[Openswan Users] OpenS/WAN <-> freeS/WAN failure - routing problem?

Itai Tavor itai at iinet.net.au
Thu Nov 11 21:19:48 CET 2004


Hi,

I used to run a tunnel between my home ADSL gateway (right) to an  
office gateway (left). Both machines ran FC1 and FreeS/WAN 2.0.4. Then  
I upgraded the home gateway to FC2, kernel 2.6.10-rc1 and OpenS/WAN  
2.2.0, and now nothing works. The tunnel comes up fine but no  
connections are possible in either direction. To my inexperienced eyes  
it looks like a routing problem... if I do "right# route add -net  
10.0.2.0 netmask 255.255.255.0 gw 10.0.1.1" I can ping left from right,  
but not much else, and I can't get from left to right no matter what I  
do. Can anyone please have a look and tell me what I'm doing wrong?  
Both barfs attached, right first.

TIA, Itai



amber
Thu Nov 11 21:12:44 EST 2004
+ _________________________ version
+ ipsec --version
Linux Openswan U2.2.0/K2.6.10-rc1 (native)
See `ipsec --copyright' for copyright information.
+ _________________________ proc/version
+ cat /proc/version
Linux version 2.6.10-rc1 (root at amber) (gcc version 3.3.3 20040412 (Red  
Hat Linux 3.3.3-7)) #7 Wed Nov 3 18:52:07 EST 2004
+ _________________________ proc/net/ipsec_eroute
+ test -r /proc/net/ipsec_eroute
+ _________________________ netstat-rn
+ netstat -nr
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window   
irtt Iface
203.55.229.88   0.0.0.0         255.255.255.255 UH        0 0           
0 ppp0
10.0.1.0        0.0.0.0         255.255.255.0   U         0 0           
0 br0
10.0.2.0        210.229.239.65  255.255.255.0   UG        0 0           
0 ppp0
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0           
0 br0
127.0.0.0       0.0.0.0         255.0.0.0       U         0 0           
0 lo
0.0.0.0         0.0.0.0         0.0.0.0         U         0 0           
0 ppp0
+ _________________________ proc/net/ipsec_spi
+ test -r proc/net/ipsec_spi
+ _________________________ proc/net/ipsec_spigrp
+ test -r /proc/net/ipsec_spigrp
+ _________________________ proc/net/ipsec_tncfg
+ test -r /proc/net/ipsec_tncfg
+ _________________________ proc/net/pfkey
+ test -r /proc/net/pfkey
+ cat /proc/net/pfkey
sk       RefCnt Rmem   Wmem   User   Inode
+ _________________________ setkey-D
+ setkey -D
210.229.239.65 203.217.34.219
         esp mode=tunnel spi=17853040(0x01106a70) reqid=16385(0x00004001)
         E: 3des-cbc  2245a365 a99b540c e0b9f21f 079a03ef 7d393ca4  
d9403179
         A: hmac-md5  fd8d914f 9973186a e4c0ae9e 6fe36980
         seq=0x00000000 replay=64 flags=0x00000000 state=mature
         created: Nov 11 21:12:30 2004   current: Nov 11 21:12:44 2004
         diff: 14(s)     hard: 0(s)      soft: 0(s)
         last:                           hard: 0(s)      soft: 0(s)
         current: 0(bytes)       hard: 0(bytes)  soft: 0(bytes)
         allocated: 0    hard: 0 soft: 0
         sadb_seq=1 pid=3736 refcnt=0
203.217.34.219 210.229.239.65
         esp mode=tunnel spi=2776556976(0xa57ee5b0)  
reqid=16385(0x00004001)
         E: 3des-cbc  ecb074f5 bea799bc c74258b7 7b8f660b a402a5dd  
c23f3de3
         A: hmac-md5  3b64b07c 51e11567 1454dec4 1e379262
         seq=0x00000000 replay=64 flags=0x00000000 state=mature
         created: Nov 11 21:12:30 2004   current: Nov 11 21:12:44 2004
         diff: 14(s)     hard: 0(s)      soft: 0(s)
         last:                           hard: 0(s)      soft: 0(s)
         current: 0(bytes)       hard: 0(bytes)  soft: 0(bytes)
         allocated: 0    hard: 0 soft: 0
         sadb_seq=0 pid=3736 refcnt=0
+ _________________________ setkey-D-P
+ setkey -D -P
10.0.2.0/24[any] 10.0.1.0/24[any] any
         in ipsec
         esp/tunnel/210.229.239.65-203.217.34.219/unique#16385
         created: Nov 11 21:12:30 2004  lastused:
         lifetime: 0(s) validtime: 0(s)
         spid=136 seq=8 pid=3737
         refcnt=1
10.0.1.0/24[any] 10.0.2.0/24[any] any
         out ipsec
         esp/tunnel/203.217.34.219-210.229.239.65/unique#16385
         created: Nov 11 21:12:30 2004  lastused:
         lifetime: 0(s) validtime: 0(s)
         spid=153 seq=7 pid=3737
         refcnt=1
10.0.2.0/24[any] 10.0.1.0/24[any] any
         fwd ipsec
         esp/tunnel/210.229.239.65-203.217.34.219/unique#16385
         created: Nov 11 21:12:30 2004  lastused:
         lifetime: 0(s) validtime: 0(s)
         spid=146 seq=6 pid=3737
         refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
         in none
         created: Nov 11 21:12:06 2004  lastused:
         lifetime: 0(s) validtime: 0(s)
         spid=123 seq=5 pid=3737
         refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
         in none
         created: Nov 11 21:12:06 2004  lastused:
         lifetime: 0(s) validtime: 0(s)
         spid=107 seq=4 pid=3737
         refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
         in none
         created: Nov 11 21:12:06 2004  lastused: Nov 11 21:12:30 2004
         lifetime: 0(s) validtime: 0(s)
         spid=91 seq=3 pid=3737
         refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
         out none
         created: Nov 11 21:12:06 2004  lastused:
         lifetime: 0(s) validtime: 0(s)
         spid=132 seq=2 pid=3737
         refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
         out none
         created: Nov 11 21:12:06 2004  lastused:
         lifetime: 0(s) validtime: 0(s)
         spid=116 seq=1 pid=3737
         refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
         out none
         created: Nov 11 21:12:06 2004  lastused: Nov 11 21:12:30 2004
         lifetime: 0(s) validtime: 0(s)
         spid=100 seq=0 pid=3737
         refcnt=1
+ _________________________ proc/sys/net/ipsec-star
+ test -d /proc/sys/net/ipsec
+ _________________________ ipsec/status
+ ipsec auto --status
000 interface lo/lo 127.0.0.1
000 interface br0/br0 10.0.1.1
000 interface ppp0/ppp0 203.217.34.219
000 %myid = (none)
000 debug none
000
000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64,  
keysizemax=64
000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8,  
keysizemin=192, keysizemax=192
000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8,  
keysizemin=40, keysizemax=448
000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0,  
keysizemax=0
000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8,  
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=8,  
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8,  
keysizemin=128, keysizemax=256
000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5,  
keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1,  
keysizemin=160, keysizemax=160
000 algorithm ESP auth attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256,  
keysizemin=256, keysizemax=256
000 algorithm ESP auth attr: id=251, name=(null), keysizemin=0,  
keysizemax=0
000
000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16,  
keydeflen=128
000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8,  
keydeflen=192
000 algorithm IKE hash: id=2, name=OAKLEY_SHA, hashsize=20
000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
000
000 stats db_ops.c: {curr_cnt, total_cnt, maxsz} :context={0,4,36}  
trans={0,4,336} attrs={0,4,224}
000
000 "Tir-Na-Nogth-IM":  
10.0.1.0/24===203.217.34.219[@amber.tir-na-nogth.net]...154.33.4.102-- 
-210.229.239.65[@edo.insentiv.co.jp]===10.0.2.0/24; erouted; eroute  
owner: #2
000 "Tir-Na-Nogth-IM":   ike_life: 3600s; ipsec_life: 28800s;  
rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3
000 "Tir-Na-Nogth-IM":   policy: RSASIG+ENCRYPT+TUNNEL+PFS+UP; prio:  
24,24; interface: ppp0;
000 "Tir-Na-Nogth-IM":   newest ISAKMP SA: #1; newest IPsec SA: #2;
000 "Tir-Na-Nogth-IM":   IKE algorithms wanted: 5_000-1-5, 5_000-1-2,  
5_000-2-5, 5_000-2-2, flags=-strict
000 "Tir-Na-Nogth-IM":   IKE algorithms found:  5_192-1_128-5,  
5_192-1_128-2, 5_192-2_160-5, 5_192-2_160-2,
000 "Tir-Na-Nogth-IM":   IKE algorithm newest: 3DES_CBC_192-MD5-MODP1536
000 "Tir-Na-Nogth-IM":   ESP algorithms wanted: 3_000-1, 3_000-2,  
flags=-strict
000 "Tir-Na-Nogth-IM":   ESP algorithms loaded: 3_000-1, 3_000-2,  
flags=-strict
000 "Tir-Na-Nogth-IM":   ESP algorithm newest: 3DES_0-HMAC_MD5;  
pfsgroup=<Phase1>
000
000 #2: "Tir-Na-Nogth-IM" STATE_QUICK_I2 (sent QI2, IPsec SA  
established); EVENT_SA_REPLACE in 27832s; newest IPSEC; eroute owner
000 #2: "Tir-Na-Nogth-IM" esp.a57ee5b0 at 210.229.239.65  
esp.1106a70 at 203.217.34.219 tun.0 at 210.229.239.65 tun.0 at 203.217.34.219
000 #1: "Tir-Na-Nogth-IM" STATE_MAIN_I4 (ISAKMP SA established);  
EVENT_SA_REPLACE in 2624s; newest ISAKMP
000
+ _________________________ ifconfig-a
+ ifconfig -a
br0       Link encap:Ethernet  HWaddr 00:0E:A6:A1:3B:A3
           inet addr:10.0.1.1  Bcast:10.0.1.255  Mask:255.255.255.0
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:20284788 errors:0 dropped:0 overruns:0 frame:0
           TX packets:38970143 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:3140422675 (2994.9 Mb)  TX bytes:1388786295 (1324.4  
Mb)

eth0      Link encap:Ethernet  HWaddr 00:0E:A6:A1:3B:A3
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:20405909 errors:0 dropped:63 overruns:0 frame:0
           TX packets:38410804 errors:170 dropped:0 overruns:0  
carrier:169
           collisions:6609649 txqueuelen:1000
           RX bytes:3467946702 (3307.2 Mb)  TX bytes:1350246623 (1287.6  
Mb)
           Interrupt:9 Base address:0xe000

eth1      Link encap:Ethernet  HWaddr 00:02:44:47:8C:09
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:15334449 errors:8 dropped:0 overruns:0 frame:0
           TX packets:13354204 errors:0 dropped:0 overruns:0 carrier:0
           collisions:43396 txqueuelen:1000
           RX bytes:1754140827 (1672.8 Mb)  TX bytes:2681495127 (2557.2  
Mb)
           Interrupt:11 Base address:0xd800

lo        Link encap:Local Loopback
           inet addr:127.0.0.1  Mask:255.0.0.0
           UP LOOPBACK RUNNING  MTU:16436  Metric:1
           RX packets:15096 errors:0 dropped:0 overruns:0 frame:0
           TX packets:15096 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:1946922 (1.8 Mb)  TX bytes:1946922 (1.8 Mb)

ppp0      Link encap:Point-to-Point Protocol
           inet addr:203.217.34.219  P-t-P:203.55.229.88   
Mask:255.255.255.255
           UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1492  Metric:1
           RX packets:226399 errors:0 dropped:0 overruns:0 frame:0
           TX packets:196868 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:3
           RX bytes:74572984 (71.1 Mb)  TX bytes:36763748 (35.0 Mb)

+ _________________________ ipsec_verify
+ ipsec verify --nocolour
Checking your system to see if IPsec got installed and started  
correctly:
Version check and ipsec on-path                                          
[OK]
Linux Openswan U2.2.0/K2.6.10-rc1 (native)
Checking for IPsec support in kernel                                     
[OK]
Checking for RSA private key (/etc/ipsec.secrets)                        
[OK]
Checking that pluto is running                                           
[OK]
Two or more interfaces found, checking IP forwarding                     
[OK]
Checking NAT and MASQUERADEing
Checking for 'ip' command                                                
[OK]
Checking for 'iptables' command                                          
[OK]
Checking for 'setkey' command for native IPsec stack support             
[OK]

Opportunistic Encryption DNS checks:
    Looking for TXT in forward dns zone: amber                            
[MISSING]
    Does the machine have at least one non-private address?               
[OK]
    Looking for TXT in reverse dns zone: 219.34.217.203.in-addr.arpa.     
[MISSING]
+ _________________________ mii-tool
+ '[' -x /sbin/mii-tool ']'
+ /sbin/mii-tool -v
eth0: negotiated 100baseTx-HD, link ok
   product info: vendor 00:00:20, model 32 rev 1
   basic mode:   autonegotiation enabled
   basic status: autonegotiation complete, link ok
   capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
   advertising:  100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
   link partner: 100baseTx-HD 10baseT-HD
eth1: autonegotiation failed, link ok
   product info: vendor 00:00:00, model 0 rev 0
   basic mode:   autonegotiation enabled
   basic status: autonegotiation complete, link ok
   capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
   advertising:  100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
+ _________________________ ipsec/directory
+ ipsec --directory
/usr/lib/ipsec
+ _________________________ hostname/fqdn
+ hostname --fqdn
amber.tir-na-nogth.net
+ _________________________ hostname/ipaddress
+ hostname --ip-address
10.0.1.1
+ _________________________ uptime
+ uptime
  21:12:46 up 4 days,  3:36,  1 user,  load average: 1.61, 1.50, 2.18
+ _________________________ ps
+ ps alxwf
+ egrep -i 'ppid|pluto|ipsec|klips'
F   UID   PID  PPID PRI  NI   VSZ  RSS WCHAN  STAT TTY        TIME  
COMMAND
4     0  3717  3197  17   0  4084  960 wait   S    pts/2      0:00       
     \_ /bin/sh /usr/libexec/ipsec/barf
4     0  3805  3717  17   0  1508  396 pipe_w S    pts/2      0:00       
         \_ egrep -i ppid|pluto|ipsec|klips
5     0  3572     1  20   0  2056 1032 wait   S    pts/2      0:00  
/bin/sh /usr/lib/ipsec/_plutorun --debug none --uniqueids yes  
--nocrsend  --strictcrlpolicy  --nat_traversal  --keep_alive   
--force_keepalive  --disable_port_floating  --virtual_private   
--crlcheckinterval 0 --ocspuri  --dump  --opts  --stderrlog  --wait no  
--pre  --post  --log daemon.error --pid /var/run/pluto.pid
5     0  3573  3572  20   0  2056 1044 wait   S    pts/2      0:00  \_  
/bin/sh /usr/lib/ipsec/_plutorun --debug none --uniqueids yes  
--nocrsend  --strictcrlpolicy  --nat_traversal  --keep_alive   
--force_keepalive  --disable_port_floating  --virtual_private   
--crlcheckinterval 0 --ocspuri  --dump  --opts  --stderrlog  --wait no  
--pre  --post  --log daemon.error --pid /var/run/pluto.pid
4     0  3574  3573  15   0  2308 1040 -      S    pts/2      0:00  |    
\_ /usr/libexec/ipsec/pluto --nofork --secretsfile /etc/ipsec.secrets  
--ipsecdir /etc/ipsec.d --debug-none --uniqueids
4     0  3609  3574  21   0  1320  192 -      S    pts/2      0:00  |    
     \_ _pluto_adns
4     0  3575  3572  16   0  2056 1020 pipe_w S    pts/2      0:00  \_  
/bin/sh /usr/lib/ipsec/_plutoload --wait no --post
4     0  3576     1  20   0  1380  288 pipe_w S    pts/2      0:00  
logger -s -p daemon.error -t ipsec__plutorun
+ _________________________ ipsec/showdefaults
+ ipsec showdefaults
routephys=ppp0
routevirt=ipsec0
routeaddr=203.217.34.219
+ _________________________ ipsec/conf
+ ipsec _include /etc/ipsec.conf
+ ipsec _keycensor

#< /etc/ipsec.conf 1
# /etc/ipsec.conf - OpenS/WAN IPsec configuration file

#
# amber.tir-na-nogth.net
#

version 2.0     # conforms to second version of ipsec.conf specification

config setup
         interfaces=%defaultroute
         klipsdebug=none
         plutodebug=none
         #forwardcontrol=yes
         uniqueids=yes

conn %default
         keyingtries=3

#
# Tir-Na-Nog'th to Insentiv Media tunnel
#
# Left: IM  Right: Tir-Na-Nog'th
#
conn Tir-Na-Nogth-IM
         right=%defaultroute
         rightsubnet=10.0.1.0/24
         #rightupdown=/usr/lib/ipsec/_updown_imgfx
         #
         left=210.229.239.65
         leftsubnet=10.0.2.0/24
         leftnexthop=154.33.4.102
         #
         auto=add
         authby=rsasig
         rightid=@amber.tir-na-nogth.net
         leftid=@edo.insentiv.co.jp
         rightrsasigkey=[keyid AQN54+9zf]
         leftrsasigkey=[keyid AQOrd0max]

#
#Disable Opportunistic Encryption
#

#< /etc/ipsec.d/no_oe.conf 1
# 'include' this file to disable Opportunistic Encryption.
# See /usr/share/doc/freeswan/policygroups.html for details.
#
# RCSID $Id: no_oe.conf.in,v 1.1 2004/01/20 19:24:23 sam Exp $
conn block
     auto=ignore

conn private
     auto=ignore

conn private-or-clear
     auto=ignore

conn clear-or-private
     auto=ignore

conn clear
     auto=ignore

conn packetdefault
     auto=ignore

#> /etc/ipsec.conf 44
+ _________________________ ipsec/secrets
+ ipsec _include /etc/ipsec.secrets
+ ipsec _secretcensor

#< /etc/ipsec.secrets 1
: RSA   {
         # RSA 2192 bits   amber.tir-na-nogth.net   Fri Sep 24 10:51:07  
2004
         # for signatures only, UNSAFE FOR ENCRYPTION
         #pubkey=[keyid AQN/IxlHw]
         Modulus: [...]
         PublicExponent: [...]
         # everything after this point is secret
         PrivateExponent: [...]
         Prime1: [...]
         Prime2: [...]
         Exponent1: [...]
         Exponent2: [...]
         Coefficient: [...]
         }
# do not change the indenting of that "[sums to 7d9d...]"
+ _________________________ ipsec/listall
+ ipsec auto --listall
000
000 List of Public Keys:
000
000 Nov 11 21:12:06 2004, 2192 RSA Key AQN54+9zf, until --- -- --:--:--  
---- ok (expires never)
000        ID_FQDN '@amber.tir-na-nogth.net'
000 Nov 11 21:12:06 2004, 2192 RSA Key AQOrd0max, until --- -- --:--:--  
---- ok (expires never)
000        ID_FQDN '@edo.insentiv.co.jp'
+ '[' /etc/ipsec.d/policies ']'
++ basename /etc/ipsec.d/policies/block
+ base=block
+ _________________________ ipsec/policies/block
+ cat /etc/ipsec.d/policies/block
# This file defines the set of CIDRs (network/mask-length) to which
# communication should never be allowed.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: block.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#

++ basename /etc/ipsec.d/policies/clear
+ base=clear
+ _________________________ ipsec/policies/clear
+ cat /etc/ipsec.d/policies/clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be in the clear.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: clear.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
++ basename /etc/ipsec.d/policies/clear-or-private
+ base=clear-or-private
+ _________________________ ipsec/policies/clear-or-private
+ cat /etc/ipsec.d/policies/clear-or-private
# This file defines the set of CIDRs (network/mask-length) to which
# we will communicate in the clear, or, if the other side initiates  
IPSEC,
# using encryption.  This behaviour is also called "Opportunistic  
Responder".
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: clear-or-private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
++ basename /etc/ipsec.d/policies/private
+ base=private
+ _________________________ ipsec/policies/private
+ cat /etc/ipsec.d/policies/private
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be private (i.e. encrypted).
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
++ basename /etc/ipsec.d/policies/private-or-clear
+ base=private-or-clear
+ _________________________ ipsec/policies/private-or-clear
+ cat /etc/ipsec.d/policies/private-or-clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should be private, if possible, but in the clear  
otherwise.
#
# If the target has a TXT (later IPSECKEY) record that specifies
# authentication material, we will require private (i.e. encrypted)
# communications.  If no such record is found, communications will be
# in the clear.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: private-or-clear.in,v 1.5 2003/02/17 02:22:15 mcr Exp $
#

0.0.0.0/0
+ _________________________ ipsec/ls-libdir
+ ls -l /usr/lib/ipsec
total 140
-rwxr-xr-x  1 root root 15403 Sep 17 01:40 _confread
-rwxr-xr-x  1 root root 47492 Sep 17 01:40 _copyright
-rwxr-xr-x  1 root root  2379 Sep 17 01:40 _include
-rwxr-xr-x  1 root root  1475 Sep 17 01:40 _keycensor
-rwxr-xr-x  1 root root  3586 Sep 17 01:40 _plutoload
-rwxr-xr-x  1 root root  7167 Sep 17 01:40 _plutorun
-rwxr-xr-x  1 root root 10493 Sep 17 01:40 _realsetup
-rwxr-xr-x  1 root root  1975 Sep 17 01:40 _secretcensor
-rwxr-xr-x  1 root root  9016 Sep 17 01:40 _startklips
-rwxr-xr-x  1 root root 12313 Sep 17 01:40 _updown
-rwxr-xr-x  1 root root  7572 Sep 17 01:40 _updown_x509
-rwxr-xr-x  1 root root  1942 Sep 17 01:40 ipsec_pr.template
+ _________________________ ipsec/ls-execdir
+ ls -l /usr/libexec/ipsec
total 5096
-rwxr-xr-x  1 root root   70814 Sep 17 01:40 _pluto_adns
-rwxr-xr-x  1 root root   19220 Sep 17 01:40 auto
-rwxr-xr-x  1 root root   10248 Sep 17 01:40 barf
-rwxr-xr-x  1 root root     816 Sep 17 01:40 calcgoo
-rwxr-xr-x  1 root root  311083 Sep 17 01:40 eroute
-rwxr-xr-x  1 root root  182519 Sep 17 01:40 klipsdebug
-rwxr-xr-x  1 root root    2461 Sep 17 01:40 look
-rwxr-xr-x  1 root root    7124 Sep 17 01:40 mailkey
-rwxr-xr-x  1 root root   16188 Sep 17 01:40 manual
-rwxr-xr-x  1 root root    1874 Sep 17 01:40 newhostkey
-rwxr-xr-x  1 root root  164746 Sep 17 01:40 pf_key
-rwxr-xr-x  1 root root 2656271 Sep 17 01:40 pluto
-rwxr-xr-x  1 root root   55200 Sep 17 01:40 ranbits
-rwxr-xr-x  1 root root   81674 Sep 17 01:40 rsasigkey
-rwxr-xr-x  1 root root     766 Sep 17 01:40 secrets
-rwxr-xr-x  1 root root   17578 Sep 17 01:40 send-pr
lrwxr-xr-x  1 root root      22 Oct 29 09:29 setup ->  
/etc/rc.d/init.d/ipsec
-rwxr-xr-x  1 root root    1048 Sep 17 01:40 showdefaults
-rwxr-xr-x  1 root root    4364 Sep 17 01:40 showhostkey
-rwxr-xr-x  1 root root  498713 Sep 17 01:40 spi
-rwxr-xr-x  1 root root  250823 Sep 17 01:40 spigrp
-rwxr-xr-x  1 root root  475538 Sep 17 01:40 starter
-rwxr-xr-x  1 root root   50198 Sep 17 01:40 tncfg
-rwxr-xr-x  1 root root   10195 Sep 17 01:40 verify
-rwxr-xr-x  1 root root  228071 Sep 17 01:40 whack
+ _________________________ ipsec/updowns
++ ls /usr/libexec/ipsec
++ egrep updown
+ _________________________ proc/net/dev
+ cat /proc/net/dev
Inter-|   Receive                                                |   
Transmit
  face |bytes    packets errs drop fifo frame compressed multicast|bytes  
    packets errs drop fifo colls carrier compressed
     lo: 1946922   15096    0    0    0     0          0         0   
1946922   15096    0    0    0     0       0          0
   eth0:3467961735 20406006    0   63    0     0          0         0  
1350308777 38410921  170    0    0 6609649     169          0
    br0:3140436124 20284885    0    0    0     0          0         0  
1388848732 38970263    0    0    0     0       0          0
   eth1:1754164667 15334537    8    0    0     0          0         0  
2681509755 13354288    0    0    0 43396       0          0
   ppp0:74594888  226487    0    0    0     0          0         0  
36776498  196952    0    0    0     0       0          0
+ _________________________ proc/net/route
+ cat /proc/net/route
Iface   Destination     Gateway         Flags   RefCnt  Use     Metric   
Mask   MTU      Window  IRTT
ppp0    58E537CB        00000000        0005    0       0       0        
FFFFFFFF0       0       0
br0     0001000A        00000000        0001    0       0       0        
00FFFFFF0       0       0
ppp0    0002000A        41EFE5D2        0003    0       0       0        
00FFFFFF0       0       0
br0     0000FEA9        00000000        0001    0       0       0        
0000FFFF0       0       0
lo      0000007F        00000000        0001    0       0       0        
000000FF0       0       0
ppp0    00000000        00000000        0001    0       0       0        
000000000       0       0
+ _________________________ proc/sys/net/ipv4/ip_forward
+ cat /proc/sys/net/ipv4/ip_forward
1
+ _________________________ proc/sys/net/ipv4/conf/star-rp_filter
+ cd /proc/sys/net/ipv4/conf
+ egrep '^' all/rp_filter br0/rp_filter default/rp_filter lo/rp_filter  
ppp0/rp_filter
all/rp_filter:0
br0/rp_filter:1
default/rp_filter:1
lo/rp_filter:1
ppp0/rp_filter:1
+ _________________________ uname-a
+ uname -a
Linux amber 2.6.10-rc1 #7 Wed Nov 3 18:52:07 EST 2004 i686 athlon i386  
GNU/Linux
+ _________________________ config-built-with
+ test -r /proc/config_built_with
+ _________________________ redhat-release
+ test -r /etc/redhat-release
+ cat /etc/redhat-release
Fedora Core release 2 (Tettnang)
+ _________________________ proc/net/ipsec_version
+ test -r /proc/net/ipsec_version
+ test -r /proc/net/pfkey
++ uname -r
+ echo 'native PFKEY (2.6.10-rc1) support detected '
native PFKEY (2.6.10-rc1) support detected
+ _________________________ ipfwadm
+ test -r /sbin/ipfwadm
+ 'no old-style linux 1.x/2.0 ipfwadm firewall support'
/usr/libexec/ipsec/barf: line 288: no old-style linux 1.x/2.0 ipfwadm  
firewall support: No such file or directory
+ _________________________ ipchains
+ test -r /sbin/ipchains
+ echo 'no old-style linux 2.0 ipchains firewall support'
no old-style linux 2.0 ipchains firewall support
+ _________________________ iptables
+ test -r /sbin/iptables
+ iptables -L -v -n
Chain INPUT (policy DROP 24 packets, 1456 bytes)
  pkts bytes target     prot opt in     out     source                
destination
15088 1946K ACCEPT     all  --  lo     *       0.0.0.0/0             
0.0.0.0/0
37358 2107K DROP      !icmp --  *      *       0.0.0.0/0             
0.0.0.0/0           state INVALID
97510   40M ppp0_in    all  --  ppp0   *       0.0.0.0/0             
0.0.0.0/0
6813K  757M br0_in     all  --  br0    *       0.0.0.0/0             
0.0.0.0/0
     0     0 ipsec0_in  all  --  ipsec0 *       0.0.0.0/0             
0.0.0.0/0
     0     0 common     all  --  *      *       0.0.0.0/0             
0.0.0.0/0
     0     0 ULOG       all  --  *      *       0.0.0.0/0             
0.0.0.0/0           ULOG copy_range 0 nlgroup 1 prefix  
`Shorewall:INPUT:REJECT:' queue_threshold 1
     0     0 reject     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain FORWARD (policy DROP 1 packets, 48 bytes)
  pkts bytes target     prot opt in     out     source                
destination
49406 2156K DROP      !icmp --  *      *       0.0.0.0/0             
0.0.0.0/0           state INVALID
2773K  136M TCPMSS     tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp flags:0x06/0x02 TCPMSS clamp to PMTU
   15M 5666M ppp0_fwd   all  --  ppp0   *       0.0.0.0/0             
0.0.0.0/0
   13M 2374M br0_fwd    all  --  br0    *       0.0.0.0/0             
0.0.0.0/0
     0     0 ipsec0_fwd  all  --  ipsec0 *       0.0.0.0/0             
0.0.0.0/0
     0     0 common     all  --  *      *       0.0.0.0/0             
0.0.0.0/0
     0     0 ULOG       all  --  *      *       0.0.0.0/0             
0.0.0.0/0           ULOG copy_range 0 nlgroup 1 prefix  
`Shorewall:FORWARD:REJECT:' queue_threshold 1
     0     0 reject     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
  pkts bytes target     prot opt in     out     source                
destination
15088 1946K ACCEPT     all  --  *      lo      0.0.0.0/0             
0.0.0.0/0
    80  4160 DROP      !icmp --  *      *       0.0.0.0/0             
0.0.0.0/0           state INVALID
     0     0 ACCEPT     udp  --  *      ppp0    0.0.0.0/0             
0.0.0.0/0           udp dpts:67:68
  104K   11M fw2net     all  --  *      ppp0    0.0.0.0/0             
0.0.0.0/0
   24M   34G fw2loc     all  --  *      br0     0.0.0.0/0             
0.0.0.0/0
     0     0 fw2imvpn   all  --  *      ipsec0  0.0.0.0/0             
0.0.0.0/0
     0     0 common     all  --  *      *       0.0.0.0/0             
0.0.0.0/0
     0     0 ULOG       all  --  *      *       0.0.0.0/0             
0.0.0.0/0           ULOG copy_range 0 nlgroup 1 prefix  
`Shorewall:OUTPUT:REJECT:' queue_threshold 1
     0     0 reject     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain @net2all (2 references)
  pkts bytes target     prot opt in     out     source                
destination
  731K   36M RETURN     all  --  *      *       0.0.0.0/0             
0.0.0.0/0           limit: avg 10/sec burst 40
  2204  117K DROP       all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain all2all (4 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0           state RELATED,ESTABLISHED
     0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           state NEW tcp flags:!0x16/0x02
27859 4310K common     all  --  *      *       0.0.0.0/0             
0.0.0.0/0
  1964  168K ULOG       all  --  *      *       0.0.0.0/0             
0.0.0.0/0           ULOG copy_range 0 nlgroup 1 prefix  
`Shorewall:all2all:REJECT:' queue_threshold 1
  1964  168K reject     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain blacklst (2 references)
  pkts bytes target     prot opt in     out     source                
destination

Chain br0_fwd (1 references)
  pkts bytes target     prot opt in     out     source                
destination
1155K   57M dynamic    all  --  *      *       0.0.0.0/0             
0.0.0.0/0           state NEW
   13M 2374M loc2net    all  --  *      ppp0    0.0.0.0/0             
0.0.0.0/0
     0     0 ACCEPT     all  --  *      br0     0.0.0.0/0             
0.0.0.0/0
     0     0 loc2imvpn  all  --  *      ipsec0  0.0.0.0/0             
0.0.0.0/0

Chain br0_in (1 references)
  pkts bytes target     prot opt in     out     source                
destination
46901 5828K dynamic    all  --  *      *       0.0.0.0/0             
0.0.0.0/0           state NEW
6813K  757M loc2fw     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain common (5 references)
  pkts bytes target     prot opt in     out     source                
destination
  2714  187K icmpdef    icmp --  *      *       0.0.0.0/0             
0.0.0.0/0
    92 48700 reject     udp  --  *      *       0.0.0.0/0             
0.0.0.0/0           udp dpt:135
16105 2510K reject     udp  --  *      *       0.0.0.0/0             
0.0.0.0/0           udp dpts:137:139
     0     0 reject     udp  --  *      *       0.0.0.0/0             
0.0.0.0/0           udp dpt:445
     0     0 reject     tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp dpt:139
     0     0 reject     tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp dpt:445
     4   192 reject     tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp dpt:135
     0     0 DROP       udp  --  *      *       0.0.0.0/0             
0.0.0.0/0           udp dpt:1900
     0     0 DROP       all  --  *      *       0.0.0.0/0             
255.255.255.255
     0     0 DROP       all  --  *      *       0.0.0.0/0             
224.0.0.0/4
     1    48 reject     tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp dpt:113
     0     0 DROP       udp  --  *      *       0.0.0.0/0             
0.0.0.0/0           udp spt:53 state NEW
11566 1770K DROP       all  --  *      *       0.0.0.0/0             
10.0.1.255

Chain dynamic (6 references)
  pkts bytes target     prot opt in     out     source                
destination

Chain fw2imvpn (1 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0           state RELATED,ESTABLISHED
     0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           state NEW tcp flags:!0x16/0x02
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           state NEW tcp dpt:53
     0     0 ACCEPT     udp  --  *      *       0.0.0.0/0             
0.0.0.0/0           state NEW udp dpt:53
     0     0 all2all    all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain fw2loc (1 references)
  pkts bytes target     prot opt in     out     source                
destination
   24M   34G ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0           state RELATED,ESTABLISHED
    27 27468 newnotsyn  tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           state NEW tcp flags:!0x16/0x02
     0     0 ACCEPT     icmp --  *      *       0.0.0.0/0             
0.0.0.0/0           icmp type 8
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0             
10.0.1.11           state NEW
27859 4310K all2all    all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain fw2net (1 references)
  pkts bytes target     prot opt in     out     source                
destination
88544   10M ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0           state RELATED,ESTABLISHED
     0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           state NEW tcp flags:!0x16/0x02
     0     0 ACCEPT     esp  --  *      *       0.0.0.0/0             
210.229.239.65
     0     0 ACCEPT     ah   --  *      *       0.0.0.0/0             
210.229.239.65
     3   404 ACCEPT     udp  --  *      *       0.0.0.0/0             
210.229.239.65      udp spt:500 dpt:500 state NEW
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           state NEW tcp dpt:53
  4574  294K ACCEPT     udp  --  *      *       0.0.0.0/0             
0.0.0.0/0           state NEW udp dpt:53
  1347  113K ACCEPT     icmp --  *      *       0.0.0.0/0             
0.0.0.0/0           icmp type 8
  9528  572K ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain icmpdef (1 references)
  pkts bytes target     prot opt in     out     source                
destination

Chain imvpn2fw (1 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0           state RELATED,ESTABLISHED
     0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           state NEW tcp flags:!0x16/0x02
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           state NEW tcp dpt:53
     0     0 ACCEPT     udp  --  *      *       0.0.0.0/0             
0.0.0.0/0           state NEW udp dpt:53
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           state NEW tcp dpt:22
     0     0 all2all    all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain imvpn2loc (1 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0           state RELATED,ESTABLISHED
     0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           state NEW tcp flags:!0x16/0x02
     0     0 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain ipsec0_fwd (1 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 dynamic    all  --  *      *       0.0.0.0/0             
0.0.0.0/0           state NEW
     0     0 all2all    all  --  *      ppp0    0.0.0.0/0             
0.0.0.0/0
     0     0 imvpn2loc  all  --  *      br0     0.0.0.0/0             
0.0.0.0/0

Chain ipsec0_in (1 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 dynamic    all  --  *      *       0.0.0.0/0             
0.0.0.0/0           state NEW
     0     0 imvpn2fw   all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain loc2fw (1 references)
  pkts bytes target     prot opt in     out     source                
destination
6766K  752M ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0           state RELATED,ESTABLISHED
   121  7176 newnotsyn  tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           state NEW tcp flags:!0x16/0x02
    16   960 ACCEPT     tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           state NEW tcp dpt:22
   611 36438 ACCEPT     icmp --  *      *       0.0.0.0/0             
0.0.0.0/0           icmp type 8
46153 5783K ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain loc2imvpn (1 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0           state RELATED,ESTABLISHED
     0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           state NEW tcp flags:!0x16/0x02
     0     0 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain loc2net (1 references)
  pkts bytes target     prot opt in     out     source                
destination
   12M 2317M ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0           state RELATED,ESTABLISHED
   493 82544 newnotsyn  tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           state NEW tcp flags:!0x16/0x02
1155K   57M ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain logdrop (58 references)
  pkts bytes target     prot opt in     out     source                
destination
  529K   26M ULOG       all  --  *      *       0.0.0.0/0             
0.0.0.0/0           ULOG copy_range 0 nlgroup 1 prefix  
`Shorewall:logdrop:DROP:' queue_threshold 1
  529K   26M DROP       all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain net2all (3 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0           state RELATED,ESTABLISHED
     0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           state NEW tcp flags:!0x16/0x02
  6915  630K common     all  --  *      *       0.0.0.0/0             
0.0.0.0/0
  5042  442K ULOG       all  --  *      *       0.0.0.0/0             
0.0.0.0/0           ULOG copy_range 0 nlgroup 1 prefix  
`Shorewall:net2all:DROP:' queue_threshold 1
  5042  442K DROP       all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain net2fw (1 references)
  pkts bytes target     prot opt in     out     source                
destination
88102   39M ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0           state RELATED,ESTABLISHED
  3797  205K @net2all   tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp flags:0x16/0x02
  1269  224K newnotsyn  tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           state NEW tcp flags:!0x16/0x02
     2   272 ACCEPT     esp  --  *      *       210.229.239.65        
0.0.0.0/0
     0     0 ACCEPT     ah   --  *      *       210.229.239.65        
0.0.0.0/0
     0     0 ACCEPT     udp  --  *      *       210.229.239.65        
0.0.0.0/0           udp spt:500 dpt:500 state NEW
    71  3796 ACCEPT     icmp --  *      *       0.0.0.0/0             
0.0.0.0/0           icmp type 8
     1    60 ACCEPT     tcp  --  *      *       0.0.0.0/0             
10.0.1.1            state NEW tcp dpt:22
     7  4716 ACCEPT     udp  --  *      *       0.0.0.0/0             
0.0.0.0/0           state NEW udp dpt:500
     0     0 ACCEPT     esp  --  *      *       0.0.0.0/0             
0.0.0.0/0
     0     0 ACCEPT     ah   --  *      *       0.0.0.0/0             
0.0.0.0/0
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           multiport dports 8100,8041 state NEW
  6915  630K net2all    all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain net2loc (1 references)
  pkts bytes target     prot opt in     out     source                
destination
   14M 5587M ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0           state RELATED,ESTABLISHED
  730K   36M @net2all   tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp flags:0x16/0x02
   928  195K newnotsyn  tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           state NEW tcp flags:!0x16/0x02
    11   528 ACCEPT     tcp  --  *      *       0.0.0.0/0             
10.0.1.20           state NEW tcp dpt:4662
     0     0 ACCEPT     udp  --  *      *       0.0.0.0/0             
10.0.1.20           state NEW udp dpt:4672
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0             
10.0.1.20           state NEW tcp dpt:4762
     0     0 ACCEPT     udp  --  *      *       0.0.0.0/0             
10.0.1.20           state NEW udp dpt:4772
  728K   36M ACCEPT     tcp  --  *      *       0.0.0.0/0             
10.0.1.20           state NEW tcp dpt:4862
  347K   17M ACCEPT     udp  --  *      *       0.0.0.0/0             
10.0.1.20           state NEW udp dpt:4872
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0             
10.0.1.60           state NEW tcp dpt:80
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0             
10.0.1.20           state NEW tcp dpts:6881:6889
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0             
10.0.1.101          state NEW tcp dpt:80
     0     0 ACCEPT     udp  --  *      *       0.0.0.0/0             
10.0.1.20           state NEW udp dpt:5060
     0     0 ACCEPT     udp  --  *      *       0.0.0.0/0             
10.0.1.20           state NEW udp dpts:16384:16403
     0     0 net2all    all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain newnotsyn (12 references)
  pkts bytes target     prot opt in     out     source                
destination
  2838  536K ULOG       all  --  *      *       0.0.0.0/0             
0.0.0.0/0           ULOG copy_range 0 nlgroup 1 prefix  
`Shorewall:newnotsyn:DROP:' queue_threshold 1
  2838  536K DROP       all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain ppp0_fwd (1 references)
  pkts bytes target     prot opt in     out     source                
destination
1606K   79M dynamic    all  --  *      *       0.0.0.0/0             
0.0.0.0/0           state NEW
1606K   79M blacklst   all  --  *      *       0.0.0.0/0             
0.0.0.0/0           state NEW
1606K   79M rfc1918    all  --  *      *       0.0.0.0/0             
0.0.0.0/0           state NEW
   15M 5640M net2loc    all  --  *      br0     0.0.0.0/0             
0.0.0.0/0
     0     0 net2all    all  --  *      ipsec0  0.0.0.0/0             
0.0.0.0/0

Chain ppp0_in (1 references)
  pkts bytes target     prot opt in     out     source                
destination
  7607  815K dynamic    all  --  *      *       0.0.0.0/0             
0.0.0.0/0           state NEW
  7607  815K blacklst   all  --  *      *       0.0.0.0/0             
0.0.0.0/0           state NEW
     0     0 ACCEPT     udp  --  *      *       0.0.0.0/0             
0.0.0.0/0           udp dpts:67:68
  7607  815K rfc1918    all  --  *      *       0.0.0.0/0             
0.0.0.0/0           state NEW
97143   40M net2fw     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain reject (11 references)
  pkts bytes target     prot opt in     out     source                
destination
     6   300 REJECT     tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           reject-with tcp-reset
17247 2658K REJECT     udp  --  *      *       0.0.0.0/0             
0.0.0.0/0           reject-with icmp-port-unreachable
   913 69374 REJECT     icmp --  *      *       0.0.0.0/0             
0.0.0.0/0           reject-with icmp-host-unreachable
     0     0 REJECT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0           reject-with icmp-host-prohibited

Chain rfc1918 (2 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 RETURN     all  --  *      *       255.255.255.255       
0.0.0.0/0
     0     0 RETURN     all  --  *      *       0.0.0.0/0             
0.0.0.0/0           ctorigdst 255.255.255.255
     0     0 DROP       all  --  *      *       169.254.0.0/16        
0.0.0.0/0
     0     0 DROP       all  --  *      *       0.0.0.0/0             
0.0.0.0/0           ctorigdst 169.254.0.0/16
     0     0 logdrop    all  --  *      *       172.16.0.0/12         
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0           ctorigdst 172.16.0.0/12
     0     0 logdrop    all  --  *      *       192.0.2.0/24          
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0           ctorigdst 192.0.2.0/24
     8   384 logdrop    all  --  *      *       192.168.0.0/16        
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0           ctorigdst 192.168.0.0/16
     0     0 logdrop    all  --  *      *       0.0.0.0/7             
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0           ctorigdst 0.0.0.0/7
     0     0 logdrop    all  --  *      *       2.0.0.0/8             
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0           ctorigdst 2.0.0.0/8
     0     0 logdrop    all  --  *      *       5.0.0.0/8             
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0           ctorigdst 5.0.0.0/8
     0     0 logdrop    all  --  *      *       7.0.0.0/8             
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0           ctorigdst 7.0.0.0/8
     0     0 logdrop    all  --  *      *       10.0.0.0/8            
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0           ctorigdst 10.0.0.0/8
     0     0 logdrop    all  --  *      *       23.0.0.0/8            
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0           ctorigdst 23.0.0.0/8
     0     0 logdrop    all  --  *      *       27.0.0.0/8            
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0           ctorigdst 27.0.0.0/8
     0     0 logdrop    all  --  *      *       31.0.0.0/8            
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0           ctorigdst 31.0.0.0/8
     0     0 logdrop    all  --  *      *       36.0.0.0/7            
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0           ctorigdst 36.0.0.0/7
     0     0 logdrop    all  --  *      *       39.0.0.0/8            
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0           ctorigdst 39.0.0.0/8
     0     0 logdrop    all  --  *      *       41.0.0.0/8            
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0           ctorigdst 41.0.0.0/8
     0     0 logdrop    all  --  *      *       42.0.0.0/8            
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0           ctorigdst 42.0.0.0/8
     0     0 logdrop    all  --  *      *       49.0.0.0/8            
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0           ctorigdst 49.0.0.0/8
     0     0 logdrop    all  --  *      *       50.0.0.0/8            
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0           ctorigdst 50.0.0.0/8
  1812 88344 logdrop    all  --  *      *       58.0.0.0/7            
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0           ctorigdst 58.0.0.0/7
12466  608K logdrop    all  --  *      *       70.0.0.0/7            
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0           ctorigdst 70.0.0.0/7
     0     0 logdrop    all  --  *      *       72.0.0.0/5            
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0           ctorigdst 72.0.0.0/5
  319K   16M logdrop    all  --  *      *       83.0.0.0/8            
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0           ctorigdst 83.0.0.0/8
  195K 9661K logdrop    all  --  *      *       84.0.0.0/6            
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0           ctorigdst 84.0.0.0/6
     0     0 logdrop    all  --  *      *       88.0.0.0/5            
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0           ctorigdst 88.0.0.0/5
     0     0 logdrop    all  --  *      *       96.0.0.0/3            
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0           ctorigdst 96.0.0.0/3
     0     0 logdrop    all  --  *      *       127.0.0.0/8           
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0           ctorigdst 127.0.0.0/8
     0     0 logdrop    all  --  *      *       197.0.0.0/8           
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0           ctorigdst 197.0.0.0/8
     0     0 logdrop    all  --  *      *       198.18.0.0/15         
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0           ctorigdst 198.18.0.0/15
     0     0 logdrop    all  --  *      *       223.0.0.0/8           
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0           ctorigdst 223.0.0.0/8
     0     0 logdrop    all  --  *      *       240.0.0.0/4           
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0           ctorigdst 240.0.0.0/4

Chain shorewall (0 references)
  pkts bytes target     prot opt in     out     source                
destination
+ _________________________
+ iptables -t nat -L -v -n
Chain PREROUTING (policy ACCEPT 790K packets, 44M bytes)
  pkts bytes target     prot opt in     out     source                
destination
1613K   80M net_dnat   all  --  ppp0   *       0.0.0.0/0             
0.0.0.0/0

Chain POSTROUTING (policy ACCEPT 1090K packets, 54M bytes)
  pkts bytes target     prot opt in     out     source                
destination
  743K   38M ppp0_masq  all  --  *      ppp0    0.0.0.0/0             
0.0.0.0/0

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
  pkts bytes target     prot opt in     out     source                
destination

Chain net_dnat (1 references)
  pkts bytes target     prot opt in     out     source                
destination
    11   528 DNAT       tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp dpt:4662 to:10.0.1.20
    43  2064 DNAT       udp  --  *      *       0.0.0.0/0             
0.0.0.0/0           udp dpt:4672 to:10.0.1.20
     0     0 DNAT       tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp dpt:4762 to:10.0.1.20
     0     0 DNAT       udp  --  *      *       0.0.0.0/0             
0.0.0.0/0           udp dpt:4772 to:10.0.1.20
1253K   62M DNAT       tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp dpt:4862 to:10.0.1.20
  353K   17M DNAT       udp  --  *      *       0.0.0.0/0             
0.0.0.0/0           udp dpt:4872 to:10.0.1.20
     0     0 DNAT       tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp dpt:888 to:10.0.1.60:80
     2   120 DNAT       tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp dpt:222 to:10.0.1.1:22
     0     0 DNAT       tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp dpts:6881:6889 to:10.0.1.20
     5   300 DNAT       tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp dpt:8888 to:10.0.1.101:80
     0     0 DNAT       udp  --  *      *       0.0.0.0/0             
0.0.0.0/0           udp dpt:5060 to:10.0.1.20
     0     0 DNAT       udp  --  *      *       0.0.0.0/0             
0.0.0.0/0           udp dpts:16384:16403 to:10.0.1.20

Chain ppp0_masq (1 references)
  pkts bytes target     prot opt in     out     source                
destination
  729K   37M MASQUERADE  all  --  *      *       10.0.1.0/24           
0.0.0.0/0
     0     0 MASQUERADE  all  --  *      *       169.254.0.0/16        
0.0.0.0/0
+ _________________________
+ iptables -t mangle -L -v -n
Chain PREROUTING (policy ACCEPT 35M packets, 8845M bytes)
  pkts bytes target     prot opt in     out     source                
destination
   35M 8845M pretos     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain INPUT (policy ACCEPT 6963K packets, 802M bytes)
  pkts bytes target     prot opt in     out     source                
destination

Chain FORWARD (policy ACCEPT 28M packets, 8043M bytes)
  pkts bytes target     prot opt in     out     source                
destination

Chain OUTPUT (policy ACCEPT 11M packets, 34G bytes)
  pkts bytes target     prot opt in     out     source                
destination
   11M   34G outtos     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain POSTROUTING (policy ACCEPT 52M packets, 42G bytes)
  pkts bytes target     prot opt in     out     source                
destination

Chain outtos (1 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp dpt:22 TOS set 0x10
35991 9628K TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp spt:22 TOS set 0x10
   856 55094 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp dpt:21 TOS set 0x10
     0     0 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp spt:21 TOS set 0x10
     0     0 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp spt:20 TOS set 0x08
     0     0 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp dpt:20 TOS set 0x08

Chain pretos (1 references)
  pkts bytes target     prot opt in     out     source                
destination
57507 4523K TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp dpt:22 TOS set 0x10
  4808 1410K TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp spt:22 TOS set 0x10
  1517 98211 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp dpt:21 TOS set 0x10
  2025  187K TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp spt:21 TOS set 0x10
   122  8853 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp spt:20 TOS set 0x08
   135  8778 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp dpt:20 TOS set 0x08
+ _________________________ proc/modules
+ test -f /proc/modules
+ cat /proc/modules
msp3400 26424 0 - Live 0xe0d1a000
saa7115 11224 0 - Live 0xe0d0d000
tuner 19300 0 - Live 0xe0cf7000
tveeprom 10804 0 - Live 0xe0d04000
ivtv 802244 0 - Live 0xe0d2f000
dvb_bt8xx 7236 5 - Live 0xe0a74000
dvb_core 74736 6 dvb_bt8xx, Live 0xe0ab9000
mt352 4996 1 dvb_bt8xx, Live 0xe0a71000
sp887x 7428 1 dvb_bt8xx, Live 0xe0a54000
dst 12040 1 dvb_bt8xx, Live 0xe0a50000
bt878 8696 2 dvb_bt8xx,dst, Live 0xe0a47000
bttv 145488 2 dvb_bt8xx,bt878, Live 0xe0a94000
video_buf 16964 1 bttv, Live 0xe0a41000
firmware_class 7616 3 dvb_bt8xx,sp887x,bttv, Live 0xe0a24000
i2c_algo_bit 8328 2 ivtv,bttv, Live 0xe0a20000
v4l2_common 4864 1 bttv, Live 0xe0a05000
btcx_risc 3720 1 bttv, Live 0xe0a03000
i2c_core 19216 10  
msp3400,saa7115,tuner,tveeprom,dvb_bt8xx,mt352,sp887x,dst,bttv,i2c_algo_ 
bit, Live 0xe0a1a000
videodev 7232 2 ivtv,bttv, Live 0xe09e8000
v4l1_compat 12932 0 - Live 0xe0a15000
nfsd 100616 9 - Live 0xe0a57000
exportfs 4928 1 nfsd, Live 0xe09e5000
lockd 64168 2 nfsd, Live 0xe0a29000
deflate 2688 0 - Live 0xe0929000
zlib_deflate 21080 1 deflate, Live 0xe09fc000
twofish 37120 0 - Live 0xe0a0a000
serpent 13248 0 - Live 0xe09f7000
aes_i586 38452 0 - Live 0xe09ec000
blowfish 8000 0 - Live 0xe09e2000
des 11264 2 - Live 0xe09d2000
sha256 8960 0 - Live 0xe09da000
sha1 8512 0 - Live 0xe09d6000
md5 3648 2 - Live 0xe08fa000
crypto_null 1984 0 - Live 0xe0927000
ipcomp 6472 0 - Live 0xe09c7000
esp4 6720 2 - Live 0xe09c4000
ah4 5312 0 - Live 0xe09c1000
af_key 27024 0 - Live 0xe09ca000
ipt_TOS 1984 12 - Live 0xe09b2000
ipt_MASQUERADE 2880 2 - Live 0xe09ac000
ipt_limit 1920 1 - Live 0xe09a0000
ipt_REJECT 5632 4 - Live 0xe09af000
ipt_ULOG 6244 7 - Live 0xe09a9000
ipt_TCPMSS 3520 1 - Live 0xe09a2000
ipt_state 1472 63 - Live 0xe09a4000
ip_nat_irc 3504 0 - Live 0xe099e000
ip_nat_tftp 2992 0 - Live 0xe099c000
ip_nat_ftp 4144 0 - Live 0xe0999000
ip_conntrack_irc 70512 1 ip_nat_irc, Live 0xe0986000
ip_conntrack_tftp 3056 0 - Live 0xe096c000
ip_conntrack_ftp 71408 1 ip_nat_ftp, Live 0xe0973000
ipt_multiport 1664 1 - Live 0xe0971000
ipt_conntrack 1984 31 - Live 0xe096f000
iptable_filter 2176 1 - Live 0xe08fc000
iptable_mangle 2176 1 - Live 0xe08f0000
iptable_nat 21960 5 ipt_MASQUERADE,ip_nat_irc,ip_nat_tftp,ip_nat_ftp,  
Live 0xe0912000
ip_conntrack 39732 10  
ipt_MASQUERADE,ipt_state,ip_nat_irc,ip_nat_tftp,ip_nat_ftp,ip_conntrack_ 
irc,ip_conntrack_tftp,ip_conntrack_ftp,ipt_conntrack,iptable_nat, Live  
0xe092b000
ip_tables 16000 12  
ipt_TOS,ipt_MASQUERADE,ipt_limit,ipt_REJECT,ipt_ULOG,ipt_TCPMSS,ipt_stat 
e,ipt_multiport,ipt_conntrack,iptable_filter,iptable_mangle,iptable_nat, 
  Live 0xe0919000
sunrpc 132388 13 nfsd,lockd, Live 0xe0936000
ppp_synctty 7936 0 - Live 0xe090f000
ppp_async 9024 1 - Live 0xe08fe000
crc_ccitt 1664 1 ppp_async, Live 0xe08f2000
ppp_generic 21524 6 ppp_synctty,ppp_async, Live 0xe0908000
slhc 7232 1 ppp_generic, Live 0xe0820000
8139too 20032 0 - Live 0xe0902000
via_rhine 18308 0 - Live 0xe08f4000
mii 3904 2 8139too,via_rhine, Live 0xe084f000
crc32 3840 3 dvb_core,8139too,via_rhine, Live 0xe0823000
usblp 10816 0 - Live 0xe083a000
uhci_hcd 29712 0 - Live 0xe0844000
ehci_hcd 26052 0 - Live 0xe0832000
usbcore 102296 4 usblp,uhci_hcd,ehci_hcd, Live 0xe0851000
thermal 10568 0 - Live 0xe0804000
sata_via 4484 6 - Live 0xe081a000
libata 38916 1 sata_via, Live 0xe0827000
+ _________________________ proc/meminfo
+ cat /proc/meminfo
MemTotal:       515828 kB
MemFree:          1980 kB
Buffers:         31868 kB
Cached:         304520 kB
SwapCached:       1572 kB
Active:         186924 kB
Inactive:       288692 kB
HighTotal:           0 kB
HighFree:            0 kB
LowTotal:       515828 kB
LowFree:          1980 kB
SwapTotal:     1052216 kB
SwapFree:      1039436 kB
Dirty:             456 kB
Writeback:           0 kB
Mapped:         166696 kB
Slab:            26940 kB
CommitLimit:   1310128 kB
Committed_AS:   529216 kB
CommitAvail:    780912 kB
PageTables:       1776 kB
VmallocTotal:   516056 kB
VmallocUsed:     24328 kB
VmallocChunk:   491128 kB
+ _________________________ proc/net/ipsec-ls
+ test -f /proc/net/ipsec_version
+ _________________________ usr/src/linux/.config
+ test -f /proc/config.gz
++ uname -r
+ test -f /lib/modules/2.6.10-rc1/build/.config
++ uname -r
+ cat /lib/modules/2.6.10-rc1/build/.config
+ egrep  
'CONFIG_NETLINK|CONFIG_IPSEC|CONFIG_NET_KEY|CONFIG_INET|CONFIG_IP'
# CONFIG_NETLINK_DEV is not set
CONFIG_NET_KEY=m
CONFIG_INET=y
CONFIG_IP_MULTICAST=y
CONFIG_IP_ADVANCED_ROUTER=y
CONFIG_IP_MULTIPLE_TABLES=y
CONFIG_IP_ROUTE_FWMARK=y
CONFIG_IP_ROUTE_MULTIPATH=y
CONFIG_IP_ROUTE_VERBOSE=y
# CONFIG_IP_PNP is not set
CONFIG_IP_MROUTE=y
CONFIG_IP_PIMSM_V1=y
CONFIG_IP_PIMSM_V2=y
CONFIG_INET_AH=m
CONFIG_INET_ESP=m
CONFIG_INET_IPCOMP=m
CONFIG_INET_TUNNEL=m
# CONFIG_IP_VS is not set
# CONFIG_IPV6 is not set
CONFIG_IP_NF_CONNTRACK=m
# CONFIG_IP_NF_CT_ACCT is not set
# CONFIG_IP_NF_CONNTRACK_MARK is not set
# CONFIG_IP_NF_CT_PROTO_SCTP is not set
CONFIG_IP_NF_FTP=m
CONFIG_IP_NF_IRC=m
CONFIG_IP_NF_TFTP=m
CONFIG_IP_NF_AMANDA=m
CONFIG_IP_NF_QUEUE=m
CONFIG_IP_NF_IPTABLES=m
CONFIG_IP_NF_MATCH_LIMIT=m
# CONFIG_IP_NF_MATCH_IPRANGE is not set
CONFIG_IP_NF_MATCH_MAC=m
CONFIG_IP_NF_MATCH_PKTTYPE=m
CONFIG_IP_NF_MATCH_MARK=m
CONFIG_IP_NF_MATCH_MULTIPORT=m
CONFIG_IP_NF_MATCH_TOS=m
CONFIG_IP_NF_MATCH_RECENT=m
CONFIG_IP_NF_MATCH_ECN=m
CONFIG_IP_NF_MATCH_DSCP=m
CONFIG_IP_NF_MATCH_AH_ESP=m
CONFIG_IP_NF_MATCH_LENGTH=m
CONFIG_IP_NF_MATCH_TTL=m
CONFIG_IP_NF_MATCH_TCPMSS=m
CONFIG_IP_NF_MATCH_HELPER=m
CONFIG_IP_NF_MATCH_STATE=m
CONFIG_IP_NF_MATCH_CONNTRACK=m
CONFIG_IP_NF_MATCH_OWNER=m
CONFIG_IP_NF_MATCH_PHYSDEV=m
# CONFIG_IP_NF_MATCH_ADDRTYPE is not set
# CONFIG_IP_NF_MATCH_REALM is not set
# CONFIG_IP_NF_MATCH_SCTP is not set
# CONFIG_IP_NF_MATCH_COMMENT is not set
# CONFIG_IP_NF_MATCH_HASHLIMIT is not set
CONFIG_IP_NF_FILTER=m
CONFIG_IP_NF_TARGET_REJECT=m
CONFIG_IP_NF_TARGET_LOG=m
CONFIG_IP_NF_TARGET_ULOG=m
CONFIG_IP_NF_TARGET_TCPMSS=m
CONFIG_IP_NF_NAT=m
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=m
CONFIG_IP_NF_TARGET_REDIRECT=m
# CONFIG_IP_NF_TARGET_NETMAP is not set
# CONFIG_IP_NF_TARGET_SAME is not set
# CONFIG_IP_NF_NAT_LOCAL is not set
CONFIG_IP_NF_NAT_SNMP_BASIC=m
CONFIG_IP_NF_NAT_IRC=m
CONFIG_IP_NF_NAT_FTP=m
CONFIG_IP_NF_NAT_TFTP=m
CONFIG_IP_NF_NAT_AMANDA=m
CONFIG_IP_NF_MANGLE=m
CONFIG_IP_NF_TARGET_TOS=m
CONFIG_IP_NF_TARGET_ECN=m
CONFIG_IP_NF_TARGET_DSCP=m
CONFIG_IP_NF_TARGET_MARK=m
# CONFIG_IP_NF_TARGET_CLASSIFY is not set
# CONFIG_IP_NF_RAW is not set
CONFIG_IP_NF_ARPTABLES=m
CONFIG_IP_NF_ARPFILTER=m
CONFIG_IP_NF_ARP_MANGLE=m
CONFIG_IP_NF_COMPAT_IPCHAINS=m
CONFIG_IP_NF_COMPAT_IPFWADM=m
# CONFIG_IP_SCTP is not set
# CONFIG_IPX is not set
# CONFIG_IPMI_HANDLER is not set
+ _________________________ etc/syslog.conf
+ cat /etc/syslog.conf
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*                                                 /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none                 
/var/log/messages

# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure

# Log all the mail messages in one place.
mail.*                                                  /var/log/maillog


# Log cron stuff
cron.*                                                  /var/log/cron

# Everybody gets emergency messages
*.emerg                                                 *

# Save news errors of level crit and higher in a special file.
uucp,news.crit                                          /var/log/spooler

# Save boot messages also to boot.log
local7.*                                                 
/var/log/boot.log
+ _________________________ etc/resolv.conf
+ cat /etc/resolv.conf
nameserver 203.0.178.191
+ _________________________ lib/modules-ls
+ ls -ltr /lib/modules
total 528
drwxr-xr-x  4 root root   4096 Oct 28 17:58 2.6.5-1.358
-rw-r--r--  1 root root 262144 Oct 29 22:36 ivtv-fw-enc.bin
-rw-r--r--  1 root root 262144 Oct 29 22:36 ivtv-fw-dec.bin
drwxr-xr-x  6 root root   4096 Nov  5 17:42 2.6.10-rc1
+ _________________________ proc/ksyms-netif_rx
+ test -r /proc/ksyms
+ test -r /proc/kallsyms
+ egrep netif_rx /proc/kallsyms
c02c4d90 T netif_rx
c02c4f30 T netif_rx_ni
c02c4d90 U netif_rx     [dvb_core]
c02c4d90 U netif_rx     [ppp_generic]
c02c4d90 U netif_rx     [via_rhine]
+ _________________________ lib/modules-netif_rx
+ modulegoo kernel/net/ipv4/ipip.o netif_rx
+ set +x
2.6.10-rc1:
2.6.5-1.358:
+ _________________________ kern.debug
+ test -f /var/log/kern.debug
+ _________________________ klog
+ sed -n '5453194,$p' /var/log/messages
+ egrep -i 'ipsec|klips|pluto'
+ cat
Nov 11 21:12:06 amber ipsec_setup: Starting Openswan IPsec  
U2.2.0/K2.6.10-rc1...
+ _________________________ plog
+ sed -n '145,$p' /var/log/secure
+ cat
+ egrep -i pluto
Nov 11 21:12:06 amber ipsec__plutorun: Starting Pluto subsystem...
Nov 11 21:12:06 amber pluto[3574]: Starting Pluto (Openswan Version  
2.2.0 X.509-1.5.4 PLUTO_USES_KEYRR)
Nov 11 21:12:06 amber pluto[3574]:   including NAT-Traversal patch  
(Version 0.6c) [disabled]
Nov 11 21:12:06 amber pluto[3574]: ike_alg_register_enc(): Activating  
OAKLEY_AES_CBC: Ok (ret=0)
Nov 11 21:12:06 amber pluto[3574]: Using Linux 2.6 IPsec interface code
Nov 11 21:12:06 amber pluto[3574]: Changing to directory  
'/etc/ipsec.d/cacerts'
Nov 11 21:12:06 amber pluto[3574]: Could not change to directory  
'/etc/ipsec.d/aacerts'
Nov 11 21:12:06 amber pluto[3574]: Changing to directory  
'/etc/ipsec.d/ocspcerts'
Nov 11 21:12:06 amber pluto[3574]: Changing to directory  
'/etc/ipsec.d/crls'
Nov 11 21:12:06 amber pluto[3574]:   Warning: empty directory
Nov 11 21:12:06 amber pluto[3574]: added connection description  
"Tir-Na-Nogth-IM"
Nov 11 21:12:06 amber pluto[3574]: listening for IKE messages
Nov 11 21:12:06 amber pluto[3574]: adding interface ppp0/ppp0  
203.217.34.219
Nov 11 21:12:06 amber pluto[3574]: adding interface br0/br0 10.0.1.1
Nov 11 21:12:06 amber pluto[3574]: adding interface lo/lo 127.0.0.1
Nov 11 21:12:06 amber pluto[3574]: loading secrets from  
"/etc/ipsec.secrets"
Nov 11 21:12:28 amber pluto[3574]: "Tir-Na-Nogth-IM" #1: initiating  
Main Mode
Nov 11 21:12:29 amber pluto[3574]: "Tir-Na-Nogth-IM" #1: transition  
from state STATE_MAIN_I1 to state STATE_MAIN_I2
Nov 11 21:12:29 amber pluto[3574]: "Tir-Na-Nogth-IM" #1: I did not send  
a certificate because I do not have one.
Nov 11 21:12:29 amber pluto[3574]: "Tir-Na-Nogth-IM" #1: transition  
from state STATE_MAIN_I2 to state STATE_MAIN_I3
Nov 11 21:12:30 amber pluto[3574]: "Tir-Na-Nogth-IM" #1: Peer ID is  
ID_FQDN: '@edo.insentiv.co.jp'
Nov 11 21:12:30 amber pluto[3574]: "Tir-Na-Nogth-IM" #1: transition  
from state STATE_MAIN_I3 to state STATE_MAIN_I4
Nov 11 21:12:30 amber pluto[3574]: "Tir-Na-Nogth-IM" #1: ISAKMP SA  
established
Nov 11 21:12:30 amber pluto[3574]: "Tir-Na-Nogth-IM" #2: initiating  
Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP {using isakmp#1}
Nov 11 21:12:30 amber pluto[3574]: "Tir-Na-Nogth-IM" #2: transition  
from state STATE_QUICK_I1 to state STATE_QUICK_I2
Nov 11 21:12:30 amber pluto[3574]: "Tir-Na-Nogth-IM" #2: sent QI2,  
IPsec SA established {ESP=>0xa57ee5b0 <0x01106a70}
+ _________________________ date
+ date
Thu Nov 11 21:12:55 EST 2004






edo
Thu Nov 11 19:12:43 JST 2004
+ _________________________ version
+ ipsec --version
Linux FreeS/WAN 2.04
See `ipsec --copyright' for copyright information.
+ _________________________ proc/version
+ cat /proc/version
Linux version 2.4.22-1.2115.nptl (bhcompile at daffy.perf.redhat.com) (gcc  
version 3.2.3 20030422 (Red Hat Linux 3.2.3-6)) #1 Wed Oct 29 15:20:17  
EST 2003
+ _________________________ ipsec_verify
+ ipsec verify --nocolour
Checking your system to see if IPsec got installed and started  
correctly:
Version check and ipsec on-path                                          
[OK]
Linux FreeS/WAN 2.04
Checking for KLIPS support in kernel                                     
[OK]
Checking for RSA private key (/etc/ipsec.secrets)                        
[OK]
Checking that pluto is running                                           
[OK]
Two or more interfaces found, checking IP forwarding                     
[OK]
Checking NAT and MASQUERADEing
Checking tun0x1002 at 203.217.34.219 from 10.0.2.0/24 to 10.0.1.0/24        
[FAILED]
ppp0_masq from 0.0.0.0/0 to 0.0.0.0/0 kills tunnel 0.0.0.0/0 ->  
10.0.1.0/24

Opportunistic Encryption DNS checks:
Looking for TXT in forward map: edo                                      
[MISSING]
Does the machine have at least one non-private address?                  
[FAILED]
+ _________________________ proc/net/ipsec_eroute
+ sort -sg +3 /proc/net/ipsec_eroute
0          10.0.2.0/24        -> 10.0.1.0/24        =>  
tun0x1002 at 203.217.34.219
+ _________________________ netstat-rn
+ netstat -nr
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window   
irtt Iface
154.33.4.102    0.0.0.0         255.255.255.255 UH        0 0           
0 ppp0
154.33.4.102    0.0.0.0         255.255.255.255 UH        0 0           
0 ipsec0
10.0.1.0        154.33.4.102    255.255.255.0   UG        0 0           
0 ipsec0
10.0.2.0        0.0.0.0         255.255.255.0   U         0 0           
0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0           
0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U         0 0           
0 lo
0.0.0.0         154.33.4.102    0.0.0.0         UG        0 0           
0 ppp0
+ _________________________ proc/net/ipsec_spi
+ cat /proc/net/ipsec_spi
esp0xa57ee5b0 at 210.229.239.65 ESP_3DES_HMAC_MD5: dir=in   
src=203.217.34.219 iv_bits=64bits iv=0x4a4ee5986c581c68 ooowin=64  
alen=128 aklen=128 eklen=192 life(c,s,h)=addtime(20,0,0) refcount=4  
ref=8
tun0x1002 at 203.217.34.219 IPIP: dir=out src=210.229.239.65  
life(c,s,h)=addtime(19,0,0) refcount=4 ref=12
esp0x1106a70 at 203.217.34.219 ESP_3DES_HMAC_MD5: dir=out  
src=210.229.239.65 iv_bits=64bits iv=0x88aefa6d784ce7d1 ooowin=64  
alen=128 aklen=128 eklen=192 life(c,s,h)=addtime(19,0,0) refcount=4  
ref=13
tun0x1001 at 210.229.239.65 IPIP: dir=in  src=203.217.34.219  
policy=10.0.1.0/24->10.0.2.0/24 flags=0x8<> life(c,s,h)=addtime(20,0,0)  
refcount=4 ref=7
+ _________________________ proc/net/ipsec_spigrp
+ cat /proc/net/ipsec_spigrp
tun0x1002 at 203.217.34.219 esp0x1106a70 at 203.217.34.219
tun0x1001 at 210.229.239.65 esp0xa57ee5b0 at 210.229.239.65
+ _________________________ proc/net/ipsec_tncfg
+ cat /proc/net/ipsec_tncfg
ipsec0 -> ppp0 mtu=16260(1454) -> 1454
ipsec1 -> NULL mtu=0(0) -> 0
ipsec2 -> NULL mtu=0(0) -> 0
ipsec3 -> NULL mtu=0(0) -> 0
+ _________________________ proc/net/pf_key
+ cat /proc/net/pf_key
     sock   pid   socket     next     prev e n p sndbf    Flags     Type  
St
c8cf0ae0 13131 c83586c0        0        0 0 0 2 65535 00000000        3  
  1
+ _________________________ proc/net/pf_key-star
+ cd /proc/net
+ egrep '^' pf_key_registered pf_key_supported
pf_key_registered:satype   socket   pid       sk
pf_key_registered:     2 c83586c0 13131 c8cf0ae0
pf_key_registered:     3 c83586c0 13131 c8cf0ae0
pf_key_registered:     9 c83586c0 13131 c8cf0ae0
pf_key_registered:    10 c83586c0 13131 c8cf0ae0
pf_key_supported:satype exttype alg_id ivlen minbits maxbits
pf_key_supported:     2      14      3     0     160     160
pf_key_supported:     2      14      2     0     128     128
pf_key_supported:     3      15      3   128     168     168
pf_key_supported:     3      14      3     0     160     160
pf_key_supported:     3      14      2     0     128     128
pf_key_supported:     9      15      4     0     128     128
pf_key_supported:     9      15      3     0      32     128
pf_key_supported:     9      15      2     0     128      32
pf_key_supported:     9      15      1     0      32      32
pf_key_supported:    10      15      2     0       1       1
+ _________________________ proc/sys/net/ipsec-star
+ cd /proc/sys/net/ipsec
+ egrep '^' debug_ah debug_eroute debug_esp debug_ipcomp debug_netlink  
debug_pfkey debug_radij debug_rcv debug_spi debug_tunnel debug_verbose  
debug_xform icmp inbound_policy_check pfkey_lossage tos
debug_ah:0
debug_eroute:0
debug_esp:0
debug_ipcomp:0
debug_netlink:0
debug_pfkey:0
debug_radij:0
debug_rcv:0
debug_spi:0
debug_tunnel:0
debug_verbose:0
debug_xform:0
icmp:1
inbound_policy_check:1
pfkey_lossage:0
tos:1
+ _________________________ ipsec/status
+ ipsec auto --status
000 interface ipsec0/ppp0 210.229.239.65
000 %myid = (none)
000 debug none
000
000 "Tir-Na-Nogth-IM":  
10.0.2.0/24===210.229.239.65[@edo.insentiv.co.jp]-- 
-154.33.4.102...%any[@amber.tir-na-nogth.net]===10.0.1.0/24; unrouted;  
eroute owner: #0
000 "Tir-Na-Nogth-IM":   ike_life: 3600s; ipsec_life: 28800s;  
rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 1
000 "Tir-Na-Nogth-IM":   policy: RSASIG+ENCRYPT+TUNNEL+PFS; prio:  
24,24; interface: ppp0;
000 "Tir-Na-Nogth-IM":   newest ISAKMP SA: #0; newest IPsec SA: #0;
000 "Tir-Na-Nogth-IM"[1]:  
10.0.2.0/24===210.229.239.65[@edo.insentiv.co.jp]-- 
-154.33.4.102...203.217.34.219[@amber.tir-na-nogth.net]===10.0.1.0/24;  
erouted; eroute owner: #2
000 "Tir-Na-Nogth-IM"[1]:   ike_life: 3600s; ipsec_life: 28800s;  
rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 1
000 "Tir-Na-Nogth-IM"[1]:   policy: RSASIG+ENCRYPT+TUNNEL+PFS; prio:  
24,24; interface: ppp0;
000 "Tir-Na-Nogth-IM"[1]:   newest ISAKMP SA: #1; newest IPsec SA: #2;
000
000 #2: "Tir-Na-Nogth-IM"[1] 203.217.34.219 STATE_QUICK_R2 (IPsec SA  
established); EVENT_SA_REPLACE in 28510s; newest IPSEC; eroute owner
000 #2: "Tir-Na-Nogth-IM"[1] 203.217.34.219 esp.1106a70 at 203.217.34.219  
esp.a57ee5b0 at 210.229.239.65 tun.1002 at 203.217.34.219  
tun.1001 at 210.229.239.65
000 #1: "Tir-Na-Nogth-IM"[1] 203.217.34.219 STATE_MAIN_R3 (sent MR3,  
ISAKMP SA established); EVENT_SA_REPLACE in 3309s; newest ISAKMP
000
+ _________________________ ifconfig-a
+ ifconfig -a
eth0      Link encap:Ethernet  HWaddr 00:00:F4:60:9B:31
           inet addr:10.0.2.1  Bcast:10.0.2.255  Mask:255.255.255.0
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:831143 errors:0 dropped:0 overruns:0 frame:0
           TX packets:1183629 errors:3 dropped:0 overruns:3 carrier:0
           collisions:0 txqueuelen:1000
           RX bytes:414966367 (395.7 Mb)  TX bytes:1141797835 (1088.9 Mb)
           Interrupt:11 Base address:0xd000

eth1      Link encap:Ethernet  HWaddr 00:90:CC:51:B9:77
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:1178453 errors:0 dropped:0 overruns:0 frame:0
           TX packets:915860 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:1000
           RX bytes:1126683990 (1074.4 Mb)  TX bytes:419722563 (400.2 Mb)
           Interrupt:10 Base address:0x5000

ipsec0    Link encap:Point-to-Point Protocol
           inet addr:210.229.239.65  Mask:255.255.255.255
           UP RUNNING NOARP  MTU:16260  Metric:1
           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:10
           RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

ipsec1    Link encap:UNSPEC  HWaddr  
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
           NOARP  MTU:0  Metric:1
           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:10
           RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

ipsec2    Link encap:UNSPEC  HWaddr  
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
           NOARP  MTU:0  Metric:1
           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:10
           RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

ipsec3    Link encap:UNSPEC  HWaddr  
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
           NOARP  MTU:0  Metric:1
           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:10
           RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

lo        Link encap:Local Loopback
           inet addr:127.0.0.1  Mask:255.0.0.0
           UP LOOPBACK RUNNING  MTU:16436  Metric:1
           RX packets:1937072 errors:0 dropped:0 overruns:0 frame:0
           TX packets:1937072 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:139778608 (133.3 Mb)  TX bytes:139778608 (133.3 Mb)

ppp0      Link encap:Point-to-Point Protocol
           inet addr:210.229.239.65  P-t-P:154.33.4.102   
Mask:255.255.255.255
           UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1454  Metric:1
           RX packets:1170965 errors:0 dropped:0 overruns:0 frame:0
           TX packets:909723 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:3
           RX bytes:1099011415 (1048.0 Mb)  TX bytes:399523685 (381.0 Mb)

ppp0:0    Link encap:Point-to-Point Protocol
           inet addr:210.229.239.99  P-t-P:210.229.239.99   
Mask:255.255.255.255
           UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1454  Metric:1
           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:3
           RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

ppp0:1    Link encap:Point-to-Point Protocol
           inet addr:210.229.239.98  P-t-P:210.229.239.98   
Mask:255.255.255.255
           UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1454  Metric:1
           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:3
           RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

ppp0:2    Link encap:Point-to-Point Protocol
           inet addr:210.229.239.102  P-t-P:210.229.239.102   
Mask:255.255.255.255
           UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1454  Metric:1
           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:3
           RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

+ _________________________ mii-tool
+ '[' -x /sbin/mii-tool ']'
+ /sbin/mii-tool -v
eth0: negotiated 100baseTx-FD flow-control, link ok
   product info: Davicom DM9101 rev 0
   basic mode:   autonegotiation enabled
   basic status: autonegotiation complete, link ok
   capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
   advertising:  100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD  
flow-control
   link partner: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD  
flow-control
eth1: negotiated 100baseTx-FD, link ok
   product info: vendor 00:07:49, model 1 rev 1
   basic mode:   autonegotiation enabled
   basic status: autonegotiation complete, link ok
   capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
   advertising:  100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD  
flow-control
   link partner: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
+ _________________________ ipsec/directory
+ ipsec --directory
/usr/local/lib/ipsec
+ _________________________ hostname/fqdn
+ hostname --fqdn
edo
+ _________________________ hostname/ipaddress
+ hostname --ip-address
127.0.0.1
+ _________________________ uptime
+ uptime
  19:12:48  up 1 day,  9:02,  1 user,  load average: 0.56, 0.25, 0.13
+ _________________________ ps
+ ps alxwf
+ egrep -i 'ppid|pluto|ipsec|klips'
F   UID   PID  PPID PRI  NI   VSZ  RSS WCHAN  STAT TTY        TIME  
COMMAND
0     0 13232 12829  18   0  5116  936 wait4  S    pts/1      0:00       
                 \_ /bin/sh /usr/local/libexec/ipsec/barf
0     0 13306 13232  18   0  2492  392 pipe_w S    pts/1      0:00       
                     \_ egrep -i ppid|pluto|ipsec|klips
1     0 13129     1  22   0  3644  984 wait4  S    pts/1      0:00  
/bin/sh /usr/local/lib/ipsec/_plutorun --debug none --uniqueids yes  
--dump  --opts  --stderrlog  --wait no --pre  --post  --log  
daemon.error --pid /var/run/pluto.pid
1     0 13130 13129  22   0  3644  992 wait4  S    pts/1      0:00  \_  
/bin/sh /usr/local/lib/ipsec/_plutorun --debug none --uniqueids yes  
--dump  --opts  --stderrlog  --wait no --pre  --post  --log  
daemon.error --pid /var/run/pluto.pid
4     0 13131 13130  17   0  2468  948 schedu S    pts/1      0:00  |    
\_ /usr/local/libexec/ipsec/pluto --nofork --secretsfile  
/etc/ipsec.secrets --policygroupsdir /etc/ipsec.d/policies --debug-none  
--uniqueids
0     0 13139 13131  18   0  1348  240 schedu S    pts/1      0:00  |    
     \_ _pluto_adns
0     0 13132 13129  15   0  3260  984 pipe_w S    pts/1      0:00  \_  
/bin/sh /usr/local/lib/ipsec/_plutoload --wait no --post
0     0 13133     1  18   0  2392  292 pipe_w S    pts/1      0:00  
logger -s -p daemon.error -t ipsec__plutorun
+ _________________________ ipsec/showdefaults
+ ipsec showdefaults
# no default route
+ _________________________ ipsec/conf
+ ipsec _include /etc/ipsec.conf
+ ipsec _keycensor

#< /etc/ipsec.conf 1
# /etc/ipsec.conf - FreeS/WAN IPsec configuration file
# RCSID $Id: ipsec.conf.in,v 1.11 2003/06/13 23:28:41 sam Exp $

# edo.isentiv.co.jp
#

version 2.0     # conforms to second version of ipsec.conf specification

config setup
         interfaces="ipsec0=ppp0"
         klipsdebug=none
         plutodebug=none
         forwardcontrol=yes
         uniqueids=yes

# Standard server security definition (left)
conn %default
         # Allow only 1 try since we are the passive end
         keyingtries=1
         #
         # Security gateway - left
         left=210.229.239.65
         leftsubnet=10.0.2.0/24
         leftnexthop=154.33.4.102
         leftupdown=/usr/local/lib/ipsec/_updown_imgfx
         #
         # Add but don't start connection on startup
         auto=add
         #
         # RSA authentication
         authby=rsasig
         leftid=@edo.insentiv.co.jp
         leftrsasigkey=[keyid AQOrd0max]

# Load client (right) definitions from subdirectory

#< /etc/ipsec.d/remote.tir-na-nogth.conn 1
# /etc/ipsec.d/remote.tir-na-nogth.conn - FreeS/WAN IPsec remote  
connection file

# Connection from Tir-Na-Nog'th gateway
conn Tir-Na-Nogth-IM
         # Right - Tir-Na-Nog'th security gateway
         right=0.0.0.0
         rightsubnet=10.0.1.0/24
         rightnexthop=
         rightid=@amber.tir-na-nogth.net
         rightrsasigkey=[keyid AQN/IxlHw]


#> /etc/ipsec.conf 37

#
# Disable opportunistic encryption
#

#< /etc/ipsec.d/no_oe.conf 1
# 'include' this file to disable Opportunistic Encryption.
# See /usr/share/doc/freeswan/policygroups.html for details.
#
# RCSID $Id: no_oe.conf.in,v 1.1 2004/01/20 19:24:23 sam Exp $
conn block
     auto=ignore

conn private
     auto=ignore

conn private-or-clear
     auto=ignore

conn clear-or-private
     auto=ignore

conn clear
     auto=ignore

conn packetdefault
     auto=ignore


#> /etc/ipsec.conf 42
+ _________________________ ipsec/secrets
+ ipsec _secretcensor
+ ipsec _include /etc/ipsec.secrets

#< /etc/ipsec.secrets 1
: RSA   {
         # RSA 2192 bits   edo.insentiv.co.jp   Fri Jan 30 20:14:18 2004
         # for signatures only, UNSAFE FOR ENCRYPTION
         #pubkey=[keyid AQOrd0max]
         Modulus: [...]
         PublicExponent: [...]
         # everything after this point is secret
         PrivateExponent: [...]
         Prime1: [...]
         Prime2: [...]
         Exponent1: [...]
         Exponent2: [...]
         Coefficient: [...]
         }
# do not change the indenting of that "[sums to 7d9d...]"
+ '[' /etc/ipsec.d/policies ']'
++ basename /etc/ipsec.d/policies/block
+ base=block
+ _________________________ ipsec/policies/block
+ cat /etc/ipsec.d/policies/block
# This file defines the set of CIDRs (network/mask-length) to which
# communication should never be allowed.
#
# See /usr/local/share/doc/freeswan/policygroups.html for details.
#
# $Id: block.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#

++ basename /etc/ipsec.d/policies/clear
+ base=clear
+ _________________________ ipsec/policies/clear
+ cat /etc/ipsec.d/policies/clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be in the clear.
#
# See /usr/local/share/doc/freeswan/policygroups.html for details.
#
# $Id: clear.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
++ basename /etc/ipsec.d/policies/clear-or-private
+ base=clear-or-private
+ _________________________ ipsec/policies/clear-or-private
+ cat /etc/ipsec.d/policies/clear-or-private
# This file defines the set of CIDRs (network/mask-length) to which
# we will communicate in the clear, or, if the other side initiates  
IPSEC,
# using encryption.  This behaviour is also called "Opportunistic  
Responder".
#
# See /usr/local/share/doc/freeswan/policygroups.html for details.
#
# $Id: clear-or-private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
++ basename /etc/ipsec.d/policies/private
+ base=private
+ _________________________ ipsec/policies/private
+ cat /etc/ipsec.d/policies/private
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be private (i.e. encrypted).
# See /usr/local/share/doc/freeswan/policygroups.html for details.
#
# $Id: private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
++ basename /etc/ipsec.d/policies/private-or-clear
+ base=private-or-clear
+ _________________________ ipsec/policies/private-or-clear
+ cat /etc/ipsec.d/policies/private-or-clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should be private, if possible, but in the clear  
otherwise.
#
# If the target has a TXT (later IPSECKEY) record that specifies
# authentication material, we will require private (i.e. encrypted)
# communications.  If no such record is found, communications will be
# in the clear.
#
# See /usr/local/share/doc/freeswan/policygroups.html for details.
#
# $Id: private-or-clear.in,v 1.5 2003/02/17 02:22:15 mcr Exp $
#

0.0.0.0/0
+ _________________________ ipsec/ls-libdir
+ ls -l /usr/local/lib/ipsec
total 192
-rwxr-xr-x    1 root     root        14890 Nov 12  2003 _confread
-rwxr-xr-x    1 root     root        44116 Nov 12  2003 _copyright
-rwxr-xr-x    1 root     root         2379 Nov 12  2003 _include
-rwxr-xr-x    1 root     root         1475 Nov 12  2003 _keycensor
-rwxr-xr-x    1 root     root        64682 Nov 12  2003 _pluto_adns
-rwxr-xr-x    1 root     root         3586 Nov 12  2003 _plutoload
-rwxr-xr-x    1 root     root         5165 Nov 12  2003 _plutorun
-rwxr-xr-x    1 root     root         9719 Nov 12  2003 _realsetup
-rwxr-xr-x    1 root     root         1975 Nov 12  2003 _secretcensor
-rwxr-xr-x    1 root     root         8076 Nov 12  2003 _startklips
-rwxr-xr-x    1 root     root         7959 Feb  4  2004 _updown
-rwxr-xr-x    1 root     root         6982 Feb  4  2004 _updown_imgfx
-rwxr-xr-x    1 root     root         1942 Nov 12  2003  
ipsec_pr.template
+ _________________________ ipsec/ls-execdir
+ ls -l /usr/local/libexec/ipsec
total 2924
-rwxr-xr-x    1 root     root        12195 Nov 12  2003 auto
-rwxr-xr-x    1 root     root         8591 Nov 12  2003 barf
-rwxr-xr-x    1 root     root          816 Nov 12  2003 calcgoo
-rwxr-xr-x    1 root     root       306234 Nov 12  2003 eroute
-rwxr-xr-x    1 root     root       174875 Nov 12  2003 klipsdebug
-rwxr-xr-x    1 root     root         2449 Nov 12  2003 look
-rwxr-xr-x    1 root     root         7130 Nov 12  2003 mailkey
-rwxr-xr-x    1 root     root        16188 Nov 12  2003 manual
-rwxr-xr-x    1 root     root         1874 Nov 12  2003 newhostkey
-rwxr-xr-x    1 root     root       143342 Nov 12  2003 pf_key
-rwxr-xr-x    1 root     root      1270559 Nov 12  2003 pluto
-rwxr-xr-x    1 root     root        49086 Nov 12  2003 ranbits
-rwxr-xr-x    1 root     root        79064 Nov 12  2003 rsasigkey
-rwxr-xr-x    1 root     root        17602 Nov 12  2003 send-pr
lrwxrwxrwx    1 root     root           22 Jan 30  2004 setup ->  
/etc/rc.d/init.d/ipsec
-rwxr-xr-x    1 root     root         1048 Nov 12  2003 showdefaults
-rwxr-xr-x    1 root     root         4321 Nov 12  2003 showhostkey
-rwxr-xr-x    1 root     root       316466 Nov 12  2003 spi
-rwxr-xr-x    1 root     root       248567 Nov 12  2003 spigrp
-rwxr-xr-x    1 root     root        47342 Nov 12  2003 tncfg
-rwxr-xr-x    1 root     root         9292 Nov 12  2003 verify
-rwxr-xr-x    1 root     root       203766 Nov 12  2003 whack
+ _________________________ ipsec/updowns
++ ls /usr/local/libexec/ipsec
++ egrep updown
+ _________________________ proc/net/dev
+ cat /proc/net/dev
Inter-|   Receive                                                |   
Transmit
  face |bytes    packets errs drop fifo frame compressed multicast|bytes  
    packets errs drop fifo colls carrier compressed
     lo:139778608 1937072    0    0    0     0          0         0  
139778608 1937072    0    0    0     0       0          0
   eth0:414966962  831146    0    0    0     0          0         0  
1141798214 1183631    3    0    3     0       0          0
   eth1:1126685347 1178468    0    0    0     0          0         0  
419747736  915880    0    0    0     0       0          0
   ppp0:1099012442 1170980    0    0    0     0          0         0  
399548418  909743    0    0    0     0       0          0
ipsec0:       0       0    0    0    0     0          0         0        
  0       0    0    0    0     0       0          0
ipsec1:       0       0    0    0    0     0          0         0        
  0       0    0    0    0     0       0          0
ipsec2:       0       0    0    0    0     0          0         0        
  0       0    0    0    0     0       0          0
ipsec3:       0       0    0    0    0     0          0         0        
  0       0    0    0    0     0       0          0
+ _________________________ proc/net/route
+ cat /proc/net/route
Iface   Destination     Gateway         Flags   RefCnt  Use     Metric   
Mask   MTU      Window  IRTT
ppp0    6604219A        00000000        0005    0       0       0        
FFFFFFFF0       0       0
ipsec0  6604219A        00000000        0005    0       0       0        
FFFFFFFF0       0       0
ipsec0  0001000A        6604219A        0003    0       0       0        
00FFFFFF0       0       0
eth0    0002000A        00000000        0001    0       0       0        
00FFFFFF0       0       0
eth0    0000FEA9        00000000        0001    0       0       0        
0000FFFF0       0       0
lo      0000007F        00000000        0001    0       0       0        
000000FF0       0       0
ppp0    00000000        6604219A        0003    0       0       0        
000000000       0       0
+ _________________________ proc/sys/net/ipv4/ip_forward
+ cat /proc/sys/net/ipv4/ip_forward
1
+ _________________________ proc/sys/net/ipv4/conf/star-rp_filter
+ cd /proc/sys/net/ipv4/conf
+ egrep '^' all/rp_filter default/rp_filter eth0/rp_filter  
ipsec0/rp_filter lo/rp_filter ppp0/rp_filter
all/rp_filter:0
default/rp_filter:1
eth0/rp_filter:1
ipsec0/rp_filter:1
lo/rp_filter:1
ppp0/rp_filter:0
+ _________________________ uname-a
+ uname -a
Linux edo 2.4.22-1.2115.nptl #1 Wed Oct 29 15:20:17 EST 2003 i586 i586  
i386 GNU/Linux
+ _________________________ redhat-release
+ test -r /etc/redhat-release
+ cat /etc/redhat-release
Fedora Core release 1 (Yarrow)
+ _________________________ proc/net/ipsec_version
+ cat /proc/net/ipsec_version
FreeS/WAN version: 2.04
+ _________________________ iptables/list
+ iptables -L -v -n
Chain INPUT (policy DROP 0 packets, 0 bytes)
  pkts bytes target     prot opt in     out     source                
destination
1937K  140M ACCEPT     all  --  lo     *       0.0.0.0/0             
0.0.0.0/0
     0     0 DROP      !icmp --  *      *       0.0.0.0/0             
0.0.0.0/0          state INVALID
  404K  414M ppp0_in    all  --  ppp0   *       0.0.0.0/0             
0.0.0.0/0
  308K   41M eth0_in    all  --  eth0   *       0.0.0.0/0             
0.0.0.0/0
     0     0 ipsec0_in  all  --  ipsec0 *       0.0.0.0/0             
0.0.0.0/0
     0     0 common     all  --  *      *       0.0.0.0/0             
0.0.0.0/0
     0     0 LOG        all  --  *      *       0.0.0.0/0             
0.0.0.0/0          LOG flags 0 level 6 prefix `Shorewall:INPUT:REJECT:'
     0     0 reject     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain FORWARD (policy DROP 0 packets, 0 bytes)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 DROP      !icmp --  *      *       0.0.0.0/0             
0.0.0.0/0          state INVALID
56532 2845K TCPMSS     tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp flags:0x06/0x02 TCPMSS clamp to PMTU
  767K  685M ppp0_fwd   all  --  ppp0   *       0.0.0.0/0             
0.0.0.0/0
  515K  361M eth0_fwd   all  --  eth0   *       0.0.0.0/0             
0.0.0.0/0
     2   168 ipsec0_fwd  all  --  ipsec0 *       0.0.0.0/0             
0.0.0.0/0
43895 2288K common     all  --  *      *       0.0.0.0/0             
0.0.0.0/0
12032  745K LOG        all  --  *      *       0.0.0.0/0             
0.0.0.0/0          LOG flags 0 level 6 prefix  
`Shorewall:FORWARD:REJECT:'
12032  745K reject     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
  pkts bytes target     prot opt in     out     source                
destination
1937K  140M ACCEPT     all  --  *      lo      0.0.0.0/0             
0.0.0.0/0
     0     0 DROP      !icmp --  *      *       0.0.0.0/0             
0.0.0.0/0          state INVALID
  395K   40M fw2net     all  --  *      ppp0    0.0.0.0/0             
0.0.0.0/0
  458K  442M fw2loc     all  --  *      eth0    0.0.0.0/0             
0.0.0.0/0
    20  1680 fw2vpn     all  --  *      ipsec0  0.0.0.0/0             
0.0.0.0/0
     0     0 common     all  --  *      *       0.0.0.0/0             
0.0.0.0/0
     0     0 LOG        all  --  *      *       0.0.0.0/0             
0.0.0.0/0          LOG flags 0 level 6 prefix  
`Shorewall:OUTPUT:REJECT:'
     0     0 reject     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain all2all (3 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0          state RELATED,ESTABLISHED
     0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW tcp flags:!0x16/0x02
    24  2900 common     all  --  *      *       0.0.0.0/0             
0.0.0.0/0
    24  2900 LOG        all  --  *      *       0.0.0.0/0             
0.0.0.0/0          LOG flags 0 level 6 prefix  
`Shorewall:all2all:REJECT:'
    24  2900 reject     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain blacklst (2 references)
  pkts bytes target     prot opt in     out     source                
destination

Chain common (5 references)
  pkts bytes target     prot opt in     out     source                
destination
   686 40791 icmpdef    icmp --  *      *       0.0.0.0/0             
0.0.0.0/0
     0     0 reject     udp  --  *      *       0.0.0.0/0             
0.0.0.0/0          udp dpt:135
   396 30888 reject     udp  --  *      *       0.0.0.0/0             
0.0.0.0/0          udp dpts:137:139
     0     0 reject     udp  --  *      *       0.0.0.0/0             
0.0.0.0/0          udp dpt:445
  4758  228K reject     tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp dpt:139
14245  685K reject     tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp dpt:445
14618  704K reject     tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp dpt:135
     0     0 DROP       udp  --  *      *       0.0.0.0/0             
0.0.0.0/0          udp dpt:1900
     0     0 DROP       all  --  *      *       0.0.0.0/0             
255.255.255.255
     0     0 DROP       all  --  *      *       0.0.0.0/0             
224.0.0.0/4
     9   528 reject     tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp dpt:113
     5   256 DROP       udp  --  *      *       0.0.0.0/0             
0.0.0.0/0          udp spt:53 state NEW
     0     0 DROP       all  --  *      *       0.0.0.0/0             
10.0.2.255

Chain dynamic (6 references)
  pkts bytes target     prot opt in     out     source                
destination

Chain eth0_fwd (1 references)
  pkts bytes target     prot opt in     out     source                
destination
  4887  298K dynamic    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW
  515K  361M loc2net    all  --  *      ppp0    0.0.0.0/0             
0.0.0.0/0
     2   168 loc2vpn    all  --  *      ipsec0  0.0.0.0/0             
0.0.0.0/0

Chain eth0_in (1 references)
  pkts bytes target     prot opt in     out     source                
destination
69040 5776K dynamic    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW
  308K   41M loc2fw     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain fw2loc (1 references)
  pkts bytes target     prot opt in     out     source                
destination
  458K  442M ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0          state RELATED,ESTABLISHED
    21 31452 newnotsyn  tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW tcp flags:!0x16/0x02
     5   420 ACCEPT     icmp --  *      *       0.0.0.0/0             
0.0.0.0/0          icmp type 8
     4  1220 all2all    all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain fw2net (1 references)
  pkts bytes target     prot opt in     out     source                
destination
  374K   39M ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0          state RELATED,ESTABLISHED
     3   156 newnotsyn  tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW tcp flags:!0x16/0x02
     0     0 ACCEPT     esp  --  *      *       0.0.0.0/0             
0.0.0.0/0
     0     0 ACCEPT     ah   --  *      *       0.0.0.0/0             
0.0.0.0/0
     0     0 ACCEPT     udp  --  *      *       0.0.0.0/0             
0.0.0.0/0          udp spt:500 dpt:500 state NEW
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW tcp dpt:53
   402 26089 ACCEPT     udp  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW udp dpt:53
     0     0 ACCEPT     icmp --  *      *       0.0.0.0/0             
0.0.0.0/0          icmp type 8
20435 1226K ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain fw2vpn (1 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0          state RELATED,ESTABLISHED
     0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW tcp flags:!0x16/0x02
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW tcp dpt:53
     0     0 ACCEPT     udp  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW udp dpt:53
    20  1680 all2all    all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain icmpdef (1 references)
  pkts bytes target     prot opt in     out     source                
destination

Chain ipsec0_fwd (1 references)
  pkts bytes target     prot opt in     out     source                
destination
     2   168 dynamic    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW
     0     0 all2all    all  --  *      ppp0    0.0.0.0/0             
0.0.0.0/0
     2   168 vpn2loc    all  --  *      eth0    0.0.0.0/0             
0.0.0.0/0

Chain ipsec0_in (1 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 dynamic    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW
     0     0 vpn2fw     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain loc2fw (1 references)
  pkts bytes target     prot opt in     out     source                
destination
  239K   35M ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0          state RELATED,ESTABLISHED
     0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW tcp flags:!0x16/0x02
     1    60 ACCEPT     tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW tcp dpt:22
     0     0 ACCEPT     icmp --  *      *       0.0.0.0/0             
0.0.0.0/0          icmp type 8
69039 5776K ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain loc2net (1 references)
  pkts bytes target     prot opt in     out     source                
destination
  510K  360M ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0          state RELATED,ESTABLISHED
     0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW tcp flags:!0x16/0x02
  4887  298K ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain loc2vpn (1 references)
  pkts bytes target     prot opt in     out     source                
destination
     2   168 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0          state RELATED,ESTABLISHED
     0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW tcp flags:!0x16/0x02
     0     0 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain logdrop (58 references)
  pkts bytes target     prot opt in     out     source                
destination
   672 34814 LOG        all  --  *      *       0.0.0.0/0             
0.0.0.0/0          LOG flags 0 level 6 prefix `Shorewall:logdrop:DROP:'
   672 34814 DROP       all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain net2all (3 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0          state RELATED,ESTABLISHED
     0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW tcp flags:!0x16/0x02
  2706  141K common     all  --  *      *       0.0.0.0/0             
0.0.0.0/0
   538 36100 LOG        all  --  *      *       0.0.0.0/0             
0.0.0.0/0          LOG flags 0 level 6 prefix `Shorewall:net2all:DROP:'
   538 36100 DROP       all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain net2fw (1 references)
  pkts bytes target     prot opt in     out     source                
destination
  401K  413M ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0          state RELATED,ESTABLISHED
    91  3877 newnotsyn  tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW tcp flags:!0x16/0x02
     1   136 ACCEPT     esp  --  *      *       0.0.0.0/0             
0.0.0.0/0
     0     0 ACCEPT     ah   --  *      *       0.0.0.0/0             
0.0.0.0/0
     2   300 ACCEPT     udp  --  *      *       0.0.0.0/0             
0.0.0.0/0          udp spt:500 dpt:500 state NEW
    33  1756 ACCEPT     icmp --  *      *       0.0.0.0/0             
0.0.0.0/0          icmp type 8
     2   120 ACCEPT     tcp  --  *      *       0.0.0.0/0             
10.0.2.1           state NEW tcp dpt:22
     0     0 ACCEPT     udp  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW udp dpt:500
     0     0 ACCEPT     esp  --  *      *       0.0.0.0/0             
0.0.0.0/0
     0     0 ACCEPT     ah   --  *      *       0.0.0.0/0             
0.0.0.0/0
  2706  141K net2all    all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain net2loc (1 references)
  pkts bytes target     prot opt in     out     source                
destination
  722K  683M ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0          state RELATED,ESTABLISHED
     0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW tcp flags:!0x16/0x02
    10   528 ACCEPT     tcp  --  *      *       0.0.0.0/0             
10.0.2.61          multiport dports 80,21 state NEW ctorigdst  
210.229.239.99
     3   180 ACCEPT     tcp  --  *      *       0.0.0.0/0             
10.0.2.62          state NEW tcp dpt:80 ctorigdst 210.229.239.102
     9   480 ACCEPT     tcp  --  *      *       0.0.0.0/0             
10.0.2.60          multiport dports 80,81,443 state NEW ctorigdst  
210.229.239.98
     7   372 ACCEPT     tcp  --  *      *       0.0.0.0/0             
10.0.2.60          multiport dports 80,443 state NEW ctorigdst  
210.229.239.100
     7   372 ACCEPT     tcp  --  *      *       0.0.0.0/0             
10.0.2.60          multiport dports 80,443 state NEW ctorigdst  
210.229.239.101
     1    60 ACCEPT     tcp  --  *      *       0.0.0.0/0             
10.0.2.60          state NEW tcp dpt:21 ctorigdst 210.229.239.101
     5   300 ACCEPT     tcp  --  *      *       0.0.0.0/0             
10.0.2.60          state NEW tcp dpt:22 ctorigdst 210.229.239.98
     0     0 ACCEPT     udp  --  *      *       0.0.0.0/0             
10.0.2.20          state NEW udp dpt:5060
     0     0 ACCEPT     udp  --  *      *       0.0.0.0/0             
10.0.2.20          state NEW udp dpts:16384:16403
     0     0 net2all    all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain newnotsyn (12 references)
  pkts bytes target     prot opt in     out     source                
destination
   115 35485 LOG        all  --  *      *       0.0.0.0/0             
0.0.0.0/0          LOG flags 0 level 6 prefix  
`Shorewall:newnotsyn:DROP:'
   115 35485 DROP       all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain ppp0_fwd (1 references)
  pkts bytes target     prot opt in     out     source                
destination
44453 2312K dynamic    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW
44453 2312K blacklst   all  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW
44453 2312K rfc1918    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW
  722K  683M net2loc    all  --  *      eth0    0.0.0.0/0             
0.0.0.0/0
     0     0 net2all    all  --  *      ipsec0  0.0.0.0/0             
0.0.0.0/0

Chain ppp0_in (1 references)
  pkts bytes target     prot opt in     out     source                
destination
  2865  149K dynamic    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW
  2865  149K blacklst   all  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW
  2865  149K rfc1918    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW
  404K  414M net2fw     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain reject (11 references)
  pkts bytes target     prot opt in     out     source                
destination
44500 2142K REJECT     tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          reject-with tcp-reset
   904  213K REJECT     udp  --  *      *       0.0.0.0/0             
0.0.0.0/0          reject-with icmp-port-unreachable
   678 40211 REJECT     icmp --  *      *       0.0.0.0/0             
0.0.0.0/0          reject-with icmp-host-unreachable
     0     0 REJECT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0          reject-with icmp-host-prohibited

Chain rfc1918 (2 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 RETURN     all  --  *      *       255.255.255.255       
0.0.0.0/0
     0     0 RETURN     all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 255.255.255.255
     0     0 DROP       all  --  *      *       169.254.0.0/16        
0.0.0.0/0
     0     0 DROP       all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 169.254.0.0/16
    27  1296 logdrop    all  --  *      *       172.16.0.0/12         
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 172.16.0.0/12
     0     0 logdrop    all  --  *      *       192.0.2.0/24          
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 192.0.2.0/24
    29  1766 logdrop    all  --  *      *       192.168.0.0/16        
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 192.168.0.0/16
     0     0 logdrop    all  --  *      *       0.0.0.0/7             
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 0.0.0.0/7
     0     0 logdrop    all  --  *      *       2.0.0.0/8             
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 2.0.0.0/8
     0     0 logdrop    all  --  *      *       5.0.0.0/8             
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 5.0.0.0/8
     0     0 logdrop    all  --  *      *       7.0.0.0/8             
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 7.0.0.0/8
     0     0 logdrop    all  --  *      *       10.0.0.0/8            
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 10.0.0.0/8
     0     0 logdrop    all  --  *      *       23.0.0.0/8            
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 23.0.0.0/8
     0     0 logdrop    all  --  *      *       27.0.0.0/8            
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 27.0.0.0/8
     0     0 logdrop    all  --  *      *       31.0.0.0/8            
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 31.0.0.0/8
     0     0 logdrop    all  --  *      *       36.0.0.0/7            
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 36.0.0.0/7
     0     0 logdrop    all  --  *      *       39.0.0.0/8            
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 39.0.0.0/8
     0     0 logdrop    all  --  *      *       41.0.0.0/8            
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 41.0.0.0/8
     0     0 logdrop    all  --  *      *       42.0.0.0/8            
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 42.0.0.0/8
     0     0 logdrop    all  --  *      *       49.0.0.0/8            
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 49.0.0.0/8
     0     0 logdrop    all  --  *      *       50.0.0.0/8            
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 50.0.0.0/8
    18   864 logdrop    all  --  *      *       58.0.0.0/7            
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 58.0.0.0/7
    30  1616 logdrop    all  --  *      *       70.0.0.0/7            
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 70.0.0.0/7
     0     0 logdrop    all  --  *      *       72.0.0.0/5            
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 72.0.0.0/5
   455 23336 logdrop    all  --  *      *       83.0.0.0/8            
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 83.0.0.0/8
   113  5936 logdrop    all  --  *      *       84.0.0.0/6            
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 84.0.0.0/6
     0     0 logdrop    all  --  *      *       88.0.0.0/5            
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 88.0.0.0/5
     0     0 logdrop    all  --  *      *       96.0.0.0/3            
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 96.0.0.0/3
     0     0 logdrop    all  --  *      *       127.0.0.0/8           
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 127.0.0.0/8
     0     0 logdrop    all  --  *      *       197.0.0.0/8           
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 197.0.0.0/8
     0     0 logdrop    all  --  *      *       198.18.0.0/15         
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 198.18.0.0/15
     0     0 logdrop    all  --  *      *       223.0.0.0/8           
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 223.0.0.0/8
     0     0 logdrop    all  --  *      *       240.0.0.0/4           
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 240.0.0.0/4

Chain shorewall (0 references)
  pkts bytes target     prot opt in     out     source                
destination

Chain vpn2fw (1 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0          state RELATED,ESTABLISHED
     0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW tcp flags:!0x16/0x02
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW tcp dpt:53
     0     0 ACCEPT     udp  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW udp dpt:53
     0     0 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain vpn2loc (1 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0          state RELATED,ESTABLISHED
     0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW tcp flags:!0x16/0x02
     2   168 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0
+ _________________________ ipchains/list
+ ipchains -L -v -n
/usr/local/libexec/ipsec/barf: line 236: ipchains: command not found
+ _________________________ ipfwadm/forward
+ ipfwadm -F -l -n -e
/usr/local/libexec/ipsec/barf: line 238: ipfwadm: command not found
+ _________________________ ipfwadm/input
+ ipfwadm -I -l -n -e
/usr/local/libexec/ipsec/barf: line 240: ipfwadm: command not found
+ _________________________ ipfwadm/output
+ ipfwadm -O -l -n -e
/usr/local/libexec/ipsec/barf: line 242: ipfwadm: command not found
+ _________________________ iptables/nat
+ iptables -t nat -L -v -n
Chain PREROUTING (policy ACCEPT 83400 packets, 5695K bytes)
  pkts bytes target     prot opt in     out     source                
destination
47318 2460K net_dnat   all  --  ppp0   *       0.0.0.0/0             
0.0.0.0/0
29151 1747K REDIRECT   tcp  --  eth0   *       0.0.0.0/0             
0.0.0.0/0          tcp dpt:80 redir ports 3128

Chain POSTROUTING (policy ACCEPT 64992 packets, 3014K bytes)
  pkts bytes target     prot opt in     out     source                
destination
69486 3284K ppp0_masq  all  --  *      ppp0    0.0.0.0/0             
0.0.0.0/0

Chain OUTPUT (policy ACCEPT 20561 packets, 1269K bytes)
  pkts bytes target     prot opt in     out     source                
destination

Chain net_dnat (1 references)
  pkts bytes target     prot opt in     out     source                
destination
     2   120 LOG        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp dpt:222 LOG flags 0 level 5 prefix  
`Shorewall:net_dnat:DNAT:'
     2   120 DNAT       tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp dpt:222 to:10.0.2.1:22
    10   528 DNAT       tcp  --  *      *       0.0.0.0/0             
210.229.239.99     multiport dports 80,21 to:10.0.2.61
     3   180 DNAT       tcp  --  *      *       0.0.0.0/0             
210.229.239.102    tcp dpt:80 to:10.0.2.62
     9   480 DNAT       tcp  --  *      *       0.0.0.0/0             
210.229.239.98     multiport dports 80,81,443 to:10.0.2.60
     7   372 DNAT       tcp  --  *      *       0.0.0.0/0             
210.229.239.100    multiport dports 80,443 to:10.0.2.60
     7   372 DNAT       tcp  --  *      *       0.0.0.0/0             
210.229.239.101    multiport dports 80,443 to:10.0.2.60
     1    60 DNAT       tcp  --  *      *       0.0.0.0/0             
210.229.239.101    tcp dpt:21 to:10.0.2.60
     5   300 DNAT       tcp  --  *      *       0.0.0.0/0             
210.229.239.98     tcp dpt:223 to:10.0.2.60:22
     0     0 DNAT       udp  --  *      *       0.0.0.0/0             
0.0.0.0/0          udp dpt:5060 to:10.0.2.20
     0     0 DNAT       udp  --  *      *       0.0.0.0/0             
0.0.0.0/0          udp dpts:16384:16403 to:10.0.2.20

Chain ppp0_masq (1 references)
  pkts bytes target     prot opt in     out     source                
destination
  4715  285K MASQUERADE  all  --  *      *       10.0.2.0/24           
0.0.0.0/0
     0     0 MASQUERADE  all  --  *      *       169.254.0.0/16        
0.0.0.0/0
+ _________________________ ipchains/masq
+ ipchains -M -L -v -n
/usr/local/libexec/ipsec/barf: line 246: ipchains: command not found
+ _________________________ ipfwadm/masq
+ ipfwadm -M -l -n -e
/usr/local/libexec/ipsec/barf: line 248: ipfwadm: command not found
+ _________________________ iptables/mangle
+ iptables -t mangle -L -v -n
Chain PREROUTING (policy ACCEPT 3932K packets, 1640M bytes)
  pkts bytes target     prot opt in     out     source                
destination
3932K 1640M pretos     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain INPUT (policy ACCEPT 2650K packets, 594M bytes)
  pkts bytes target     prot opt in     out     source                
destination

Chain FORWARD (policy ACCEPT 1282K packets, 1046M bytes)
  pkts bytes target     prot opt in     out     source                
destination

Chain OUTPUT (policy ACCEPT 2790K packets, 622M bytes)
  pkts bytes target     prot opt in     out     source                
destination
2790K  622M outtos     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain POSTROUTING (policy ACCEPT 4028K packets, 1665M bytes)
  pkts bytes target     prot opt in     out     source                
destination

Chain outtos (1 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp dpt:22 TOS set 0x10
   438 89015 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp spt:22 TOS set 0x10
     0     0 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp dpt:21 TOS set 0x10
    57  2280 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp spt:21 TOS set 0x10
     0     0 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp spt:20 TOS set 0x08
     0     0 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp dpt:20 TOS set 0x08
     0     0 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp spt:4662 TOS set 0x08
     3   120 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp dpt:4662 TOS set 0x08
     0     0 TOS        udp  --  *      *       0.0.0.0/0             
0.0.0.0/0          udp spt:4672 TOS set 0x08
     0     0 TOS        udp  --  *      *       0.0.0.0/0             
0.0.0.0/0          udp dpt:4672 TOS set 0x08
     0     0 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp spt:4862 TOS set 0x08
     0     0 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp dpt:4862 TOS set 0x08
     0     0 TOS        udp  --  *      *       0.0.0.0/0             
0.0.0.0/0          udp spt:4872 TOS set 0x08
     0     0 TOS        udp  --  *      *       0.0.0.0/0             
0.0.0.0/0          udp dpt:4872 TOS set 0x08

Chain pretos (1 references)
  pkts bytes target     prot opt in     out     source                
destination
   212 15172 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp dpt:22 TOS set 0x10
  1852  587K TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp spt:22 TOS set 0x10
12274  781K TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp dpt:21 TOS set 0x10
11755 1010K TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp spt:21 TOS set 0x10
35263   43M TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp spt:20 TOS set 0x08
11545 5384K TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp dpt:20 TOS set 0x08
     3   144 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp spt:4662 TOS set 0x08
     0     0 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp dpt:4662 TOS set 0x08
     0     0 TOS        udp  --  *      *       0.0.0.0/0             
0.0.0.0/0          udp spt:4672 TOS set 0x08
     0     0 TOS        udp  --  *      *       0.0.0.0/0             
0.0.0.0/0          udp dpt:4672 TOS set 0x08
     0     0 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp spt:4862 TOS set 0x08
     0     0 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp dpt:4862 TOS set 0x08
     0     0 TOS        udp  --  *      *       0.0.0.0/0             
0.0.0.0/0          udp spt:4872 TOS set 0x08
     0     0 TOS        udp  --  *      *       0.0.0.0/0             
0.0.0.0/0          udp dpt:4872 TOS set 0x08
+ _________________________ proc/modules
+ cat /proc/modules
ipsec                 265408   2
autofs                 12276   0 (autoclean) (unused)
ipt_REDIRECT            1304   1 (autoclean)
ipt_TOS                 1560  28 (autoclean)
ipt_MASQUERADE          2200   2 (autoclean)
ipt_REJECT              3992   4 (autoclean)
ipt_LOG                 4152   8 (autoclean)
ipt_TCPMSS              2968   1 (autoclean)
ipt_state               1048  58 (autoclean)
ip_nat_irc              2896   0 (unused)
ip_nat_tftp             2608   0 (unused)
ip_nat_ftp              3536   0 (unused)
ip_conntrack_irc        4048   1
ip_conntrack_tftp       2544   1
ip_conntrack_ftp        4976   1
ipt_multiport           1144   8 (autoclean)
ipt_conntrack           1592  38 (autoclean)
iptable_filter          2348   1 (autoclean)
iptable_mangle          2712   1 (autoclean)
iptable_nat            20568   4 (autoclean) [ipt_REDIRECT  
ipt_MASQUERADE ip_nat_irc ip_nat_tftp ip_nat_ftp]
ip_conntrack           28072   6 (autoclean) [ipt_REDIRECT  
ipt_MASQUERADE ipt_state ip_nat_irc ip_nat_tftp ip_nat_ftp  
ip_conntrack_irc ip_conntrack_tftp ip_conntrack_ftp ipt_conntrack  
iptable_nat]
ip_tables              15104  14 [ipt_REDIRECT ipt_TOS ipt_MASQUERADE  
ipt_REJECT ipt_LOG ipt_TCPMSS ipt_state ipt_multiport ipt_conntrack  
iptable_filter iptable_mangle iptable_nat]
ppp_synctty             7392   0 (unused)
ppp_async               9088   1
ppp_generic            23708   3 [ppp_synctty ppp_async]
slhc                    6596   0 [ppp_generic]
tulip                  42144   1 (autoclean)
via-rhine              14384   1
mii                     3736   0 [via-rhine]
loop                   11640   0 (autoclean)
lvm-mod                61792   3
keybdev                 2752   0 (unused)
mousedev                5236   0 (unused)
hid                    23236   0 (unused)
input                   5664   0 [keybdev mousedev hid]
usb-ohci               20456   0 (unused)
usbcore                73344   1 [hid usb-ohci]
ext3                   65060   4
jbd                    48244   4 [ext3]
+ _________________________ proc/meminfo
+ cat /proc/meminfo
         total:    used:    free:  shared: buffers:  cached:
Mem:  191569920 186232832  5337088        0 74149888 63279104
Swap: 394805248  4685824 390119424
MemTotal:       187080 kB
MemFree:          5212 kB
MemShared:           0 kB
Buffers:         72412 kB
Cached:          60552 kB
SwapCached:       1244 kB
Active:          71104 kB
Inactive:        85476 kB
HighTotal:           0 kB
HighFree:            0 kB
LowTotal:       187080 kB
LowFree:          5212 kB
SwapTotal:      385552 kB
SwapFree:       380976 kB
+ _________________________ dev/ipsec-ls
+ ls -l '/dev/ipsec*'
ls: /dev/ipsec*: No such file or directory
+ _________________________ proc/net/ipsec-ls
+ ls -l /proc/net/ipsec_eroute /proc/net/ipsec_klipsdebug  
/proc/net/ipsec_spi /proc/net/ipsec_spigrp /proc/net/ipsec_tncfg  
/proc/net/ipsec_version
lrwxrwxrwx    1 root     root           16 Nov 11 19:12  
/proc/net/ipsec_eroute -> ipsec/eroute/all
lrwxrwxrwx    1 root     root           16 Nov 11 19:12  
/proc/net/ipsec_klipsdebug -> ipsec/klipsdebug
lrwxrwxrwx    1 root     root           13 Nov 11 19:12  
/proc/net/ipsec_spi -> ipsec/spi/all
lrwxrwxrwx    1 root     root           16 Nov 11 19:12  
/proc/net/ipsec_spigrp -> ipsec/spigrp/all
lrwxrwxrwx    1 root     root           11 Nov 11 19:12  
/proc/net/ipsec_tncfg -> ipsec/tncfg
lrwxrwxrwx    1 root     root           13 Nov 11 19:12  
/proc/net/ipsec_version -> ipsec/version
+ _________________________ usr/src/linux/.config
+ test -f /usr/src/linux/.config
+ _________________________ etc/syslog.conf
+ cat /etc/syslog.conf
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*                                                 /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none                 
/var/log/messages

# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure

# Log all the mail messages in one place.
mail.*                                                  /var/log/maillog


# Log cron stuff
cron.*                                                  /var/log/cron

# Everybody gets emergency messages
*.emerg                                                 *

# Save news errors of level crit and higher in a special file.
uucp,news.crit                                          /var/log/spooler

# Save boot messages also to boot.log
local7.*                                                 
/var/log/boot.log
+ _________________________ etc/resolv.conf
+ cat /etc/resolv.conf
# MADE-BY-RP-PPPOE
nameserver 154.33.63.214
nameserver 154.33.63.210
+ _________________________ lib/modules-ls
+ ls -ltr /lib/modules
total 4
drwxr-xr-x    4 root     root         4096 Jan 26  2004  
2.4.22-1.2115.nptl
+ _________________________ proc/ksyms-netif_rx
+ egrep netif_rx /proc/ksyms
c01fb250 netif_rx_R07a1a075
+ _________________________ lib/modules-netif_rx
+ modulegoo kernel/net/ipv4/ipip.o netif_rx
+ set +x
2.4.22-1.2115.nptl:          U netif_rx_R07a1a075
+ _________________________ kern.debug
+ test -f /var/log/kern.debug
+ _________________________ klog
+ egrep -i 'ipsec|klips|pluto'
+ sed -n '70958,$p' /var/log/messages
+ cat
Nov 11 19:12:00 edo ipsec_setup: Starting FreeS/WAN IPsec 2.04...
Nov 11 19:12:02 edo ipsec_setup: Using  
/lib/modules/2.4.22-1.2115.nptl/kernel/net/ipsec/ipsec.o
Nov 11 19:12:02 edo kernel: klips_info:ipsec_init: KLIPS startup,  
FreeS/WAN IPSec version: 2.04
Nov 11 19:12:03 edo ipsec_setup: KLIPS debug `none'
Nov 11 19:12:03 edo ipsec_setup: KLIPS ipsec0 on ppp0  
210.229.239.65/255.255.255.255 pointopoint 154.33.4.102
Nov 11 19:12:04 edo ipsec_setup: ...FreeS/WAN IPsec started
+ _________________________ plog
+ sed -n '54,$p' /var/log/secure
+ egrep -i pluto
+ cat
Nov 11 19:12:04 edo ipsec__plutorun: Starting Pluto subsystem...
Nov 11 19:12:04 edo pluto[13131]: Starting Pluto (FreeS/WAN Version  
2.04 PLUTO_USES_KEYRR)
Nov 11 19:12:04 edo pluto[13131]: Using KLIPS IPsec interface code
Nov 11 19:12:05 edo pluto[13131]: added connection description  
"Tir-Na-Nogth-IM"
Nov 11 19:12:05 edo pluto[13131]: listening for IKE messages
Nov 11 19:12:05 edo pluto[13131]: adding interface ipsec0/ppp0  
210.229.239.65
Nov 11 19:12:05 edo pluto[13131]: loading secrets from  
"/etc/ipsec.secrets"
Nov 11 19:12:25 edo pluto[13131]: "Tir-Na-Nogth-IM"[1] 203.217.34.219  
#1: responding to Main Mode from unknown peer 203.217.34.219
Nov 11 19:12:25 edo pluto[13131]: "Tir-Na-Nogth-IM"[1] 203.217.34.219  
#1: sent MR3, ISAKMP SA established
Nov 11 19:12:26 edo pluto[13131]: "Tir-Na-Nogth-IM"[1] 203.217.34.219  
#2: responding to Quick Mode
Nov 11 19:12:26 edo pluto[13131]: "Tir-Na-Nogth-IM"[1] 203.217.34.219  
#2: up-client output: /usr/local/lib/ipsec/_updown_imgfx
Nov 11 19:12:26 edo pluto[13131]: "Tir-Na-Nogth-IM"[1] 203.217.34.219  
#2: prepare-client output: /usr/local/lib/ipsec/_updown_imgfx
Nov 11 19:12:26 edo pluto[13131]: "Tir-Na-Nogth-IM"[1] 203.217.34.219  
#2: route-client output: /usr/local/lib/ipsec/_updown_imgfx
Nov 11 19:12:26 edo pluto[13131]: "Tir-Na-Nogth-IM"[1] 203.217.34.219  
#2: IPsec SA established {ESP=>0x01106a70 <0xa57ee5b0}
+ _________________________ date
+ date
Thu Nov 11 19:12:53 JST 2004



More information about the Users mailing list