broadcast 0 0 RETURN all -- eth1 * 192.168.0.0/24 0.0.0.0/0 Chain eth2_custom_chain (2 references) pkts bytes target prot opt in out source destination 0 0 LOG all -- eth2 * 127.0.0.0/8 0.0.0.0/0 LOG flags 0 level 4 prefix `_lfp_DROP' 0 0 DROP all -- eth2 * 127.0.0.0/8 0.0.0.0/0 0 0 LOG all -- eth2 * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match src-type BROADCAST LOG flags 0 level 4 prefix `_lfp_DROP' 0 0 DROP all -- eth2 * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match src-type BROADCAST 0 0 LOG all -- eth2 * 0.0.0.0/0 0.0.0.0/0 PKTTYPE = broadcast LOG flags 0 level 4 prefix `_lfp_DROP' 0 0 DROP all -- eth2 * 0.0.0.0/0 0.0.0.0/0 PKTTYPE = broadcast 324K 47M RETURN all -- eth2 * 10.0.0.0/24 0.0.0.0/0 Chain eth3_custom_chain (2 references) pkts bytes target prot opt in out source destination 0 0 LOG all -- eth3 * 127.0.0.0/8 0.0.0.0/0 LOG flags 0 level 4 prefix `_lfp_DROP' 0 0 DROP all -- eth3 * 127.0.0.0/8 0.0.0.0/0 0 0 LOG all -- eth3 * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match src-type BROADCAST LOG flags 0 level 4 prefix `_lfp_DROP' 0 0 DROP all -- eth3 * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match src-type BROADCAST 0 0 LOG all -- eth3 * 0.0.0.0/0 0.0.0.0/0 PKTTYPE = broadcast LOG flags 0 level 4 prefix `_lfp_DROP' 0 0 DROP all -- eth3 * 0.0.0.0/0 0.0.0.0/0 PKTTYPE = broadcast Chain eth4_custom_chain (2 references) pkts bytes target prot opt in out source destination 0 0 LOG all -- eth4 * 127.0.0.0/8 0.0.0.0/0 LOG flags 0 level 4 prefix `_lfp_DROP' 0 0 DROP all -- eth4 * 127.0.0.0/8 0.0.0.0/0 0 0 LOG all -- eth4 * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match src-type BROADCAST LOG flags 0 level 4 prefix `_lfp_DROP' 0 0 DROP all -- eth4 * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match src-type BROADCAST 0 0 LOG all -- eth4 * 0.0.0.0/0 0.0.0.0/0 PKTTYPE = broadcast LOG flags 0 level 4 prefix `_lfp_DROP' 0 0 DROP all -- eth4 * 0.0.0.0/0 0.0.0.0/0 PKTTYPE = broadcast Chain ppp0_custom_chain (4 references) pkts bytes target prot opt in out source destination 0 0 LOG all -- ppp0 * 127.0.0.0/8 0.0.0.0/0 LOG flags 0 level 4 prefix `_lfp_DROP' 0 0 DROP all -- ppp0 * 127.0.0.0/8 0.0.0.0/0 0 0 LOG all -- ppp0 * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match src-type BROADCAST LOG flags 0 level 4 prefix `_lfp_DROP' 0 0 DROP all -- ppp0 * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match src-type BROADCAST 0 0 LOG all -- ppp0 * 0.0.0.0/0 0.0.0.0/0 PKTTYPE = broadcast LOG flags 0 level 4 prefix `_lfp_DROP' 0 0 DROP all -- ppp0 * 0.0.0.0/0 0.0.0.0/0 PKTTYPE = broadcast 0 0 RETURN all -- ppp0 * 85.85.85.85 0.0.0.0/0 + _________________________ iptables-nat + iptables -t nat -L -v -n Chain PREROUTING (policy ACCEPT 20128 packets, 1956K bytes) pkts bytes target prot opt in out source destination 2922 280K ACCEPT all -- * * 10.0.0.0/24 10.0.0.0/24 141 6768 ACCEPT all -- * * 10.0.0.0/24 192.168.1.0/24 0 0 ACCEPT all -- * * 192.168.1.0/24 10.0.0.0/24 0 0 ACCEPT all -- * * 192.168.1.0/24 192.168.1.0/24 0 0 ACCEPT all -- * * 10.0.0.0/24 10.0.0.0/24 76 3736 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 MARK match 0xf3 to:10.0.0.200 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 MARK match 0xf3 to:10.0.0.200 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 MARK match 0xf3 to:10.0.0.200 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 MARK match 0xf4 to:10.0.0.200 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 MARK match 0xf5 to:10.0.0.111 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 MARK match 0xf6 to:10.0.0.222 Chain POSTROUTING (policy ACCEPT 1996 packets, 128K bytes) pkts bytes target prot opt in out source destination 829 53242 ACCEPT all -- * * 10.0.0.0/24 10.0.0.0/24 3 144 ACCEPT all -- * * 10.0.0.0/24 192.168.1.0/24 0 0 ACCEPT all -- * * 192.168.1.0/24 10.0.0.0/24 0 0 ACCEPT all -- * * 192.168.1.0/24 192.168.1.0/24 0 0 ACCEPT all -- * * 10.0.0.0/24 10.0.0.0/24 0 0 SNAT all -- * eth0 0.0.0.0/0 0.0.0.0/0 MARK match 0xf7 to:85.85.85.85 0 0 SNAT all -- * eth1 0.0.0.0/0 0.0.0.0/0 MARK match 0xf7 to:85.85.85.85 13795 1301K SNAT all -- * ppp0 0.0.0.0/0 0.0.0.0/0 MARK match 0xf7 to:85.85.85.85 0 0 SNAT all -- * eth2 0.0.0.0/0 0.0.0.0/0 MARK match 0xf7 to:85.85.85.85 0 0 SNAT all -- * eth3 0.0.0.0/0 0.0.0.0/0 MARK match 0xf7 to:85.85.85.85 0 0 SNAT all -- * eth4 0.0.0.0/0 0.0.0.0/0 MARK match 0xf7 to:85.85.85.85 0 0 SNAT all -- * ppp0 0.0.0.0/0 0.0.0.0/0 MARK match 0xf7 to:85.85.85.85 Chain OUTPUT (policy ACCEPT 2773 packets, 184K bytes) pkts bytes target prot opt in out source destination + _________________________ iptables-mangle + iptables -t mangle -L -v -n Chain PREROUTING (policy ACCEPT 352K packets, 292M bytes) pkts bytes target prot opt in out source destination 5860 7279K MARK tcp -- * * 0.0.0.0/0 85.85.85.85 tcp dpt:25 MARK set 0xf3 5860 7279K ACCEPT tcp -- * * 0.0.0.0/0 85.85.85.85 tcp dpt:25 50 5566 MARK tcp -- * * 0.0.0.0/0 85.85.85.85 tcp dpt:80 MARK set 0xf3 50 5566 ACCEPT tcp -- * * 0.0.0.0/0 85.85.85.85 tcp dpt:80 5028 1369K MARK tcp -- * * 0.0.0.0/0 85.85.85.85 tcp dpt:1352 MARK set 0xf3 5028 1369K ACCEPT tcp -- * * 0.0.0.0/0 85.85.85.85 tcp dpt:1352 3659 5275K MARK tcp -- * * 0.0.0.0/0 85.85.85.85 tcp dpt:3355 MARK set 0xf4 3659 5275K ACCEPT tcp -- * * 0.0.0.0/0 85.85.85.85 tcp dpt:3355 0 0 MARK tcp -- * * 0.0.0.0/0 85.85.85.85 tcp dpt:3366 MARK set 0xf5 0 0 ACCEPT tcp -- * * 0.0.0.0/0 85.85.85.85 tcp dpt:3366 0 0 MARK tcp -- * * 0.0.0.0/0 85.85.85.85 tcp dpt:3389 MARK set 0xf6 0 0 ACCEPT tcp -- * * 0.0.0.0/0 85.85.85.85 tcp dpt:3389 243K 33M MARK all -- * * 10.0.0.0/24 0.0.0.0/0 MARK set 0xf7 243K 33M ACCEPT all -- * * 10.0.0.0/24 0.0.0.0/0 Chain INPUT (policy ACCEPT 104K packets, 15M bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 506K packets, 325M bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 98245 packets, 14M bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 603K packets, 339M bytes) pkts bytes target prot opt in out source destination + _________________________ /proc/modules + test -f /proc/modules + cat /proc/modules ipcomp 11528 0 - Live 0xdcb6e000 (U) ah4 10368 0 - Live 0xdcb6a000 (U) esp4 12416 0 - Live 0xdcb65000 (U) xfrm4_tunnel 6656 0 - Live 0xdcb2f000 (U) xfrm4_mode_tunnel 6912 0 - Live 0xdcb29000 (U) xfrm4_mode_transport 6272 0 - Live 0xdcb23000 (U) af_key 39568 0 - Live 0xdcb49000 (U) ip_nat_ftp 7424 0 - Live 0xdcb32000 (U) ip_conntrack_ftp 11248 1 ip_nat_ftp, Live 0xdcba6000 (U) deflate 7936 0 - Live 0xdcb35000 (U) zlib_deflate 22040 1 deflate, Live 0xdcbc2000 (U) zlib_inflate 18944 1 deflate, Live 0xdcbbc000 (U) serpent 29440 0 - Live 0xdcbb3000 (U) blowfish 12672 0 - Live 0xdcbd2000 (U) twofish 46080 0 - Live 0xdcbda000 (U) md5 8320 0 - Live 0xdcba2000 (U) sha256 15360 0 - Live 0xdcb9d000 (U) sha512 13184 0 - Live 0xdcb88000 (U) des 21632 0 - Live 0xdcb7d000 (U) aes_generic 31808 0 - Live 0xdcb94000 (U) aes_i586 37120 0 - Live 0xdcb72000 (U) xfrm4_esp 9728 1 esp4, Live 0xdcb61000 (U) aead 11904 1 esp4, Live 0xdcb84000 (U) crypto_algapi 21376 1 aead, Live 0xdcb5a000 (U) xfrm_nalgo 13828 3 ah4,esp4,xfrm4_esp, Live 0xdcb8f000 (U) crypto_api 12160 5 ah4,esp4,aead,crypto_algapi,xfrm_nalgo, Live 0xdcb41000 (U) tunnel4 7428 1 xfrm4_tunnel, Live 0xdcb2c000 (U) iptable_mangle 6912 1 - Live 0xdcb26000 (U) xt_state 6400 138 - Live 0xdcb1d000 (U) iptable_nat 11524 1 - Live 0xdc986000 (U) ip_nat 26412 2 ip_nat_ftp,iptable_nat, Live 0xdc97e000 (U) ipt_layer7 14980 0 - Live 0xdc979000 (U) ip_conntrack 50912 6 ip_nat_ftp,ip_conntrack_ftp,xt_state,iptable_nat,ip_nat,ipt_layer7, Live 0xdc96b000 (U) iptable_filter 7168 1 - Live 0xdc8c1000 (U) ip_tables 17092 3 iptable_mangle,iptable_nat,iptable_filter, Live 0xdc939000 (U) xt_pkttype 6144 12 - Live 0xdcb46000 (U) ipt_addrtype 6016 12 - Live 0xdcb3e000 (U) xt_length 6144 6 - Live 0xdcb38000 (U) xt_mark 6144 13 - Live 0xdcb20000 (U) xt_tcpudp 7296 107 - Live 0xdcb1a000 (U) xt_MARK 6528 7 - Live 0xdcb3b000 (U) nfnetlink 10776 4 ip_nat,ip_conntrack, Live 0xdc960000 (U) ipt_LOG 10112 42 - Live 0xdc95c000 (U) ppp_synctty 13824 0 - Live 0xdc951000 (U) ppp_async 15360 1 - Live 0xdc94c000 (U) crc_ccitt 6400 1 ppp_async, Live 0xdc922000 (U) ppp_generic 30228 6 ppp_synctty,ppp_async, Live 0xdc943000 (U) slhc 10624 1 ppp_generic, Live 0xdc93f000 (U) x_tables 17540 11 xt_state,iptable_nat,ipt_layer7,ip_tables,xt_pkttype,ipt_addrtype,xt_length,xt_mark,xt_tcpudp,xt_MARK,ipt_LOG, Live 0xdc965000 (U) dm_mirror 29316 0 - Live 0xdc98a000 (U) dm_multipath 22024 0 - Live 0xdc91b000 (U) dm_mod 59032 2 dm_mirror,dm_multipath, Live 0xdc90b000 (U) video 21384 0 - Live 0xdc904000 (U) backlight 10112 1 video, Live 0xdc92e000 (U) button 10768 0 - Live 0xdc925000 (U) battery 13700 0 - Live 0xdc929000 (U) asus_acpi 19480 0 - Live 0xdc933000 (U) ac 9220 0 - Live 0xdc8db000 (U) sg 36252 0 - Live 0xdc8cc000 (U) via_rhine 27276 0 - Live 0xdc8b9000 (U) pata_via 16004 0 - Live 0xdc8b4000 (U) mii 9472 1 via_rhine, Live 0xdc8d7000 (U) serio_raw 10884 0 - Live 0xdc85e000 (U) sata_via 15236 5 - Live 0xdc851000 (U) pata_acpi 11264 0 - Live 0xdc85a000 (U) ata_generic 11396 0 - Live 0xdc856000 (U) libata 143676 4 pata_via,sata_via,pata_acpi,ata_generic, Live 0xdc8df000 (U) sd_mod 24832 6 - Live 0xdc82b000 (U) scsi_mod 134540 3 sg,libata,sd_mod, Live 0xdc873000 (U) ext3 115592 4 - Live 0xdc896000 (U) jbd 56488 1 ext3, Live 0xdc864000 (U) uhci_hcd 25356 0 - Live 0xdc812000 (U) ohci_hcd 23196 0 - Live 0xdc824000 (U) ehci_hcd 33292 0 - Live 0xdc81a000 (U) usbcore 116484 4 uhci_hcd,ohci_hcd,ehci_hcd, Live 0xdc833000 (U) + _________________________ /proc/meminfo + cat /proc/meminfo MemTotal: 450000 kB MemFree: 35568 kB Buffers: 11052 kB Cached: 97948 kB SwapCached: 52404 kB Active: 359040 kB Inactive: 29264 kB HighTotal: 0 kB HighFree: 0 kB LowTotal: 450000 kB LowFree: 35568 kB SwapTotal: 3068372 kB SwapFree: 2865944 kB Dirty: 1120 kB Writeback: 0 kB AnonPages: 257368 kB Mapped: 36076 kB Slab: 15856 kB PageTables: 5440 kB NFS_Unstable: 0 kB Bounce: 0 kB CommitLimit: 3293372 kB Committed_AS: 1206240 kB VmallocTotal: 573432 kB VmallocUsed: 3940 kB VmallocChunk: 569224 kB HugePages_Total: 0 HugePages_Free: 0 HugePages_Rsvd: 0 Hugepagesize: 4096 kB + _________________________ /proc/net/ipsec-ls + test -f /proc/net/ipsec_version + _________________________ usr/src/linux/.config + test -f /proc/config.gz ++ uname -r + test -f /lib/modules/2.6.18-lbr5.std.3/build/.config + echo 'no .config file found, cannot list kernel properties' no .config file found, cannot list kernel properties + _________________________ etc/resolv.conf + cat /etc/resolv.conf # Created by Labris Management Console on 05/11/108 11:37:18 # WARNING: Comments on this file will be lost on next update nameserver 192.168.2.1 nameserver 195.175.39.39 + _________________________ lib/modules-ls + ls -ltr /lib/modules total 4 drwxr-xr-x 3 root root 4096 Dec 2 09:31 2.6.18-lbr5.std.3 + _________________________ /proc/ksyms-netif_rx + test -r /proc/ksyms + test -r /proc/kallsyms + egrep netif_rx /proc/kallsyms c05493b9 T __netif_rx_schedule c054a0a8 T netif_rx c054b300 T netif_rx_ni c054a0a8 U netif_rx [xfrm4_esp] c054a0a8 U netif_rx [ppp_generic] c05493b9 U __netif_rx_schedule [via_rhine] + _________________________ lib/modules-netif_rx + modulegoo kernel/net/ipv4/ipip.o netif_rx + set +x 2.6.18-lbr5.std.3: + _________________________ kern.debug + test -f /var/log/kern.debug + _________________________ klog + sed -n '1,$p' /dev/null + egrep -i 'ipsec|klips|pluto' + case "$1" in + cat + _________________________ plog + sed -n '1,$p' /dev/null + egrep -i pluto + case "$1" in + cat + _________________________ date + date Sat Dec 6 14:48:26 EET 2008