[Openswan Users] vpn problem with openswan 2.6.14: STATE_QUICK_I1 had internal error
Oguz Yilmaz
oguzyilmazlist at gmail.com
Fri Dec 12 04:43:02 EST 2008
Actually I have modules loaded. Please check debug file copied below. The
problem should be something else.
Regards,
Oğuz.
Unable to find KLIPS messages, typically found in /var/log/messages or
equivalent. You may need to run Openswan for the first time; alternatively,
your log files have been emptied (ie, logwatch) or we do not understand your
logging configuration.
Unable to find Pluto messages, typically found in /var/log/secure or
equivalent. You may need to run Openswan for the first time; alternatively,
your log files have been emptied (ie, logwatch) or we do not understand your
logging configuration.
app
Sat Dec 6 14:48:25 EET 2008
+ _________________________ version
+ ipsec --version
Linux Openswan U2.6.14/K2.6.18-lbr5.std.3 (netkey)
See `ipsec --copyright' for copyright information.
+ _________________________ /proc/version
+ cat /proc/version
Linux version 2.6.18-lbr5.std.3 (
developer at robin-playground.labristeknoloji.com) (gcc version 4.1.1 20070105
(Red Hat 4.1.1-52)) #1 SMP Fri Oct 31 11:44:34 EET 2008
+ _________________________ /proc/net/ipsec_eroute
+ test -r /proc/net/ipsec_eroute
+ _________________________ netstat-rn
+ netstat -nr
+ head -n 100
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt
Iface
85.85.85.1 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0
eth2
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0
eth1
169.254.1.0 0.0.0.0 255.255.255.0 U 0 0 0
eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0
eth0
0.0.0.0 85.85.85.1 0.0.0.0 UG 0 0 0 ppp0
+ _________________________ /proc/net/ipsec_spi
+ test -r /proc/net/ipsec_spi
+ _________________________ /proc/net/ipsec_spigrp
+ test -r /proc/net/ipsec_spigrp
+ _________________________ /proc/net/ipsec_tncfg
+ test -r /proc/net/ipsec_tncfg
+ _________________________ /proc/net/pfkey
+ test -r /proc/net/pfkey
+ cat /proc/net/pfkey
sk RefCnt Rmem Wmem User Inode
+ _________________________ ip-xfrm-state
+ ip xfrm state
+ _________________________ ip-xfrm-policy
+ ip xfrm policy
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0
+ _________________________ /proc/crypto
+ test -r /proc/crypto
+ cat /proc/crypto
name : deflate
driver : deflate-generic
module : deflate
priority : 0
type : compression
name : tnepres
driver : tnepres-generic
module : serpent
priority : 0
type : cipher
blocksize : 16
min keysize : 0
max keysize : 32
name : serpent
driver : serpent-generic
module : serpent
priority : 0
type : cipher
blocksize : 16
min keysize : 0
max keysize : 32
name : blowfish
driver : blowfish-generic
module : blowfish
priority : 0
type : cipher
blocksize : 8
min keysize : 4
max keysize : 56
name : twofish
driver : twofish-generic
module : twofish
priority : 0
type : cipher
blocksize : 16
min keysize : 16
max keysize : 32
name : md5
driver : md5-generic
module : md5
priority : 0
type : digest
blocksize : 64
digestsize : 16
name : sha256
driver : sha256-generic
module : sha256
priority : 0
type : digest
blocksize : 64
digestsize : 32
name : sha512
driver : sha512-generic
module : sha512
priority : 0
type : digest
blocksize : 128
digestsize : 64
name : sha384
driver : sha384-generic
module : sha512
priority : 0
type : digest
blocksize : 96
digestsize : 48
name : des3_ede
driver : des3_ede-generic
module : des
priority : 0
type : cipher
blocksize : 8
min keysize : 24
max keysize : 24
name : des
driver : des-generic
module : des
priority : 0
type : cipher
blocksize : 8
min keysize : 8
max keysize : 8
name : aes
driver : aes-generic
module : aes_generic
priority : 100
type : cipher
blocksize : 16
min keysize : 16
max keysize : 32
name : aes
driver : aes-i586
module : aes_i586
priority : 200
type : cipher
blocksize : 16
min keysize : 16
max keysize : 32
name : crc32c
driver : crc32c-generic
module : kernel
priority : 0
type : digest
blocksize : 32
digestsize : 4
name : sha1
driver : sha1-generic
module : kernel
priority : 0
type : digest
blocksize : 64
digestsize : 20
+ __________________________/proc/sys/net/core/xfrm-star
/usr/libexec/ipsec/barf: line 191:
__________________________/proc/sys/net/core/xfrm-star: No such file or
directory
+ for i in '/proc/sys/net/core/xfrm_*'
+ echo -n '/proc/sys/net/core/xfrm_acq_expires: '
/proc/sys/net/core/xfrm_acq_expires: + cat
/proc/sys/net/core/xfrm_acq_expires
30
+ for i in '/proc/sys/net/core/xfrm_*'
+ echo -n '/proc/sys/net/core/xfrm_aevent_etime: '
/proc/sys/net/core/xfrm_aevent_etime: + cat
/proc/sys/net/core/xfrm_aevent_etime
10
+ for i in '/proc/sys/net/core/xfrm_*'
+ echo -n '/proc/sys/net/core/xfrm_aevent_rseqth: '
/proc/sys/net/core/xfrm_aevent_rseqth: + cat
/proc/sys/net/core/xfrm_aevent_rseqth
2
+ for i in '/proc/sys/net/core/xfrm_*'
+ echo -n '/proc/sys/net/core/xfrm_larval_drop: '
/proc/sys/net/core/xfrm_larval_drop: + cat
/proc/sys/net/core/xfrm_larval_drop
0
+ _________________________ /proc/sys/net/ipsec-star
+ test -d /proc/sys/net/ipsec
+ _________________________ ipsec/status
+ ipsec auto --status
000 using kernel interface: netkey
000 interface lo/lo 127.0.0.1
000 interface lo/lo 127.0.0.1
000 interface eth0/eth0 169.254.1.1
000 interface eth0/eth0 169.254.1.1
000 interface eth1/eth1 192.168.0.254
000 interface eth1/eth1 192.168.0.254
000 interface eth2/eth2 10.0.0.254
000 interface eth2/eth2 10.0.0.254
000 interface ppp0/ppp0 85.85.85.85
000 interface ppp0/ppp0 85.85.85.85
000 %myid = (none)
000 debug
raw+crypt+parsing+emitting+control+lifecycle+klips+dns+oppo+controlmore+pfkey+nattraversal+x509
000
000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64,
keysizemax=64
000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192,
keysizemax=192
000 algorithm ESP encrypt: id=6, name=ESP_CAST, ivlen=8, keysizemin=40,
keysizemax=128
000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8, keysizemin=40,
keysizemax=448
000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0,
keysizemax=0
000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128,
keysizemax=256
000 algorithm ESP encrypt: id=13, name=ESP_AES_CTR, ivlen=8, keysizemin=128,
keysizemax=256
000 algorithm ESP encrypt: id=14, name=ESP_AES_CCM_A, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=15, name=ESP_AES_CCM_B, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=16, name=ESP_AES_CCM_C, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=18, name=ESP_AES_GCM_A, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=19, name=ESP_AES_GCM_B, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=20, name=ESP_AES_GCM_C, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5,
keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1,
keysizemin=160, keysizemax=160
000 algorithm ESP auth attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256,
keysizemin=256, keysizemax=256
000 algorithm ESP auth attr: id=8, name=AUTH_ALGORITHM_HMAC_RIPEMD,
keysizemin=160, keysizemax=160
000 algorithm ESP auth attr: id=9, name=AUTH_ALGORITHM_AES_CBC,
keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=251, name=(null), keysizemin=0, keysizemax=0
000
000 algorithm IKE encrypt: id=0, name=(null), blocksize=16, keydeflen=131
000 algorithm IKE encrypt: id=3, name=OAKLEY_BLOWFISH_CBC, blocksize=8,
keydeflen=128
000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8,
keydeflen=192
000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16,
keydeflen=128
000 algorithm IKE encrypt: id=65004, name=OAKLEY_SERPENT_CBC, blocksize=16,
keydeflen=128
000 algorithm IKE encrypt: id=65005, name=OAKLEY_TWOFISH_CBC, blocksize=16,
keydeflen=128
000 algorithm IKE encrypt: id=65289, name=OAKLEY_TWOFISH_CBC_SSH,
blocksize=16, keydeflen=128
000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20
000 algorithm IKE hash: id=4, name=OAKLEY_SHA2_256, hashsize=32
000 algorithm IKE hash: id=6, name=OAKLEY_SHA2_512, hashsize=64
000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
000
000 stats db_ops: {curr_cnt, total_cnt, maxsz} :context={0,2,36}
trans={0,2,1080} attrs={0,2,1440}
000
000 "product": 10.0.0.0/24===85.85.85.85
<85.85.85.85>[+S=C]---85.85.85.1...85.105.105.105<85.105.105.105>[+S=C]===
192.168.1.0/24; unrouted; eroute owner: #0
000 "product": myip=unset; hisip=unset;
000 "product": ike_life: 28800s; ipsec_life: 28800s; rekey_margin: 540s;
rekey_fuzz: 100%; keyingtries: 3
000 "product": policy: PSK+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW+lKOD+rKOD;
prio: 24,24; interface: ppp0;
000 "product": newest ISAKMP SA: #0; newest IPsec SA: #0;
000 "product": ESP algorithms wanted: 3DES(3)_000-MD5(1); flags=-strict
000 "product": ESP algorithms loaded: 3DES(3)_192-MD5(1)_096
000
000 #2: "product":500 STATE_QUICK_I1 (sent QI1, expecting QR1);
EVENT_CRYPTO_FAILED in 82s; nodpd; idle; import:admin initiate
000
+ _________________________ ifconfig-a
+ ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:1D:92:26:BD:C2
inet addr:169.254.1.1 Bcast:169.254.1.255 Mask:255.255.255.0
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Interrupt:233 Base address:0x2800
eth1 Link encap:Ethernet HWaddr 00:0C:42:07:48:0C
inet addr:192.168.0.254 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:727381 errors:0 dropped:0 overruns:0 frame:0
TX packets:613391 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:735101802 (701.0 MiB) TX bytes:120147368 (114.5 MiB)
Interrupt:50 Base address:0x4c00
eth2 Link encap:Ethernet HWaddr 00:0C:42:07:48:0D
inet addr:10.0.0.254 Bcast:10.0.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:646562 errors:0 dropped:0 overruns:0 frame:0
TX packets:741828 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:108466049 (103.4 MiB) TX bytes:728851608 (695.0 MiB)
Interrupt:58 Base address:0x6800
eth3 Link encap:Ethernet HWaddr 00:0C:42:07:48:0E
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Interrupt:66 Base address:0x8400
eth4 Link encap:Ethernet HWaddr 00:0C:42:07:48:0F
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Interrupt:74 Base address:0xa000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:466865 errors:0 dropped:0 overruns:0 frame:0
TX packets:466865 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:65724782 (62.6 MiB) TX bytes:65724782 (62.6 MiB)
ppp0 Link encap:Point-to-Point Protocol
inet addr:85.85.85.85 P-t-P:85.85.85.1 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
RX packets:722536 errors:0 dropped:0 overruns:0 frame:0
TX packets:608081 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:718910768 (685.6 MiB) TX bytes:106548724 (101.6 MiB)
+ _________________________ ip-addr-list
+ ip addr list
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
2: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen
1000
link/ether 00:1d:92:26:bd:c2 brd ff:ff:ff:ff:ff:ff
inet 169.254.1.1/24 brd 169.254.1.255 scope global eth0
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen
1000
link/ether 00:0c:42:07:48:0c brd ff:ff:ff:ff:ff:ff
inet 192.168.0.254/24 brd 192.168.0.255 scope global eth1
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen
1000
link/ether 00:0c:42:07:48:0d brd ff:ff:ff:ff:ff:ff
inet 10.0.0.254/24 brd 10.0.0.255 scope global eth2
5: eth3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 1000
link/ether 00:0c:42:07:48:0e brd ff:ff:ff:ff:ff:ff
6: eth4: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 1000
link/ether 00:0c:42:07:48:0f brd ff:ff:ff:ff:ff:ff
8: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc pfifo_fast
qlen 3
link/ppp
inet 85.85.85.85 peer 85.85.85.1/32 scope global ppp0
+ _________________________ ip-route-list
+ ip route list
85.85.85.1 dev ppp0 scope link
10.0.0.0/24 dev eth2 proto kernel scope link src 10.0.0.254
192.168.0.0/24 dev eth1 proto kernel scope link src 192.168.0.254
169.254.1.0/24 dev eth0 proto kernel scope link src 169.254.1.1
169.254.0.0/16 dev eth0 scope link
default via 85.85.85.1 dev ppp0
+ _________________________ ip-rule-list
+ ip rule list
0: from all lookup 255
32766: from all lookup main
32767: from all lookup default
+ _________________________ ipsec_verify
+ ipsec verify --nocolour
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.6.14/K2.6.18-lbr5.std.3 (netkey)
Checking for IPsec support in kernel [OK]
NETKEY detected, testing for disabled ICMP send_redirects [FAILED]
Please disable /proc/sys/net/ipv4/conf/*/send_redirects
or NETKEY will cause the sending of bogus ICMP redirects!
NETKEY detected, testing for disabled ICMP accept_redirects [FAILED]
Please disable /proc/sys/net/ipv4/conf/*/accept_redirects
or NETKEY will accept bogus ICMP redirects!
Checking for RSA private key (/etc/ipsec.secrets) [OK]
Checking that pluto is running [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking NAT and MASQUERADEing
Checking for 'ip' command [OK]
Checking for 'iptables' command [OK]
Opportunistic Encryption Support [DISABLED]
+ _________________________ mii-tool
+ '[' -x /sbin/mii-tool ']'
+ /sbin/mii-tool -v
eth0: no link
product info: vendor 00:00:20, model 32 rev 1
basic mode: autonegotiation enabled
basic status: no link
capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
eth1: negotiated 100baseTx-FD, link ok
product info: vendor 00:40:63, model 52 rev 5
basic mode: autonegotiation enabled
basic status: autonegotiation complete, link ok
capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control
link partner: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
eth2: negotiated 100baseTx-FD, link ok
product info: vendor 00:40:63, model 52 rev 5
basic mode: autonegotiation enabled
basic status: autonegotiation complete, link ok
capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control
link partner: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
SIOCGMIIPHY on 'eth3' failed: Invalid argument
SIOCGMIIPHY on 'eth4' failed: Invalid argument
+ _________________________ ipsec/directory
+ ipsec --directory
/usr/libexec/ipsec
+ _________________________ hostname/fqdn
+ hostname --fqdn
localhost.localdomain
+ _________________________ hostname/ipaddress
+ hostname --ip-address
127.0.0.1
+ _________________________ uptime
+ uptime
14:48:26 up 22:59, 2 users, load average: 1.35, 1.14, 1.08
+ _________________________ ps
+ ps alxwf
+ egrep -i 'ppid|pluto|ipsec|klips'
F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME COMMAND
0 0 17069 23358 25 0 4484 1128 wait S+ pts/3 0:00
| \_ /bin/sh /usr/libexec/ipsec/barf
0 0 17239 17069 25 0 1832 480 stext S+ pts/3 0:00
| \_ egrep -i ppid|pluto|ipsec|klips
1 0 15357 1 25 0 2444 416 wait S pts/3 0:00 /bin/sh
/usr/libexec/ipsec/_plutorun --debug all raw crypt parsing emitting control
lifecycle klips dns oppo controlmore x509 pfkey nattraversal --uniqueids yes
--force_busy no --nocrsend no --strictcrlpolicy --nat_traversal yes
--keep_alive --protostack netkey --force_keepalive
--disable_port_floating --virtual_private --crlcheckinterval 0 --ocspuri
--nhelpers --dump --opts --stderrlog --wait no --pre --post --log
daemon.error --plutorestartoncrash false --pid /var/run/pluto/pluto.pid
1 0 15358 15357 25 0 2444 548 wait S pts/3 0:00 \_
/bin/sh /usr/libexec/ipsec/_plutorun --debug all raw crypt parsing emitting
control lifecycle klips dns oppo controlmore x509 pfkey nattraversal
--uniqueids yes --force_busy no --nocrsend no --strictcrlpolicy
--nat_traversal yes --keep_alive --protostack netkey --force_keepalive
--disable_port_floating --virtual_private --crlcheckinterval 0 --ocspuri
--nhelpers --dump --opts --stderrlog --wait no --pre --post --log
daemon.error --plutorestartoncrash false --pid /var/run/pluto/pluto.pid
4 0 15359 15358 17 0 3168 1508 - S pts/3 0:00 | \_
/usr/libexec/ipsec/pluto --nofork --secretsfile /etc/ipsec.secrets
--debug-all --debug-raw --debug-crypt --debug-parsing --debug-emitting
--debug-control --debug-lifecycle --debug-klips --debug-dns --debug-oppo
--debug-controlmore --debug-x509 --debug-pfkey --debug-nattraversal
--use-netkey --uniqueids --nat_traversal
1 0 15369 15359 26 10 3108 748 - SN pts/3 0:00
| \_ pluto helper #
0
0 0 15383 15359 25 0 1588 288 - S pts/3 0:00
| \_ _pluto_adns -d
0 0 15360 15357 25 0 2444 1036 pipe_w S pts/3 0:00 \_
/bin/sh /usr/libexec/ipsec/_plutoload --wait no --post
0 0 15361 1 24 0 1652 492 pipe_w S pts/3 0:00 logger
-s -p daemon.error -t ipsec__plutorun
+ _________________________ ipsec/showdefaults
+ ipsec showdefaults
ipsec showdefaults: cannot find defaults file `/var/run/pluto/ipsec.info'
+ _________________________ ipsec/conf
+ ipsec _include /etc/ipsec.conf
+ ipsec _keycensor
#< /etc/ipsec.conf 1
# Created by Labris Management Console / VPN.
# Do NOT change settings in this file.
# 12.06.2008 - 12:17:52 PM
version 2.0
config setup
interfaces="ipsec0=ppp0"
klipsdebug=all
plutodebug=all
nat_traversal=yes
uniqueids=yes
protostack=netkey
conn %default
auto=add
conn product
authby=secret
auth=esp
esp=3des-md5-96
left=85.85.85.85
leftsubnet=10.0.0.0/24
right=85.105.105.105
rightsubnet=192.168.1.0/24
leftnexthop=85.85.85.1
disablearrivalcheck=no
pfs=yes
auto=add
keyexchange=ike
keyingtries=3
ikelifetime=28800s
keylife=28800s
##conn labris.l2tp
#< /etc/ipsec.d/no_oe.conf 1
# 'include' this file to disable Opportunistic Encryption.
# See /usr/share/doc/openswan/policygroups.html for details.
#
# RCSID $Id: no_oe.conf.in,v 1.2 2004/10/03 19:33:10 paul Exp $
conn block
auto=ignore
conn private
auto=ignore
conn private-or-clear
auto=ignore
conn clear-or-private
auto=ignore
conn clear
auto=ignore
conn packetdefault
auto=ignore
#> /etc/ipsec.conf 39
+ _________________________ ipsec/secrets
+ ipsec _include /etc/ipsec.secrets
+ ipsec _secretcensor
#< /etc/ipsec.secrets 1
85.85.85.85 85.105.105.105 : PSK "[sums to 9a70...]"
#:cannot open configuration file \'/etc/ipsec.*.secrets\'
#> /etc/ipsec.secrets 4
+ _________________________ ipsec/listall
+ ipsec auto --listall
000
000 List of Public Keys:
000
000 List of Pre-shared secrets (from /etc/ipsec.secrets)
000 1: PSK 85.105.105.105 85.85.85.85
000
000 List of X.509 CA Certificates:
000
000 Dec 06 14:44:12 2008, count: 1
000 subject: 'C=TR, L=Istanbul, O=Soya, OU=Bim, CN=labris, E=
soya at labris.com'
000 issuer: 'C=TR, L=Istanbul, O=Soya, OU=Bim, CN=labris, E=
soya at labris.com'
000 serial: 00
000 pubkey: 1024 RSA Key AwEAAaJ/h
000 validity: not before Aug 08 15:40:42 2005 ok
000 not after Aug 08 15:40:42 2006 fatal (expired)
000 subjkey:
79:2a:e1:92:9f:ee:84:40:5d:83:66:cb:8d:28:63:ec:d4:55:ab:0a
000 authkey:
79:2a:e1:92:9f:ee:84:40:5d:83:66:cb:8d:28:63:ec:d4:55:ab:0a
000 aserial: 00
+ '[' /etc/ipsec.d/policies ']'
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/block
+ base=block
+ _________________________ ipsec/policies/block
+ cat /etc/ipsec.d/policies/block
# This file defines the set of CIDRs (network/mask-length) to which
# communication should never be allowed.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: block.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/clear
+ base=clear
+ _________________________ ipsec/policies/clear
+ cat /etc/ipsec.d/policies/clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be in the clear.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# root name servers should be in the clear
192.58.128.30/32
198.41.0.4/32
192.228.79.201/32
192.33.4.12/32
128.8.10.90/32
192.203.230.10/32
192.5.5.241/32
192.112.36.4/32
128.63.2.53/32
192.36.148.17/32
193.0.14.129/32
199.7.83.42/32
202.12.27.33/32
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/clear-or-private
+ base=clear-or-private
+ _________________________ ipsec/policies/clear-or-private
+ cat /etc/ipsec.d/policies/clear-or-private
# This file defines the set of CIDRs (network/mask-length) to which
# we will communicate in the clear, or, if the other side initiates IPSEC,
# using encryption. This behaviour is also called "Opportunistic
Responder".
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: clear-or-private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/private
+ base=private
+ _________________________ ipsec/policies/private
+ cat /etc/ipsec.d/policies/private
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be private (i.e. encrypted).
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/private-or-clear
+ base=private-or-clear
+ _________________________ ipsec/policies/private-or-clear
+ cat /etc/ipsec.d/policies/private-or-clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should be private, if possible, but in the clear otherwise.
#
# If the target has a TXT (later IPSECKEY) record that specifies
# authentication material, we will require private (i.e. encrypted)
# communications. If no such record is found, communications will be
# in the clear.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: private-or-clear.in,v 1.5 2003/02/17 02:22:15 mcr Exp $
#
0.0.0.0/0
+ _________________________ ipsec/ls-libdir
+ ls -l /usr/libexec/ipsec
total 2272
-rwxr-xr-x 1 root root 5996 Jun 22 05:03 _copyright
-rwxr-xr-x 1 root root 2379 Jun 22 05:03 _include
-rwxr-xr-x 1 root root 1475 Jun 22 05:03 _keycensor
-rwxr-xr-x 1 root root 10028 Jun 22 05:03 _pluto_adns
-rwxr-xr-x 1 root root 2632 Jun 22 05:03 _plutoload
-rwxr-xr-x 1 root root 7602 Jun 22 05:03 _plutorun
-rwxr-xr-x 1 root root 13746 Jun 22 05:03 _realsetup
-rwxr-xr-x 1 root root 1975 Jun 22 05:03 _secretcensor
-rwxr-xr-x 1 root root 9752 Jun 22 05:03 _startklips
-rwxr-xr-x 1 root root 9752 Jun 22 05:03 _startklips.old
-rwxr-xr-x 1 root root 4988 Jun 22 05:03 _startnetkey
-rwxr-xr-x 1 root root 4949 Jun 22 05:03 _updown
-rwxr-xr-x 1 root root 14030 Jun 22 05:03 _updown.klips
-rwxr-xr-x 1 root root 14030 Jun 22 05:03 _updown.klips.old
-rwxr-xr-x 1 root root 13739 Jun 22 05:03 _updown.mast
-rwxr-xr-x 1 root root 13739 Jun 22 05:03 _updown.mast.old
-rwxr-xr-x 1 root root 8337 Jun 22 05:03 _updown.netkey
-rwxr-xr-x 1 root root 183808 Jun 22 05:03 addconn
-rwxr-xr-x 1 root root 6129 Jun 22 05:03 auto
-rwxr-xr-x 1 root root 10758 Jun 22 05:03 barf
-rwxr-xr-x 1 root root 90028 Jun 22 05:03 eroute
-rwxr-xr-x 1 root root 20072 Jun 22 05:03 ikeping
-rwxr-xr-x 1 root root 69744 Jun 22 05:03 klipsdebug
-rwxr-xr-x 1 root root 1836 Jun 22 05:03 livetest
-rwxr-xr-x 1 root root 2591 Jun 22 05:03 look
-rwxr-xr-x 1 root root 1921 Jun 22 05:03 newhostkey
-rwxr-xr-x 1 root root 60780 Jun 22 05:03 pf_key
-rwxr-xr-x 1 root root 982244 Jun 22 05:03 pluto
-rwxr-xr-x 1 root root 10176 Jun 22 05:03 ranbits
-rwxr-xr-x 1 root root 20532 Jun 22 05:03 rsasigkey
-rwxr-xr-x 1 root root 766 Jun 22 05:03 secrets
lrwxrwxrwx 1 root root 30 Dec 6 14:31 setup ->
../../../etc/rc.d/init.d/ipsec
-rwxr-xr-x 1 root root 1054 Jun 22 05:03 showdefaults
-rwxr-xr-x 1 root root 219660 Jun 22 05:03 showhostkey
-rwxr-xr-x 1 root root 22684 Jun 22 05:03 showpolicy
-rwxr-xr-x 1 root root 148008 Jun 22 05:03 spi
-rwxr-xr-x 1 root root 77276 Jun 22 05:03 spigrp
-rwxr-xr-x 1 root root 69384 Jun 22 05:03 tncfg
-rwxr-xr-x 1 root root 12526 Jun 22 05:03 verify
-rwxr-xr-x 1 root root 50568 Jun 22 05:03 whack
+ _________________________ ipsec/ls-execdir
+ ls -l /usr/libexec/ipsec
total 2272
-rwxr-xr-x 1 root root 5996 Jun 22 05:03 _copyright
-rwxr-xr-x 1 root root 2379 Jun 22 05:03 _include
-rwxr-xr-x 1 root root 1475 Jun 22 05:03 _keycensor
-rwxr-xr-x 1 root root 10028 Jun 22 05:03 _pluto_adns
-rwxr-xr-x 1 root root 2632 Jun 22 05:03 _plutoload
-rwxr-xr-x 1 root root 7602 Jun 22 05:03 _plutorun
-rwxr-xr-x 1 root root 13746 Jun 22 05:03 _realsetup
-rwxr-xr-x 1 root root 1975 Jun 22 05:03 _secretcensor
-rwxr-xr-x 1 root root 9752 Jun 22 05:03 _startklips
-rwxr-xr-x 1 root root 9752 Jun 22 05:03 _startklips.old
-rwxr-xr-x 1 root root 4988 Jun 22 05:03 _startnetkey
-rwxr-xr-x 1 root root 4949 Jun 22 05:03 _updown
-rwxr-xr-x 1 root root 14030 Jun 22 05:03 _updown.klips
-rwxr-xr-x 1 root root 14030 Jun 22 05:03 _updown.klips.old
-rwxr-xr-x 1 root root 13739 Jun 22 05:03 _updown.mast
-rwxr-xr-x 1 root root 13739 Jun 22 05:03 _updown.mast.old
-rwxr-xr-x 1 root root 8337 Jun 22 05:03 _updown.netkey
-rwxr-xr-x 1 root root 183808 Jun 22 05:03 addconn
-rwxr-xr-x 1 root root 6129 Jun 22 05:03 auto
-rwxr-xr-x 1 root root 10758 Jun 22 05:03 barf
-rwxr-xr-x 1 root root 90028 Jun 22 05:03 eroute
-rwxr-xr-x 1 root root 20072 Jun 22 05:03 ikeping
-rwxr-xr-x 1 root root 69744 Jun 22 05:03 klipsdebug
-rwxr-xr-x 1 root root 1836 Jun 22 05:03 livetest
-rwxr-xr-x 1 root root 2591 Jun 22 05:03 look
-rwxr-xr-x 1 root root 1921 Jun 22 05:03 newhostkey
-rwxr-xr-x 1 root root 60780 Jun 22 05:03 pf_key
-rwxr-xr-x 1 root root 982244 Jun 22 05:03 pluto
-rwxr-xr-x 1 root root 10176 Jun 22 05:03 ranbits
-rwxr-xr-x 1 root root 20532 Jun 22 05:03 rsasigkey
-rwxr-xr-x 1 root root 766 Jun 22 05:03 secrets
lrwxrwxrwx 1 root root 30 Dec 6 14:31 setup ->
../../../etc/rc.d/init.d/ipsec
-rwxr-xr-x 1 root root 1054 Jun 22 05:03 showdefaults
-rwxr-xr-x 1 root root 219660 Jun 22 05:03 showhostkey
-rwxr-xr-x 1 root root 22684 Jun 22 05:03 showpolicy
-rwxr-xr-x 1 root root 148008 Jun 22 05:03 spi
-rwxr-xr-x 1 root root 77276 Jun 22 05:03 spigrp
-rwxr-xr-x 1 root root 69384 Jun 22 05:03 tncfg
-rwxr-xr-x 1 root root 12526 Jun 22 05:03 verify
-rwxr-xr-x 1 root root 50568 Jun 22 05:03 whack
+ _________________________ /proc/net/dev
+ cat /proc/net/dev
Inter-| Receive | Transmit
face |bytes packets errs drop fifo frame compressed multicast|bytes
packets errs drop fifo colls carrier compressed
lo:65724782 466865 0 0 0 0 0 0 65724782
466865 0 0 0 0 0 0
eth0: 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0
eth1:735126767 727400 0 0 0 0 0 0
120148705 613403 0 0 0 0 0 0
eth2:108467344 646574 0 0 0 0 0 0
728876421 741847 0 0 0 0 0 0
eth3: 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0
eth4: 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0
ppp0:718935315 722555 0 0 0 0 0 0
106549797 608093 0 0 0 0 0 0
+ _________________________ /proc/net/route
+ cat /proc/net/route
Iface Destination Gateway Flags RefCnt Use Metric
Mask MTU Window
IRTT
ppp0 01946955 00000000 0005 0 0 0 FFFFFFFF 0 0
0
eth2 0000000A 00000000 0001 0 0 0 00FFFFFF 0 0
0
eth1 0000A8C0 00000000 0001 0 0 0 00FFFFFF 0 0
0
eth0 0001FEA9 00000000 0001 0 0 0 00FFFFFF 0 0
0
eth0 0000FEA9 00000000 0001 0 0 0 0000FFFF 0 0
0
ppp0 00000000 01946955 0003 0 0 0 00000000 0 0
0
+ _________________________ /proc/sys/net/ipv4/ip_no_pmtu_disc
+ cat /proc/sys/net/ipv4/ip_no_pmtu_disc
0
+ _________________________ /proc/sys/net/ipv4/ip_forward
+ cat /proc/sys/net/ipv4/ip_forward
1
+ _________________________ /proc/sys/net/ipv4/tcp_ecn
+ cat /proc/sys/net/ipv4/tcp_ecn
0
+ _________________________ /proc/sys/net/ipv4/conf/star-rp_filter
+ cd /proc/sys/net/ipv4/conf
+ egrep '^' all/rp_filter default/rp_filter eth0/rp_filter eth1/rp_filter
eth2/rp_filter lo/rp_filter ppp0/rp_filter
all/rp_filter:0
default/rp_filter:1
eth0/rp_filter:1
eth1/rp_filter:1
eth2/rp_filter:1
lo/rp_filter:0
ppp0/rp_filter:1
+ _________________________ /proc/sys/net/ipv4/conf/star-star-redirects
+ cd /proc/sys/net/ipv4/conf
+ egrep '^' all/accept_redirects all/secure_redirects all/send_redirects
default/accept_redirects default/secure_redirects default/send_redirects
eth0/accept_redirects eth0/secure_redirects eth0/send_redirects
eth1/accept_redirects eth1/secure_redirects eth1/send_redirects
eth2/accept_redirects eth2/secure_redirects eth2/send_redirects
lo/accept_redirects lo/secure_redirects lo/send_redirects
ppp0/accept_redirects ppp0/secure_redirects ppp0/send_redirects
all/accept_redirects:0
all/secure_redirects:1
all/send_redirects:1
default/accept_redirects:1
default/secure_redirects:1
default/send_redirects:1
eth0/accept_redirects:1
eth0/secure_redirects:1
eth0/send_redirects:1
eth1/accept_redirects:1
eth1/secure_redirects:1
eth1/send_redirects:1
eth2/accept_redirects:1
eth2/secure_redirects:1
eth2/send_redirects:1
lo/accept_redirects:1
lo/secure_redirects:1
lo/send_redirects:1
ppp0/accept_redirects:1
ppp0/secure_redirects:1
ppp0/send_redirects:1
+ _________________________ /proc/sys/net/ipv4/tcp_window_scaling
+ cat /proc/sys/net/ipv4/tcp_window_scaling
1
+ _________________________ /proc/sys/net/ipv4/tcp_adv_win_scale
+ cat /proc/sys/net/ipv4/tcp_adv_win_scale
2
+ _________________________ uname-a
+ uname -a
Linux app 2.6.18-lbr5.std.3 #1 SMP Fri Oct 31 11:44:34 EET 2008 i686 i686
i386 GNU/Linux
+ _________________________ config-built-with
+ test -r /proc/config_built_with
+ _________________________ distro-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release
/etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/redhat-release
+ cat /etc/redhat-release
Labris release 1.5.5
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release
/etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/debian-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release
/etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/SuSE-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release
/etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/mandrake-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release
/etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/mandriva-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release
/etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/gentoo-release
+ _________________________ /proc/net/ipsec_version
+ test -r /proc/net/ipsec_version
+ test -r /proc/net/pfkey
++ uname -r
+ echo 'NETKEY (2.6.18-lbr5.std.3) support detected '
NETKEY (2.6.18-lbr5.std.3) support detected
+ _________________________ iptables
+ test -r /sbin/iptables
+ iptables -L -v -n
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
33647 6151K ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0
48314 6634K ACCEPT all -- lo * 0.0.0.0/0
0.0.0.0/0
108 5171 console_input_custom_chain icmp -- * *
0.0.0.0/0
0.0.0.0/0
10094 705K console_input_custom_chain tcp -- * *
0.0.0.0/0
0.0.0.0/0 tcp dpt:22
0 0 console_input_custom_chain tcp -- * *
0.0.0.0/0
0.0.0.0/0 tcp dpt:81
392 37991 console_input_custom_chain tcp -- * *
0.0.0.0/0
0.0.0.0/0 tcp dpt:4000
11524 1255K BADPACKETS all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT all -- lo * 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT all -- eth1 * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
4614 515K ACCEPT all -- eth2 * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT all -- eth3 * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT all -- eth4 * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT all -- eth0 * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT all -- lo * 0.0.0.0/0
0.0.0.0/0
6905 739K BADPACKETS all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT all -- lo * 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT all -- eth1 * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT all -- eth2 * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT all -- eth3 * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT all -- eth4 * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT all -- eth0 * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT all -- lo * 0.0.0.0/0
0.0.0.0/0
6905 739K auto-auth all -- * * 0.0.0.0/0
0.0.0.0/0
6905 739K Application_Rules all -- * * 0.0.0.0/0
0.0.0.0/0
1159 159K ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
19 2811 General_Rule_0 all -- * * 10.0.0.24
0.0.0.0/0 state NEW
74 9852 General_Rule_0 all -- * * 10.0.0.100
0.0.0.0/0 state NEW
35 3966 General_Rule_0 all -- * * 10.0.0.21
0.0.0.0/0 state NEW
0 0 General_Rule_1 all -- * * 81.81.81.81
0.0.0.0/0 state NEW
0 0 General_Rule_1 all -- * * 85.85.85.85
0.0.0.0/0 state NEW
24 6024 General_Rule_1 all -- * * 10.0.0.254
0.0.0.0/0 state NEW
24 6024 General_Rule_1 all -- * * 192.168.0.254
0.0.0.0/0 state NEW
0 0 General_Rule_2 tcp -- * * 0.0.0.0/0
10.0.0.200 tcp dpt:25 state NEW
0 0 General_Rule_2 tcp -- * * 0.0.0.0/0
10.0.0.200 tcp dpt:80 state NEW
0 0 General_Rule_2 tcp -- * * 0.0.0.0/0
85.85.85.85 tcp dpt:25 state NEW
0 0 General_Rule_2 tcp -- * * 0.0.0.0/0
85.85.85.85 tcp dpt:80 state NEW
0 0 General_Rule_3 tcp -- * * 10.0.0.0/24
0.0.0.0/0 tcp dpt:3389 state NEW
2012 196K General_Rule_4 all -- * * 10.0.0.0/24
10.0.0.0/24 state NEW
0 0 General_Rule_4 all -- * * 10.0.0.0/24
192.168.1.0/24 state NEW
0 0 General_Rule_4 all -- * * 192.168.1.0/24
10.0.0.0/24 state NEW
0 0 General_Rule_4 all -- * * 192.168.1.0/24
192.168.1.0/24 state NEW
0 0 General_Rule_5 tcp -- * * 10.0.0.0/24
0.0.0.0/0 tcp dpt:80 state NEW
0 0 General_Rule_5 tcp -- * * 10.0.0.0/24
0.0.0.0/0 tcp dpt:443 state NEW
0 0 General_Rule_5 tcp -- * * 10.0.0.0/24
0.0.0.0/0 tcp dpt:25 state NEW
0 0 General_Rule_5 tcp -- * * 10.0.0.0/24
0.0.0.0/0 tcp dpt:465 state NEW
0 0 General_Rule_5 udp -- * * 10.0.0.0/24
0.0.0.0/0 udp dpt:53 state NEW
0 0 General_Rule_5 tcp -- * * 10.0.0.0/24
0.0.0.0/0 tcp dpt:53 state NEW
0 0 General_Rule_6 tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:1352 state NEW
0 0 General_Rule_7 udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpts:1700:1702 state NEW
0 0 General_Rule_7 udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:4500 state NEW
0 0 General_Rule_7 udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:500 state NEW
0 0 General_Rule_7 esp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW
0 0 General_Rule_7 ah -- * * 0.0.0.0/0
0.0.0.0/0 state NEW
0 0 General_Rule_7 tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:4500 state NEW
0 0 General_Rule_7 tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:500 state NEW
0 0 General_Rule_7 tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpts:1700:1702 state NEW
0 0 General_Rule_8 tcp -- * * 0.0.0.0/0
10.0.0.111 tcp dpt:3366 state NEW
0 0 General_Rule_8 tcp -- * * 0.0.0.0/0
10.0.0.111 tcp dpt:4866 state NEW
0 0 General_Rule_10 tcp -- * * 0.0.0.0/0
10.0.0.200 tcp dpt:3355 state NEW
0 0 General_Rule_12 tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:1863 state NEW
0 0 General_Rule_12 tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpts:6891:6900 state NEW
3558 356K General_Rule_13 all -- * * 0.0.0.0/0
0.0.0.0/0 state NEW
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 6 prefix `_lfp_ Default --DENY'
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
153K 89M ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0
353K 236M BADPACKETS all -- * * 0.0.0.0/0
0.0.0.0/0
191K 213M ppp0_custom_chain all -- ppp0 * 0.0.0.0/0
0.0.0.0/0
0 0 eth4_custom_chain all -- eth4 * 0.0.0.0/0
0.0.0.0/0
0 0 eth3_custom_chain all -- eth3 * 0.0.0.0/0
0.0.0.0/0
162K 23M eth2_custom_chain all -- eth2 * 0.0.0.0/0
0.0.0.0/0
191K 213M ppp0_custom_chain all -- ppp0 * 0.0.0.0/0
0.0.0.0/0
0 0 eth1_custom_chain all -- eth1 * 0.0.0.0/0
0.0.0.0/0
0 0 eth0_custom_chain all -- eth0 * 0.0.0.0/0
0.0.0.0/0
353K 236M BADPACKETS all -- * * 0.0.0.0/0
0.0.0.0/0
191K 213M ppp0_custom_chain all -- ppp0 * 0.0.0.0/0
0.0.0.0/0
0 0 eth4_custom_chain all -- eth4 * 0.0.0.0/0
0.0.0.0/0
0 0 eth3_custom_chain all -- eth3 * 0.0.0.0/0
0.0.0.0/0
162K 23M eth2_custom_chain all -- eth2 * 0.0.0.0/0
0.0.0.0/0
191K 213M ppp0_custom_chain all -- ppp0 * 0.0.0.0/0
0.0.0.0/0
0 0 eth1_custom_chain all -- eth1 * 0.0.0.0/0
0.0.0.0/0
0 0 eth0_custom_chain all -- eth0 * 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT all -- lo lo 0.0.0.0/0
0.0.0.0/0
353K 236M auto-auth all -- * * 0.0.0.0/0
0.0.0.0/0
353K 236M Application_Rules all -- * * 0.0.0.0/0
0.0.0.0/0
342K 235M ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 General_Rule_0 all -- * * 10.0.0.24
0.0.0.0/0 state NEW
0 0 General_Rule_0 all -- * * 10.0.0.100
0.0.0.0/0 state NEW
5317 686K General_Rule_0 all -- * * 10.0.0.21
0.0.0.0/0 state NEW
0 0 General_Rule_1 all -- * * 81.81.81.81
0.0.0.0/0 state NEW
0 0 General_Rule_1 all -- * * 85.85.85.85
0.0.0.0/0 state NEW
0 0 General_Rule_1 all -- * * 10.0.0.254
0.0.0.0/0 state NEW
0 0 General_Rule_1 all -- * * 192.168.0.254
0.0.0.0/0 state NEW
25 1260 General_Rule_2 tcp -- * * 0.0.0.0/0
10.0.0.200 tcp dpt:25 state NEW
2 96 General_Rule_2 tcp -- * * 0.0.0.0/0
10.0.0.200 tcp dpt:80 state NEW
0 0 General_Rule_2 tcp -- * * 0.0.0.0/0
85.85.85.85 tcp dpt:25 state NEW
0 0 General_Rule_2 tcp -- * * 0.0.0.0/0
85.85.85.85 tcp dpt:80 state NEW
0 0 General_Rule_3 tcp -- * * 10.0.0.0/24
0.0.0.0/0 tcp dpt:3389 state NEW
0 0 General_Rule_4 all -- * * 10.0.0.0/24
10.0.0.0/24 state NEW
2 96 General_Rule_4 all -- * * 10.0.0.0/24
192.168.1.0/24 state NEW
0 0 General_Rule_4 all -- * * 192.168.1.0/24
10.0.0.0/24 state NEW
0 0 General_Rule_4 all -- * * 192.168.1.0/24
192.168.1.0/24 state NEW
2905 143K General_Rule_5 tcp -- * * 10.0.0.0/24
0.0.0.0/0 tcp dpt:80 state NEW
177 8968 General_Rule_5 tcp -- * * 10.0.0.0/24
0.0.0.0/0 tcp dpt:443 state NEW
3 144 General_Rule_5 tcp -- * * 10.0.0.0/24
0.0.0.0/0 tcp dpt:25 state NEW
0 0 General_Rule_5 tcp -- * * 10.0.0.0/24
0.0.0.0/0 tcp dpt:465 state NEW
991 67954 General_Rule_5 udp -- * * 10.0.0.0/24
0.0.0.0/0 udp dpt:53 state NEW
0 0 General_Rule_5 tcp -- * * 10.0.0.0/24
0.0.0.0/0 tcp dpt:53 state NEW
21 1028 General_Rule_6 tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:1352 state NEW
0 0 General_Rule_7 udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpts:1700:1702 state NEW
0 0 General_Rule_7 udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:4500 state NEW
0 0 General_Rule_7 udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:500 state NEW
0 0 General_Rule_7 esp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW
0 0 General_Rule_7 ah -- * * 0.0.0.0/0
0.0.0.0/0 state NEW
0 0 General_Rule_7 tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:4500 state NEW
0 0 General_Rule_7 tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:500 state NEW
0 0 General_Rule_7 tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpts:1700:1702 state NEW
0 0 General_Rule_8 tcp -- * * 0.0.0.0/0
10.0.0.111 tcp dpt:3366 state NEW
0 0 General_Rule_8 tcp -- * * 0.0.0.0/0
10.0.0.111 tcp dpt:4866 state NEW
0 0 General_Rule_10 tcp -- * * 0.0.0.0/0
10.0.0.200 tcp dpt:3355 state NEW
2 96 General_Rule_12 tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:1863 state NEW
0 0 General_Rule_12 tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpts:6891:6900 state NEW
1159 85029 General_Rule_13 all -- * * 0.0.0.0/0
0.0.0.0/0 state NEW
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 6 prefix `_lfp_ Default --DENY'
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
28714 4658K ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0
3057 398K ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0
48314 6634K ACCEPT all -- * lo 0.0.0.0/0
0.0.0.0/0
1400 129K console_output_custom_chain icmp -- * *
0.0.0.0/0
0.0.0.0/0
7502 1190K console_output_custom_chain tcp -- * *
0.0.0.0/0
0.0.0.0/0 tcp spt:22
0 0 console_output_custom_chain tcp -- * *
0.0.0.0/0
0.0.0.0/0 tcp spt:81
433 69397 console_output_custom_chain tcp -- * *
0.0.0.0/0
0.0.0.0/0 tcp spt:4000
0 0 ACCEPT all -- * lo 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT all -- * eth1 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
4431 421K ACCEPT all -- * eth2 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT all -- * eth3 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT all -- * eth4 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT all -- * eth0 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT all -- * lo 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT all -- * lo 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT all -- * eth1 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT all -- * eth2 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT all -- * eth3 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT all -- * eth4 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT all -- * eth0 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT all -- * lo 0.0.0.0/0
0.0.0.0/0
1609 354K ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 General_Rule_0 all -- * * 10.0.0.24
0.0.0.0/0 state NEW
0 0 General_Rule_0 all -- * * 10.0.0.100
0.0.0.0/0 state NEW
0 0 General_Rule_0 all -- * * 10.0.0.21
0.0.0.0/0 state NEW
0 0 General_Rule_1 all -- * * 81.81.81.81
0.0.0.0/0 state NEW
2129 144K General_Rule_1 all -- * * 85.85.85.85
0.0.0.0/0 state NEW
600 40584 General_Rule_1 all -- * * 10.0.0.254
0.0.0.0/0 state NEW
24 6024 General_Rule_1 all -- * * 192.168.0.254
0.0.0.0/0 state NEW
0 0 General_Rule_2 tcp -- * * 0.0.0.0/0
10.0.0.200 tcp dpt:25 state NEW
0 0 General_Rule_2 tcp -- * * 0.0.0.0/0
10.0.0.200 tcp dpt:80 state NEW
0 0 General_Rule_2 tcp -- * * 0.0.0.0/0
85.85.85.85 tcp dpt:25 state NEW
0 0 General_Rule_2 tcp -- * * 0.0.0.0/0
85.85.85.85 tcp dpt:80 state NEW
0 0 General_Rule_3 tcp -- * * 10.0.0.0/24
0.0.0.0/0 tcp dpt:3389 state NEW
0 0 General_Rule_4 all -- * * 10.0.0.0/24
10.0.0.0/24 state NEW
0 0 General_Rule_4 all -- * * 10.0.0.0/24
192.168.1.0/24 state NEW
0 0 General_Rule_4 all -- * * 192.168.1.0/24
10.0.0.0/24 state NEW
0 0 General_Rule_4 all -- * * 192.168.1.0/24
192.168.1.0/24 state NEW
0 0 General_Rule_5 tcp -- * * 10.0.0.0/24
0.0.0.0/0 tcp dpt:80 state NEW
0 0 General_Rule_5 tcp -- * * 10.0.0.0/24
0.0.0.0/0 tcp dpt:443 state NEW
0 0 General_Rule_5 tcp -- * * 10.0.0.0/24
0.0.0.0/0 tcp dpt:25 state NEW
0 0 General_Rule_5 tcp -- * * 10.0.0.0/24
0.0.0.0/0 tcp dpt:465 state NEW
0 0 General_Rule_5 udp -- * * 10.0.0.0/24
0.0.0.0/0 udp dpt:53 state NEW
0 0 General_Rule_5 tcp -- * * 10.0.0.0/24
0.0.0.0/0 tcp dpt:53 state NEW
0 0 General_Rule_6 tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:1352 state NEW
0 0 General_Rule_7 udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpts:1700:1702 state NEW
0 0 General_Rule_7 udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:4500 state NEW
0 0 General_Rule_7 udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:500 state NEW
0 0 General_Rule_7 esp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW
0 0 General_Rule_7 ah -- * * 0.0.0.0/0
0.0.0.0/0 state NEW
0 0 General_Rule_7 tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:4500 state NEW
0 0 General_Rule_7 tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:500 state NEW
0 0 General_Rule_7 tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpts:1700:1702 state NEW
0 0 General_Rule_8 tcp -- * * 0.0.0.0/0
10.0.0.111 tcp dpt:3366 state NEW
0 0 General_Rule_8 tcp -- * * 0.0.0.0/0
10.0.0.111 tcp dpt:4866 state NEW
0 0 General_Rule_10 tcp -- * * 0.0.0.0/0
10.0.0.200 tcp dpt:3355 state NEW
0 0 General_Rule_12 tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:1863 state NEW
0 0 General_Rule_12 tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpts:6891:6900 state NEW
24 6024 General_Rule_13 all -- * * 0.0.0.0/0
0.0.0.0/0 state NEW
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 6 prefix `_lfp_ --DENY'
Chain Application_Rules (2 references)
pkts bytes target prot opt in out source
destination
Chain BADPACKETS (4 references)
pkts bytes target prot opt in out source
destination
0 0 PSCAN tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x3F/0x29
0 0 PSCAN tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x3F/0x37
0 0 PSCAN tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x3F/0x00
0 0 PSCAN tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x3F/0x3F
0 0 PSCAN tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x3F/0x01
0 0 PSCAN tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x06/0x06
0 0 PSCAN tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x03/0x03
0 0 PSCAN tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp option=64
0 0 PSCAN tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp option=128
0 0 DOS all -f * * 0.0.0.0/0
0.0.0.0/0
29 1591 DOS all -- !eth0 * 0.0.0.0/0
0.0.0.0/0 state INVALID
0 0 SMALL udp -- * * 0.0.0.0/0
0.0.0.0/0 length 0:27
0 0 SMALL tcp -- * * 0.0.0.0/0
0.0.0.0/0 length 0:39
0 0 SMALL icmp -- * * 0.0.0.0/0
0.0.0.0/0 length 0:27
10 11016 NEWNOTSYN tcp -- !eth0 * 0.0.0.0/0
0.0.0.0/0 tcp flags:!0x17/0x02 state NEW
0 0 PSCAN tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x3F/0x29
0 0 PSCAN tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x3F/0x37
0 0 PSCAN tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x3F/0x00
0 0 PSCAN tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x3F/0x3F
0 0 PSCAN tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x3F/0x01
0 0 PSCAN tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x06/0x06
0 0 PSCAN tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x03/0x03
0 0 PSCAN tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp option=64
0 0 PSCAN tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp option=128
0 0 DOS all -f * * 0.0.0.0/0
0.0.0.0/0
0 0 DOS all -- !eth0 * 0.0.0.0/0
0.0.0.0/0 state INVALID
0 0 SMALL udp -- * * 0.0.0.0/0
0.0.0.0/0 length 0:27
0 0 SMALL tcp -- * * 0.0.0.0/0
0.0.0.0/0 length 0:39
0 0 SMALL icmp -- * * 0.0.0.0/0
0.0.0.0/0 length 0:27
0 0 NEWNOTSYN tcp -- !eth0 * 0.0.0.0/0
0.0.0.0/0 tcp flags:!0x17/0x02 state NEW
Chain DOS (4 references)
pkts bytes target prot opt in out source
destination
0 0 LOG icmp -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 4 prefix `_lfp_ ICMP DoS DENY '
29 1591 LOG tcp -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 4 prefix `_lfp_ TCP DoS DENY '
0 0 LOG udp -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 4 prefix `_lfp_ UDP DoS DENY '
29 1591 DROP all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 LOG icmp -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 4 prefix `_lfp_ ICMP DoS DENY '
0 0 LOG tcp -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 4 prefix `_lfp_ TCP DoS DENY '
0 0 LOG udp -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 4 prefix `_lfp_ UDP DoS DENY '
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0
Chain General_Rule_0 (9 references)
pkts bytes target prot opt in out source
destination
5445 703K ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0
Chain General_Rule_1 (12 references)
pkts bytes target prot opt in out source
destination
2801 203K ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0
Chain General_Rule_10 (3 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0
Chain General_Rule_12 (6 references)
pkts bytes target prot opt in out source
destination
2 96 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 6 prefix `_lfp_ Rule 12 -- DENY'
2 96 DROP all -- * * 0.0.0.0/0
0.0.0.0/0
Chain General_Rule_13 (3 references)
pkts bytes target prot opt in out source
destination
4741 447K DROP all -- * * 0.0.0.0/0
0.0.0.0/0
Chain General_Rule_2 (12 references)
pkts bytes target prot opt in out source
destination
27 1356 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0
Chain General_Rule_3 (3 references)
pkts bytes target prot opt in out source
destination
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0
Chain General_Rule_4 (12 references)
pkts bytes target prot opt in out source
destination
2014 196K ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0
Chain General_Rule_5 (18 references)
pkts bytes target prot opt in out source
destination
4076 220K ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0
Chain General_Rule_6 (3 references)
pkts bytes target prot opt in out source
destination
21 1028 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0
Chain General_Rule_7 (24 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0
Chain General_Rule_8 (6 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0
Chain NEWNOTSYN (2 references)
pkts bytes target prot opt in out source
destination
10 11016 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 4 prefix `_lfp_ NEW not SYN DENY '
10 11016 DROP all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 4 prefix `_lfp_ NEW not SYN DENY '
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0
Chain PSCAN (18 references)
pkts bytes target prot opt in out source
destination
0 0 LOG tcp -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 4 prefix `_lfp_ TCP Scan DENY '
0 0 LOG udp -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 4 prefix `_lfp_ UDP Scan DENY '
0 0 LOG icmp -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 4 prefix `_lfp_ ICMP Scan DENY '
0 0 LOG all -f * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 4 prefix `_lfp_ FRAG Scan DENY '
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 LOG tcp -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 4 prefix `_lfp_ TCP Scan DENY '
0 0 LOG udp -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 4 prefix `_lfp_ UDP Scan DENY '
0 0 LOG icmp -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 4 prefix `_lfp_ ICMP Scan DENY '
0 0 LOG all -f * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 4 prefix `_lfp_ FRAG Scan DENY '
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0
Chain SMALL (6 references)
pkts bytes target prot opt in out source
destination
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 4 prefix `_lfp_ Too small DENY '
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 4 prefix `_lfp_ Too small DENY '
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0
Chain auto-auth (2 references)
pkts bytes target prot opt in out source
destination
Chain console_input_custom_chain (4 references)
pkts bytes target prot opt in out source
destination
10486 743K ACCEPT all -- * * 81.81.81.81
0.0.0.0/0
0 0 ACCEPT all -- * * 10.0.0.100
0.0.0.0/0
108 5171 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT all -- * * 169.254.1.11
0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 4 prefix `_lfp_DROP'
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0
Chain console_output_custom_chain (4 references)
pkts bytes target prot opt in out source
destination
7935 1260K ACCEPT all -- * * 0.0.0.0/0
81.81.81.81
0 0 ACCEPT all -- * * 0.0.0.0/0
10.0.0.100
1400 129K ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0
169.254.1.11
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 4 prefix `_lfp_DROP'
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0
Chain eth0_custom_chain (2 references)
pkts bytes target prot opt in out source
destination
0 0 LOG all -- eth0 * 127.0.0.0/8
0.0.0.0/0 LOG flags 0 level 4 prefix `_lfp_DROP'
0 0 DROP all -- eth0 * 127.0.0.0/8
0.0.0.0/0
0 0 LOG all -- eth0 * 0.0.0.0/0
0.0.0.0/0 ADDRTYPE match src-type BROADCAST LOG flags 0 level 4
prefix `_lfp_DROP'
0 0 DROP all -- eth0 * 0.0.0.0/0
0.0.0.0/0 ADDRTYPE match src-type BROADCAST
0 0 LOG all -- eth0 * 0.0.0.0/0
0.0.0.0/0 PKTTYPE = broadcast LOG flags 0 level 4 prefix
`_lfp_DROP'
0 0 DROP all -- eth0 * 0.0.0.0/0
0.0.0.0/0 PKTTYPE = broadcast
0 0 RETURN all -- eth0 * 169.254.1.0/24
0.0.0.0/0
Chain eth1_custom_chain (2 references)
pkts bytes target prot opt in out source
destination
0 0 LOG all -- eth1 * 127.0.0.0/8
0.0.0.0/0 LOG flags 0 level 4 prefix `_lfp_DROP'
0 0 DROP all -- eth1 * 127.0.0.0/8
0.0.0.0/0
0 0 LOG all -- eth1 * 0.0.0.0/0
0.0.0.0/0 ADDRTYPE match src-type BROADCAST LOG flags 0 level 4
prefix `_lfp_DROP'
0 0 DROP all -- eth1 * 0.0.0.0/0
0.0.0.0/0 ADDRTYPE match src-type BROADCAST
0 0 LOG all -- eth1 * 0.0.0.0/0
0.0.0.0/0 PKTTYPE = broadcast LOG flags 0 level 4 prefix
`_lfp_DROP'
0 0 DROP all -- eth1 * 0.0.0.0/0
0.0.0.0/0 PKTTYPE = broadcast
0 0 RETURN all -- eth1 * 192.168.0.0/24
0.0.0.0/0
Chain eth2_custom_chain (2 references)
pkts bytes target prot opt in out source
destination
0 0 LOG all -- eth2 * 127.0.0.0/8
0.0.0.0/0 LOG flags 0 level 4 prefix `_lfp_DROP'
0 0 DROP all -- eth2 * 127.0.0.0/8
0.0.0.0/0
0 0 LOG all -- eth2 * 0.0.0.0/0
0.0.0.0/0 ADDRTYPE match src-type BROADCAST LOG flags 0 level 4
prefix `_lfp_DROP'
0 0 DROP all -- eth2 * 0.0.0.0/0
0.0.0.0/0 ADDRTYPE match src-type BROADCAST
0 0 LOG all -- eth2 * 0.0.0.0/0
0.0.0.0/0 PKTTYPE = broadcast LOG flags 0 level 4 prefix
`_lfp_DROP'
0 0 DROP all -- eth2 * 0.0.0.0/0
0.0.0.0/0 PKTTYPE = broadcast
324K 47M RETURN all -- eth2 * 10.0.0.0/24
0.0.0.0/0
Chain eth3_custom_chain (2 references)
pkts bytes target prot opt in out source
destination
0 0 LOG all -- eth3 * 127.0.0.0/8
0.0.0.0/0 LOG flags 0 level 4 prefix `_lfp_DROP'
0 0 DROP all -- eth3 * 127.0.0.0/8
0.0.0.0/0
0 0 LOG all -- eth3 * 0.0.0.0/0
0.0.0.0/0 ADDRTYPE match src-type BROADCAST LOG flags 0 level 4
prefix `_lfp_DROP'
0 0 DROP all -- eth3 * 0.0.0.0/0
0.0.0.0/0 ADDRTYPE match src-type BROADCAST
0 0 LOG all -- eth3 * 0.0.0.0/0
0.0.0.0/0 PKTTYPE = broadcast LOG flags 0 level 4 prefix
`_lfp_DROP'
0 0 DROP all -- eth3 * 0.0.0.0/0
0.0.0.0/0 PKTTYPE = broadcast
Chain eth4_custom_chain (2 references)
pkts bytes target prot opt in out source
destination
0 0 LOG all -- eth4 * 127.0.0.0/8
0.0.0.0/0 LOG flags 0 level 4 prefix `_lfp_DROP'
0 0 DROP all -- eth4 * 127.0.0.0/8
0.0.0.0/0
0 0 LOG all -- eth4 * 0.0.0.0/0
0.0.0.0/0 ADDRTYPE match src-type BROADCAST LOG flags 0 level 4
prefix `_lfp_DROP'
0 0 DROP all -- eth4 * 0.0.0.0/0
0.0.0.0/0 ADDRTYPE match src-type BROADCAST
0 0 LOG all -- eth4 * 0.0.0.0/0
0.0.0.0/0 PKTTYPE = broadcast LOG flags 0 level 4 prefix
`_lfp_DROP'
0 0 DROP all -- eth4 * 0.0.0.0/0
0.0.0.0/0 PKTTYPE = broadcast
Chain ppp0_custom_chain (4 references)
pkts bytes target prot opt in out source
destination
0 0 LOG all -- ppp0 * 127.0.0.0/8
0.0.0.0/0 LOG flags 0 level 4 prefix `_lfp_DROP'
0 0 DROP all -- ppp0 * 127.0.0.0/8
0.0.0.0/0
0 0 LOG all -- ppp0 * 0.0.0.0/0
0.0.0.0/0 ADDRTYPE match src-type BROADCAST LOG flags 0 level 4
prefix `_lfp_DROP'
0 0 DROP all -- ppp0 * 0.0.0.0/0
0.0.0.0/0 ADDRTYPE match src-type BROADCAST
0 0 LOG all -- ppp0 * 0.0.0.0/0
0.0.0.0/0 PKTTYPE = broadcast LOG flags 0 level 4 prefix
`_lfp_DROP'
0 0 DROP all -- ppp0 * 0.0.0.0/0
0.0.0.0/0 PKTTYPE = broadcast
0 0 RETURN all -- ppp0 * 85.85.85.85
0.0.0.0/0
+ _________________________ iptables-nat
+ iptables -t nat -L -v -n
Chain PREROUTING (policy ACCEPT 20128 packets, 1956K bytes)
pkts bytes target prot opt in out source
destination
2922 280K ACCEPT all -- * * 10.0.0.0/24
10.0.0.0/24
141 6768 ACCEPT all -- * * 10.0.0.0/24
192.168.1.0/24
0 0 ACCEPT all -- * * 192.168.1.0/24
10.0.0.0/24
0 0 ACCEPT all -- * * 192.168.1.0/24
192.168.1.0/24
0 0 ACCEPT all -- * * 10.0.0.0/24
10.0.0.0/24
76 3736 DNAT tcp -- * * 0.0.0.0/0
0.0.0.0/0 MARK match 0xf3 to:10.0.0.200
0 0 DNAT tcp -- * * 0.0.0.0/0
0.0.0.0/0 MARK match 0xf3 to:10.0.0.200
0 0 DNAT tcp -- * * 0.0.0.0/0
0.0.0.0/0 MARK match 0xf3 to:10.0.0.200
0 0 DNAT tcp -- * * 0.0.0.0/0
0.0.0.0/0 MARK match 0xf4 to:10.0.0.200
0 0 DNAT tcp -- * * 0.0.0.0/0
0.0.0.0/0 MARK match 0xf5 to:10.0.0.111
0 0 DNAT tcp -- * * 0.0.0.0/0
0.0.0.0/0 MARK match 0xf6 to:10.0.0.222
Chain POSTROUTING (policy ACCEPT 1996 packets, 128K bytes)
pkts bytes target prot opt in out source
destination
829 53242 ACCEPT all -- * * 10.0.0.0/24
10.0.0.0/24
3 144 ACCEPT all -- * * 10.0.0.0/24
192.168.1.0/24
0 0 ACCEPT all -- * * 192.168.1.0/24
10.0.0.0/24
0 0 ACCEPT all -- * * 192.168.1.0/24
192.168.1.0/24
0 0 ACCEPT all -- * * 10.0.0.0/24
10.0.0.0/24
0 0 SNAT all -- * eth0 0.0.0.0/0
0.0.0.0/0 MARK match 0xf7 to:85.85.85.85
0 0 SNAT all -- * eth1 0.0.0.0/0
0.0.0.0/0 MARK match 0xf7 to:85.85.85.85
13795 1301K SNAT all -- * ppp0 0.0.0.0/0
0.0.0.0/0 MARK match 0xf7 to:85.85.85.85
0 0 SNAT all -- * eth2 0.0.0.0/0
0.0.0.0/0 MARK match 0xf7 to:85.85.85.85
0 0 SNAT all -- * eth3 0.0.0.0/0
0.0.0.0/0 MARK match 0xf7 to:85.85.85.85
0 0 SNAT all -- * eth4 0.0.0.0/0
0.0.0.0/0 MARK match 0xf7 to:85.85.85.85
0 0 SNAT all -- * ppp0 0.0.0.0/0
0.0.0.0/0 MARK match 0xf7 to:85.85.85.85
Chain OUTPUT (policy ACCEPT 2773 packets, 184K bytes)
pkts bytes target prot opt in out source
destination
+ _________________________ iptables-mangle
+ iptables -t mangle -L -v -n
Chain PREROUTING (policy ACCEPT 352K packets, 292M bytes)
pkts bytes target prot opt in out source
destination
5860 7279K MARK tcp -- * * 0.0.0.0/0
85.85.85.85 tcp dpt:25 MARK set 0xf3
5860 7279K ACCEPT tcp -- * * 0.0.0.0/0
85.85.85.85 tcp dpt:25
50 5566 MARK tcp -- * * 0.0.0.0/0
85.85.85.85 tcp dpt:80 MARK set 0xf3
50 5566 ACCEPT tcp -- * * 0.0.0.0/0
85.85.85.85 tcp dpt:80
5028 1369K MARK tcp -- * * 0.0.0.0/0
85.85.85.85 tcp dpt:1352 MARK set 0xf3
5028 1369K ACCEPT tcp -- * * 0.0.0.0/0
85.85.85.85 tcp dpt:1352
3659 5275K MARK tcp -- * * 0.0.0.0/0
85.85.85.85 tcp dpt:3355 MARK set 0xf4
3659 5275K ACCEPT tcp -- * * 0.0.0.0/0
85.85.85.85 tcp dpt:3355
0 0 MARK tcp -- * * 0.0.0.0/0
85.85.85.85 tcp dpt:3366 MARK set 0xf5
0 0 ACCEPT tcp -- * * 0.0.0.0/0
85.85.85.85 tcp dpt:3366
0 0 MARK tcp -- * * 0.0.0.0/0
85.85.85.85 tcp dpt:3389 MARK set 0xf6
0 0 ACCEPT tcp -- * * 0.0.0.0/0
85.85.85.85 tcp dpt:3389
243K 33M MARK all -- * * 10.0.0.0/24
0.0.0.0/0 MARK set 0xf7
243K 33M ACCEPT all -- * * 10.0.0.0/24
0.0.0.0/0
Chain INPUT (policy ACCEPT 104K packets, 15M bytes)
pkts bytes target prot opt in out source
destination
Chain FORWARD (policy ACCEPT 506K packets, 325M bytes)
pkts bytes target prot opt in out source
destination
Chain OUTPUT (policy ACCEPT 98245 packets, 14M bytes)
pkts bytes target prot opt in out source
destination
Chain POSTROUTING (policy ACCEPT 603K packets, 339M bytes)
pkts bytes target prot opt in out source
destination
+ _________________________ /proc/modules
+ test -f /proc/modules
+ cat /proc/modules
ipcomp 11528 0 - Live 0xdcb6e000 (U)
ah4 10368 0 - Live 0xdcb6a000 (U)
esp4 12416 0 - Live 0xdcb65000 (U)
xfrm4_tunnel 6656 0 - Live 0xdcb2f000 (U)
xfrm4_mode_tunnel 6912 0 - Live 0xdcb29000 (U)
xfrm4_mode_transport 6272 0 - Live 0xdcb23000 (U)
af_key 39568 0 - Live 0xdcb49000 (U)
ip_nat_ftp 7424 0 - Live 0xdcb32000 (U)
ip_conntrack_ftp 11248 1 ip_nat_ftp, Live 0xdcba6000 (U)
deflate 7936 0 - Live 0xdcb35000 (U)
zlib_deflate 22040 1 deflate, Live 0xdcbc2000 (U)
zlib_inflate 18944 1 deflate, Live 0xdcbbc000 (U)
serpent 29440 0 - Live 0xdcbb3000 (U)
blowfish 12672 0 - Live 0xdcbd2000 (U)
twofish 46080 0 - Live 0xdcbda000 (U)
md5 8320 0 - Live 0xdcba2000 (U)
sha256 15360 0 - Live 0xdcb9d000 (U)
sha512 13184 0 - Live 0xdcb88000 (U)
des 21632 0 - Live 0xdcb7d000 (U)
aes_generic 31808 0 - Live 0xdcb94000 (U)
aes_i586 37120 0 - Live 0xdcb72000 (U)
xfrm4_esp 9728 1 esp4, Live 0xdcb61000 (U)
aead 11904 1 esp4, Live 0xdcb84000 (U)
crypto_algapi 21376 1 aead, Live 0xdcb5a000 (U)
xfrm_nalgo 13828 3 ah4,esp4,xfrm4_esp, Live 0xdcb8f000 (U)
crypto_api 12160 5 ah4,esp4,aead,crypto_algapi,xfrm_nalgo, Live 0xdcb41000
(U)
tunnel4 7428 1 xfrm4_tunnel, Live 0xdcb2c000 (U)
iptable_mangle 6912 1 - Live 0xdcb26000 (U)
xt_state 6400 138 - Live 0xdcb1d000 (U)
iptable_nat 11524 1 - Live 0xdc986000 (U)
ip_nat 26412 2 ip_nat_ftp,iptable_nat, Live 0xdc97e000 (U)
ipt_layer7 14980 0 - Live 0xdc979000 (U)
ip_conntrack 50912 6
ip_nat_ftp,ip_conntrack_ftp,xt_state,iptable_nat,ip_nat,ipt_layer7, Live
0xdc96b000 (U)
iptable_filter 7168 1 - Live 0xdc8c1000 (U)
ip_tables 17092 3 iptable_mangle,iptable_nat,iptable_filter, Live 0xdc939000
(U)
xt_pkttype 6144 12 - Live 0xdcb46000 (U)
ipt_addrtype 6016 12 - Live 0xdcb3e000 (U)
xt_length 6144 6 - Live 0xdcb38000 (U)
xt_mark 6144 13 - Live 0xdcb20000 (U)
xt_tcpudp 7296 107 - Live 0xdcb1a000 (U)
xt_MARK 6528 7 - Live 0xdcb3b000 (U)
nfnetlink 10776 4 ip_nat,ip_conntrack, Live 0xdc960000 (U)
ipt_LOG 10112 42 - Live 0xdc95c000 (U)
ppp_synctty 13824 0 - Live 0xdc951000 (U)
ppp_async 15360 1 - Live 0xdc94c000 (U)
crc_ccitt 6400 1 ppp_async, Live 0xdc922000 (U)
ppp_generic 30228 6 ppp_synctty,ppp_async, Live 0xdc943000 (U)
slhc 10624 1 ppp_generic, Live 0xdc93f000 (U)
x_tables 17540 11
xt_state,iptable_nat,ipt_layer7,ip_tables,xt_pkttype,ipt_addrtype,xt_length,xt_mark,xt_tcpudp,xt_MARK,ipt_LOG,
Live 0xdc965000 (U)
dm_mirror 29316 0 - Live 0xdc98a000 (U)
dm_multipath 22024 0 - Live 0xdc91b000 (U)
dm_mod 59032 2 dm_mirror,dm_multipath, Live 0xdc90b000 (U)
video 21384 0 - Live 0xdc904000 (U)
backlight 10112 1 video, Live 0xdc92e000 (U)
button 10768 0 - Live 0xdc925000 (U)
battery 13700 0 - Live 0xdc929000 (U)
asus_acpi 19480 0 - Live 0xdc933000 (U)
ac 9220 0 - Live 0xdc8db000 (U)
sg 36252 0 - Live 0xdc8cc000 (U)
via_rhine 27276 0 - Live 0xdc8b9000 (U)
pata_via 16004 0 - Live 0xdc8b4000 (U)
mii 9472 1 via_rhine, Live 0xdc8d7000 (U)
serio_raw 10884 0 - Live 0xdc85e000 (U)
sata_via 15236 5 - Live 0xdc851000 (U)
pata_acpi 11264 0 - Live 0xdc85a000 (U)
ata_generic 11396 0 - Live 0xdc856000 (U)
libata 143676 4 pata_via,sata_via,pata_acpi,ata_generic, Live 0xdc8df000 (U)
sd_mod 24832 6 - Live 0xdc82b000 (U)
scsi_mod 134540 3 sg,libata,sd_mod, Live 0xdc873000 (U)
ext3 115592 4 - Live 0xdc896000 (U)
jbd 56488 1 ext3, Live 0xdc864000 (U)
uhci_hcd 25356 0 - Live 0xdc812000 (U)
ohci_hcd 23196 0 - Live 0xdc824000 (U)
ehci_hcd 33292 0 - Live 0xdc81a000 (U)
usbcore 116484 4 uhci_hcd,ohci_hcd,ehci_hcd, Live 0xdc833000 (U)
+ _________________________ /proc/meminfo
+ cat /proc/meminfo
MemTotal: 450000 kB
MemFree: 35568 kB
Buffers: 11052 kB
Cached: 97948 kB
SwapCached: 52404 kB
Active: 359040 kB
Inactive: 29264 kB
HighTotal: 0 kB
HighFree: 0 kB
LowTotal: 450000 kB
LowFree: 35568 kB
SwapTotal: 3068372 kB
SwapFree: 2865944 kB
Dirty: 1120 kB
Writeback: 0 kB
AnonPages: 257368 kB
Mapped: 36076 kB
Slab: 15856 kB
PageTables: 5440 kB
NFS_Unstable: 0 kB
Bounce: 0 kB
CommitLimit: 3293372 kB
Committed_AS: 1206240 kB
VmallocTotal: 573432 kB
VmallocUsed: 3940 kB
VmallocChunk: 569224 kB
HugePages_Total: 0
HugePages_Free: 0
HugePages_Rsvd: 0
Hugepagesize: 4096 kB
+ _________________________ /proc/net/ipsec-ls
+ test -f /proc/net/ipsec_version
+ _________________________ usr/src/linux/.config
+ test -f /proc/config.gz
++ uname -r
+ test -f /lib/modules/2.6.18-lbr5.std.3/build/.config
+ echo 'no .config file found, cannot list kernel properties'
no .config file found, cannot list kernel properties
+ _________________________ etc/resolv.conf
+ cat /etc/resolv.conf
# Created by Labris Management Console on 05/11/108 11:37:18
# WARNING: Comments on this file will be lost on next update
nameserver 192.168.2.1
nameserver 195.175.39.39
+ _________________________ lib/modules-ls
+ ls -ltr /lib/modules
total 4
drwxr-xr-x 3 root root 4096 Dec 2 09:31 2.6.18-lbr5.std.3
+ _________________________ /proc/ksyms-netif_rx
+ test -r /proc/ksyms
+ test -r /proc/kallsyms
+ egrep netif_rx /proc/kallsyms
c05493b9 T __netif_rx_schedule
c054a0a8 T netif_rx
c054b300 T netif_rx_ni
c054a0a8 U netif_rx [xfrm4_esp]
c054a0a8 U netif_rx [ppp_generic]
c05493b9 U __netif_rx_schedule [via_rhine]
+ _________________________ lib/modules-netif_rx
+ modulegoo kernel/net/ipv4/ipip.o netif_rx
+ set +x
2.6.18-lbr5.std.3:
+ _________________________ kern.debug
+ test -f /var/log/kern.debug
+ _________________________ klog
+ sed -n '1,$p' /dev/null
+ egrep -i 'ipsec|klips|pluto'
+ case "$1" in
+ cat
+ _________________________ plog
+ sed -n '1,$p' /dev/null
+ egrep -i pluto
+ case "$1" in
+ cat
+ _________________________ date
+ date
Sat Dec 6 14:48:26 EET 2008
On Mon, Dec 8, 2008 at 9:08 PM, Paul Wouters <paul at xelerance.com> wrote:
> On Sat, 6 Dec 2008, Oguz Yilmaz wrote:
>
> cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1024}
>> 117 "product" #2: STATE_QUICK_I1: initiate
>> 003 "product" #2: ERROR: netlink response for Add SA
>> esp.b6ff9135 at 85.105.105.105 included errno 2: No
>> such file or directory
>>
>
> Looks like you don't have all the NETKEY related modules loaded. eg esp4,
> xfrm_*
>
> Paul
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20081212/f5cc79f1/attachment-0001.html
More information about the Users
mailing list