[Openswan Users] Opens/wan on kernel 2.6 <-> opens/wan on kernel 2.4 = failure

Itai Tavor itai at iinet.net.au
Tue Nov 30 19:51:03 CET 2004


Hi,

And I'm back... my attempts to get a new opens/wan gateway to connect  
to an existing frees/wan system went nowhere, so I decided that having  
opens/wan on both sides might improve my luck. No luck :(

I'm now running the following setup:

right (amber): FC2, openswan-2.2.0-2 rpm, kernel 2.6.10-rc1, shorewall
Left (edo): FC1, kernel 2.4.22-1.2199 (atrmps version, with openswan  
support), openswan-2.2.0-17 rpm, shorewall

Both sides act as LAN gateways, left with a fixed IP, right connected  
to ADSL with a dynamic IP. The connection (triggered from right) starts  
fine but pings don't work in either direction. I tried both with the  
firewall on and off on both sides, with identical results.

Attached ipsec barf on both sides.

Any suggestions?

TIA, Itai


edo
Tue Nov 30 17:42:37 JST 2004
+ _________________________ version
+ ipsec --version
Linux Openswan Ucvs2002Mar11_19:19:03/K2.1.2rc3 (klips)
See `ipsec --copyright' for copyright information.
+ _________________________ proc/version
+ cat /proc/version
Linux version 2.4.22-1.2199.nptl_52.rhfc1.at (bachbuilder at n27) (gcc  
version 3.2.3 20030422 (Red Hat Linux 3.2.3-6)) #1 Wed Aug 11 19:48:01  
EDT 2004
+ _________________________ proc/net/ipsec_eroute
+ test -r /proc/net/ipsec_eroute
+ sort -sg +3 /proc/net/ipsec_eroute
+ _________________________ netstat-rn
+ netstat -nr
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window   
irtt Iface
154.33.4.102    0.0.0.0         255.255.255.255 UH        0 0           
0 ppp0
154.33.4.102    0.0.0.0         255.255.255.255 UH        0 0           
0 ipsec0
10.0.2.0        0.0.0.0         255.255.255.0   U         0 0           
0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0           
0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U         0 0           
0 lo
0.0.0.0         154.33.4.102    0.0.0.0         UG        0 0           
0 ppp0
+ _________________________ proc/net/ipsec_spi
+ test -r proc/net/ipsec_spi
+ _________________________ proc/net/ipsec_spigrp
+ test -r /proc/net/ipsec_spigrp
+ cat /proc/net/ipsec_spigrp
+ _________________________ proc/net/ipsec_tncfg
+ test -r /proc/net/ipsec_tncfg
+ cat /proc/net/ipsec_tncfg
ipsec0 -> ppp0 mtu=16260(1454) -> 1454
ipsec1 -> NULL mtu=0(0) -> 0
ipsec2 -> NULL mtu=0(0) -> 0
ipsec3 -> NULL mtu=0(0) -> 0
+ _________________________ proc/net/pfkey
+ test -r /proc/net/pfkey
+ _________________________ proc/sys/net/ipsec-star
+ test -d /proc/sys/net/ipsec
+ cd /proc/sys/net/ipsec
+ egrep '^' debug_ah debug_eroute debug_esp debug_netlink debug_pfkey  
debug_radij debug_rcv debug_spi debug_tunnel debug_verbose debug_xform  
icmp inbound_policy_check tos
debug_ah:0
debug_eroute:0
debug_esp:0
debug_netlink:0
debug_pfkey:0
debug_radij:0
debug_rcv:0
debug_spi:0
debug_tunnel:0
debug_verbose:0
debug_xform:0
icmp:1
inbound_policy_check:1
tos:1
+ _________________________ ipsec/status
+ ipsec auto --status
000 interface ipsec0/ppp0 210.229.239.65
000 %myid = (none)
000 debug none
000
000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=64,  
keysizemin=168, keysizemax=168
000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5,  
keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1,  
keysizemin=160, keysizemax=160
000
000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16,  
keydeflen=128
000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8,  
keydeflen=192
000 algorithm IKE hash: id=2, name=OAKLEY_SHA, hashsize=20
000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
000
000 stats db_ops.c: {curr_cnt, total_cnt, maxsz} :context={0,0,0}  
trans={0,0,0} attrs={0,0,0}
000
000 "Tir-Na-Nogth-IM":  
10.0.2.0/24===210.229.239.65[@edo.insentiv.co.jp]-- 
-154.33.4.102...%any[@amber.tir-na-nogth.net]===10.0.1.0/24; unrouted;  
eroute owner: #0
000 "Tir-Na-Nogth-IM":   ike_life: 3600s; ipsec_life: 28800s;  
rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 1
000 "Tir-Na-Nogth-IM":   policy: RSASIG+ENCRYPT+TUNNEL+PFS; prio:  
24,24; interface: ppp0;
000 "Tir-Na-Nogth-IM":   newest ISAKMP SA: #0; newest IPsec SA: #0;
000 "Tir-Na-Nogth-IM":   IKE algorithms wanted: 5_000-1-5, 5_000-1-2,  
5_000-2-5, 5_000-2-2, flags=-strict
000 "Tir-Na-Nogth-IM":   IKE algorithms found:  5_192-1_128-5,  
5_192-1_128-2, 5_192-2_160-5, 5_192-2_160-2,
000 "Tir-Na-Nogth-IM":   ESP algorithms wanted: 3_000-1, 3_000-2,  
flags=-strict
000 "Tir-Na-Nogth-IM":   ESP algorithms loaded: 3_000-1, 3_000-2,  
flags=-strict
000
000
+ _________________________ ifconfig-a
+ ifconfig -a
eth0      Link encap:Ethernet  HWaddr 00:00:F4:60:9B:31
           inet addr:10.0.2.1  Bcast:10.0.2.255  Mask:255.255.255.0
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:22833 errors:0 dropped:0 overruns:0 frame:0
           TX packets:26013 errors:3 dropped:0 overruns:3 carrier:0
           collisions:0 txqueuelen:1000
           RX bytes:5865514 (5.5 Mb)  TX bytes:22076060 (21.0 Mb)
           Interrupt:11 Base address:0xd000

eth1      Link encap:Ethernet  HWaddr 00:90:CC:51:B9:77
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:27319 errors:0 dropped:0 overruns:0 frame:0
           TX packets:23200 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:1000
           RX bytes:21802621 (20.7 Mb)  TX bytes:5886159 (5.6 Mb)
           Interrupt:10 Base address:0x9000

ipsec0    Link encap:Point-to-Point Protocol
           inet addr:210.229.239.65  Mask:255.255.255.255
           UP RUNNING NOARP  MTU:16260  Metric:1
           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:10
           RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

ipsec1    Link encap:UNSPEC  HWaddr  
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
           NOARP  MTU:0  Metric:1
           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:10
           RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

ipsec2    Link encap:UNSPEC  HWaddr  
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
           NOARP  MTU:0  Metric:1
           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:10
           RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

ipsec3    Link encap:UNSPEC  HWaddr  
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
           NOARP  MTU:0  Metric:1
           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:10
           RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

lo        Link encap:Local Loopback
           inet addr:127.0.0.1  Mask:255.0.0.0
           UP LOOPBACK RUNNING  MTU:16436  Metric:1
           RX packets:13278 errors:0 dropped:0 overruns:0 frame:0
           TX packets:13278 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:901831 (880.6 Kb)  TX bytes:901831 (880.6 Kb)

ppp0      Link encap:Point-to-Point Protocol
           inet addr:210.229.239.65  P-t-P:154.33.4.102   
Mask:255.255.255.255
           UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1454  Metric:1
           RX packets:27181 errors:0 dropped:0 overruns:0 frame:0
           TX packets:23063 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:3
           RX bytes:21197609 (20.2 Mb)  TX bytes:5377413 (5.1 Mb)

ppp0:0    Link encap:Point-to-Point Protocol
           inet addr:210.229.239.99  P-t-P:210.229.239.99   
Mask:255.255.255.255
           UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1454  Metric:1
           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:3
           RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

ppp0:1    Link encap:Point-to-Point Protocol
           inet addr:210.229.239.98  P-t-P:210.229.239.98   
Mask:255.255.255.255
           UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1454  Metric:1
           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:3
           RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

ppp0:2    Link encap:Point-to-Point Protocol
           inet addr:210.229.239.102  P-t-P:210.229.239.102   
Mask:255.255.255.255
           UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1454  Metric:1
           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:3
           RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

+ _________________________ ipsec_verify
+ ipsec verify --nocolour
Checking your system to see if IPsec got installed and started  
correctly:
Version check and ipsec on-path                                          
[OK]
Linux Openswan Ucvs2002Mar11_19:19:03/K2.1.2rc3 (klips)
Checking for IPsec support in kernel                                     
[OK]
Checking for RSA private key (/etc/ipsec.secrets)                        
[OK]
Checking that pluto is running                                           
[OK]
Two or more interfaces found, checking IP forwarding                     
[OK]
Checking NAT and MASQUERADEing
Checking for 'ip' command                                                
[OK]
Checking for 'iptables' command                                          
[OK]

Opportunistic Encryption DNS checks:
    Looking for TXT in forward dns zone: edo                              
[MISSING]
    Does the machine have at least one non-private address?               
[OK]
    Looking for TXT in reverse dns zone: 65.239.229.210.in-addr.arpa.     
[MISSING]
    Looking for TXT in reverse dns zone: 99.239.229.210.in-addr.arpa.     
[MISSING]
    Looking for TXT in reverse dns zone: 98.239.229.210.in-addr.arpa.     
[MISSING]
    Looking for TXT in reverse dns zone: 102.239.229.210.in-addr.arpa.    
[MISSING]
+ _________________________ mii-tool
+ '[' -x /sbin/mii-tool ']'
+ /sbin/mii-tool -v
eth0: negotiated 100baseTx-FD flow-control, link ok
   product info: Davicom DM9101 rev 0
   basic mode:   autonegotiation enabled
   basic status: autonegotiation complete, link ok
   capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
   advertising:  100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD  
flow-control
   link partner: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD  
flow-control
eth1: negotiated 100baseTx-FD, link ok
   product info: vendor 00:07:49, model 1 rev 1
   basic mode:   autonegotiation enabled
   basic status: autonegotiation complete, link ok
   capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
   advertising:  100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD  
flow-control
   link partner: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
+ _________________________ ipsec/directory
+ ipsec --directory
/usr/lib/ipsec
+ _________________________ hostname/fqdn
+ hostname --fqdn
edo
+ _________________________ hostname/ipaddress
+ hostname --ip-address
127.0.0.1
+ _________________________ uptime
+ uptime
  17:42:51  up 42 min,  1 user,  load average: 1.11, 0.60, 0.27
+ _________________________ ps
+ ps alxwf
+ egrep -i 'ppid|pluto|ipsec|klips'
F   UID   PID  PPID PRI  NI   VSZ  RSS WCHAN  STAT TTY        TIME  
COMMAND
0     0  7571  3199  19   0  4516  936 wait4  S    pts/1      0:00       
                 \_ /bin/sh /usr/libexec/ipsec/barf
0     0  7667  7571  20   0  2912  392 pipe_w S    pts/1      0:00       
                     \_ egrep -i ppid|pluto|ipsec|klips
1     0  7502     1  19   0  2428  984 wait4  S    pts/1      0:00  
/bin/sh /usr/lib/ipsec/_plutorun --debug none --uniqueids yes  
--nocrsend  --strictcrlpolicy  --nat_traversal  --keep_alive   
--force_keepalive  --disable_port_floating  --virtual_private   
--crlcheckinterval 0 --ocspuri  --dump  --opts  --stderrlog  --wai
1     0  7503  7502  19   0  2428  996 wait4  S    pts/1      0:00  \_  
/bin/sh /usr/lib/ipsec/_plutorun --debug none --uniqueids yes  
--nocrsend  --strictcrlpolicy  --nat_traversal  --keep_alive   
--force_keepalive  --disable_port_floating  --virtual_private   
--crlcheckinterval 0 --ocspuri  --dump  --opts  --stderrlog  -
4     0  7504  7503  16   0  3368  916 schedu S    pts/1      0:00  |    
\_ /usr/libexec/ipsec/pluto --nofork --secretsfile /etc/ipsec.secrets  
--ipsecdir /etc/ipsec.d --debug-none --uniqueids
0     0  7515  7504  23   0  1728  240 schedu S    pts/1      0:00  |    
     \_ _pluto_adns
0     0  7505  7502  15   0  2612  984 pipe_w S    pts/1      0:00  \_  
/bin/sh /usr/lib/ipsec/_plutoload --wait no --post
0     0  7507     1  19   0  1904  292 pipe_w S    pts/1      0:00  
logger -s -p daemon.error -t ipsec__plutorun
+ _________________________ ipsec/showdefaults
+ ipsec showdefaults
# no default route
+ _________________________ ipsec/conf
+ ipsec _include /etc/ipsec.conf
+ ipsec _keycensor

#< /etc/ipsec.conf 1
# /etc/ipsec.conf - FreeS/WAN IPsec configuration file
# RCSID $Id: ipsec.conf.in,v 1.11 2003/06/13 23:28:41 sam Exp $

# edo.isentiv.co.jp
#

version 2.0     # conforms to second version of ipsec.conf specification

config setup
         interfaces="ipsec0=ppp0"
         klipsdebug=none
         plutodebug=none
         uniqueids=yes

# Standard server security definition (left)
conn %default
         # Allow only 1 try since we are the passive end
         keyingtries=1
         #
         # Security gateway - left
         left=210.229.239.65
         leftsubnet=10.0.2.0/24
         leftnexthop=154.33.4.102
         leftupdown=/usr/lib/ipsec/_updown
         #
         # Add but don't start connection on startup
         auto=add
         #
         #
         # RSA authentication
         authby=rsasig
         leftid=@edo.insentiv.co.jp
         leftrsasigkey=[keyid AQOrd0max]

# Load client (right) definitions from subdirectory

#< /etc/ipsec.d/remote.tir-na-nogth.conn 1
# /etc/ipsec.d/remote.tir-na-nogth.conn - FreeS/WAN IPsec remote  
connection file

# Connection from Tir-Na-Nog'th gateway
conn Tir-Na-Nogth-IM
         # Right - Tir-Na-Nog'th security gateway
         right=%any
         rightsubnet=10.0.1.0/24
         #
         rightid=@amber.tir-na-nogth.net
         rightrsasigkey=[keyid AQN/IxlHw]


#> /etc/ipsec.conf 37

#
# Disable opportunistic encryption
#

#< /etc/ipsec.d/no_oe.conf 1
# 'include' this file to disable Opportunistic Encryption.
# See /usr/share/doc/freeswan/policygroups.html for details.
#
# RCSID $Id: no_oe.conf.in,v 1.1 2004/01/20 19:24:23 sam Exp $
conn block
     auto=ignore

conn private
     auto=ignore

conn private-or-clear
     auto=ignore

conn clear-or-private
     auto=ignore

conn clear
     auto=ignore

conn packetdefault
     auto=ignore


#> /etc/ipsec.conf 42
+ _________________________ ipsec/secrets
+ ipsec _secretcensor
+ ipsec _include /etc/ipsec.secrets

#< /etc/ipsec.secrets 1
: RSA   {
         # RSA 2192 bits   edo.insentiv.co.jp   Fri Jan 30 20:14:18 2004
         # for signatures only, UNSAFE FOR ENCRYPTION
         #pubkey=[keyid AQOrd0max]
         Modulus: [...]
         PublicExponent: [...]
         # everything after this point is secret
         PrivateExponent: [...]
         Prime1: [...]
         Prime2: [...]
         Exponent1: [...]
         Exponent2: [...]
         Coefficient: [...]
         }
# do not change the indenting of that "[sums to 7d9d...]"
+ _________________________ ipsec/listall
+ ipsec auto --listall
000
000 List of Public Keys:
000
000 Nov 30 17:42:21 2004, 2192 RSA Key AQN/IxlHw, until --- -- --:--:--  
---- ok (expires never)
000        ID_FQDN '@amber.tir-na-nogth.net'
000 Nov 30 17:42:21 2004, 2192 RSA Key AQOrd0max, until --- -- --:--:--  
---- ok (expires never)
000        ID_FQDN '@edo.insentiv.co.jp'
+ '[' /etc/ipsec.d/policies ']'
++ basename /etc/ipsec.d/policies/block
+ base=block
+ _________________________ ipsec/policies/block
+ cat /etc/ipsec.d/policies/block
# This file defines the set of CIDRs (network/mask-length) to which
# communication should never be allowed.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: block.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#

++ basename /etc/ipsec.d/policies/clear
+ base=clear
+ _________________________ ipsec/policies/clear
+ cat /etc/ipsec.d/policies/clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be in the clear.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: clear.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
++ basename /etc/ipsec.d/policies/clear-or-private
+ base=clear-or-private
+ _________________________ ipsec/policies/clear-or-private
+ cat /etc/ipsec.d/policies/clear-or-private
# This file defines the set of CIDRs (network/mask-length) to which
# we will communicate in the clear, or, if the other side initiates  
IPSEC,
# using encryption.  This behaviour is also called "Opportunistic  
Responder".
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: clear-or-private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
++ basename /etc/ipsec.d/policies/private
+ base=private
+ _________________________ ipsec/policies/private
+ cat /etc/ipsec.d/policies/private
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be private (i.e. encrypted).
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
++ basename /etc/ipsec.d/policies/private-or-clear
+ base=private-or-clear
+ _________________________ ipsec/policies/private-or-clear
+ cat /etc/ipsec.d/policies/private-or-clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should be private, if possible, but in the clear  
otherwise.
#
# If the target has a TXT (later IPSECKEY) record that specifies
# authentication material, we will require private (i.e. encrypted)
# communications.  If no such record is found, communications will be
# in the clear.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: private-or-clear.in,v 1.5 2003/02/17 02:22:15 mcr Exp $
#

0.0.0.0/0
+ _________________________ ipsec/ls-libdir
+ ls -l /usr/lib/ipsec
total 100
-rwxr-xr-x    1 root     root        15403 Sep 19 09:25 _confread
-rwxr-xr-x    1 root     root         4620 Sep 19 09:25 _copyright
-rwxr-xr-x    1 root     root         2379 Sep 19 09:25 _include
-rwxr-xr-x    1 root     root         1475 Sep 19 09:25 _keycensor
-rwxr-xr-x    1 root     root         3586 Sep 19 09:25 _plutoload
-rwxr-xr-x    1 root     root         7167 Sep 19 09:25 _plutorun
-rwxr-xr-x    1 root     root        10493 Sep 19 09:25 _realsetup
-rwxr-xr-x    1 root     root         1975 Sep 19 09:25 _secretcensor
-rwxr-xr-x    1 root     root         9010 Sep 19 09:25 _startklips
-rwxr-xr-x    1 root     root        12313 Sep 19 09:25 _updown
-rwxr-xr-x    1 root     root         7572 Sep 19 09:25 _updown_x509
-rwxr-xr-x    1 root     root         1942 Sep 19 09:25  
ipsec_pr.template
+ _________________________ ipsec/ls-execdir
+ ls -l /usr/libexec/ipsec
total 1240
-rwxr-xr-x    1 root     root         9860 Sep 19 09:25 _pluto_adns
-rwxr-xr-x    1 root     root        19220 Sep 19 09:25 auto
-rwxr-xr-x    1 root     root        10224 Sep 19 09:25 barf
-rwxr-xr-x    1 root     root          816 Sep 19 09:25 calcgoo
-rwxr-xr-x    1 root     root        77984 Sep 19 09:25 eroute
-rwxr-xr-x    1 root     root        58180 Sep 19 09:25 klipsdebug
-rwxr-xr-x    1 root     root         2461 Sep 19 09:25 look
-rwxr-xr-x    1 root     root         7118 Sep 19 09:25 mailkey
-rwxr-xr-x    1 root     root        16188 Sep 19 09:25 manual
-rwxr-xr-x    1 root     root         1874 Sep 19 09:25 newhostkey
-rwxr-xr-x    1 root     root        52784 Sep 19 09:25 pf_key
-rwxr-xr-x    1 root     root       562204 Sep 19 09:25 pluto
-rwxr-xr-x    1 root     root         6592 Sep 19 09:25 ranbits
-rwxr-xr-x    1 root     root        18656 Sep 19 09:25 rsasigkey
-rwxr-xr-x    1 root     root          766 Sep 19 09:25 secrets
-rwxr-xr-x    1 root     root        17578 Sep 19 09:25 send-pr
lrwxrwxrwx    1 root     root           22 Nov 30 16:39 setup ->  
/etc/rc.d/init.d/ipsec
-rwxr-xr-x    1 root     root         1048 Sep 19 09:25 showdefaults
-rwxr-xr-x    1 root     root         4364 Sep 19 09:25 showhostkey
-rwxr-xr-x    1 root     root       114364 Sep 19 09:25 spi
-rwxr-xr-x    1 root     root        68480 Sep 19 09:25 spigrp
-rwxr-xr-x    1 root     root        77824 Sep 19 09:25 starter
-rwxr-xr-x    1 root     root         9808 Sep 19 09:25 tncfg
-rwxr-xr-x    1 root     root        10189 Sep 19 09:25 verify
-rwxr-xr-x    1 root     root        43036 Sep 19 09:25 whack
+ _________________________ ipsec/updowns
++ ls /usr/libexec/ipsec
++ egrep updown
+ _________________________ proc/net/dev
+ cat /proc/net/dev
Inter-|   Receive                                                |   
Transmit
  face |bytes    packets errs drop fifo frame compressed multicast|bytes  
    packets errs drop fifo colls carrier compressed
     lo:  901831   13278    0    0    0     0          0         0    
901831   13278    0    0    0     0       0          0
   eth0: 5882368   22931    0    0    0     0          0         0  
22238289   26152    3    0    3     0       0          0
   eth1:21971096   27520    0    0    0     0          0         0   
5946139   23414    0    0    0     0       0          0
   ppp0:21360158   27380    0    0    0     0          0         0   
5429781   23275    0    0    0     0       0          0
ipsec0:       0       0    0    0    0     0          0         0        
  0       0    0    0    0     0       0          0
ipsec1:       0       0    0    0    0     0          0         0        
  0       0    0    0    0     0       0          0
ipsec2:       0       0    0    0    0     0          0         0        
  0       0    0    0    0     0       0          0
ipsec3:       0       0    0    0    0     0          0         0        
  0       0    0    0    0     0       0          0
+ _________________________ proc/net/route
+ cat /proc/net/route
Iface   Destination     Gateway         Flags   RefCnt  Use     Metric   
Mask   MTU      Window  IRTT
ppp0    6604219A        00000000        0005    0       0       0        
FFFFFFFF0       0       0
ipsec0  6604219A        00000000        0005    0       0       0        
FFFFFFFF0       0       0
eth0    0002000A        00000000        0001    0       0       0        
00FFFFFF0       0       0
eth0    0000FEA9        00000000        0001    0       0       0        
0000FFFF0       0       0
lo      0000007F        00000000        0001    0       0       0        
000000FF0       0       0
ppp0    00000000        6604219A        0003    0       0       0        
000000000       0       0
+ _________________________ proc/sys/net/ipv4/ip_forward
+ cat /proc/sys/net/ipv4/ip_forward
1
+ _________________________ proc/sys/net/ipv4/conf/star-rp_filter
+ cd /proc/sys/net/ipv4/conf
+ egrep '^' all/rp_filter default/rp_filter eth0/rp_filter  
ipsec0/rp_filter lo/rp_filter ppp0/rp_filter
all/rp_filter:0
default/rp_filter:1
eth0/rp_filter:1
ipsec0/rp_filter:1
lo/rp_filter:1
ppp0/rp_filter:0
+ _________________________ uname-a
+ uname -a
Linux edo 2.4.22-1.2199.nptl_52.rhfc1.at #1 Wed Aug 11 19:48:01 EDT  
2004 i586 i586 i386 GNU/Linux
+ _________________________ config-built-with
+ test -r /proc/config_built_with
+ _________________________ redhat-release
+ test -r /etc/redhat-release
+ cat /etc/redhat-release
Fedora Core release 1 (Yarrow)
+ _________________________ proc/net/ipsec_version
+ test -r /proc/net/ipsec_version
+ cat /proc/net/ipsec_version
Openswan version: 2.1.2rc3
+ _________________________ ipfwadm
+ test -r /sbin/ipfwadm
+ 'no old-style linux 1.x/2.0 ipfwadm firewall support'
/usr/libexec/ipsec/barf: line 288: no old-style linux 1.x/2.0 ipfwadm  
firewall support: No such file or directory
+ _________________________ ipchains
+ test -r /sbin/ipchains
+ echo 'no old-style linux 2.0 ipchains firewall support'
no old-style linux 2.0 ipchains firewall support
+ _________________________ iptables
+ test -r /sbin/iptables
+ iptables -L -v -n
Chain INPUT (policy DROP 4 packets, 1016 bytes)
  pkts bytes target     prot opt in     out     source                
destination
  1216 85468 ACCEPT     all  --  lo     *       0.0.0.0/0             
0.0.0.0/0
     0     0 DROP      !icmp --  *      *       0.0.0.0/0             
0.0.0.0/0          state INVALID
   842  527K ppp0_in    all  --  ppp0   *       0.0.0.0/0             
0.0.0.0/0
   280 83367 eth0_in    all  --  eth0   *       0.0.0.0/0             
0.0.0.0/0
     0     0 ipsec0_in  all  --  ipsec0 *       0.0.0.0/0             
0.0.0.0/0
     0     0 common     all  --  *      *       0.0.0.0/0             
0.0.0.0/0
     0     0 LOG        all  --  *      *       0.0.0.0/0             
0.0.0.0/0          LOG flags 0 level 6 prefix `Shorewall:INPUT:REJECT:'
     0     0 reject     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain FORWARD (policy DROP 7 packets, 364 bytes)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 DROP      !icmp --  *      *       0.0.0.0/0             
0.0.0.0/0          state INVALID
    32  1644 TCPMSS     tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp flags:0x06/0x02 TCPMSS clamp to PMTU
   379  403K ppp0_fwd   all  --  ppp0   *       0.0.0.0/0             
0.0.0.0/0
   320 24887 eth0_fwd   all  --  eth0   *       0.0.0.0/0             
0.0.0.0/0
     0     0 ipsec0_fwd  all  --  ipsec0 *       0.0.0.0/0             
0.0.0.0/0
     9   444 common     all  --  *      *       0.0.0.0/0             
0.0.0.0/0
     0     0 LOG        all  --  *      *       0.0.0.0/0             
0.0.0.0/0          LOG flags 0 level 6 prefix  
`Shorewall:FORWARD:REJECT:'
     0     0 reject     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
  pkts bytes target     prot opt in     out     source                
destination
  1216 85468 ACCEPT     all  --  *      lo      0.0.0.0/0             
0.0.0.0/0
     0     0 DROP      !icmp --  *      *       0.0.0.0/0             
0.0.0.0/0          state INVALID
   894  179K fw2net     all  --  *      ppp0    0.0.0.0/0             
0.0.0.0/0
   533  507K fw2loc     all  --  *      eth0    0.0.0.0/0             
0.0.0.0/0
     0     0 fw2vpn     all  --  *      ipsec0  0.0.0.0/0             
0.0.0.0/0
     0     0 common     all  --  *      *       0.0.0.0/0             
0.0.0.0/0
     0     0 LOG        all  --  *      *       0.0.0.0/0             
0.0.0.0/0          LOG flags 0 level 6 prefix  
`Shorewall:OUTPUT:REJECT:'
     0     0 reject     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain all2all (3 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0          state RELATED,ESTABLISHED
     0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW tcp flags:!0x16/0x02
     0     0 common     all  --  *      *       0.0.0.0/0             
0.0.0.0/0
     0     0 LOG        all  --  *      *       0.0.0.0/0             
0.0.0.0/0          LOG flags 0 level 6 prefix  
`Shorewall:all2all:REJECT:'
     0     0 reject     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain blacklst (2 references)
  pkts bytes target     prot opt in     out     source                
destination

Chain common (5 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 icmpdef    icmp --  *      *       0.0.0.0/0             
0.0.0.0/0
     0     0 reject     udp  --  *      *       0.0.0.0/0             
0.0.0.0/0          udp dpt:135
     0     0 reject     udp  --  *      *       0.0.0.0/0             
0.0.0.0/0          udp dpts:137:139
     0     0 reject     udp  --  *      *       0.0.0.0/0             
0.0.0.0/0          udp dpt:445
     3   144 reject     tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp dpt:139
     0     0 reject     tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp dpt:445
     6   300 reject     tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp dpt:135
     0     0 DROP       udp  --  *      *       0.0.0.0/0             
0.0.0.0/0          udp dpt:1900
     0     0 DROP       all  --  *      *       0.0.0.0/0             
255.255.255.255
     0     0 DROP       all  --  *      *       0.0.0.0/0             
224.0.0.0/4
     0     0 reject     tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp dpt:113
     0     0 DROP       udp  --  *      *       0.0.0.0/0             
0.0.0.0/0          udp spt:53 state NEW
     0     0 DROP       all  --  *      *       0.0.0.0/0             
10.0.2.255

Chain dynamic (6 references)
  pkts bytes target     prot opt in     out     source                
destination

Chain eth0_fwd (1 references)
  pkts bytes target     prot opt in     out     source                
destination
     8   480 dynamic    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW
   320 24887 loc2net    all  --  *      ppp0    0.0.0.0/0             
0.0.0.0/0
     0     0 loc2vpn    all  --  *      ipsec0  0.0.0.0/0             
0.0.0.0/0

Chain eth0_in (1 references)
  pkts bytes target     prot opt in     out     source                
destination
    31  4996 dynamic    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW
   280 83367 loc2fw     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain fw2loc (1 references)
  pkts bytes target     prot opt in     out     source                
destination
   533  507K ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0          state RELATED,ESTABLISHED
     0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW tcp flags:!0x16/0x02
     0     0 ACCEPT     icmp --  *      *       0.0.0.0/0             
0.0.0.0/0          icmp type 8
     0     0 all2all    all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain fw2net (1 references)
  pkts bytes target     prot opt in     out     source                
destination
   775  171K ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0          state RELATED,ESTABLISHED
     0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW tcp flags:!0x16/0x02
     0     0 ACCEPT     esp  --  *      *       0.0.0.0/0             
0.0.0.0/0
     0     0 ACCEPT     ah   --  *      *       0.0.0.0/0             
0.0.0.0/0
     0     0 ACCEPT     udp  --  *      *       0.0.0.0/0             
0.0.0.0/0          udp spt:500 dpt:500 state NEW
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW tcp dpt:53
     4   282 ACCEPT     udp  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW udp dpt:53
     0     0 ACCEPT     icmp --  *      *       0.0.0.0/0             
0.0.0.0/0          icmp type 8
   115  6900 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain fw2vpn (1 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0          state RELATED,ESTABLISHED
     0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW tcp flags:!0x16/0x02
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW tcp dpt:53
     0     0 ACCEPT     udp  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW udp dpt:53
     0     0 all2all    all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain icmpdef (1 references)
  pkts bytes target     prot opt in     out     source                
destination

Chain ipsec0_fwd (1 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 dynamic    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW
     0     0 all2all    all  --  *      ppp0    0.0.0.0/0             
0.0.0.0/0
     0     0 vpn2loc    all  --  *      eth0    0.0.0.0/0             
0.0.0.0/0

Chain ipsec0_in (1 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 dynamic    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW
     0     0 vpn2fw     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain loc2fw (1 references)
  pkts bytes target     prot opt in     out     source                
destination
   249 78371 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0          state RELATED,ESTABLISHED
     0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW tcp flags:!0x16/0x02
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW tcp dpt:22
     0     0 ACCEPT     icmp --  *      *       0.0.0.0/0             
0.0.0.0/0          icmp type 8
    31  4996 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain loc2net (1 references)
  pkts bytes target     prot opt in     out     source                
destination
   312 24407 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0          state RELATED,ESTABLISHED
     0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW tcp flags:!0x16/0x02
     8   480 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain loc2vpn (1 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0          state RELATED,ESTABLISHED
     0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW tcp flags:!0x16/0x02
     0     0 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain logdrop (58 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 LOG        all  --  *      *       0.0.0.0/0             
0.0.0.0/0          LOG flags 0 level 6 prefix `Shorewall:logdrop:DROP:'
     0     0 DROP       all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain net2all (3 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0          state RELATED,ESTABLISHED
     0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW tcp flags:!0x16/0x02
     0     0 common     all  --  *      *       0.0.0.0/0             
0.0.0.0/0
     0     0 LOG        all  --  *      *       0.0.0.0/0             
0.0.0.0/0          LOG flags 0 level 6 prefix `Shorewall:net2all:DROP:'
     0     0 DROP       all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain net2fw (1 references)
  pkts bytes target     prot opt in     out     source                
destination
   842  527K ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0          state RELATED,ESTABLISHED
     0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW tcp flags:!0x16/0x02
     0     0 ACCEPT     esp  --  *      *       0.0.0.0/0             
0.0.0.0/0
     0     0 ACCEPT     ah   --  *      *       0.0.0.0/0             
0.0.0.0/0
     0     0 ACCEPT     udp  --  *      *       0.0.0.0/0             
0.0.0.0/0          udp spt:500 dpt:500 state NEW
     0     0 ACCEPT     icmp --  *      *       0.0.0.0/0             
0.0.0.0/0          icmp type 8
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0             
10.0.2.1           state NEW tcp dpt:22
     0     0 ACCEPT     udp  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW udp spt:500 dpt:500
     0     0 ACCEPT     esp  --  *      *       0.0.0.0/0             
0.0.0.0/0
     0     0 ACCEPT     ah   --  *      *       0.0.0.0/0             
0.0.0.0/0
     0     0 net2all    all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain net2loc (1 references)
  pkts bytes target     prot opt in     out     source                
destination
   370  403K ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0          state RELATED,ESTABLISHED
     0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW tcp flags:!0x16/0x02
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0             
10.0.2.61          multiport dports 80,21 state NEW ctorigdst  
210.229.239.99
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0             
10.0.2.62          state NEW tcp dpt:80 ctorigdst 210.229.239.102
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0             
10.0.2.60          multiport dports 80,81,443 state NEW ctorigdst  
210.229.239.98
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0             
10.0.2.60          multiport dports 80,443 state NEW ctorigdst  
210.229.239.100
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0             
10.0.2.60          multiport dports 80,443 state NEW ctorigdst  
210.229.239.101
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0             
10.0.2.60          state NEW tcp dpt:21 ctorigdst 210.229.239.101
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0             
10.0.2.60          state NEW tcp dpt:22 ctorigdst 210.229.239.98
     0     0 ACCEPT     udp  --  *      *       0.0.0.0/0             
10.0.2.20          state NEW udp dpt:5060
     0     0 ACCEPT     udp  --  *      *       0.0.0.0/0             
10.0.2.20          state NEW udp dpts:16384:16403
     0     0 net2all    all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain newnotsyn (12 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 LOG        all  --  *      *       0.0.0.0/0             
0.0.0.0/0          LOG flags 0 level 6 prefix  
`Shorewall:newnotsyn:DROP:'
     0     0 DROP       all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain ppp0_fwd (1 references)
  pkts bytes target     prot opt in     out     source                
destination
     9   444 dynamic    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW
     9   444 blacklst   all  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW
     9   444 rfc1918    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW
   370  403K net2loc    all  --  *      eth0    0.0.0.0/0             
0.0.0.0/0
     0     0 net2all    all  --  *      ipsec0  0.0.0.0/0             
0.0.0.0/0

Chain ppp0_in (1 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 dynamic    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW
     0     0 blacklst   all  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW
     0     0 rfc1918    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW
   842  527K net2fw     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain reject (11 references)
  pkts bytes target     prot opt in     out     source                
destination
     9   444 REJECT     tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          reject-with tcp-reset
     0     0 REJECT     udp  --  *      *       0.0.0.0/0             
0.0.0.0/0          reject-with icmp-port-unreachable
     0     0 REJECT     icmp --  *      *       0.0.0.0/0             
0.0.0.0/0          reject-with icmp-host-unreachable
     0     0 REJECT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0          reject-with icmp-host-prohibited

Chain rfc1918 (2 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 RETURN     all  --  *      *       255.255.255.255       
0.0.0.0/0
     0     0 RETURN     all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 255.255.255.255
     0     0 DROP       all  --  *      *       169.254.0.0/16        
0.0.0.0/0
     0     0 DROP       all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 169.254.0.0/16
     0     0 logdrop    all  --  *      *       172.16.0.0/12         
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 172.16.0.0/12
     0     0 logdrop    all  --  *      *       192.0.2.0/24          
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 192.0.2.0/24
     0     0 logdrop    all  --  *      *       192.168.0.0/16        
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 192.168.0.0/16
     0     0 logdrop    all  --  *      *       0.0.0.0/7             
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 0.0.0.0/7
     0     0 logdrop    all  --  *      *       2.0.0.0/8             
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 2.0.0.0/8
     0     0 logdrop    all  --  *      *       5.0.0.0/8             
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 5.0.0.0/8
     0     0 logdrop    all  --  *      *       7.0.0.0/8             
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 7.0.0.0/8
     0     0 logdrop    all  --  *      *       10.0.0.0/8            
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 10.0.0.0/8
     0     0 logdrop    all  --  *      *       23.0.0.0/8            
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 23.0.0.0/8
     0     0 logdrop    all  --  *      *       27.0.0.0/8            
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 27.0.0.0/8
     0     0 logdrop    all  --  *      *       31.0.0.0/8            
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 31.0.0.0/8
     0     0 logdrop    all  --  *      *       36.0.0.0/7            
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 36.0.0.0/7
     0     0 logdrop    all  --  *      *       39.0.0.0/8            
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 39.0.0.0/8
     0     0 logdrop    all  --  *      *       41.0.0.0/8            
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 41.0.0.0/8
     0     0 logdrop    all  --  *      *       42.0.0.0/8            
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 42.0.0.0/8
     0     0 logdrop    all  --  *      *       49.0.0.0/8            
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 49.0.0.0/8
     0     0 logdrop    all  --  *      *       50.0.0.0/8            
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 50.0.0.0/8
     0     0 logdrop    all  --  *      *       58.0.0.0/7            
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 58.0.0.0/7
     0     0 logdrop    all  --  *      *       70.0.0.0/7            
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 70.0.0.0/7
     0     0 logdrop    all  --  *      *       72.0.0.0/5            
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 72.0.0.0/5
     0     0 logdrop    all  --  *      *       83.0.0.0/8            
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 83.0.0.0/8
     0     0 logdrop    all  --  *      *       84.0.0.0/6            
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 84.0.0.0/6
     0     0 logdrop    all  --  *      *       88.0.0.0/5            
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 88.0.0.0/5
     0     0 logdrop    all  --  *      *       96.0.0.0/3            
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 96.0.0.0/3
     0     0 logdrop    all  --  *      *       127.0.0.0/8           
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 127.0.0.0/8
     0     0 logdrop    all  --  *      *       197.0.0.0/8           
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 197.0.0.0/8
     0     0 logdrop    all  --  *      *       198.18.0.0/15         
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 198.18.0.0/15
     0     0 logdrop    all  --  *      *       223.0.0.0/8           
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 223.0.0.0/8
     0     0 logdrop    all  --  *      *       240.0.0.0/4           
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 240.0.0.0/4

Chain shorewall (0 references)
  pkts bytes target     prot opt in     out     source                
destination

Chain vpn2fw (1 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0          state RELATED,ESTABLISHED
     0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW tcp flags:!0x16/0x02
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW tcp dpt:53
     0     0 ACCEPT     udp  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW udp dpt:53
     0     0 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain vpn2loc (1 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0          state RELATED,ESTABLISHED
     0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW tcp flags:!0x16/0x02
     0     0 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0
+ _________________________
+ iptables -t nat -L -v -n
Chain PREROUTING (policy ACCEPT 1639 packets, 159K bytes)
  pkts bytes target     prot opt in     out     source                
destination
     9   444 net_dnat   all  --  ppp0   *       0.0.0.0/0             
0.0.0.0/0
     4   224 REDIRECT   tcp  --  eth0   *       0.0.0.0/0             
0.0.0.0/0          tcp dpt:80 redir ports 3128

Chain POSTROUTING (policy ACCEPT 798 packets, 39071 bytes)
  pkts bytes target     prot opt in     out     source                
destination
   135  7949 ppp0_masq  all  --  *      ppp0    0.0.0.0/0             
0.0.0.0/0

Chain OUTPUT (policy ACCEPT 347 packets, 22747 bytes)
  pkts bytes target     prot opt in     out     source                
destination

Chain net_dnat (1 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 LOG        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp dpt:222 LOG flags 0 level 5 prefix  
`Shorewall:net_dnat:DNAT:'
     0     0 DNAT       tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp dpt:222 to:10.0.2.1:22
     0     0 DNAT       tcp  --  *      *       0.0.0.0/0             
210.229.239.99     multiport dports 80,21 to:10.0.2.61
     0     0 DNAT       tcp  --  *      *       0.0.0.0/0             
210.229.239.102    tcp dpt:80 to:10.0.2.62
     0     0 DNAT       tcp  --  *      *       0.0.0.0/0             
210.229.239.98     multiport dports 80,81,443 to:10.0.2.60
     0     0 DNAT       tcp  --  *      *       0.0.0.0/0             
210.229.239.100    multiport dports 80,443 to:10.0.2.60
     0     0 DNAT       tcp  --  *      *       0.0.0.0/0             
210.229.239.101    multiport dports 80,443 to:10.0.2.60
     0     0 DNAT       tcp  --  *      *       0.0.0.0/0             
210.229.239.101    tcp dpt:21 to:10.0.2.60
     0     0 DNAT       tcp  --  *      *       0.0.0.0/0             
210.229.239.98     tcp dpt:223 to:10.0.2.60:22
     0     0 DNAT       udp  --  *      *       0.0.0.0/0             
0.0.0.0/0          udp dpt:5060 to:10.0.2.20
     0     0 DNAT       udp  --  *      *       0.0.0.0/0             
0.0.0.0/0          udp dpts:16384:16403 to:10.0.2.20

Chain ppp0_masq (1 references)
  pkts bytes target     prot opt in     out     source                
destination
     8   480 MASQUERADE  all  --  *      *       10.0.2.0/24           
0.0.0.0/0
     0     0 MASQUERADE  all  --  *      *       169.254.0.0/16        
0.0.0.0/0
+ _________________________
+ iptables -t mangle -L -v -n
Chain PREROUTING (policy ACCEPT 63204 packets, 28M bytes)
  pkts bytes target     prot opt in     out     source                
destination
  3067 1143K pretos     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain INPUT (policy ACCEPT 24241 packets, 5685K bytes)
  pkts bytes target     prot opt in     out     source                
destination

Chain FORWARD (policy ACCEPT 38937 packets, 22M bytes)
  pkts bytes target     prot opt in     out     source                
destination

Chain OUTPUT (policy ACCEPT 24251 packets, 6198K bytes)
  pkts bytes target     prot opt in     out     source                
destination
  2652  782K outtos     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain POSTROUTING (policy ACCEPT 62597 packets, 28M bytes)
  pkts bytes target     prot opt in     out     source                
destination

Chain outtos (1 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp dpt:22 TOS set 0x10
    93 55884 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp spt:22 TOS set 0x10
     0     0 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp dpt:21 TOS set 0x10
     0     0 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp spt:21 TOS set 0x10
     0     0 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp spt:20 TOS set 0x08
     0     0 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp dpt:20 TOS set 0x08
     0     0 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp spt:4662 TOS set 0x08
     0     0 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp dpt:4662 TOS set 0x08
     0     0 TOS        udp  --  *      *       0.0.0.0/0             
0.0.0.0/0          udp spt:4672 TOS set 0x08
     0     0 TOS        udp  --  *      *       0.0.0.0/0             
0.0.0.0/0          udp dpt:4672 TOS set 0x08
     0     0 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp spt:4862 TOS set 0x08
     0     0 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp dpt:4862 TOS set 0x08
     0     0 TOS        udp  --  *      *       0.0.0.0/0             
0.0.0.0/0          udp spt:4872 TOS set 0x08
     0     0 TOS        udp  --  *      *       0.0.0.0/0             
0.0.0.0/0          udp dpt:4872 TOS set 0x08

Chain pretos (1 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp dpt:22 TOS set 0x10
     0     0 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp spt:22 TOS set 0x10
     0     0 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp dpt:21 TOS set 0x10
     0     0 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp spt:21 TOS set 0x10
     0     0 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp spt:20 TOS set 0x08
     0     0 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp dpt:20 TOS set 0x08
     0     0 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp spt:4662 TOS set 0x08
     0     0 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp dpt:4662 TOS set 0x08
     0     0 TOS        udp  --  *      *       0.0.0.0/0             
0.0.0.0/0          udp spt:4672 TOS set 0x08
     0     0 TOS        udp  --  *      *       0.0.0.0/0             
0.0.0.0/0          udp dpt:4672 TOS set 0x08
     0     0 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp spt:4862 TOS set 0x08
     0     0 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp dpt:4862 TOS set 0x08
     0     0 TOS        udp  --  *      *       0.0.0.0/0             
0.0.0.0/0          udp spt:4872 TOS set 0x08
     0     0 TOS        udp  --  *      *       0.0.0.0/0             
0.0.0.0/0          udp dpt:4872 TOS set 0x08
+ _________________________ proc/modules
+ test -f /proc/modules
+ cat /proc/modules
ipsec                 244512   2
autofs                 11156   0 (autoclean) (unused)
ipt_REDIRECT            1336   1 (autoclean)
ipt_TOS                 1592  28 (autoclean)
ipt_MASQUERADE          2104   2 (autoclean)
ipt_REJECT              3960   4 (autoclean)
ipt_LOG                 4152   8 (autoclean)
ipt_TCPMSS              2968   1 (autoclean)
ipt_state               1112  58 (autoclean)
ip_nat_irc              2896   0 (unused)
ip_nat_tftp             2288   0 (unused)
ip_nat_ftp              3568   0 (unused)
ip_conntrack_irc        3728   1
ip_conntrack_tftp       2192   1
ip_conntrack_ftp        4720   1
ipt_multiport           1176   8 (autoclean)
ipt_conntrack           1656  38 (autoclean)
iptable_filter          2348   1 (autoclean)
iptable_mangle          2712   1 (autoclean)
iptable_nat            20760   4 (autoclean) [ipt_REDIRECT  
ipt_MASQUERADE ip_nat_irc ip_nat_tftp ip_nat_ftp]
ip_conntrack           27464   6 (autoclean) [ipt_REDIRECT  
ipt_MASQUERADE ipt_state ip_nat_irc ip_nat_tftp ip_nat_ftp  
ip_conntrack_irc ip_conntrack_tftp ip_conntrack_ftp ipt_conntrack  
iptable_nat]
ip_tables              14688  14 [ipt_REDIRECT ipt_TOS ipt_MASQUERADE  
ipt_REJECT ipt_LOG ipt_TCPMSS ipt_state ipt_multiport ipt_conntrack  
iptable_filter iptable_mangle iptable_nat]
ppp_synctty             6272   0 (unused)
ppp_async               7936   1
ppp_generic            23516   3 [ppp_synctty ppp_async]
slhc                    6612   0 [ppp_generic]
tulip                  40832   1 (autoclean)
via-rhine              14224   1
mii                     3736   0 [via-rhine]
loop                   10808   0 (autoclean)
keybdev                 2464   0 (unused)
mousedev                5044   0 (unused)
hid                    22724   0 (unused)
input                   5664   0 [keybdev mousedev hid]
usb-ohci               20520   0 (unused)
usbcore                73120   1 [hid usb-ohci]
ext3                   81576   4
jbd                    47752   4 [ext3]
lvm-mod                63488   3
+ _________________________ proc/meminfo
+ cat /proc/meminfo
         total:    used:    free:  shared: buffers:  cached:
Mem:  191524864 88002560 103522304        0 17108992 39497728
Swap: 394805248        0 394805248
MemTotal:       187036 kB
MemFree:        101096 kB
MemShared:           0 kB
Buffers:         16708 kB
Cached:          38572 kB
SwapCached:          0 kB
Active:          30436 kB
Inactive:        43596 kB
HighTotal:           0 kB
HighFree:            0 kB
LowTotal:       187036 kB
LowFree:        101096 kB
SwapTotal:      385552 kB
SwapFree:       385552 kB
+ _________________________ proc/net/ipsec-ls
+ test -f /proc/net/ipsec_version
+ ls -l /proc/net/ipsec_eroute /proc/net/ipsec_klipsdebug  
/proc/net/ipsec_spi /proc/net/ipsec_spigrp /proc/net/ipsec_tncfg  
/proc/net/ipsec_version
lrwxrwxrwx    1 root     root           16 Nov 30 17:42  
/proc/net/ipsec_eroute -> ipsec/eroute/all
lrwxrwxrwx    1 root     root           16 Nov 30 17:42  
/proc/net/ipsec_klipsdebug -> ipsec/klipsdebug
lrwxrwxrwx    1 root     root           13 Nov 30 17:42  
/proc/net/ipsec_spi -> ipsec/spi/all
lrwxrwxrwx    1 root     root           16 Nov 30 17:42  
/proc/net/ipsec_spigrp -> ipsec/spigrp/all
lrwxrwxrwx    1 root     root           11 Nov 30 17:42  
/proc/net/ipsec_tncfg -> ipsec/tncfg
lrwxrwxrwx    1 root     root           13 Nov 30 17:42  
/proc/net/ipsec_version -> ipsec/version
+ _________________________ usr/src/linux/.config
+ test -f /proc/config.gz
++ uname -r
+ test -f /lib/modules/2.4.22-1.2199.nptl_52.rhfc1.at/build/.config
+ echo 'no .config file found, cannot list kernel properties'
no .config file found, cannot list kernel properties
+ _________________________ etc/syslog.conf
+ cat /etc/syslog.conf
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*                                                 /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none                 
/var/log/messages

# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure

# Log all the mail messages in one place.
mail.*                                                  /var/log/maillog


# Log cron stuff
cron.*                                                  /var/log/cron

# Everybody gets emergency messages
*.emerg                                                 *

# Save news errors of level crit and higher in a special file.
uucp,news.crit                                          /var/log/spooler

# Save boot messages also to boot.log
local7.*                                                 
/var/log/boot.log
+ _________________________ etc/resolv.conf
+ cat /etc/resolv.conf
# MADE-BY-RP-PPPOE
nameserver 154.33.63.214
nameserver 154.33.63.210
+ _________________________ lib/modules-ls
+ ls -ltr /lib/modules
total 8
drwxr-xr-x    4 root     root         4096 Nov 30 16:37  
2.4.22-1.2199.nptl_52.rhfc1.at
drwxr-xr-x    4 root     root         4096 Nov 30 16:42  
2.4.22-1.2115.nptl
+ _________________________ proc/ksyms-netif_rx
+ test -r /proc/ksyms
+ egrep netif_rx /proc/ksyms
c0201b10 netif_rx_Rc41991c0
+ _________________________ lib/modules-netif_rx
+ modulegoo kernel/net/ipv4/ipip.o netif_rx
+ set +x
2.4.22-1.2115.nptl:          U netif_rx_R07a1a075
2.4.22-1.2199.nptl_52.rhfc1.at:          U netif_rx_Rc41991c0
+ _________________________ kern.debug
+ test -f /var/log/kern.debug
+ _________________________ klog
+ sed -n '35121,$p' /var/log/messages
+ egrep -i 'ipsec|klips|pluto'
+ cat
Nov 30 17:42:18 edo ipsec_setup: Starting Openswan IPsec  
cvs2002Mar11_19:19:03...
Nov 30 17:42:18 edo ipsec_setup: Using  
/lib/modules/2.4.22-1.2199.nptl_52.rhfc1.at/kernel/net/ipsec/ipsec.o
+ _________________________ plog
+ sed -n '302,$p' /var/log/secure
+ egrep -i pluto
+ cat
Nov 30 17:42:18 edo ipsec__plutorun: Starting Pluto subsystem...
Nov 30 17:42:18 edo pluto[7504]: Starting Pluto (Openswan Version  
cvs2002Mar11_19:19:03 X.509-1.5.4 PLUTO_USES_KEYRR)
Nov 30 17:42:18 edo pluto[7504]:   including NAT-Traversal patch  
(Version 0.6c) [disabled]
Nov 30 17:42:18 edo pluto[7504]: ike_alg_register_enc(): Activating  
OAKLEY_AES_CBC: Ok (ret=0)
Nov 30 17:42:18 edo pluto[7504]: Using KLIPS IPsec interface code
Nov 30 17:42:18 edo pluto[7504]: Changing to directory  
'/etc/ipsec.d/cacerts'
Nov 30 17:42:18 edo pluto[7504]: Could not change to directory  
'/etc/ipsec.d/aacerts'
Nov 30 17:42:18 edo pluto[7504]: Changing to directory  
'/etc/ipsec.d/ocspcerts'
Nov 30 17:42:18 edo pluto[7504]: Changing to directory  
'/etc/ipsec.d/crls'
Nov 30 17:42:18 edo pluto[7504]:   Warning: empty directory
Nov 30 17:42:21 edo pluto[7504]: added connection description  
"Tir-Na-Nogth-IM"
Nov 30 17:42:21 edo pluto[7504]: listening for IKE messages
Nov 30 17:42:21 edo pluto[7504]: adding interface ipsec0/ppp0  
210.229.239.65
Nov 30 17:42:21 edo pluto[7504]: loading secrets from  
"/etc/ipsec.secrets"
+ _________________________ date
+ date
Tue Nov 30 17:42:53 JST 2004



amber
Tue Nov 30 19:50:33 EST 2004
+ _________________________ version
+ ipsec --version
Linux Openswan U2.2.0/K2.6.10-rc1 (native)
See `ipsec --copyright' for copyright information.
+ _________________________ proc/version
+ cat /proc/version
Linux version 2.6.10-rc1 (root at amber) (gcc version 3.3.3 20040412 (Red  
Hat Linux 3.3.3-7)) #10 Sun Nov 28 17:34:20 EST 2004
+ _________________________ proc/net/ipsec_eroute
+ test -r /proc/net/ipsec_eroute
+ _________________________ netstat-rn
+ netstat -nr
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window   
irtt Iface
203.55.229.88   0.0.0.0         255.255.255.255 UH        0 0           
0 ppp0
10.0.1.0        0.0.0.0         255.255.255.0   U         0 0           
0 br0
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0           
0 br0
127.0.0.0       0.0.0.0         255.0.0.0       U         0 0           
0 lo
0.0.0.0         203.55.229.88   0.0.0.0         UG        0 0           
0 ppp0
+ _________________________ proc/net/ipsec_spi
+ test -r proc/net/ipsec_spi
+ _________________________ proc/net/ipsec_spigrp
+ test -r /proc/net/ipsec_spigrp
+ _________________________ proc/net/ipsec_tncfg
+ test -r /proc/net/ipsec_tncfg
+ _________________________ proc/net/pfkey
+ test -r /proc/net/pfkey
+ cat /proc/net/pfkey
sk       RefCnt Rmem   Wmem   User   Inode
+ _________________________ setkey-D
+ setkey -D
No SAD entries.
+ _________________________ setkey-D-P
+ setkey -D -P
0.0.0.0/0[any] 0.0.0.0/0[any] any
         in none
         created: Nov 30 19:42:17 2004  lastused:
         lifetime: 0(s) validtime: 0(s)
         spid=763 seq=5 pid=11930
         refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
         in none
         created: Nov 30 19:42:17 2004  lastused:
         lifetime: 0(s) validtime: 0(s)
         spid=747 seq=4 pid=11930
         refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
         in none
         created: Nov 30 19:42:17 2004  lastused:
         lifetime: 0(s) validtime: 0(s)
         spid=731 seq=3 pid=11930
         refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
         out none
         created: Nov 30 19:42:17 2004  lastused:
         lifetime: 0(s) validtime: 0(s)
         spid=772 seq=2 pid=11930
         refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
         out none
         created: Nov 30 19:42:17 2004  lastused:
         lifetime: 0(s) validtime: 0(s)
         spid=756 seq=1 pid=11930
         refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
         out none
         created: Nov 30 19:42:17 2004  lastused:
         lifetime: 0(s) validtime: 0(s)
         spid=740 seq=0 pid=11930
         refcnt=1
+ _________________________ proc/sys/net/ipsec-star
+ test -d /proc/sys/net/ipsec
+ _________________________ ipsec/status
+ ipsec auto --status
000 interface lo/lo 127.0.0.1
000 interface br0/br0 10.0.1.1
000 interface ppp0/ppp0 203.206.236.211
000 %myid = (none)
000 debug none
000
000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64,  
keysizemax=64
000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8,  
keysizemin=192, keysizemax=192
000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8,  
keysizemin=40, keysizemax=448
000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0,  
keysizemax=0
000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8,  
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=8,  
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8,  
keysizemin=128, keysizemax=256
000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5,  
keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1,  
keysizemin=160, keysizemax=160
000 algorithm ESP auth attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256,  
keysizemin=256, keysizemax=256
000 algorithm ESP auth attr: id=251, name=(null), keysizemin=0,  
keysizemax=0
000
000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16,  
keydeflen=128
000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8,  
keydeflen=192
000 algorithm IKE hash: id=2, name=OAKLEY_SHA, hashsize=20
000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
000
000 stats db_ops.c: {curr_cnt, total_cnt, maxsz} :context={0,0,0}  
trans={0,0,0} attrs={0,0,0}
000
000 "Tir-Na-Nogth-IM":  
10.0.1.0/24===203.206.236.211[@amber.tir-na-nogth.net]-- 
-203.55.229.88...154.33.4.102-- 
-210.229.239.65[@edo.insentiv.co.jp]===10.0.2.0/24; unrouted; eroute  
owner: #0
000 "Tir-Na-Nogth-IM":   ike_life: 3600s; ipsec_life: 28800s;  
rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3
000 "Tir-Na-Nogth-IM":   policy: RSASIG+ENCRYPT+TUNNEL+PFS; prio:  
24,24; interface: ppp0;
000 "Tir-Na-Nogth-IM":   newest ISAKMP SA: #0; newest IPsec SA: #0;
000 "Tir-Na-Nogth-IM":   IKE algorithms wanted: 5_000-1-5, 5_000-1-2,  
5_000-2-5, 5_000-2-2, flags=-strict
000 "Tir-Na-Nogth-IM":   IKE algorithms found:  5_192-1_128-5,  
5_192-1_128-2, 5_192-2_160-5, 5_192-2_160-2,
000 "Tir-Na-Nogth-IM":   ESP algorithms wanted: 3_000-1, 3_000-2,  
flags=-strict
000 "Tir-Na-Nogth-IM":   ESP algorithms loaded: 3_000-1, 3_000-2,  
flags=-strict
000
000
+ _________________________ ifconfig-a
+ ifconfig -a
ath0      Link encap:Ethernet  HWaddr 00:09:5B:E7:2A:2D
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:199
           RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
           Interrupt:11 Memory:e0960000-e0970000

br0       Link encap:Ethernet  HWaddr 00:09:5B:E7:2A:2D
           inet addr:10.0.1.1  Bcast:10.0.1.255  Mask:255.255.255.0
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:5954536 errors:0 dropped:0 overruns:0 frame:0
           TX packets:7560380 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:1830850241 (1746.0 Mb)  TX bytes:1119101574 (1067.2  
Mb)

eth0      Link encap:Ethernet  HWaddr 00:0E:A6:A1:3B:A3
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:6030278 errors:0 dropped:0 overruns:0 frame:0
           TX packets:7548416 errors:15 dropped:0 overruns:0 carrier:15
           collisions:1066770 txqueuelen:1000
           RX bytes:1936723007 (1847.0 Mb)  TX bytes:1116968465 (1065.2  
Mb)
           Interrupt:9 Base address:0xe000

eth1      Link encap:Ethernet  HWaddr 00:02:44:47:8C:09
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:5659346 errors:0 dropped:0 overruns:0 frame:0
           TX packets:4889706 errors:0 dropped:0 overruns:0 carrier:0
           collisions:28179 txqueuelen:1000
           RX bytes:2528618074 (2411.4 Mb)  TX bytes:1777788766 (1695.4  
Mb)
           Interrupt:5 Base address:0xd000

lo        Link encap:Local Loopback
           inet addr:127.0.0.1  Mask:255.0.0.0
           UP LOOPBACK RUNNING  MTU:16436  Metric:1
           RX packets:26232 errors:0 dropped:0 overruns:0 frame:0
           TX packets:26232 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:6887876 (6.5 Mb)  TX bytes:6887876 (6.5 Mb)

ppp0      Link encap:Point-to-Point Protocol
           inet addr:203.206.236.211  P-t-P:203.55.229.88   
Mask:255.255.255.255
           UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1492  Metric:1
           RX packets:725811 errors:0 dropped:0 overruns:0 frame:0
           TX packets:641466 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:3
           RX bytes:302334472 (288.3 Mb)  TX bytes:185060035 (176.4 Mb)

+ _________________________ ipsec_verify
+ ipsec verify --nocolour
Checking your system to see if IPsec got installed and started  
correctly:
Version check and ipsec on-path                                          
[OK]
Linux Openswan U2.2.0/K2.6.10-rc1 (native)
Checking for IPsec support in kernel                                     
[OK]
Checking for RSA private key (/etc/ipsec.secrets)                        
[OK]
Checking that pluto is running                                           
[OK]
Two or more interfaces found, checking IP forwarding                     
[OK]
Checking NAT and MASQUERADEing
Checking for 'ip' command                                                
[OK]
Checking for 'iptables' command                                          
[OK]
Checking for 'setkey' command for native IPsec stack support             
[OK]

Opportunistic Encryption DNS checks:
    Looking for TXT in forward dns zone: amber                            
[MISSING]
    Does the machine have at least one non-private address?               
[OK]
    Looking for TXT in reverse dns zone: 211.236.206.203.in-addr.arpa.    
[MISSING]
+ _________________________ mii-tool
+ '[' -x /sbin/mii-tool ']'
+ /sbin/mii-tool -v
eth0: negotiated 100baseTx-HD, link ok
   product info: vendor 00:00:20, model 32 rev 1
   basic mode:   autonegotiation enabled
   basic status: autonegotiation complete, link ok
   capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
   advertising:  100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
   link partner: 100baseTx-HD 10baseT-HD
eth1: autonegotiation failed, link ok
   product info: vendor 00:00:00, model 0 rev 0
   basic mode:   autonegotiation enabled
   basic status: autonegotiation complete, link ok
   capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
   advertising:  100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
+ _________________________ ipsec/directory
+ ipsec --directory
/usr/lib/ipsec
+ _________________________ hostname/fqdn
+ hostname --fqdn
amber.tir-na-nogth.net
+ _________________________ hostname/ipaddress
+ hostname --ip-address
10.0.1.1
+ _________________________ uptime
+ uptime
  19:50:34 up 1 day, 20:49,  1 user,  load average: 0.59, 0.24, 0.22
+ _________________________ ps
+ ps alxwf
+ egrep -i 'ppid|pluto|ipsec|klips'
F   UID   PID  PPID PRI  NI   VSZ  RSS WCHAN  STAT TTY        TIME  
COMMAND
4     0 11904 27906  18   0  4084  960 wait   S    pts/1      0:00       
     \_ /bin/sh /usr/libexec/ipsec/barf
4     0 11993 11904  19   0  1508  396 pipe_w S    pts/1      0:00       
         \_ egrep -i ppid|pluto|ipsec|klips
5     0 11119     1  23   0  2056 1032 wait   S    pts/1      0:00  
/bin/sh /usr/lib/ipsec/_plutorun --debug none --uniqueids yes  
--nocrsend  --strictcrlpolicy  --nat_traversal  --keep_alive   
--force_keepalive  --disable_port_floating  --virtual_private   
--crlcheckinterval 0 --ocspuri  --dump  --opts  --stderrlog  --wait no  
--pre  --post  --log daemon.error --pid /var/run/pluto.pid
5     0 11120 11119  23   0  2056 1044 wait   S    pts/1      0:00  \_  
/bin/sh /usr/lib/ipsec/_plutorun --debug none --uniqueids yes  
--nocrsend  --strictcrlpolicy  --nat_traversal  --keep_alive   
--force_keepalive  --disable_port_floating  --virtual_private   
--crlcheckinterval 0 --ocspuri  --dump  --opts  --stderrlog  --wait no  
--pre  --post  --log daemon.error --pid /var/run/pluto.pid
4     0 11121 11120  16   0  2244  936 -      S    pts/1      0:00  |    
\_ /usr/libexec/ipsec/pluto --nofork --secretsfile /etc/ipsec.secrets  
--ipsecdir /etc/ipsec.d --debug-none --uniqueids
4     0 11146 11121  23   0  1316  252 -      S    pts/1      0:00  |    
     \_ _pluto_adns
4     0 11147 11119  16   0  2056 1020 pipe_w S    pts/1      0:00  \_  
/bin/sh /usr/lib/ipsec/_plutoload --wait no --post
4     0 11149     1  23   0  1380  288 pipe_w S    pts/1      0:00  
logger -s -p daemon.error -t ipsec__plutorun
+ _________________________ ipsec/showdefaults
+ ipsec showdefaults
routephys=ppp0
routevirt=ipsec0
routeaddr=203.206.236.211
routenexthop=203.55.229.88
+ _________________________ ipsec/conf
+ ipsec _include /etc/ipsec.conf
+ ipsec _keycensor

#< /etc/ipsec.conf 1
# /etc/ipsec.conf - OpenS/WAN IPsec configuration file

#
# amber.tir-na-nogth.net
#

version 2.0     # conforms to second version of ipsec.conf specification

config setup
         interfaces=%defaultroute
         klipsdebug=none
         plutodebug=none

conn %default
         keyingtries=3

#
# Tir-Na-Nog'th to Insentiv Media tunnel
#
# Left: IM  Right: Tir-Na-Nog'th
#
conn Tir-Na-Nogth-IM
         right=%defaultroute
         rightsubnet=10.0.1.0/24
         #
         left=210.229.239.65
         leftsubnet=10.0.2.0/24
         leftnexthop=154.33.4.102
         #
         auto=add
         rightupdown=/usr/lib/ipsec/_updown
         #
         authby=rsasig
         rightid=@amber.tir-na-nogth.net
         leftid=@edo.insentiv.co.jp
         rightrsasigkey=[keyid AQN/IxlHw]
         leftrsasigkey=[keyid AQOrd0max]

#
#Disable Opportunistic Encryption
#

#< /etc/ipsec.d/no_oe.conf 1
# 'include' this file to disable Opportunistic Encryption.
# See /usr/share/doc/freeswan/policygroups.html for details.
#
# RCSID $Id: no_oe.conf.in,v 1.1 2004/01/20 19:24:23 sam Exp $
conn block
     auto=ignore

conn private
     auto=ignore

conn private-or-clear
     auto=ignore

conn clear-or-private
     auto=ignore

conn clear
     auto=ignore

conn packetdefault
     auto=ignore

#> /etc/ipsec.conf 43
+ _________________________ ipsec/secrets
+ ipsec _include /etc/ipsec.secrets
+ ipsec _secretcensor

#< /etc/ipsec.secrets 1
: RSA   {
         # RSA 2192 bits   amber.tir-na-nogth.net   Fri Sep 24 10:51:07  
2004
         # for signatures only, UNSAFE FOR ENCRYPTION
         #pubkey=[keyid AQN/IxlHw]
         Modulus: [...]
         PublicExponent: [...]
         # everything after this point is secret
         PrivateExponent: [...]
         Prime1: [...]
         Prime2: [...]
         Exponent1: [...]
         Exponent2: [...]
         Coefficient: [...]
         }
# do not change the indenting of that "[sums to 7d9d...]"
+ _________________________ ipsec/listall
+ ipsec auto --listall
000
000 List of Public Keys:
000
000 Nov 30 19:42:17 2004, 2192 RSA Key AQN/IxlHw, until --- -- --:--:--  
---- ok (expires never)
000        ID_FQDN '@amber.tir-na-nogth.net'
000 Nov 30 19:42:17 2004, 2192 RSA Key AQOrd0max, until --- -- --:--:--  
---- ok (expires never)
000        ID_FQDN '@edo.insentiv.co.jp'
+ '[' /etc/ipsec.d/policies ']'
++ basename /etc/ipsec.d/policies/block
+ base=block
+ _________________________ ipsec/policies/block
+ cat /etc/ipsec.d/policies/block
# This file defines the set of CIDRs (network/mask-length) to which
# communication should never be allowed.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: block.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#

++ basename /etc/ipsec.d/policies/clear
+ base=clear
+ _________________________ ipsec/policies/clear
+ cat /etc/ipsec.d/policies/clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be in the clear.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: clear.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
++ basename /etc/ipsec.d/policies/clear-or-private
+ base=clear-or-private
+ _________________________ ipsec/policies/clear-or-private
+ cat /etc/ipsec.d/policies/clear-or-private
# This file defines the set of CIDRs (network/mask-length) to which
# we will communicate in the clear, or, if the other side initiates  
IPSEC,
# using encryption.  This behaviour is also called "Opportunistic  
Responder".
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: clear-or-private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
++ basename /etc/ipsec.d/policies/private
+ base=private
+ _________________________ ipsec/policies/private
+ cat /etc/ipsec.d/policies/private
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be private (i.e. encrypted).
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
++ basename /etc/ipsec.d/policies/private-or-clear
+ base=private-or-clear
+ _________________________ ipsec/policies/private-or-clear
+ cat /etc/ipsec.d/policies/private-or-clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should be private, if possible, but in the clear  
otherwise.
#
# If the target has a TXT (later IPSECKEY) record that specifies
# authentication material, we will require private (i.e. encrypted)
# communications.  If no such record is found, communications will be
# in the clear.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: private-or-clear.in,v 1.5 2003/02/17 02:22:15 mcr Exp $
#

0.0.0.0/0
+ _________________________ ipsec/ls-libdir
+ ls -l /usr/lib/ipsec
total 140
-rwxr-xr-x  1 root root 15403 Sep 17 01:40 _confread
-rwxr-xr-x  1 root root 45260 Sep 17 01:40 _copyright
-rwxr-xr-x  1 root root  2379 Sep 17 01:40 _include
-rwxr-xr-x  1 root root  1475 Sep 17 01:40 _keycensor
-rwxr-xr-x  1 root root  3586 Sep 17 01:40 _plutoload
-rwxr-xr-x  1 root root  7167 Sep 17 01:40 _plutorun
-rwxr-xr-x  1 root root 10493 Sep 17 01:40 _realsetup
-rwxr-xr-x  1 root root  1975 Sep 17 01:40 _secretcensor
-rwxr-xr-x  1 root root  9016 Sep 17 01:40 _startklips
-rwxr-xr-x  1 root root 12313 Sep 17 01:40 _updown
-rwxr-xr-x  1 root root  7572 Sep 17 01:40 _updown_x509
-rwxr-xr-x  1 root root  1942 Sep 17 01:40 ipsec_pr.template
+ _________________________ ipsec/ls-execdir
+ ls -l /usr/libexec/ipsec
total 5052
-rwxr-xr-x  1 root root   67890 Sep 17 01:40 _pluto_adns
-rwxr-xr-x  1 root root   19220 Sep 17 01:40 auto
-rwxr-xr-x  1 root root   10248 Sep 17 01:40 barf
-rwxr-xr-x  1 root root     816 Sep 17 01:40 calcgoo
-rwxr-xr-x  1 root root  308475 Sep 17 01:40 eroute
-rwxr-xr-x  1 root root  180611 Sep 17 01:40 klipsdebug
-rwxr-xr-x  1 root root    2461 Sep 17 01:40 look
-rwxr-xr-x  1 root root    7124 Sep 17 01:40 mailkey
-rwxr-xr-x  1 root root   16188 Sep 17 01:40 manual
-rwxr-xr-x  1 root root    1874 Sep 17 01:40 newhostkey
-rwxr-xr-x  1 root root  162486 Sep 17 01:40 pf_key
-rwxr-xr-x  1 root root 2650267 Sep 17 01:40 pluto
-rwxr-xr-x  1 root root   49208 Sep 17 01:40 ranbits
-rwxr-xr-x  1 root root   79770 Sep 17 01:40 rsasigkey
-rwxr-xr-x  1 root root     766 Sep 17 01:40 secrets
-rwxr-xr-x  1 root root   17578 Sep 17 01:40 send-pr
lrwxr-xr-x  1 root root      22 Nov 30 17:54 setup ->  
/etc/rc.d/init.d/ipsec
-rwxr-xr-x  1 root root    1048 Sep 17 01:40 showdefaults
-rwxr-xr-x  1 root root    4364 Sep 17 01:40 showhostkey
-rwxr-xr-x  1 root root  492709 Sep 17 01:40 spi
-rwxr-xr-x  1 root root  248367 Sep 17 01:40 spigrp
-rwxr-xr-x  1 root root  469542 Sep 17 01:40 starter
-rwxr-xr-x  1 root root   47746 Sep 17 01:40 tncfg
-rwxr-xr-x  1 root root   10195 Sep 17 01:40 verify
-rwxr-xr-x  1 root root  224503 Sep 17 01:40 whack
+ _________________________ ipsec/updowns
++ ls /usr/libexec/ipsec
++ egrep updown
+ _________________________ proc/net/dev
+ cat /proc/net/dev
Inter-|   Receive                                                |   
Transmit
  face |bytes    packets errs drop fifo frame compressed multicast|bytes  
    packets errs drop fifo colls carrier compressed
     lo: 6887876   26232    0    0    0     0          0         0   
6887876   26232    0    0    0     0       0          0
   eth0:1936745502 6030351    0    0    0     0          0         0  
1117029051 7548508   15    0    0 1066770      15          0
    br0:1830871570 5954609    0    0    0     0          0         0  
1119162160 7560472    0    0    0     0       0          0
   ath0:       0       0    0    0    0     0          0         0        
  0       0    0    0    0     0       0          0
   eth1:2528652047 5659413    0    0    0     0          0         0  
1777810981 4889769    0    0    0 28179       0          0
   ppp0:302366965  725878    0    0    0     0          0         0  
185080864  641529    0    0    0     0       0          0
+ _________________________ proc/net/route
+ cat /proc/net/route
Iface   Destination     Gateway         Flags   RefCnt  Use     Metric   
Mask   MTU      Window  IRTT
ppp0    58E537CB        00000000        0005    0       0       0        
FFFFFFFF0       0       0
br0     0001000A        00000000        0001    0       0       0        
00FFFFFF0       0       0
br0     0000FEA9        00000000        0001    0       0       0        
0000FFFF0       0       0
lo      0000007F        00000000        0001    0       0       0        
000000FF0       0       0
ppp0    00000000        58E537CB        0003    0       0       0        
000000000       0       0
+ _________________________ proc/sys/net/ipv4/ip_forward
+ cat /proc/sys/net/ipv4/ip_forward
1
+ _________________________ proc/sys/net/ipv4/conf/star-rp_filter
+ cd /proc/sys/net/ipv4/conf
+ egrep '^' all/rp_filter br0/rp_filter default/rp_filter lo/rp_filter  
ppp0/rp_filter
all/rp_filter:0
br0/rp_filter:1
default/rp_filter:1
lo/rp_filter:1
ppp0/rp_filter:1
+ _________________________ uname-a
+ uname -a
Linux amber 2.6.10-rc1 #10 Sun Nov 28 17:34:20 EST 2004 i686 athlon  
i386 GNU/Linux
+ _________________________ config-built-with
+ test -r /proc/config_built_with
+ _________________________ redhat-release
+ test -r /etc/redhat-release
+ cat /etc/redhat-release
Fedora Core release 2 (Tettnang)
+ _________________________ proc/net/ipsec_version
+ test -r /proc/net/ipsec_version
+ test -r /proc/net/pfkey
++ uname -r
+ echo 'native PFKEY (2.6.10-rc1) support detected '
native PFKEY (2.6.10-rc1) support detected
+ _________________________ ipfwadm
+ test -r /sbin/ipfwadm
+ 'no old-style linux 1.x/2.0 ipfwadm firewall support'
/usr/libexec/ipsec/barf: line 288: no old-style linux 1.x/2.0 ipfwadm  
firewall support: No such file or directory
+ _________________________ ipchains
+ test -r /sbin/ipchains
+ echo 'no old-style linux 2.0 ipchains firewall support'
no old-style linux 2.0 ipchains firewall support
+ _________________________ iptables
+ test -r /sbin/iptables
+ iptables -L -v -n
Chain INPUT (policy DROP 27 packets, 1368 bytes)
  pkts bytes target     prot opt in     out     source                
destination
    69 13000 ACCEPT     all  --  lo     *       0.0.0.0/0             
0.0.0.0/0
    15   802 DROP      !icmp --  *      *       0.0.0.0/0             
0.0.0.0/0           state INVALID
   224  102K ppp0_in    all  --  ppp0   *       0.0.0.0/0             
0.0.0.0/0
   309 29340 br0_in     all  --  br0    *       0.0.0.0/0             
0.0.0.0/0
     0     0 Drop       all  --  *      *       0.0.0.0/0             
0.0.0.0/0
     0     0 LOG        all  --  *      *       0.0.0.0/0             
0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:INPUT:DROP:'
     0     0 DROP       all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain FORWARD (policy DROP 22 packets, 1018 bytes)
  pkts bytes target     prot opt in     out     source                
destination
    47  1904 DROP      !icmp --  *      *       0.0.0.0/0             
0.0.0.0/0           state INVALID
  3231  159K TCPMSS     tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp flags:0x06/0x02 TCPMSS clamp to PMTU
28308   14M ppp0_fwd   all  --  ppp0   *       0.0.0.0/0             
0.0.0.0/0
25114 6339K br0_fwd    all  --  br0    *       0.0.0.0/0             
0.0.0.0/0
     0     0 Drop       all  --  *      *       0.0.0.0/0             
0.0.0.0/0
     0     0 LOG        all  --  *      *       0.0.0.0/0             
0.0.0.0/0           LOG flags 0 level 6 prefix  
`Shorewall:FORWARD:DROP:'
     0     0 DROP       all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
  pkts bytes target     prot opt in     out     source                
destination
    69 13000 ACCEPT     all  --  *      lo      0.0.0.0/0             
0.0.0.0/0
     0     0 DROP      !icmp --  *      *       0.0.0.0/0             
0.0.0.0/0           state INVALID
     0     0 ACCEPT     udp  --  *      ppp0    0.0.0.0/0             
0.0.0.0/0           udp dpts:67:68
   223 14296 fw2net     all  --  *      ppp0    0.0.0.0/0             
0.0.0.0/0
   365  146K fw2loc     all  --  *      br0     0.0.0.0/0             
0.0.0.0/0
     0     0 Drop       all  --  *      *       0.0.0.0/0             
0.0.0.0/0
     0     0 LOG        all  --  *      *       0.0.0.0/0             
0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:OUTPUT:DROP:'
     0     0 DROP       all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain Drop (3 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 RejectAuth  all  --  *      *       0.0.0.0/0             
0.0.0.0/0
     0     0 dropBcast  all  --  *      *       0.0.0.0/0             
0.0.0.0/0
     0     0 dropInvalid  all  --  *      *       0.0.0.0/0             
0.0.0.0/0
     0     0 DropSMB    all  --  *      *       0.0.0.0/0             
0.0.0.0/0
     0     0 DropUPnP   all  --  *      *       0.0.0.0/0             
0.0.0.0/0
     0     0 dropNotSyn  all  --  *      *       0.0.0.0/0             
0.0.0.0/0
     0     0 DropDNSrep  all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain DropDNSrep (2 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 DROP       udp  --  *      *       0.0.0.0/0             
0.0.0.0/0           udp spt:53

Chain DropSMB (1 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 DROP       udp  --  *      *       0.0.0.0/0             
0.0.0.0/0           udp dpt:135
     0     0 DROP       udp  --  *      *       0.0.0.0/0             
0.0.0.0/0           udp dpts:137:139
     0     0 DROP       udp  --  *      *       0.0.0.0/0             
0.0.0.0/0           udp dpt:445
     0     0 DROP       tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp dpt:135
     0     0 DROP       tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp dpt:139
     0     0 DROP       tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp dpt:445

Chain DropUPnP (2 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 DROP       udp  --  *      *       0.0.0.0/0             
0.0.0.0/0           udp dpt:1900

Chain Reject (3 references)
  pkts bytes target     prot opt in     out     source                
destination
   150 28902 RejectAuth  all  --  *      *       0.0.0.0/0             
0.0.0.0/0
   150 28902 dropBcast  all  --  *      *       0.0.0.0/0             
0.0.0.0/0
   150 28902 dropInvalid  all  --  *      *       0.0.0.0/0             
0.0.0.0/0
   150 28902 RejectSMB  all  --  *      *       0.0.0.0/0             
0.0.0.0/0
    51 13112 DropUPnP   all  --  *      *       0.0.0.0/0             
0.0.0.0/0
    51 13112 dropNotSyn  all  --  *      *       0.0.0.0/0             
0.0.0.0/0
    46  5852 DropDNSrep  all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain RejectAuth (2 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 reject     tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp dpt:113

Chain RejectSMB (1 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 reject     udp  --  *      *       0.0.0.0/0             
0.0.0.0/0           udp dpt:135
    99 15790 reject     udp  --  *      *       0.0.0.0/0             
0.0.0.0/0           udp dpts:137:139
     0     0 reject     udp  --  *      *       0.0.0.0/0             
0.0.0.0/0           udp dpt:445
     0     0 reject     tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp dpt:135
     0     0 reject     tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp dpt:139
     0     0 reject     tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp dpt:445

Chain blacklst (2 references)
  pkts bytes target     prot opt in     out     source                
destination

Chain br0_fwd (1 references)
  pkts bytes target     prot opt in     out     source                
destination
  1748 85725 dynamic    all  --  *      *       0.0.0.0/0             
0.0.0.0/0           state INVALID,NEW
25085 6334K loc2net    all  --  *      ppp0    0.0.0.0/0             
0.0.0.0/0
    29  4339 ACCEPT     all  --  *      br0     0.0.0.0/0             
0.0.0.0/0

Chain br0_in (1 references)
  pkts bytes target     prot opt in     out     source                
destination
   129 16326 dynamic    all  --  *      *       0.0.0.0/0             
0.0.0.0/0           state INVALID,NEW
   309 29340 loc2fw     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain dropBcast (2 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 DROP       all  --  *      *       0.0.0.0/0             
0.0.0.0/0           PKTTYPE = broadcast
     0     0 DROP       all  --  *      *       0.0.0.0/0             
0.0.0.0/0           PKTTYPE = multicast

Chain dropInvalid (2 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 DROP       all  --  *      *       0.0.0.0/0             
0.0.0.0/0           state INVALID

Chain dropNotSyn (2 references)
  pkts bytes target     prot opt in     out     source                
destination
     5  7260 DROP       tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp flags:!0x16/0x02

Chain dynamic (4 references)
  pkts bytes target     prot opt in     out     source                
destination

Chain fw2loc (1 references)
  pkts bytes target     prot opt in     out     source                
destination
   233  125K ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0           state RELATED,ESTABLISHED
     0     0 ACCEPT     icmp --  *      *       0.0.0.0/0             
0.0.0.0/0           icmp type 8
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0             
10.0.1.11
   132 20914 Reject     all  --  *      *       0.0.0.0/0             
0.0.0.0/0
    34  5202 reject     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain fw2net (1 references)
  pkts bytes target     prot opt in     out     source                
destination
   182 11583 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0           state RELATED,ESTABLISHED
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp dpt:53
    10   613 ACCEPT     udp  --  *      *       0.0.0.0/0             
0.0.0.0/0           udp dpt:53
    10   840 ACCEPT     icmp --  *      *       0.0.0.0/0             
0.0.0.0/0           icmp type 8
    21  1260 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain icmpdef (0 references)
  pkts bytes target     prot opt in     out     source                
destination

Chain loc2fw (1 references)
  pkts bytes target     prot opt in     out     source                
destination
   180 13014 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0           state RELATED,ESTABLISHED
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp dpt:22
     2   120 ACCEPT     icmp --  *      *       0.0.0.0/0             
0.0.0.0/0           icmp type 8
     7   360 ACCEPT     tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp dpt:3128
   120 15846 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain loc2net (1 references)
  pkts bytes target     prot opt in     out     source                
destination
23366 6253K ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0           state RELATED,ESTABLISHED
  1719 81386 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain net2fw (1 references)
  pkts bytes target     prot opt in     out     source                
destination
   206 93669 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0           state RELATED,ESTABLISHED
     0     0 ACCEPT     icmp --  *      *       0.0.0.0/0             
0.0.0.0/0           icmp type 8
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp dpt:21
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0             
10.0.1.1            tcp dpt:22
     0     0 ACCEPT     udp  --  *      *       0.0.0.0/0             
0.0.0.0/0           udp spt:500 dpt:500
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp dpt:50
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp dpt:51
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           multiport dports 8100,8041
    18  7988 Reject     all  --  *      *       0.0.0.0/0             
0.0.0.0/0
    12   650 reject     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain net2loc (1 references)
  pkts bytes target     prot opt in     out     source                
destination
26680   14M ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0           state RELATED,ESTABLISHED
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0             
10.0.1.20           tcp dpt:4662
     0     0 ACCEPT     udp  --  *      *       0.0.0.0/0             
10.0.1.20           udp dpt:4672
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0             
10.0.1.20           tcp dpt:4762
     0     0 ACCEPT     udp  --  *      *       0.0.0.0/0             
10.0.1.20           udp dpt:4772
  1021 50688 ACCEPT     tcp  --  *      *       0.0.0.0/0             
10.0.1.20           tcp dpt:4862
   607 29932 ACCEPT     udp  --  *      *       0.0.0.0/0             
10.0.1.20           udp dpt:4872
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0             
10.0.1.1            tcp dpt:80
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0             
10.0.1.20           tcp dpts:6881:6889
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0             
10.0.1.101          tcp dpt:80
     0     0 ACCEPT     udp  --  *      *       0.0.0.0/0             
10.0.1.20           udp dpt:5060
     0     0 ACCEPT     udp  --  *      *       0.0.0.0/0             
10.0.1.20           udp dpts:16384:16403
     0     0 Reject     all  --  *      *       0.0.0.0/0             
0.0.0.0/0
     0     0 reject     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain norfc1918 (2 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 rfc1918    all  --  *      *       172.16.0.0/12         
0.0.0.0/0
     0     0 rfc1918    all  --  *      *       0.0.0.0/0             
0.0.0.0/0           ctorigdst 172.16.0.0/12
     0     0 rfc1918    all  --  *      *       192.168.0.0/16        
0.0.0.0/0
     0     0 rfc1918    all  --  *      *       0.0.0.0/0             
0.0.0.0/0           ctorigdst 192.168.0.0/16
     0     0 rfc1918    all  --  *      *       10.0.0.0/8            
0.0.0.0/0
     0     0 rfc1918    all  --  *      *       0.0.0.0/0             
0.0.0.0/0           ctorigdst 10.0.0.0/8

Chain ppp0_fwd (1 references)
  pkts bytes target     prot opt in     out     source                
destination
  1628 80620 dynamic    all  --  *      *       0.0.0.0/0             
0.0.0.0/0           state INVALID,NEW
  1628 80620 blacklst   all  --  *      *       0.0.0.0/0             
0.0.0.0/0           state INVALID,NEW
  1628 80620 norfc1918  all  --  *      *       0.0.0.0/0             
0.0.0.0/0           state NEW
28308   14M net2loc    all  --  *      br0     0.0.0.0/0             
0.0.0.0/0

Chain ppp0_in (1 references)
  pkts bytes target     prot opt in     out     source                
destination
    18  7988 dynamic    all  --  *      *       0.0.0.0/0             
0.0.0.0/0           state INVALID,NEW
    18  7988 blacklst   all  --  *      *       0.0.0.0/0             
0.0.0.0/0           state INVALID,NEW
     0     0 ACCEPT     udp  --  *      *       0.0.0.0/0             
0.0.0.0/0           udp dpts:67:68
    18  7988 norfc1918  all  --  *      *       0.0.0.0/0             
0.0.0.0/0           state NEW
   224  102K net2fw     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain reject (10 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 DROP       all  --  *      *       0.0.0.0/0             
0.0.0.0/0           PKTTYPE = broadcast
     0     0 DROP       all  --  *      *       0.0.0.0/0             
0.0.0.0/0           PKTTYPE = multicast
     0     0 DROP       all  --  *      *       10.0.1.255            
0.0.0.0/0
     0     0 DROP       all  --  *      *       255.255.255.255       
0.0.0.0/0
     0     0 DROP       all  --  *      *       224.0.0.0/4           
0.0.0.0/0
     6   288 REJECT     tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           reject-with tcp-reset
   139 21354 REJECT     udp  --  *      *       0.0.0.0/0             
0.0.0.0/0           reject-with icmp-port-unreachable
     0     0 REJECT     icmp --  *      *       0.0.0.0/0             
0.0.0.0/0           reject-with icmp-host-unreachable
     0     0 REJECT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0           reject-with icmp-host-prohibited

Chain rfc1918 (6 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 ULOG       all  --  *      *       0.0.0.0/0             
0.0.0.0/0           ULOG copy_range 0 nlgroup 1 prefix  
`Shorewall:rfc1918:DROP:' queue_threshold 1
     0     0 DROP       all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain shorewall (0 references)
  pkts bytes target     prot opt in     out     source                
destination

Chain smurfs (0 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 ULOG       all  --  *      *       10.0.1.255            
0.0.0.0/0           ULOG copy_range 0 nlgroup 1 prefix  
`Shorewall:smurfs:DROP:' queue_threshold 1
     0     0 DROP       all  --  *      *       10.0.1.255            
0.0.0.0/0
     0     0 ULOG       all  --  *      *       255.255.255.255       
0.0.0.0/0           ULOG copy_range 0 nlgroup 1 prefix  
`Shorewall:smurfs:DROP:' queue_threshold 1
     0     0 DROP       all  --  *      *       255.255.255.255       
0.0.0.0/0
     0     0 ULOG       all  --  *      *       224.0.0.0/4           
0.0.0.0/0           ULOG copy_range 0 nlgroup 1 prefix  
`Shorewall:smurfs:DROP:' queue_threshold 1
     0     0 DROP       all  --  *      *       224.0.0.0/4           
0.0.0.0/0
+ _________________________
+ iptables -t nat -L -v -n
Chain PREROUTING (policy ACCEPT 121K packets, 12M bytes)
  pkts bytes target     prot opt in     out     source                
destination
  1647 88656 net_dnat   all  --  ppp0   *       0.0.0.0/0             
0.0.0.0/0
  1151 56516 loc_dnat   all  --  br0    *       0.0.0.0/0             
0.0.0.0/0

Chain POSTROUTING (policy ACCEPT 417K packets, 21M bytes)
  pkts bytes target     prot opt in     out     source                
destination
  1143 55319 ppp0_masq  all  --  *      ppp0    0.0.0.0/0             
0.0.0.0/0

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
  pkts bytes target     prot opt in     out     source                
destination

Chain loc_dnat (1 references)
  pkts bytes target     prot opt in     out     source                
destination
     7   360 REDIRECT   tcp  --  *      *       0.0.0.0/0            
!10.0.2.0/24         tcp dpt:80 redir ports 3128

Chain net_dnat (1 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 DNAT       tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp dpt:4662 to:10.0.1.20
     0     0 DNAT       udp  --  *      *       0.0.0.0/0             
0.0.0.0/0           udp dpt:4672 to:10.0.1.20
     0     0 DNAT       tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp dpt:4762 to:10.0.1.20
     0     0 DNAT       udp  --  *      *       0.0.0.0/0             
0.0.0.0/0           udp dpt:4772 to:10.0.1.20
  1022 50736 DNAT       tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp dpt:4862 to:10.0.1.20
   607 29932 DNAT       udp  --  *      *       0.0.0.0/0             
0.0.0.0/0           udp dpt:4872 to:10.0.1.20
     0     0 DNAT       tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp dpt:888 to:10.0.1.1:80
     0     0 DNAT       tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp dpt:222 to:10.0.1.1:22
     0     0 DNAT       tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp dpts:6881:6889 to:10.0.1.20
     0     0 DNAT       tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp dpt:8888 to:10.0.1.101:80
     0     0 DNAT       udp  --  *      *       0.0.0.0/0             
0.0.0.0/0           udp dpt:5060 to:10.0.1.20
     0     0 DNAT       udp  --  *      *       0.0.0.0/0             
0.0.0.0/0           udp dpts:16384:16403 to:10.0.1.20

Chain ppp0_masq (1 references)
  pkts bytes target     prot opt in     out     source                
destination
  1099 52546 MASQUERADE  all  --  *      *       10.0.1.0/24           
0.0.0.0/0
     0     0 MASQUERADE  all  --  *      *       169.254.0.0/16        
0.0.0.0/0
+ _________________________
+ iptables -t mangle -L -v -n
Chain PREROUTING (policy ACCEPT 12M packets, 4246M bytes)
  pkts bytes target     prot opt in     out     source                
destination
54045   21M pretos     all  --  *      *       0.0.0.0/0             
0.0.0.0/0
54039   21M tcpre      all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain INPUT (policy ACCEPT 1434K packets, 257M bytes)
  pkts bytes target     prot opt in     out     source                
destination

Chain FORWARD (policy ACCEPT 10M packets, 3986M bytes)
  pkts bytes target     prot opt in     out     source                
destination
53504   21M tcfor      all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain OUTPUT (policy ACCEPT 2278K packets, 3000M bytes)
  pkts bytes target     prot opt in     out     source                
destination
   607  177K outtos     all  --  *      *       0.0.0.0/0             
0.0.0.0/0
   606  176K tcout      all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain POSTROUTING (policy ACCEPT 12M packets, 6983M bytes)
  pkts bytes target     prot opt in     out     source                
destination
53991   21M tcpost     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain outtos (1 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp dpt:22 TOS set 0x10
   132 66104 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp spt:22 TOS set 0x10
     0     0 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp dpt:21 TOS set 0x10
     0     0 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp spt:21 TOS set 0x10
     0     0 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp spt:20 TOS set 0x08
     0     0 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp dpt:20 TOS set 0x08

Chain pretos (1 references)
  pkts bytes target     prot opt in     out     source                
destination
   135 10044 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp dpt:22 TOS set 0x10
     0     0 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp spt:22 TOS set 0x10
     0     0 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp dpt:21 TOS set 0x10
     0     0 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp spt:21 TOS set 0x10
     0     0 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp spt:20 TOS set 0x08
     0     0 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp dpt:20 TOS set 0x08

Chain tcfor (1 references)
  pkts bytes target     prot opt in     out     source                
destination

Chain tcout (1 references)
  pkts bytes target     prot opt in     out     source                
destination

Chain tcpost (1 references)
  pkts bytes target     prot opt in     out     source                
destination

Chain tcpre (1 references)
  pkts bytes target     prot opt in     out     source                
destination
+ _________________________ proc/modules
+ test -f /proc/modules
+ cat /proc/modules
xfrm4_tunnel 2884 0 - Live 0xe0a85000
lt_serial 25712 1 - Live 0xe0d6d000
lt_modem 567728 3 lt_serial, Live 0xe0df1000
dvb_bt8xx 7236 5 - Live 0xe0ad6000
dvb_core 74736 6 dvb_bt8xx, Live 0xe0b17000
mt352 4996 1 dvb_bt8xx, Live 0xe0ad3000
sp887x 7428 1 dvb_bt8xx, Live 0xe0ab1000
dst 12040 1 dvb_bt8xx, Live 0xe0acf000
bt878 8696 2 dvb_bt8xx,dst, Live 0xe0aa9000
bttv 145488 2 dvb_bt8xx,bt878, Live 0xe0af2000
video_buf 16964 1 bttv, Live 0xe0a9f000
firmware_class 7616 3 dvb_bt8xx,sp887x,bttv, Live 0xe0a7c000
i2c_algo_bit 8328 1 bttv, Live 0xe0a78000
v4l2_common 4864 1 bttv, Live 0xe0a64000
btcx_risc 3720 1 bttv, Live 0xe0a48000
i2c_core 19216 6 dvb_bt8xx,mt352,sp887x,dst,bttv,i2c_algo_bit, Live  
0xe0a7f000
videodev 7232 1 bttv, Live 0xe0a61000
v4l1_compat 12932 0 - Live 0xe0a73000
nfsd 100616 9 - Live 0xe0ab5000
exportfs 4928 1 nfsd, Live 0xe0a45000
lockd 64168 2 nfsd, Live 0xe0a87000
deflate 2688 0 - Live 0xe0a43000
zlib_deflate 21080 1 deflate, Live 0xe0a5a000
twofish 37120 0 - Live 0xe0a68000
serpent 13248 0 - Live 0xe0a55000
aes_i586 38452 0 - Live 0xe0a4a000
blowfish 8000 0 - Live 0xe0a40000
des 11264 0 - Live 0xe09f8000
sha256 8960 0 - Live 0xe0a38000
sha1 8512 0 - Live 0xe0a34000
md5 3648 0 - Live 0xe0974000
crypto_null 1984 0 - Live 0xe0981000
ipcomp 6472 0 - Live 0xe0a26000
esp4 6720 0 - Live 0xe0a23000
ah4 5312 0 - Live 0xe0a20000
af_key 27024 0 - Live 0xe0a2c000
ipt_LOG 6272 3 - Live 0xe0a29000
ipt_TOS 1984 12 - Live 0xe0a1e000
ipt_MASQUERADE 2880 2 - Live 0xe0a1c000
ipt_REDIRECT 1728 1 - Live 0xe0a08000
ipt_REJECT 5632 4 - Live 0xe0a10000
ipt_ULOG 6244 4 - Live 0xe0a0d000
ipt_TCPMSS 3520 1 - Live 0xe09fc000
ipt_state 1472 18 - Live 0xe0a06000
ipt_pkttype 1344 4 - Live 0xe0a04000
ipt_physdev 1808 0 - Live 0xe0a02000
ipt_multiport 1664 1 - Live 0xe0a00000
ipt_conntrack 1984 3 - Live 0xe09fe000
iptable_mangle 2176 1 - Live 0xe0996000
ip_nat_irc 3504 0 - Live 0xe0994000
ip_nat_tftp 2992 0 - Live 0xe097f000
ip_nat_ftp 4144 0 - Live 0xe0991000
iptable_nat 21960 6  
ipt_MASQUERADE,ipt_REDIRECT,ip_nat_irc,ip_nat_tftp,ip_nat_ftp, Live  
0xe09e0000
ip_conntrack_irc 70512 1 ip_nat_irc, Live 0xe09cd000
ip_conntrack_tftp 3056 0 - Live 0xe0908000
ip_conntrack_ftp 71408 1 ip_nat_ftp, Live 0xe09ba000
ip_conntrack 39732 10  
ipt_MASQUERADE,ipt_state,ipt_conntrack,ip_nat_irc,ip_nat_tftp,ip_nat_ftp 
,iptable_nat,ip_conntrack_irc,ip_conntrack_tftp,ip_conntrack_ftp, Live  
0xe0983000
iptable_filter 2176 1 - Live 0xe08f0000
ip_tables 16000 15  
ipt_LOG,ipt_TOS,ipt_MASQUERADE,ipt_REDIRECT,ipt_REJECT,ipt_ULOG,ipt_TCPM 
SS,ipt_state,ipt_pkttype,ipt_physdev,ipt_multiport,ipt_conntrack,iptable 
_mangle,iptable_nat,iptable_filter, Live 0xe08fd000
sunrpc 132388 13 nfsd,lockd, Live 0xe0998000
ppp_synctty 7936 0 - Live 0xe0971000
ppp_async 9024 1 - Live 0xe095c000
crc_ccitt 1664 1 ppp_async, Live 0xe08f2000
ppp_generic 21524 6 ppp_synctty,ppp_async, Live 0xe0918000
slhc 7232 1 ppp_generic, Live 0xe08fa000
8139too 20032 0 - Live 0xe0902000
ath_pci 50912 0 - Live 0xe090a000
ath_rate_onoe 6728 1 ath_pci, Live 0xe0820000
wlan 103964 3 ath_pci,ath_rate_onoe, Live 0xe0941000
ath_hal 131344 2 ath_pci, Live 0xe091f000
via_rhine 18308 0 - Live 0xe08f4000
mii 3904 2 8139too,via_rhine, Live 0xe084f000
crc32 3840 3 dvb_core,8139too,via_rhine, Live 0xe0823000
usblp 10816 0 - Live 0xe083a000
uhci_hcd 29712 0 - Live 0xe0844000
ehci_hcd 26052 0 - Live 0xe0832000
usbcore 102296 4 usblp,uhci_hcd,ehci_hcd, Live 0xe0851000
thermal 10568 0 - Live 0xe0804000
sata_via 4484 6 - Live 0xe081a000
libata 38916 1 sata_via, Live 0xe0827000
+ _________________________ proc/meminfo
+ cat /proc/meminfo
MemTotal:       515788 kB
MemFree:          2908 kB
Buffers:         15932 kB
Cached:         317296 kB
SwapCached:        868 kB
Active:         310204 kB
Inactive:       176300 kB
HighTotal:           0 kB
HighFree:            0 kB
LowTotal:       515788 kB
LowFree:          2908 kB
SwapTotal:     1052216 kB
SwapFree:      1049736 kB
Dirty:             680 kB
Writeback:           0 kB
Mapped:         180520 kB
Slab:            14996 kB
CommitLimit:   1310108 kB
Committed_AS:   504508 kB
CommitAvail:    805600 kB
PageTables:       1896 kB
VmallocTotal:   516056 kB
VmallocUsed:      7984 kB
VmallocChunk:   507528 kB
+ _________________________ proc/net/ipsec-ls
+ test -f /proc/net/ipsec_version
+ _________________________ usr/src/linux/.config
+ test -f /proc/config.gz
++ uname -r
+ test -f /lib/modules/2.6.10-rc1/build/.config
++ uname -r
+ cat /lib/modules/2.6.10-rc1/build/.config
+ egrep  
'CONFIG_NETLINK|CONFIG_IPSEC|CONFIG_NET_KEY|CONFIG_INET|CONFIG_IP'
# CONFIG_NETLINK_DEV is not set
CONFIG_NET_KEY=m
CONFIG_INET=y
CONFIG_IP_MULTICAST=y
CONFIG_IP_ADVANCED_ROUTER=y
CONFIG_IP_MULTIPLE_TABLES=y
CONFIG_IP_ROUTE_FWMARK=y
CONFIG_IP_ROUTE_MULTIPATH=y
CONFIG_IP_ROUTE_VERBOSE=y
# CONFIG_IP_PNP is not set
CONFIG_IP_MROUTE=y
CONFIG_IP_PIMSM_V1=y
CONFIG_IP_PIMSM_V2=y
CONFIG_INET_AH=m
CONFIG_INET_ESP=m
CONFIG_INET_IPCOMP=m
CONFIG_INET_TUNNEL=m
# CONFIG_IP_VS is not set
# CONFIG_IPV6 is not set
CONFIG_IP_NF_CONNTRACK=m
# CONFIG_IP_NF_CT_ACCT is not set
# CONFIG_IP_NF_CONNTRACK_MARK is not set
# CONFIG_IP_NF_CT_PROTO_SCTP is not set
CONFIG_IP_NF_FTP=m
CONFIG_IP_NF_IRC=m
CONFIG_IP_NF_TFTP=m
CONFIG_IP_NF_AMANDA=m
CONFIG_IP_NF_QUEUE=m
CONFIG_IP_NF_IPTABLES=m
CONFIG_IP_NF_MATCH_LIMIT=m
# CONFIG_IP_NF_MATCH_IPRANGE is not set
CONFIG_IP_NF_MATCH_MAC=m
CONFIG_IP_NF_MATCH_PKTTYPE=m
CONFIG_IP_NF_MATCH_MARK=m
CONFIG_IP_NF_MATCH_MULTIPORT=m
CONFIG_IP_NF_MATCH_TOS=m
CONFIG_IP_NF_MATCH_RECENT=m
CONFIG_IP_NF_MATCH_ECN=m
CONFIG_IP_NF_MATCH_DSCP=m
CONFIG_IP_NF_MATCH_AH_ESP=m
CONFIG_IP_NF_MATCH_LENGTH=m
CONFIG_IP_NF_MATCH_TTL=m
CONFIG_IP_NF_MATCH_TCPMSS=m
CONFIG_IP_NF_MATCH_HELPER=m
CONFIG_IP_NF_MATCH_STATE=m
CONFIG_IP_NF_MATCH_CONNTRACK=m
CONFIG_IP_NF_MATCH_OWNER=m
CONFIG_IP_NF_MATCH_PHYSDEV=m
# CONFIG_IP_NF_MATCH_ADDRTYPE is not set
# CONFIG_IP_NF_MATCH_REALM is not set
# CONFIG_IP_NF_MATCH_SCTP is not set
# CONFIG_IP_NF_MATCH_COMMENT is not set
# CONFIG_IP_NF_MATCH_HASHLIMIT is not set
CONFIG_IP_NF_FILTER=m
CONFIG_IP_NF_TARGET_REJECT=m
CONFIG_IP_NF_TARGET_LOG=m
CONFIG_IP_NF_TARGET_ULOG=m
CONFIG_IP_NF_TARGET_TCPMSS=m
CONFIG_IP_NF_NAT=m
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=m
CONFIG_IP_NF_TARGET_REDIRECT=m
# CONFIG_IP_NF_TARGET_NETMAP is not set
# CONFIG_IP_NF_TARGET_SAME is not set
# CONFIG_IP_NF_NAT_LOCAL is not set
CONFIG_IP_NF_NAT_SNMP_BASIC=m
CONFIG_IP_NF_NAT_IRC=m
CONFIG_IP_NF_NAT_FTP=m
CONFIG_IP_NF_NAT_TFTP=m
CONFIG_IP_NF_NAT_AMANDA=m
CONFIG_IP_NF_MANGLE=m
CONFIG_IP_NF_TARGET_TOS=m
CONFIG_IP_NF_TARGET_ECN=m
CONFIG_IP_NF_TARGET_DSCP=m
CONFIG_IP_NF_TARGET_MARK=m
# CONFIG_IP_NF_TARGET_CLASSIFY is not set
# CONFIG_IP_NF_RAW is not set
CONFIG_IP_NF_ARPTABLES=m
CONFIG_IP_NF_ARPFILTER=m
CONFIG_IP_NF_ARP_MANGLE=m
CONFIG_IP_NF_COMPAT_IPCHAINS=m
CONFIG_IP_NF_COMPAT_IPFWADM=m
# CONFIG_IP_SCTP is not set
# CONFIG_IPX is not set
# CONFIG_IPMI_HANDLER is not set
+ _________________________ etc/syslog.conf
+ cat /etc/syslog.conf
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*                                                 /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none                 
/var/log/messages

# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure

# Log all the mail messages in one place.
mail.*                                                  /var/log/maillog


# Log cron stuff
cron.*                                                  /var/log/cron

# Everybody gets emergency messages
*.emerg                                                 *

# Save news errors of level crit and higher in a special file.
uucp,news.crit                                          /var/log/spooler

# Save boot messages also to boot.log
local7.*                                                 
/var/log/boot.log
+ _________________________ etc/resolv.conf
+ cat /etc/resolv.conf
nameserver 203.0.178.191
+ _________________________ lib/modules-ls
+ ls -ltr /lib/modules
total 528
drwxr-xr-x  4 root root   4096 Oct 28 17:58 2.6.5-1.358
-rw-r--r--  1 root root 262144 Oct 29 22:36 ivtv-fw-enc.bin
-rw-r--r--  1 root root 262144 Oct 29 22:36 ivtv-fw-dec.bin
drwxr-xr-x  7 root root   4096 Nov 28 17:34 2.6.10-rc1
+ _________________________ proc/ksyms-netif_rx
+ test -r /proc/ksyms
+ test -r /proc/kallsyms
+ egrep netif_rx /proc/kallsyms
c02cbbd0 T netif_rx
c02cbd70 T netif_rx_ni
c02cbbd0 U netif_rx     [dvb_core]
c02cbbd0 U netif_rx     [ppp_generic]
c02cbbd0 U netif_rx     [ath_pci]
c02cbbd0 U netif_rx     [wlan]
c02cbbd0 U netif_rx     [via_rhine]
+ _________________________ lib/modules-netif_rx
+ modulegoo kernel/net/ipv4/ipip.o netif_rx
+ set +x
2.6.10-rc1:
2.6.5-1.358:
+ _________________________ kern.debug
+ test -f /var/log/kern.debug
+ _________________________ klog
+ sed -n '4422295,$p' /var/log/messages
+ egrep -i 'ipsec|klips|pluto'
+ cat
Nov 30 19:42:17 amber ipsec_setup: Starting Openswan IPsec  
U2.2.0/K2.6.10-rc1...
+ _________________________ plog
+ sed -n '538,$p' /var/log/secure
+ egrep -i pluto
+ cat
Nov 30 19:42:17 amber ipsec__plutorun: Starting Pluto subsystem...
Nov 30 19:42:17 amber pluto[11121]: Starting Pluto (Openswan Version  
2.2.0 X.509-1.5.4 PLUTO_USES_KEYRR)
Nov 30 19:42:17 amber pluto[11121]:   including NAT-Traversal patch  
(Version 0.6c) [disabled]
Nov 30 19:42:17 amber pluto[11121]: ike_alg_register_enc(): Activating  
OAKLEY_AES_CBC: Ok (ret=0)
Nov 30 19:42:17 amber pluto[11121]: Using Linux 2.6 IPsec interface code
Nov 30 19:42:17 amber pluto[11121]: Changing to directory  
'/etc/ipsec.d/cacerts'
Nov 30 19:42:17 amber pluto[11121]: Could not change to directory  
'/etc/ipsec.d/aacerts'
Nov 30 19:42:17 amber pluto[11121]: Changing to directory  
'/etc/ipsec.d/ocspcerts'
Nov 30 19:42:17 amber pluto[11121]: Changing to directory  
'/etc/ipsec.d/crls'
Nov 30 19:42:17 amber pluto[11121]:   Warning: empty directory
Nov 30 19:42:17 amber pluto[11121]: added connection description  
"Tir-Na-Nogth-IM"
Nov 30 19:42:17 amber pluto[11121]: listening for IKE messages
Nov 30 19:42:17 amber pluto[11121]: adding interface ppp0/ppp0  
203.206.236.211
Nov 30 19:42:17 amber pluto[11121]: adding interface br0/br0 10.0.1.1
Nov 30 19:42:17 amber pluto[11121]: adding interface lo/lo 127.0.0.1
Nov 30 19:42:17 amber pluto[11121]: loading secrets from  
"/etc/ipsec.secrets"
+ _________________________ date
+ date
Tue Nov 30 19:50:43 EST 2004



More information about the Users mailing list