Dúvida openvpn [RESOLVIDO]

removido
(usa Nenhuma)

Enviado em 21/06/2012 - 17:05h

ae galera, to com problema na vpn aqui e preciso de ajuda de vocês..

no meu servidor ip: 10.1.1.1/255.255.252.0 instalei o openvpn e configurei o matriz.conf com a seguinte configuração

# Usar como interface o driver TUN
dev tun
# 10.0.0.1 ip que sera assumido na matriz
# 10.0.0.2 ip remoto, ou seja, esse sera o ip da filial
ifconfig 172.16.0.1 172.16.0.2
# Entra no diretorio onde se encontram os arquivos de configuracao
cd /etc/openvpn
# Indica que esse tunel possui uma chave de criptografia
secret chave
# OpenVPN usa a porta 5000/UDP por padrao
# Cada tunel do OpenVPN deve usar
# uma porta diferente.
# O padrao eh a porta 5000
port 5001
# Usuario que rodara o daemon do OpenVPN
user nobody
# Grupo que rodara o daemon do OpenVPN
group nobody
#Usa a biblioteca lzo
comp-lzo
# Envia um ping via UDP para a parte
# remota a cada 15 segundos para manter
# a conexao de pe em firewall statefull
# Muito recomendado, mesmo se voce nao usa
# um firewall baseado em statefull.
ping 15
# Nivel de log
verb 3


Liberei a porta 5001 no shorewall no servidor e configurei na minha máquina o openvpn com a config filial.ovpn

dev tun
ifconfig 172.16.0.2 172.16.0.1
remote 201.67.*.*
secret chave
port 5001
comp-lzo
script-security 2 system
route-up "route add 10.1.0.0 mask 255.255.252.0 172.16.0.2"
ping 15
verb 3

201.67.*.* é o ip do server com o openvpn instalado que na minha rede local usa o ip 10.1.1.1/255.255.252.0

Eu consigo conectar a minha máquina na vpn tudo certinho mas quando tento pingar o ip 172.16.0.1 que seria o ip do server openvpn ele não pinga e quando tento pingar do server a minha máquina 172.16.0.2 também não pinga..

Alguém pode me ajudar?

Quero criar a vpn para poder utilizar o samba como se estivesse dentro da rede e ja aproveitando queria ver como eu faço pra configurar a vpn para mais de 1 pessoa no caso seriam 3 pessoas conectando no server 10.1.1.1.. Eu teria que configurar 3 matriz.conf no server cada uma com uma porta diferente e subir interface tun também?

Obrigado a todos galera.

removido
(usa Nenhuma)

Enviado em 21/06/2012 - 23:03h

up!

removido
(usa Nenhuma)

Enviado em 21/06/2012 - 23:08h

Primeiro, nunca mostre seu ip externo aqui, coloque um fictício ou o resumo dele, por exemplo: 201.x.x.x

agora vamos ao problema... tem firewall no cliente e servidor que fecha a vpn ?

removido
(usa Nenhuma)

Enviado em 21/06/2012 - 23:12h

Se tiver firewall no servidor e cliente posta aqui e aproveita e posta também as rotas de ambos.

removido
(usa Nenhuma)

Enviado em 21/06/2012 - 23:16h

certo, obrigado pela dica..

ja alterei :)

tenho firewall sim..


segue as rotas e o firewall..

Destination Gateway Genmask Flags Metric Ref Use Iface
172.16.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
172.16.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun1
201.67.*.* 0.0.0.0 255.255.255.248 U 0 0 0 eth0
10.1.0.0 0.0.0.0 255.255.252.0 U 0 0 0 eth1
0.0.0.0 201.67.*.* 0.0.0.0 UG 100 0 0 eth0


regras do shorewall:

#
# Shorewall version 4 - Rules File
#
# For information on the settings in this file, type "man shorewall-rules"
#
# The manpage is also online at
# http://www.shorewall.net/manpages/shorewall-rules.html
#
####################################################################################################################################################
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME
# PORT PORT(S) DEST LIMIT GROUP
#SECTION ESTABLISHED
#SECTION RELATED
SECTION NEW

##################################
## Imput: Local Net -> Firewall ##
##################################


#ACCEPT net fw tcp 22
# from all Local Net hosts
#SSH EXTERNO E INTERNO PORTA 9999
ACCEPT:info net fw tcp 9999
ACCEPT:info loc fw tcp 9999

#Mysql somente acesso intero liberado 3306
ACCEPT:info loc fw tcp 3306
ACCEPT:info loc fw udp 3306

#NTOP
#acesso web comentado por seguranca somente local liberado que eh loc - fw
#ACCEPT net fw tcp 3000
#ACCEPT loc fw tcp 3000

#Apache porta 80 externo liberado
ACCEPT net fw tcp 80
ACCEPT loc fw tcp 80
ACCEPT net fw udp 80
ACCEPT loc fw udp 80

#Sitrad externo 5000 liberado
ACCEPT net fw tcp 5000
ACCEPT loc fw tcp 5000
ACCEPT net fw udp 5000
ACCEPT loc fw udp 5000

#openvpn liberado
ACCEPT net fw tcp 5001
ACCEPT net fw udp 5001
ACCEPT loc fw tcp 5001
ACCEPT loc fw udp 5001

#Samba externo sistema liberado SDR
ACCEPT net fw tcp 137
ACCEPT net fw udp 137
ACCEPT net fw tcp 138
ACCEPT net fw udp 138
ACCEPT net fw tcp 139
ACCEPT net fw udp 139
ACCEPT net fw tcp 445
ACCEPT net fw udp 445
ACCEPT loc fw tcp 137
ACCEPT loc fw udp 137
ACCEPT loc fw tcp 138
ACCEPT loc fw udp 138
ACCEPT loc fw tcp 139
ACCEPT loc fw udp 139
ACCEPT loc fw tcp 445
ACCEPT loc fw udp 445

#HAVP ANTIVIRUS REDE LOCAL LIBERADO
ACCEPT loc fw tcp 8082
ACCEPT loc fw udp 8082

#webmin porta 10000 liberado rede local
#ACCEPT net fw tcp 10000
ACCEPT loc fw tcp 10000
ACCEPT loc fw udp 10000

#Openfire porta 9090 liberado rede local
#ACCEPT net fw tcp 9090
#ACCEPT loc fw tcp 9090
#ACCEPT loc fw tcp 5222
#ACCEPT loc fw tcp 5269
#ACCEPT loc fw tcp 7070
#ACCEPT loc fw tcp 7443
#ACCEPT loc fw tcp 7777

DNS/ACCEPT loc fw
#SSH/ACCEPT:info loc fw
SMB/ACCEPT loc fw

ACCEPT loc fw udp 67 # DHCP Server

Ping/ACCEPT loc fw
AllowICMPs loc fw


#################################
## Imput: Internet -> Firewall ##
#################################

# from all Internet hosts
#SSH/ACCEPT:info net fw
Ping/ACCEPT net fw
AllowICMPs net fw

###################################################
## Forward with SourceNAT: Local Net -> Internet ##
###################################################

# from: all Local Net hosts -> to: all Internet hosts
HTTPS/ACCEPT:info loc net
HTTP/ACCEPT:info loc net:186.226.0.0/16,187.45.0.0/16,200.201.166.0/24,200.201.173.0/24,200.201.174.0/24,201.15.10.0/24,189.26.122.0/24,72.26.193.0/24,72.251.217.0/24,187.4.200.0/24,50.17.254.0/24,170.66.0.0/16,187.115.75.0/24 # Conectividade Social
ACCEPT loc net tcp 2082 #Acesso Cpanel Hostgator
ACCEPT loc net tcp 3456 # Receita Net
ACCEPT loc net tcp 6699 #Radio 103 Online
ACCEPT loc net udp 6699 #Radio 103 Online
ACCEPT loc net tcp 6600 #Radio 103 Online
ACCEPT loc net udp 6600 #Radio 103 Online
ACCEPT loc net tcp 8001 #Radio 103 Online
ACCEPT loc net tcp 2095 #Webmail via web hospregional.org
ACCEPT loc net tcp 110 #Outlook POP3
ACCEPT loc net udp 110 #Outlook POP3
ACCEPT loc net tcp 26 #Outlook SMTP
ACCEPT loc net udp 26 #Outlook SMTP
ACCEPT loc net tcp 995 #POP3 SSL
ACCEPT loc net udp 995 #POP3 SSL
ACCEPT loc net tcp 465 #smtp ssl
ACCEPT loc net udp 465 #smtp ssl
ACCEPT loc net tcp 25
ACCEPT loc net udp 25
ACCEPT loc net tcp 81
ACCEPT loc net udp 81
ACCEPT loc net tcp 2095 #acesso webmail hospital via http
ACCEPT loc net udp 2095 #acesso webmail hospital via http
ACCEPT loc net udp 123 #Porta servidor Sincronia NTP (RELOGIOS)
ACCEPT loc net tcp 554 #Radios uol
ACCEPT loc net udp 554 #Radios uol
ACCEPT loc net tcp 1935 #Radios uol
ACCEPT loc net udp 1935 #Radios uol
ACCEPT loc:10.1.1.200 net tcp 8080 #replicador systema
ACCEPT loc:10.1.1.200 net udp 8080 #replicador systema
ACCEPT loc:10.1.1.222 net tcp - - #pc oftalmo email Dr. Mateus
ACCEPT loc:10.1.1.222 net udp - - #pc oftalmo email Dr. Mateus
ACCEPT loc:10.1.1.94 net tcp 9020 #cadweb pc sidiane
ACCEPT loc:10.1.1.94 net udp 9020 #cadweb pc sidiane
ACCEPT loc:10.1.1.44 net tcp 9020 #cadweb pc sirlei
ACCEPT loc:10.1.1.44 net udp 9020 #cadweb pc sirlei
ACCEPT loc:10.1.2.22 net tcp 10799 #computador propagandas pronto socorro
ACCEPT loc:10.1.1.172 net tcp 8080 #pc anfiteatro conferencia
ACCEPT loc:10.1.1.172 net udp 8080 #pc anfiteatro conferencia
ACCEPT loc:10.1.2.22 net udp 10799 #computador propagandas pronto socorro
ACCEPT loc:10.1.2.22 net tcp 10805 #computador propagandas pronto socorro
ACCEPT loc:10.1.2.22 net udp 10805 #computador propagandas pronto socorro
ACCEPT loc:10.1.2.23 net tcp - - #Wireless HRTGB-TVBOX HALL CENTRAL
ACCEPT loc:10.1.2.23 net udp - - #Wireless HRTGB-TVBOX HALL CENTRAL
ACCEPT loc:10.1.2.24 net tcp 10799 #computador tvbox hall central
ACCEPT loc:10.1.2.24 net udp 10799 #computador tvbox hall central
ACCEPT loc:10.1.2.24 net tcp 10805 #computador tvbox hall central
ACCEPT loc:10.1.2.24 net udp 10805 #computador tvbox hall central
ACCEPT loc:10.1.1.52 net tcp - - #Radios marcieli
ACCEPT loc:10.1.1.50 net tcp 8080 #pagina toxilab.com.br
ACCEPT loc:10.1.1.50 net udp 8080 #pagina toxilab.com.br
ACCEPT loc:10.1.1.3 net tcp - - #Pc valmor
ACCEPT loc:10.1.1.3 net udp - - #Pc valmor
ACCEPT loc:10.1.1.52 net udp - - #Radios marcieli
ACCEPT loc:10.1.1.6 net tcp - - #win server
ACCEPT loc:10.1.1.6 net udp - - #win server
ACCEPT loc:10.1.1.247 net tcp - - #pc edivan radios
ACCEPT loc:10.1.1.247 net udp - - #pc edivan radios
ACCEPT loc:10.1.1.16 net tcp - - #berenice
ACCEPT loc:10.1.1.16 net udp - - #berenice
ACCEPT loc:10.1.1.171 net tcp - - #jakson
ACCEPT loc:10.1.1.171 net udp - - #jakson
ACCEPT loc:10.1.1.37 net tcp - - #note rojao
ACCEPT loc:10.1.1.37 net udp - - #note rojao
ACCEPT loc:10.1.1.57 net tcp - - #pc eduardo roma
ACCEPT loc:10.1.1.101 net tcp - - #pc carol
ACCEPT loc:10.1.1.101 net udp - - #pc carol
ACCEPT loc:10.1.1.27 net tcp - - #pc simone prest. contas
ACCEPT loc:10.1.1.27 net udp - - #pc simone prest. contas
ACCEPT loc:10.1.1.57 net udp - - #pc eduardo roma
ACCEPT loc:10.1.1.4 net tcp - - #pc evely radio
ACCEPT loc:10.1.1.4 net udp - - #pc evely radio
ACCEPT loc:10.1.1.51 net tcp - - #PC LABORATORIO
ACCEPT loc:10.1.1.91 net tcp - - #note dr. adalberon
ACCEPT loc:10.1.1.91 net udp - - #note dr. adalberon
ACCEPT loc:10.1.1.179 net tcp - - #pc cleber CAT5 seg. trabalho
ACCEPT loc:10.1.1.179 net udp - - #pc cleber CAT5 seg. trabalho
ACCEPT loc:10.1.1.104 net tcp - - #pc unidade III
ACCEPT loc:10.1.1.104 net udp - - #pc unidade III
ACCEPT loc:10.1.1.51 net udp - - #PC LABORATORIO
ACCEPT loc:10.1.1.201 net tcp 8080 #HRTGB-SYSTEMA BIONEXO
ACCEPT loc:10.1.1.201 net udp 8080 #HRTGB-SYSTEMA BIONEXO
ACCEPT loc:10.1.1.22 net tcp 8080 #Sistema ISSQN Prefeitura Paranatinga
ACCEPT loc:10.1.1.22 net udp 8080 #Sistema ISSQN Prefeitura Paranatinga
ACCEPT loc:10.1.1.68 net tcp 8080 #Sistema ISSQN Prefeitura Paranatinga
ACCEPT loc:10.1.1.68 net udp 8080 #Sistema ISSQN Prefeitura Paranatinga
ACCEPT loc:10.1.1.55 net tcp - - #note magrao
ACCEPT loc:10.1.1.55 net udp - - #note magrao
ACCEPT loc:10.1.1.15 net tcp - - #pc vanda questor
ACCEPT loc:10.1.1.15 net udp - - #pc vanda questor
ACCEPT loc:10.1.1.237 net tcp - - #pc serverpacs liberado tcp
ACCEPT loc:10.1.1.237 net udp - - #pc serverpacs liberado udp
ACCEPT loc:10.1.1.98 net tcp 5000 #pc ivan sitrad
ACCEPT loc:10.1.1.98 net udp 5000 #pc ivan sitrad
#ACCEPT loc:10.1.1.241 net tcp - - #note jardel
#ACCEPT loc:10.1.1.241 net udp - - #note jardel
#DNAT:info net loc:10.1.1.2 tcp 5900
#DNAT:info net loc:10.1.1.2 udp 5900
#DNAT:info net loc:10.1.1.2 tcp 5800
#DNAT:info net loc:10.1.1.2 udp 5800
DNAT:info net loc:10.1.1.1:137 tcp 137 #pc systema samba
DNAT:info net loc:10.1.1.1:137 udp 137 #pc systema samba
DNAT:info net loc:10.1.1.1:138 tcp 138 #pc systema samba
DNAT:info net loc:10.1.1.1:138 udp 138 #pc systema samba
DNAT:info net loc:10.1.1.1:139 tcp 139 #pc systema samba
DNAT:info net loc:10.1.1.1:139 udp 139 #pc systema samba
DNAT:info net loc:10.1.1.1:445 tcp 445 #pc systema samba
DNAT:info net loc:10.1.1.1:445 udp 445 #pc systema samba
DNAT:info net loc:10.1.1.237:3390 tcp 3390 #pc serverpacs rdp tcp
DNAT:info net loc:10.1.1.237:3390 udp 3390 #pc serverpacs rdp udp
DNAT:info net loc:10.1.1.98:5000 tcp 5000 #pc manutencao ivan gerenciamento ar condicionado
DNAT:info net loc:10.1.1.98:5000 udp 5000 #pc manutencao ivan gerenciamento ar condicionado
ACCEPT loc net tcp 21 #FTP
ACCEPT loc net tcp 20 #FTP TRANSFERENCIA DADOS
ACCEPT loc net udp 21 #FTP
ACCEPT loc net udp 20 #FTP TRANSFERENCIA DADOS

Ping/ACCEPT loc net
AllowICMPs loc net


#####################################
## Redirect for Proxy Transparenty ##
#####################################
###
#
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL
# PORT(S) PORT(S) DEST
#10.1.1.16 berenice fora do proxy
REDIRECT:info loc:!10.1.1.16 3128 tcp http - !186.226.0.0/16,187.45.0.0/16,200.201.166.0/24,200.201.173.0/24,200.201.174.0/24,201.15.10.0/24,189.26.122.0/24,72.26.193.0/24,72.251.217.0/24,187.4.200.0/24,50.17.254.0/24,170.66.0.0/16,187.115.75.0/24
HTTP/ACCEPT loc:10.1.1.16 net

#

removido
(usa Nenhuma)

Enviado em 21/06/2012 - 23:19h

pode postar a saída desse comando abaixo ?

iptables -nvL

 

pode postar também as rotas da máquina cliente ?

removido
(usa Nenhuma)

Enviado em 21/06/2012 - 23:27h

rotas na minha máquina com openvpn ativo porém sem pingar..

C:\Users\ROJAO>route print
===========================================================================
Lista de interfaces
28...00 ff ae 64 d3 93 ......TAP-Win32 Adapter V9
14...00 10 60 d1 47 41 ......Dispositivo Bluetooth (Rede Pessoal)
13...00 22 43 28 00 6b ......Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0
Network Adapter
11...00 40 a7 18 1a dc ......NIC Gigabit Ethernet PCI-E Realtek Família RTL8168
D/8111D (NDIS 6.20)
1...........................Software Loopback Interface 1
17...00 00 00 00 00 00 00 e0 Adaptador do Microsoft ISATAP
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
18...00 00 00 00 00 00 00 e0 Adaptador do Microsoft ISATAP #2
31...00 00 00 00 00 00 00 e0 Adaptador do Microsoft ISATAP #3
32...00 00 00 00 00 00 00 e0 Adaptador do Microsoft ISATAP #4
===========================================================================

Tabela de rotas IPv4
===========================================================================
Rotas ativas:
Endereço de rede Máscara Ender. gateway Interface Custo
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.100 25
127.0.0.0 255.0.0.0 No vínculo 127.0.0.1 306
127.0.0.1 255.255.255.255 No vínculo 127.0.0.1 306
127.255.255.255 255.255.255.255 No vínculo 127.0.0.1 306
172.16.0.0 255.255.255.252 No vínculo 172.16.0.2 286
172.16.0.2 255.255.255.255 No vínculo 172.16.0.2 286
172.16.0.3 255.255.255.255 No vínculo 172.16.0.2 286
192.168.1.0 255.255.255.0 No vínculo 192.168.1.100 281
192.168.1.100 255.255.255.255 No vínculo 192.168.1.100 281
192.168.1.255 255.255.255.255 No vínculo 192.168.1.100 281
224.0.0.0 240.0.0.0 No vínculo 127.0.0.1 306
224.0.0.0 240.0.0.0 No vínculo 192.168.1.100 281
224.0.0.0 240.0.0.0 No vínculo 172.16.0.2 286
255.255.255.255 255.255.255.255 No vínculo 127.0.0.1 306
255.255.255.255 255.255.255.255 No vínculo 192.168.1.100 281
255.255.255.255 255.255.255.255 No vínculo 172.16.0.2 286
===========================================================================
Rotas persistentes:
Endereço de rede Máscara Ender. gateway Custo
0.0.0.0 0.0.0.0 201.67.158.41 Padrão
===========================================================================

Tabela de rotas IPv6
===========================================================================
Rotas ativas:
Se destino de rede de métrica Gateway
12 58 ::/0 No vínculo
1 306 ::1/128 No vínculo
12 58 2001::/32 No vínculo
12 306 2001:0:4137:9e76:3091:371d:44fa:6dec/128
No vínculo
13 281 fe80::/64 No vínculo
28 286 fe80::/64 No vínculo
12 306 fe80::/64 No vínculo
28 286 fe80::857:9a48:fafa:c8e7/128
No vínculo
12 306 fe80::3091:371d:44fa:6dec/128
No vínculo
13 281 fe80::e5ab:48d8:1dc4:196d/128
No vínculo
1 306 ff00::/8 No vínculo
12 306 ff00::/8 No vínculo
13 281 ff00::/8 No vínculo
28 286 ff00::/8 No vínculo
===========================================================================
Rotas persistentes:
Nenhuma


regras iptables:

Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
3875K 1685M dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
1092K 1223M net2fw all -- eth0 * 0.0.0.0/0 0.0.0.0/0
2759K 459M loc2fw all -- eth1 * 0.0.0.0/0 0.0.0.0/0
23283 2476K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
31 1832 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
31 1832 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:INPUT:REJECT:'
31 1832 reject all -- * * 0.0.0.0/0 0.0.0.0/0 [goto]

Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 199.16.156.70 0.0.0.0/0
0 0 DROP all -- * * 199.16.156.6 0.0.0.0/0
0 0 DROP all -- * * 69.164.37.210 0.0.0.0/0
0 0 DROP all -- * * 50.17.255.22 0.0.0.0/0
0 0 DROP all -- * * 69.171.234.69 0.0.0.0/0
0 0 DROP all -- * * 69.171.224.69 0.0.0.0/0
0 0 DROP all -- * * 66.220.146.101 0.0.0.0/0
0 0 DROP all -- * * 69.171.234.21 0.0.0.0/0
0 0 DROP all -- * * 66.220.146.94 0.0.0.0/0
0 0 DROP all -- * * 74.125.234.46 0.0.0.0/0
0 0 DROP all -- * * 74.125.234.41 0.0.0.0/0
0 0 DROP all -- * * 74.125.234.40 0.0.0.0/0
0 0 DROP all -- * * 74.125.234.39 0.0.0.0/0
0 0 DROP all -- * * 74.125.234.38 0.0.0.0/0
0 0 DROP all -- * * 74.125.234.37 0.0.0.0/0
0 0 DROP all -- * * 74.125.234.36 0.0.0.0/0
0 0 DROP all -- * * 74.125.234.35 0.0.0.0/0
0 0 DROP all -- * * 74.125.234.34 0.0.0.0/0
0 0 DROP all -- * * 74.125.234.33 0.0.0.0/0
0 0 DROP all -- * * 74.125.234.32 0.0.0.0/0
40 2080 DROP all -- * * 66.220.156.80 0.0.0.0/0
0 0 DROP all -- * * 69.171.234.37 0.0.0.0/0
0 0 DROP all -- * * 69.63.190.70 0.0.0.0/0
0 0 DROP all -- * * 69.164.37.193 0.0.0.0/0
0 0 DROP all -- * * 74.125.36.47 0.0.0.0/0
0 0 DROP all -- * * 74.125.36.46 0.0.0.0/0
0 0 DROP all -- * * 74.125.36.45 0.0.0.0/0
0 0 DROP all -- * * 74.125.36.44 0.0.0.0/0
0 0 DROP all -- * * 74.125.36.43 0.0.0.0/0
0 0 DROP all -- * * 74.125.36.42 0.0.0.0/0
0 0 DROP all -- * * 74.125.36.41 0.0.0.0/0
0 0 DROP all -- * * 74.125.36.40 0.0.0.0/0
0 0 DROP all -- * * 74.125.36.39 0.0.0.0/0
0 0 DROP all -- * * 74.125.36.38 0.0.0.0/0
0 0 DROP all -- * * 74.125.36.37 0.0.0.0/0
0 0 DROP all -- * * 74.125.36.36 0.0.0.0/0
0 0 DROP all -- * * 74.125.36.35 0.0.0.0/0
0 0 DROP all -- * * 74.125.36.34 0.0.0.0/0
0 0 DROP all -- * * 74.125.36.33 0.0.0.0/0
0 0 DROP all -- * * 74.125.36.32 0.0.0.0/0
0 0 DROP all -- * * 74.125.36.63 0.0.0.0/0
0 0 DROP all -- * * 74.125.36.62 0.0.0.0/0
0 0 DROP all -- * * 74.125.36.61 0.0.0.0/0
0 0 DROP all -- * * 74.125.36.60 0.0.0.0/0
0 0 DROP all -- * * 74.125.36.59 0.0.0.0/0
0 0 DROP all -- * * 74.125.36.58 0.0.0.0/0
0 0 DROP all -- * * 74.125.36.57 0.0.0.0/0
0 0 DROP all -- * * 74.125.36.56 0.0.0.0/0
0 0 DROP all -- * * 74.125.36.55 0.0.0.0/0
0 0 DROP all -- * * 74.125.36.54 0.0.0.0/0
0 0 DROP all -- * * 74.125.36.53 0.0.0.0/0
0 0 DROP all -- * * 74.125.36.52 0.0.0.0/0
0 0 DROP all -- * * 74.125.36.51 0.0.0.0/0
0 0 DROP all -- * * 74.125.36.50 0.0.0.0/0
0 0 DROP all -- * * 74.125.36.49 0.0.0.0/0
0 0 DROP all -- * * 74.125.36.48 0.0.0.0/0
0 0 DROP all -- * * 72.21.81.132 0.0.0.0/0
0 0 DROP all -- * * 69.164.38.178 0.0.0.0/0
0 0 DROP all -- * * 50.23.85.111 0.0.0.0/0
0 0 DROP all -- * * 74.125.234.142 0.0.0.0/0
0 0 DROP all -- * * 74.125.234.137 0.0.0.0/0
0 0 DROP all -- * * 74.125.234.136 0.0.0.0/0
0 0 DROP all -- * * 74.125.234.135 0.0.0.0/0
0 0 DROP all -- * * 74.125.234.134 0.0.0.0/0
0 0 DROP all -- * * 74.125.234.133 0.0.0.0/0
0 0 DROP all -- * * 74.125.234.132 0.0.0.0/0
0 0 DROP all -- * * 74.125.234.131 0.0.0.0/0
0 0 DROP all -- * * 74.125.234.130 0.0.0.0/0
0 0 DROP all -- * * 74.125.234.129 0.0.0.0/0
0 0 DROP all -- * * 74.125.234.128 0.0.0.0/0
0 0 DROP all -- * * 66.220.149.88 0.0.0.0/0
0 0 DROP all -- * * 69.171.224.53 0.0.0.0/0
0 0 DROP all -- * * 69.171.229.70 0.0.0.0/0
36 1872 DROP all -- * * 66.220.153.70 0.0.0.0/0
0 0 DROP all -- * * 69.171.224.85 0.0.0.0/0
0 0 DROP all -- * * 74.125.234.99 0.0.0.0/0
0 0 DROP all -- * * 74.125.234.98 0.0.0.0/0
0 0 DROP all -- * * 74.125.234.97 0.0.0.0/0
0 0 DROP all -- * * 74.125.234.96 0.0.0.0/0
0 0 DROP all -- * * 74.125.234.110 0.0.0.0/0
0 0 DROP all -- * * 74.125.234.105 0.0.0.0/0
0 0 DROP all -- * * 74.125.234.104 0.0.0.0/0
0 0 DROP all -- * * 74.125.234.103 0.0.0.0/0
0 0 DROP all -- * * 74.125.234.102 0.0.0.0/0
0 0 DROP all -- * * 74.125.234.101 0.0.0.0/0
0 0 DROP all -- * * 74.125.234.100 0.0.0.0/0
0 0 DROP all -- * * 69.171.228.70 0.0.0.0/0
0 0 DROP all -- * * 69.171.247.53 0.0.0.0/0
24 1248 DROP all -- * * 66.220.158.74 0.0.0.0/0
0 0 DROP all -- * * 69.171.224.37 0.0.0.0/0
0 0 DROP all -- * * 66.220.149.94 0.0.0.0/0
0 0 DROP all -- * * 74.125.36.31 0.0.0.0/0
0 0 DROP all -- * * 74.125.36.30 0.0.0.0/0
0 0 DROP all -- * * 74.125.36.29 0.0.0.0/0
0 0 DROP all -- * * 74.125.36.28 0.0.0.0/0
0 0 DROP all -- * * 74.125.36.27 0.0.0.0/0
0 0 DROP all -- * * 74.125.36.26 0.0.0.0/0
0 0 DROP all -- * * 74.125.36.25 0.0.0.0/0
0 0 DROP all -- * * 74.125.36.24 0.0.0.0/0
0 0 DROP all -- * * 74.125.36.23 0.0.0.0/0
0 0 DROP all -- * * 74.125.36.22 0.0.0.0/0
0 0 DROP all -- * * 74.125.36.21 0.0.0.0/0
0 0 DROP all -- * * 74.125.36.20 0.0.0.0/0
0 0 DROP all -- * * 74.125.36.19 0.0.0.0/0
0 0 DROP all -- * * 74.125.36.18 0.0.0.0/0
0 0 DROP all -- * * 74.125.36.17 0.0.0.0/0
0 0 DROP all -- * * 74.125.36.16 0.0.0.0/0
0 0 DROP all -- * * 74.125.234.206 0.0.0.0/0
0 0 DROP all -- * * 74.125.234.201 0.0.0.0/0
0 0 DROP all -- * * 74.125.234.200 0.0.0.0/0
0 0 DROP all -- * * 74.125.234.199 0.0.0.0/0
0 0 DROP all -- * * 74.125.234.198 0.0.0.0/0
0 0 DROP all -- * * 74.125.234.197 0.0.0.0/0
0 0 DROP all -- * * 74.125.234.196 0.0.0.0/0
0 0 DROP all -- * * 74.125.234.195 0.0.0.0/0
0 0 DROP all -- * * 74.125.234.194 0.0.0.0/0
0 0 DROP all -- * * 74.125.234.193 0.0.0.0/0
0 0 DROP all -- * * 74.125.234.192 0.0.0.0/0
0 0 DROP all -- * * 66.220.158.25 0.0.0.0/0
0 0 DROP all -- * * 173.194.43.46 0.0.0.0/0
0 0 DROP all -- * * 173.194.43.41 0.0.0.0/0
0 0 DROP all -- * * 173.194.43.40 0.0.0.0/0
0 0 DROP all -- * * 173.194.43.39 0.0.0.0/0
0 0 DROP all -- * * 173.194.43.38 0.0.0.0/0
0 0 DROP all -- * * 173.194.43.37 0.0.0.0/0
0 0 DROP all -- * * 173.194.43.36 0.0.0.0/0
0 0 DROP all -- * * 173.194.43.35 0.0.0.0/0
0 0 DROP all -- * * 173.194.43.34 0.0.0.0/0
0 0 DROP all -- * * 173.194.43.33 0.0.0.0/0
0 0 DROP all -- * * 173.194.43.32 0.0.0.0/0
0 0 DROP all -- * * 69.171.242.39 0.0.0.0/0
0 0 DROP all -- * * 69.171.228.39 0.0.0.0/0
0 0 DROP all -- * * 69.171.242.11 0.0.0.0/0
0 0 DROP all -- * * 69.171.224.32 0.0.0.0/0
0 0 DROP all -- * * 199.59.149.198 0.0.0.0/0
0 0 DROP all -- * * 69.171.242.53 0.0.0.0/0
0 0 DROP all -- * * 69.171.247.69 0.0.0.0/0
921 47892 DROP all -- * * 74.125.234.174 0.0.0.0/0
957 49764 DROP all -- * * 74.125.234.169 0.0.0.0/0
841 43732 DROP all -- * * 74.125.234.168 0.0.0.0/0
1032 53592 DROP all -- * * 74.125.234.167 0.0.0.0/0
1076 55640 DROP all -- * * 74.125.234.166 0.0.0.0/0
1319 68492 DROP all -- * * 74.125.234.165 0.0.0.0/0
1157 60164 DROP all -- * * 74.125.234.164 0.0.0.0/0
1470 76440 DROP all -- * * 74.125.234.163 0.0.0.0/0
1038 53976 DROP all -- * * 74.125.234.162 0.0.0.0/0
1061 55172 DROP all -- * * 74.125.234.161 0.0.0.0/0
975 50700 DROP all -- * * 74.125.234.160 0.0.0.0/0
8 416 DROP all -- * * 74.125.234.238 0.0.0.0/0
14 728 DROP all -- * * 74.125.234.233 0.0.0.0/0
8 416 DROP all -- * * 74.125.234.232 0.0.0.0/0
8 416 DROP all -- * * 74.125.234.231 0.0.0.0/0
0 0 DROP all -- * * 74.125.234.230 0.0.0.0/0
0 0 DROP all -- * * 74.125.234.229 0.0.0.0/0
0 0 DROP all -- * * 74.125.234.228 0.0.0.0/0
0 0 DROP all -- * * 74.125.234.227 0.0.0.0/0
0 0 DROP all -- * * 74.125.234.226 0.0.0.0/0
0 0 DROP all -- * * 74.125.234.225 0.0.0.0/0
8 416 DROP all -- * * 74.125.234.224 0.0.0.0/0
0 0 DROP all -- * * 74.125.234.78 0.0.0.0/0
0 0 DROP all -- * * 74.125.234.73 0.0.0.0/0
0 0 DROP all -- * * 74.125.234.72 0.0.0.0/0
0 0 DROP all -- * * 74.125.234.71 0.0.0.0/0
0 0 DROP all -- * * 74.125.234.70 0.0.0.0/0
0 0 DROP all -- * * 74.125.234.69 0.0.0.0/0
0 0 DROP all -- * * 74.125.234.68 0.0.0.0/0
0 0 DROP all -- * * 74.125.234.67 0.0.0.0/0
0 0 DROP all -- * * 74.125.234.66 0.0.0.0/0
0 0 DROP all -- * * 74.125.234.65 0.0.0.0/0
0 0 DROP all -- * * 74.125.234.64 0.0.0.0/0
0 0 DROP all -- * * 74.125.234.9 0.0.0.0/0
0 0 DROP all -- * * 74.125.234.8 0.0.0.0/0
0 0 DROP all -- * * 74.125.234.7 0.0.0.0/0
0 0 DROP all -- * * 74.125.234.6 0.0.0.0/0
0 0 DROP all -- * * 74.125.234.5 0.0.0.0/0
0 0 DROP all -- * * 74.125.234.4 0.0.0.0/0
0 0 DROP all -- * * 74.125.234.3 0.0.0.0/0
0 0 DROP all -- * * 74.125.234.2 0.0.0.0/0
0 0 DROP all -- * * 74.125.234.14 0.0.0.0/0
0 0 DROP all -- * * 74.125.234.1 0.0.0.0/0
0 0 DROP all -- * * 74.125.234.0 0.0.0.0/0
63 3276 DROP all -- * * 69.63.190.74 0.0.0.0/0
0 0 DROP all -- * * 69.63.189.74 0.0.0.0/0
0 0 DROP all -- * * 69.171.247.37 0.0.0.0/0
0 0 DROP all -- * * 69.171.242.74 0.0.0.0/0
0 0 DROP all -- * * 66.220.153.74 0.0.0.0/0
0 0 DROP all -- * * 66.220.158.70 0.0.0.0/0
0 0 DROP all -- * * 69.171.228.74 0.0.0.0/0
0 0 DROP all -- * * 69.171.247.21 0.0.0.0/0
0 0 DROP all -- * * 69.63.189.70 0.0.0.0/0
1 44 DROP all -- * * 199.59.150.39 0.0.0.0/0
28 1456 DROP all -- * * 69.171.242.70 0.0.0.0/0
0 0 DROP all -- * * 63.135.91.11 0.0.0.0/0
0 0 DROP all -- * * 23.21.233.126 0.0.0.0/0
0 0 DROP all -- * * 199.59.148.82 0.0.0.0/0
0 0 DROP all -- * * 74.125.36.9 0.0.0.0/0
0 0 DROP all -- * * 74.125.36.8 0.0.0.0/0
0 0 DROP all -- * * 74.125.36.7 0.0.0.0/0
0 0 DROP all -- * * 74.125.36.6 0.0.0.0/0
0 0 DROP all -- * * 74.125.36.5 0.0.0.0/0
0 0 DROP all -- * * 74.125.36.4 0.0.0.0/0
0 0 DROP all -- * * 74.125.36.3 0.0.0.0/0
0 0 DROP all -- * * 74.125.36.2 0.0.0.0/0
0 0 DROP all -- * * 74.125.36.15 0.0.0.0/0
0 0 DROP all -- * * 74.125.36.14 0.0.0.0/0
0 0 DROP all -- * * 74.125.36.13 0.0.0.0/0
0 0 DROP all -- * * 74.125.36.12 0.0.0.0/0
0 0 DROP all -- * * 74.125.36.11 0.0.0.0/0
0 0 DROP all -- * * 74.125.36.10 0.0.0.0/0
0 0 DROP all -- * * 74.125.36.1 0.0.0.0/0
0 0 DROP all -- * * 74.125.36.0 0.0.0.0/0
0 0 DROP all -- * * 69.171.229.74 0.0.0.0/0
0 0 DROP all -- * * 64.77.109.201 0.0.0.0/0
0 0 DROP all -- * * 50.16.218.255 0.0.0.0/0
0 0 DROP all -- * * 38.99.75.233 0.0.0.0/0
0 0 DROP all -- * * 38.99.75.232 0.0.0.0/0
0 0 DROP all -- * * 38.99.74.243 0.0.0.0/0
0 0 DROP all -- * * 38.99.73.35 0.0.0.0/0
0 0 DROP all -- * * 216.178.47.11 0.0.0.0/0
0 0 DROP all -- * * 211.13.204.46 0.0.0.0/0
0 0 DROP all -- * * 208.74.29.108 0.0.0.0/0
0 0 DROP all -- * * 199.59.150.7 0.0.0.0/0
0 0 DROP all -- * * 199.59.149.230 0.0.0.0/0
0 0 DROP all -- * * 199.59.148.10 0.0.0.0/0
1609K 1080M dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
80514 4101K TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU
852K 913M net2loc all -- eth0 eth1 0.0.0.0/0 0.0.0.0/0
756K 166M loc2net all -- eth1 eth0 0.0.0.0/0 0.0.0.0/0
825 225K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:FORWARD:REJECT:'
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 [goto]

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
1032K 134M fw2net all -- * eth0 0.0.0.0/0 0.0.0.0/0
2045K 5150M fw2loc all -- * eth1 0.0.0.0/0 0.0.0.0/0
23057 2428K ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
8207 863K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
98 18402 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0

Chain Drop (2 references)
pkts bytes target prot opt in out source destination
2082 511K all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:113 /* Auth */
2082 511K dropBcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 code 4 /* Needed ICMP types */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 11 /* Needed ICMP types */
1091 186K dropInvalid all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 135,445 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:137:139 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:137 dpts:1024:65535 /* SMB */
3 144 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 135,139,445 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1900 /* UPnP */
315 67077 dropNotSyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:53 /* Late DNS Replies */

Chain Reject (4 references)
pkts bytes target prot opt in out source destination
132K 6592K all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:113 /* Auth */
132K 6592K dropBcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 code 4 /* Needed ICMP types */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 11 /* Needed ICMP types */
132K 6531K dropInvalid all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 135,445 /* SMB */
9573 747K reject udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:137:139 /* SMB */
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:137 dpts:1024:65535 /* SMB */
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 135,139,445 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1900 /* UPnP */
54753 2782K dropNotSyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:53 /* Late DNS Replies */

Chain blacklst (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP tcp -- * * 10.1.1.222 0.0.0.0/0 tcp dpt:443
0 0 DROP tcp -- * * 10.1.1.35 0.0.0.0/0 tcp dpt:443
0 0 DROP tcp -- * * 10.1.1.71 0.0.0.0/0 tcp dpt:443
0 0 DROP tcp -- * * 10.1.1.62 0.0.0.0/0 tcp dpt:443
0 0 DROP tcp -- * * 10.1.1.60 0.0.0.0/0 tcp dpt:443
0 0 DROP tcp -- * * 10.1.1.38 0.0.0.0/0 tcp dpt:443
0 0 DROP tcp -- * * 10.1.1.89 0.0.0.0/0 tcp dpt:443
0 0 DROP tcp -- * * 10.1.1.192 0.0.0.0/0 tcp dpt:443
0 0 DROP tcp -- * * 10.1.1.26 0.0.0.0/0 tcp dpt:443
0 0 DROP tcp -- * * 10.1.1.248 0.0.0.0/0 tcp dpt:443
0 0 DROP tcp -- * * 10.1.1.69 0.0.0.0/0 tcp dpt:443

Chain dropBcast (2 references)
pkts bytes target prot opt in out source destination
1888 387K DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST
0 0 DROP all -- * * 0.0.0.0/0 224.0.0.0/4

Chain dropInvalid (2 references)
pkts bytes target prot opt in out source destination
64751 2671K DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID

Chain dropNotSyn (2 references)
pkts bytes target prot opt in out source destination
199 61117 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02

Chain dynamic (2 references)
pkts bytes target prot opt in out source destination

Chain excl31 (1 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 ctorigdst 186.226.0.0
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 ctorigdst 187.45.0.0
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 ctorigdst 200.201.166.0
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 ctorigdst 200.201.173.0
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 ctorigdst 200.201.174.0
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 ctorigdst 201.15.10.0
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 ctorigdst 189.26.122.0
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 ctorigdst 72.26.193.0
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 ctorigdst 72.251.217.0
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 ctorigdst 187.4.200.0
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 ctorigdst 50.17.254.0
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 ctorigdst 170.66.0.0
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 ctorigdst 187.115.75.0
118K 6150K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0

Chain fw2loc (1 references)
pkts bytes target prot opt in out source destination
2045K 5150M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
279 70333 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0

Chain fw2net (1 references)
pkts bytes target prot opt in out source destination
966K 130M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
66194 4307K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0

Chain loc2fw (1 references)
pkts bytes target prot opt in out source destination
2759K 459M blacklst all -- * * 0.0.0.0/0 0.0.0.0/0
2564K 446M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
3 148 log1 tcp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] tcp dpt:9999
0 0 log2 tcp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] tcp dpt:3306
0 0 log3 udp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] udp dpt:3306
471 18840 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5000
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:5000
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5001
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:5001
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:137
20823 1637K ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:137
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:138
4113 936K ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:138
27 1400 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:139
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:139
47 2478 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:445
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:445
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8082
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:8082
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10000
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:10000
48743 3273K ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 /* DNS */
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 /* DNS */
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 135,445 /* SMB */
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:137:139 /* SMB */
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:137 dpts:1024:65535 /* SMB */
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 135,139,445 /* SMB */
1159 381K ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:67
11 660 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 /* Ping */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 code 4 /* Needed ICMP types */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 11 /* Needed ICMP types */
118K 6150K excl31 tcp -- * * !10.1.1.16 0.0.0.0/0 tcp dpt:3128 ctorigdstport 80
988 66612 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
91 5352 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:loc2fw:REJECT:'
91 5352 reject all -- * * 0.0.0.0/0 0.0.0.0/0 [goto]

Chain loc2net (1 references)
pkts bytes target prot opt in out source destination
756K 166M blacklst all -- * * 0.0.0.0/0 0.0.0.0/0
611K 159M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
8644 446K log4 tcp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] tcp dpt:443 /* HTTPS */
0 0 log5 tcp -- * * 0.0.0.0/0 186.226.0.0/16 [goto] tcp dpt:80 /* HTTP */
2375 123K log6 tcp -- * * 0.0.0.0/0 187.45.0.0/16 [goto] tcp dpt:80 /* HTTP */
0 0 log7 tcp -- * * 0.0.0.0/0 200.201.166.0/24 [goto] tcp dpt:80 /* HTTP */
0 0 log8 tcp -- * * 0.0.0.0/0 200.201.173.0/24 [goto] tcp dpt:80 /* HTTP */
0 0 log9 tcp -- * * 0.0.0.0/0 200.201.174.0/24 [goto] tcp dpt:80 /* HTTP */
0 0 log10 tcp -- * * 0.0.0.0/0 201.15.10.0/24 [goto] tcp dpt:80 /* HTTP */
6 312 log11 tcp -- * * 0.0.0.0/0 189.26.122.0/24 [goto] tcp dpt:80 /* HTTP */
10 436 log12 tcp -- * * 0.0.0.0/0 72.26.193.0/24 [goto] tcp dpt:80 /* HTTP */
2 104 log13 tcp -- * * 0.0.0.0/0 72.251.217.0/24 [goto] tcp dpt:80 /* HTTP */
0 0 log14 tcp -- * * 0.0.0.0/0 187.4.200.0/24 [goto] tcp dpt:80 /* HTTP */
0 0 log15 tcp -- * * 0.0.0.0/0 50.17.254.0/24 [goto] tcp dpt:80 /* HTTP */
20 1040 log16 tcp -- * * 0.0.0.0/0 170.66.0.0/16 [goto] tcp dpt:80 /* HTTP */
0 0 log17 tcp -- * * 0.0.0.0/0 187.115.75.0/24 [goto] tcp dpt:80 /* HTTP */
27 1404 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:2082
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3456
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:6699
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:6699
21 924 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:6600
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:6600
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8001
106 5512 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:2095
652 33912 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:110
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:110
2 104 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:26
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:26
2 104 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:995
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:995
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:465
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:465
63 3216 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:25
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:81
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:81
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:2095
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:2095
36 2736 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:123
16 832 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:554
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:554
123 6168 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1935
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1935
0 0 ACCEPT tcp -- * * 10.1.1.200 0.0.0.0/0 tcp dpt:8080
0 0 ACCEPT udp -- * * 10.1.1.200 0.0.0.0/0 udp dpt:8080
0 0 ACCEPT tcp -- * * 10.1.1.222 0.0.0.0/0
0 0 ACCEPT udp -- * * 10.1.1.222 0.0.0.0/0
0 0 ACCEPT tcp -- * * 10.1.1.94 0.0.0.0/0 tcp dpt:9020
0 0 ACCEPT udp -- * * 10.1.1.94 0.0.0.0/0 udp dpt:9020
0 0 ACCEPT tcp -- * * 10.1.1.44 0.0.0.0/0 tcp dpt:9020
0 0 ACCEPT udp -- * * 10.1.1.44 0.0.0.0/0 udp dpt:9020
14 728 ACCEPT tcp -- * * 10.1.2.22 0.0.0.0/0 tcp dpt:10799
0 0 ACCEPT tcp -- * * 10.1.1.172 0.0.0.0/0 tcp dpt:8080
0 0 ACCEPT udp -- * * 10.1.1.172 0.0.0.0/0 udp dpt:8080
0 0 ACCEPT udp -- * * 10.1.2.22 0.0.0.0/0 udp dpt:10799
0 0 ACCEPT tcp -- * * 10.1.2.22 0.0.0.0/0 tcp dpt:10805
0 0 ACCEPT udp -- * * 10.1.2.22 0.0.0.0/0 udp dpt:10805
0 0 ACCEPT tcp -- * * 10.1.2.23 0.0.0.0/0
0 0 ACCEPT udp -- * * 10.1.2.23 0.0.0.0/0
0 0 ACCEPT tcp -- * * 10.1.2.24 0.0.0.0/0 tcp dpt:10799
0 0 ACCEPT udp -- * * 10.1.2.24 0.0.0.0/0 udp dpt:10799
0 0 ACCEPT tcp -- * * 10.1.2.24 0.0.0.0/0 tcp dpt:10805
0 0 ACCEPT udp -- * * 10.1.2.24 0.0.0.0/0 udp dpt:10805
144 7404 ACCEPT tcp -- * * 10.1.1.52 0.0.0.0/0
0 0 ACCEPT tcp -- * * 10.1.1.50 0.0.0.0/0 tcp dpt:8080
0 0 ACCEPT udp -- * * 10.1.1.50 0.0.0.0/0 udp dpt:8080
0 0 ACCEPT tcp -- * * 10.1.1.3 0.0.0.0/0
0 0 ACCEPT udp -- * * 10.1.1.3 0.0.0.0/0
61 3794 ACCEPT udp -- * * 10.1.1.52 0.0.0.0/0
0 0 ACCEPT tcp -- * * 10.1.1.6 0.0.0.0/0
0 0 ACCEPT udp -- * * 10.1.1.6 0.0.0.0/0
2 80 ACCEPT tcp -- * * 10.1.1.247 0.0.0.0/0
0 0 ACCEPT udp -- * * 10.1.1.247 0.0.0.0/0
0 0 ACCEPT tcp -- * * 10.1.1.16 0.0.0.0/0
0 0 ACCEPT udp -- * * 10.1.1.16 0.0.0.0/0
377 15080 ACCEPT tcp -- * * 10.1.1.171 0.0.0.0/0
2 178 ACCEPT udp -- * * 10.1.1.171 0.0.0.0/0
0 0 ACCEPT tcp -- * * 10.1.1.37 0.0.0.0/0
0 0 ACCEPT udp -- * * 10.1.1.37 0.0.0.0/0
73 3096 ACCEPT tcp -- * * 10.1.1.57 0.0.0.0/0
150 6203 ACCEPT tcp -- * * 10.1.1.101 0.0.0.0/0
22 6868 ACCEPT udp -- * * 10.1.1.101 0.0.0.0/0
11 512 ACCEPT tcp -- * * 10.1.1.27 0.0.0.0/0
5 312 ACCEPT udp -- * * 10.1.1.27 0.0.0.0/0
27 1798 ACCEPT udp -- * * 10.1.1.57 0.0.0.0/0
0 0 ACCEPT tcp -- * * 10.1.1.4 0.0.0.0/0
0 0 ACCEPT udp -- * * 10.1.1.4 0.0.0.0/0
34 1432 ACCEPT tcp -- * * 10.1.1.51 0.0.0.0/0
0 0 ACCEPT tcp -- * * 10.1.1.91 0.0.0.0/0
0 0 ACCEPT udp -- * * 10.1.1.91 0.0.0.0/0
2 80 ACCEPT tcp -- * * 10.1.1.179 0.0.0.0/0
0 0 ACCEPT udp -- * * 10.1.1.179 0.0.0.0/0
315 12600 ACCEPT tcp -- * * 10.1.1.104 0.0.0.0/0
0 0 ACCEPT udp -- * * 10.1.1.104 0.0.0.0/0
8 498 ACCEPT udp -- * * 10.1.1.51 0.0.0.0/0
10 600 ACCEPT tcp -- * * 10.1.1.201 0.0.0.0/0 tcp dpt:8080
0 0 ACCEPT udp -- * * 10.1.1.201 0.0.0.0/0 udp dpt:8080
0 0 ACCEPT tcp -- * * 10.1.1.22 0.0.0.0/0 tcp dpt:8080
0 0 ACCEPT udp -- * * 10.1.1.22 0.0.0.0/0 udp dpt:8080
0 0 ACCEPT tcp -- * * 10.1.1.68 0.0.0.0/0 tcp dpt:8080
0 0 ACCEPT udp -- * * 10.1.1.68 0.0.0.0/0 udp dpt:8080
64 2864 ACCEPT tcp -- * * 10.1.1.55 0.0.0.0/0
7 336 ACCEPT udp -- * * 10.1.1.55 0.0.0.0/0
141 6564 ACCEPT tcp -- * * 10.1.1.15 0.0.0.0/0
36 2370 ACCEPT udp -- * * 10.1.1.15 0.0.0.0/0
0 0 ACCEPT tcp -- * * 10.1.1.237 0.0.0.0/0
0 0 ACCEPT udp -- * * 10.1.1.237 0.0.0.0/0
0 0 ACCEPT tcp -- * * 10.1.1.98 0.0.0.0/0 tcp dpt:5000
0 0 ACCEPT udp -- * * 10.1.1.98 0.0.0.0/0 udp dpt:5000
6 308 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:20
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:21
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:20
1 60 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 /* Ping */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 code 4 /* Needed ICMP types */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 11 /* Needed ICMP types */
0 0 ACCEPT tcp -- * * 10.1.1.16 0.0.0.0/0 tcp dpt:80 /* HTTP */
131K 6524K Reject all -- * * 0.0.0.0/0 0.0.0.0/0
57606 3205K LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:loc2net:REJECT:'
57606 3205K reject all -- * * 0.0.0.0/0 0.0.0.0/0 [goto]

Chain log0 (1 references)
pkts bytes target prot opt in out source destination
1 48 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:net2fw:ACCEPT:'
1 48 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0

Chain log1 (1 references)
pkts bytes target prot opt in out source destination
3 148 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:loc2fw:ACCEPT:'
3 148 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0

Chain log10 (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 /* HTTP */ LOG flags 0 level 6 prefix `Shorewall:loc2net:ACCEPT:'
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* HTTP */

Chain log11 (1 references)
pkts bytes target prot opt in out source destination
6 312 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 /* HTTP */ LOG flags 0 level 6 prefix `Shorewall:loc2net:ACCEPT:'
6 312 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* HTTP */

Chain log12 (1 references)
pkts bytes target prot opt in out source destination
10 436 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 /* HTTP */ LOG flags 0 level 6 prefix `Shorewall:loc2net:ACCEPT:'
10 436 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* HTTP */

Chain log13 (1 references)
pkts bytes target prot opt in out source destination
2 104 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 /* HTTP */ LOG flags 0 level 6 prefix `Shorewall:loc2net:ACCEPT:'
2 104 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* HTTP */

Chain log14 (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 /* HTTP */ LOG flags 0 level 6 prefix `Shorewall:loc2net:ACCEPT:'
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* HTTP */

Chain log15 (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 /* HTTP */ LOG flags 0 level 6 prefix `Shorewall:loc2net:ACCEPT:'
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* HTTP */

Chain log16 (1 references)
pkts bytes target prot opt in out source destination
20 1040 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 /* HTTP */ LOG flags 0 level 6 prefix `Shorewall:loc2net:ACCEPT:'
20 1040 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* HTTP */

Chain log17 (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 /* HTTP */ LOG flags 0 level 6 prefix `Shorewall:loc2net:ACCEPT:'
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* HTTP */

Chain log2 (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:loc2fw:ACCEPT:'
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0

Chain log3 (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:loc2fw:ACCEPT:'
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0

Chain log4 (1 references)
pkts bytes target prot opt in out source destination
8644 446K LOG all -- * * 0.0.0.0/0 0.0.0.0/0 /* HTTPS */ LOG flags 0 level 6 prefix `Shorewall:loc2net:ACCEPT:'
8644 446K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* HTTPS */

Chain log5 (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 /* HTTP */ LOG flags 0 level 6 prefix `Shorewall:loc2net:ACCEPT:'
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* HTTP */

Chain log6 (1 references)
pkts bytes target prot opt in out source destination
2375 123K LOG all -- * * 0.0.0.0/0 0.0.0.0/0 /* HTTP */ LOG flags 0 level 6 prefix `Shorewall:loc2net:ACCEPT:'
2375 123K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* HTTP */

Chain log7 (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 /* HTTP */ LOG flags 0 level 6 prefix `Shorewall:loc2net:ACCEPT:'
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* HTTP */

Chain log8 (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 /* HTTP */ LOG flags 0 level 6 prefix `Shorewall:loc2net:ACCEPT:'
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* HTTP */

Chain log9 (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 /* HTTP */ LOG flags 0 level 6 prefix `Shorewall:loc2net:ACCEPT:'
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* HTTP */

Chain logdrop (0 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0

Chain logreject (0 references)
pkts bytes target prot opt in out source destination
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0

Chain net2fw (1 references)
pkts bytes target prot opt in out source destination
1090K 1223M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
1 48 log0 tcp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] tcp dpt:9999
11 528 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5000
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:5000
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5001
73 13672 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:5001
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:137
15 1386 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:137
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:138
84 20832 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:138
3 144 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:139
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:139
35 1716 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:445
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:445
37 2221 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 /* Ping */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 code 4 /* Needed ICMP types */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 11 /* Needed ICMP types */
2082 511K Drop all -- * * 0.0.0.0/0 0.0.0.0/0
356 25579 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:net2fw:DROP:'
356 25579 DROP all -- * * 0.0.0.0/0 0.0.0.0/0

Chain net2loc (1 references)
pkts bytes target prot opt in out source destination
852K 913M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 10.1.1.1 tcp dpt:137 ctorigdstport 137
0 0 ACCEPT udp -- * * 0.0.0.0/0 10.1.1.1 udp dpt:137 ctorigdstport 137
0 0 ACCEPT tcp -- * * 0.0.0.0/0 10.1.1.1 tcp dpt:138 ctorigdstport 138
0 0 ACCEPT udp -- * * 0.0.0.0/0 10.1.1.1 udp dpt:138 ctorigdstport 138
0 0 ACCEPT tcp -- * * 0.0.0.0/0 10.1.1.1 tcp dpt:139 ctorigdstport 139
0 0 ACCEPT udp -- * * 0.0.0.0/0 10.1.1.1 udp dpt:139 ctorigdstport 139
0 0 ACCEPT tcp -- * * 0.0.0.0/0 10.1.1.1 tcp dpt:445 ctorigdstport 445
0 0 ACCEPT udp -- * * 0.0.0.0/0 10.1.1.1 udp dpt:445 ctorigdstport 445
2 100 ACCEPT tcp -- * * 0.0.0.0/0 10.1.1.237 tcp dpt:3390 ctorigdstport 3390
0 0 ACCEPT udp -- * * 0.0.0.0/0 10.1.1.237 udp dpt:3390 ctorigdstport 3390
0 0 ACCEPT tcp -- * * 0.0.0.0/0 10.1.1.98 tcp dpt:5000 ctorigdstport 5000
0 0 ACCEPT udp -- * * 0.0.0.0/0 10.1.1.98 udp dpt:5000 ctorigdstport 5000
0 0 Drop all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:net2loc:DROP:'
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0

Chain reject (11 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match src-type BROADCAST
0 0 DROP all -- * * 224.0.0.0/4 0.0.0.0/0
0 0 DROP 2 -- * * 0.0.0.0/0 0.0.0.0/0
54753 2782K REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset
12520 1176K REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
28 1680 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-unreachable
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Chain shorewall (0 references)
pkts bytes target prot opt in out source destination

Chain smurfs (0 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- * * 0.0.0.0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match src-type BROADCAST LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match src-type BROADCAST
0 0 LOG all -- * * 224.0.0.0/4 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'
0 0 DROP all -- * * 224.0.0.0/4 0.0.0.0/0

removido
(usa Nenhuma)

Enviado em 21/06/2012 - 23:35h

boa noite amigo,

antes de olhar direitinho suas regras de firewall, pois é regra para "chuchu", te pergunto já usou o dispositivo virtual "tap" ao invés do "tun" ? testa com tap e retorna ai.

removido
(usa Nenhuma)

Enviado em 21/06/2012 - 23:36h

não velho..

o que seria e qual a diferença?

removido
(usa Nenhuma)

Enviado em 21/06/2012 - 23:46h

outra coisa dando uma passada rápida no seu firewall não vi regra que libera-se o trafego na interface virtual "tun", tem que liberar, pois as regras padrões de todas as chains é drop, sendo assim se não tem nenhuma regra para aceitar pacotes pela interface virtual da vpn os mesmos serão bloqueados.

olhe também se tem algum bloqueio no firewall do seu windows.

removido
(usa Nenhuma)

Enviado em 22/06/2012 - 00:18h

Fiz a liberação aqui no shorewall..

iptables -nvL


Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
1957 1149K dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
1048 1007K net2fw all -- eth0 * 0.0.0.0/0 0.0.0.0/0
855 135K loc2fw all -- eth1 * 0.0.0.0/0 0.0.0.0/0
0 0 vpn2fw all -- tun * 0.0.0.0/0 0.0.0.0/0
52 6372 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
2 120 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
2 120 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:INPUT:REJECT:'
2 120 reject all -- * * 0.0.0.0/0 0.0.0.0/0 [goto]

Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
2144 1343K dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
126 6412 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU
1161 1166K net_frwd all -- eth0 * 0.0.0.0/0 0.0.0.0/0
983 177K loc_frwd all -- eth1 * 0.0.0.0/0 0.0.0.0/0
0 0 vpn_frwd all -- tun * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:FORWARD:REJECT:'
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 [goto]

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
958 157K fw2net all -- * eth0 0.0.0.0/0 0.0.0.0/0
1303 1166K fw2loc all -- * eth1 0.0.0.0/0 0.0.0.0/0
0 0 fw2vpn all -- * tun 0.0.0.0/0 0.0.0.0/0
52 6372 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
2 176 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
5 420 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0

Chain Drop (3 references)
pkts bytes target prot opt in out source destination
5 1640 all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:113 /* Auth */
5 1640 dropBcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 code 4 /* Needed ICMP types */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 11 /* Needed ICMP types */
0 0 dropInvalid all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 135,445 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:137:139 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:137 dpts:1024:65535 /* SMB */
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 135,139,445 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1900 /* UPnP */
0 0 dropNotSyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:53 /* Late DNS Replies */

Chain Reject (8 references)
pkts bytes target prot opt in out source destination
131 7624 all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:113 /* Auth */
131 7624 dropBcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 code 4 /* Needed ICMP types */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 11 /* Needed ICMP types */
131 7624 dropInvalid all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 135,445 /* SMB */
27 2106 reject udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:137:139 /* SMB */
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:137 dpts:1024:65535 /* SMB */
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 135,139,445 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1900 /* UPnP */
96 4864 dropNotSyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:53 /* Late DNS Replies */

Chain blacklst (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP tcp -- * * 10.1.1.222 0.0.0.0/0 tcp dpt:443
0 0 DROP tcp -- * * 10.1.1.35 0.0.0.0/0 tcp dpt:443
0 0 DROP tcp -- * * 10.1.1.71 0.0.0.0/0 tcp dpt:443
0 0 DROP tcp -- * * 10.1.1.62 0.0.0.0/0 tcp dpt:443
0 0 DROP tcp -- * * 10.1.1.60 0.0.0.0/0 tcp dpt:443
0 0 DROP tcp -- * * 10.1.1.38 0.0.0.0/0 tcp dpt:443
0 0 DROP tcp -- * * 10.1.1.89 0.0.0.0/0 tcp dpt:443
0 0 DROP tcp -- * * 10.1.1.192 0.0.0.0/0 tcp dpt:443
0 0 DROP tcp -- * * 10.1.1.26 0.0.0.0/0 tcp dpt:443
0 0 DROP tcp -- * * 10.1.1.248 0.0.0.0/0 tcp dpt:443
0 0 DROP tcp -- * * 10.1.1.69 0.0.0.0/0 tcp dpt:443

Chain dropBcast (2 references)
pkts bytes target prot opt in out source destination
5 1640 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST
0 0 DROP all -- * * 0.0.0.0/0 224.0.0.0/4

Chain dropInvalid (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID

Chain dropNotSyn (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02

Chain dynamic (2 references)
pkts bytes target prot opt in out source destination

Chain excl33 (1 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 ctorigdst 186.226.0.0
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 ctorigdst 187.45.0.0
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 ctorigdst 200.201.166.0
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 ctorigdst 200.201.173.0
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 ctorigdst 200.201.174.0
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 ctorigdst 201.15.10.0
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 ctorigdst 189.26.122.0
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 ctorigdst 72.26.193.0
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 ctorigdst 72.251.217.0
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 ctorigdst 187.4.200.0
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 ctorigdst 50.17.254.0
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 ctorigdst 170.66.0.0
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 ctorigdst 187.115.75.0
37 1924 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0

Chain fw2loc (1 references)
pkts bytes target prot opt in out source destination
1303 1166K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0

Chain fw2net (1 references)
pkts bytes target prot opt in out source destination
915 154K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
43 2825 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0

Chain fw2vpn (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0

Chain loc2fw (1 references)
pkts bytes target prot opt in out source destination
855 135K blacklst all -- * * 0.0.0.0/0 0.0.0.0/0
746 126K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 log1 tcp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] tcp dpt:9999
0 0 log2 tcp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] tcp dpt:3306
0 0 log3 udp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] udp dpt:3306
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5000
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:5000
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:137
42 3276 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:137
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:138
5 1155 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:138
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:139
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:139
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:445
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:445
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8082
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:8082
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10000
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:10000
20 1303 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 /* DNS */
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 /* DNS */
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 135,445 /* SMB */
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:137:139 /* SMB */
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:137 dpts:1024:65535 /* SMB */
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 135,139,445 /* SMB */
5 1640 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:67
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 /* Ping */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 code 4 /* Needed ICMP types */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 11 /* Needed ICMP types */
37 1924 excl33 tcp -- * * !10.1.1.16 0.0.0.0/0 tcp dpt:3128 ctorigdstport 80
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:loc2fw:REJECT:'
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 [goto]

Chain loc2net (1 references)
pkts bytes target prot opt in out source destination
839 169K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
14 728 log4 tcp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] tcp dpt:443 /* HTTPS */
0 0 log7 tcp -- * * 0.0.0.0/0 186.226.0.0/16 [goto] tcp dpt:80 /* HTTP */
0 0 log8 tcp -- * * 0.0.0.0/0 187.45.0.0/16 [goto] tcp dpt:80 /* HTTP */
0 0 log9 tcp -- * * 0.0.0.0/0 200.201.166.0/24 [goto] tcp dpt:80 /* HTTP */
0 0 log10 tcp -- * * 0.0.0.0/0 200.201.173.0/24 [goto] tcp dpt:80 /* HTTP */
0 0 log11 tcp -- * * 0.0.0.0/0 200.201.174.0/24 [goto] tcp dpt:80 /* HTTP */
0 0 log12 tcp -- * * 0.0.0.0/0 201.15.10.0/24 [goto] tcp dpt:80 /* HTTP */
0 0 log13 tcp -- * * 0.0.0.0/0 189.26.122.0/24 [goto] tcp dpt:80 /* HTTP */
0 0 log14 tcp -- * * 0.0.0.0/0 72.26.193.0/24 [goto] tcp dpt:80 /* HTTP */
0 0 log15 tcp -- * * 0.0.0.0/0 72.251.217.0/24 [goto] tcp dpt:80 /* HTTP */
0 0 log16 tcp -- * * 0.0.0.0/0 187.4.200.0/24 [goto] tcp dpt:80 /* HTTP */
0 0 log17 tcp -- * * 0.0.0.0/0 50.17.254.0/24 [goto] tcp dpt:80 /* HTTP */
0 0 log18 tcp -- * * 0.0.0.0/0 170.66.0.0/16 [goto] tcp dpt:80 /* HTTP */
0 0 log19 tcp -- * * 0.0.0.0/0 187.115.75.0/24 [goto] tcp dpt:80 /* HTTP */
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:2082
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3456
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:6699
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:6699
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:6600
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:6600
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8001
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:2095
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:110
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:110
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:26
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:26
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:995
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:995
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:465
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:465
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:25
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:81
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:81
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:2095
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:2095
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:123
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:554
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:554
1 52 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1935
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1935
0 0 ACCEPT tcp -- * * 10.1.1.200 0.0.0.0/0 tcp dpt:8080
0 0 ACCEPT udp -- * * 10.1.1.200 0.0.0.0/0 udp dpt:8080
0 0 ACCEPT tcp -- * * 10.1.1.222 0.0.0.0/0
0 0 ACCEPT udp -- * * 10.1.1.222 0.0.0.0/0
0 0 ACCEPT tcp -- * * 10.1.1.94 0.0.0.0/0 tcp dpt:9020
0 0 ACCEPT udp -- * * 10.1.1.94 0.0.0.0/0 udp dpt:9020
0 0 ACCEPT tcp -- * * 10.1.1.44 0.0.0.0/0 tcp dpt:9020
0 0 ACCEPT udp -- * * 10.1.1.44 0.0.0.0/0 udp dpt:9020
0 0 ACCEPT tcp -- * * 10.1.2.22 0.0.0.0/0 tcp dpt:10799
0 0 ACCEPT tcp -- * * 10.1.1.172 0.0.0.0/0 tcp dpt:8080
0 0 ACCEPT udp -- * * 10.1.1.172 0.0.0.0/0 udp dpt:8080
0 0 ACCEPT udp -- * * 10.1.2.22 0.0.0.0/0 udp dpt:10799
0 0 ACCEPT tcp -- * * 10.1.2.22 0.0.0.0/0 tcp dpt:10805
0 0 ACCEPT udp -- * * 10.1.2.22 0.0.0.0/0 udp dpt:10805
0 0 ACCEPT tcp -- * * 10.1.2.23 0.0.0.0/0
0 0 ACCEPT udp -- * * 10.1.2.23 0.0.0.0/0
0 0 ACCEPT tcp -- * * 10.1.2.24 0.0.0.0/0 tcp dpt:10799
0 0 ACCEPT udp -- * * 10.1.2.24 0.0.0.0/0 udp dpt:10799
0 0 ACCEPT tcp -- * * 10.1.2.24 0.0.0.0/0 tcp dpt:10805
0 0 ACCEPT udp -- * * 10.1.2.24 0.0.0.0/0 udp dpt:10805
0 0 ACCEPT tcp -- * * 10.1.1.52 0.0.0.0/0
0 0 ACCEPT tcp -- * * 10.1.1.50 0.0.0.0/0 tcp dpt:8080
0 0 ACCEPT udp -- * * 10.1.1.50 0.0.0.0/0 udp dpt:8080
0 0 ACCEPT tcp -- * * 10.1.1.3 0.0.0.0/0
0 0 ACCEPT udp -- * * 10.1.1.3 0.0.0.0/0
0 0 ACCEPT udp -- * * 10.1.1.52 0.0.0.0/0
0 0 ACCEPT tcp -- * * 10.1.1.6 0.0.0.0/0
0 0 ACCEPT udp -- * * 10.1.1.6 0.0.0.0/0
0 0 ACCEPT tcp -- * * 10.1.1.247 0.0.0.0/0
0 0 ACCEPT udp -- * * 10.1.1.247 0.0.0.0/0
0 0 ACCEPT tcp -- * * 10.1.1.16 0.0.0.0/0
0 0 ACCEPT udp -- * * 10.1.1.16 0.0.0.0/0
0 0 ACCEPT tcp -- * * 10.1.1.171 0.0.0.0/0
0 0 ACCEPT udp -- * * 10.1.1.171 0.0.0.0/0
0 0 ACCEPT tcp -- * * 10.1.1.37 0.0.0.0/0
0 0 ACCEPT udp -- * * 10.1.1.37 0.0.0.0/0
0 0 ACCEPT tcp -- * * 10.1.1.57 0.0.0.0/0
0 0 ACCEPT tcp -- * * 10.1.1.101 0.0.0.0/0
0 0 ACCEPT udp -- * * 10.1.1.101 0.0.0.0/0
0 0 ACCEPT tcp -- * * 10.1.1.27 0.0.0.0/0
0 0 ACCEPT udp -- * * 10.1.1.27 0.0.0.0/0
0 0 ACCEPT udp -- * * 10.1.1.57 0.0.0.0/0
0 0 ACCEPT tcp -- * * 10.1.1.4 0.0.0.0/0
0 0 ACCEPT udp -- * * 10.1.1.4 0.0.0.0/0
0 0 ACCEPT tcp -- * * 10.1.1.51 0.0.0.0/0
0 0 ACCEPT tcp -- * * 10.1.1.91 0.0.0.0/0
0 0 ACCEPT udp -- * * 10.1.1.91 0.0.0.0/0
0 0 ACCEPT tcp -- * * 10.1.1.179 0.0.0.0/0
0 0 ACCEPT udp -- * * 10.1.1.179 0.0.0.0/0
0 0 ACCEPT tcp -- * * 10.1.1.104 0.0.0.0/0
0 0 ACCEPT udp -- * * 10.1.1.104 0.0.0.0/0
0 0 ACCEPT udp -- * * 10.1.1.51 0.0.0.0/0
0 0 ACCEPT tcp -- * * 10.1.1.201 0.0.0.0/0 tcp dpt:8080
0 0 ACCEPT udp -- * * 10.1.1.201 0.0.0.0/0 udp dpt:8080
0 0 ACCEPT tcp -- * * 10.1.1.22 0.0.0.0/0 tcp dpt:8080
0 0 ACCEPT udp -- * * 10.1.1.22 0.0.0.0/0 udp dpt:8080
0 0 ACCEPT tcp -- * * 10.1.1.68 0.0.0.0/0 tcp dpt:8080
0 0 ACCEPT udp -- * * 10.1.1.68 0.0.0.0/0 udp dpt:8080
0 0 ACCEPT tcp -- * * 10.1.1.55 0.0.0.0/0
0 0 ACCEPT udp -- * * 10.1.1.55 0.0.0.0/0
0 0 ACCEPT tcp -- * * 10.1.1.15 0.0.0.0/0
0 0 ACCEPT udp -- * * 10.1.1.15 0.0.0.0/0
0 0 ACCEPT tcp -- * * 10.1.1.237 0.0.0.0/0
0 0 ACCEPT udp -- * * 10.1.1.237 0.0.0.0/0
0 0 ACCEPT tcp -- * * 10.1.1.98 0.0.0.0/0 tcp dpt:5000
0 0 ACCEPT udp -- * * 10.1.1.98 0.0.0.0/0 udp dpt:5000
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:20
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:21
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:20
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 /* Ping */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 code 4 /* Needed ICMP types */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 11 /* Needed ICMP types */
0 0 ACCEPT tcp -- * * 10.1.1.16 0.0.0.0/0 tcp dpt:80 /* HTTP */
129 7504 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
102 5398 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:loc2net:REJECT:'
102 5398 reject all -- * * 0.0.0.0/0 0.0.0.0/0 [goto]

Chain loc2vpn (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:loc2vpn:REJECT:'
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 [goto]

Chain loc_frwd (1 references)
pkts bytes target prot opt in out source destination
983 177K blacklst all -- * * 0.0.0.0/0 0.0.0.0/0
983 177K loc2net all -- * eth0 0.0.0.0/0 0.0.0.0/0
0 0 loc2vpn all -- * tun 0.0.0.0/0 0.0.0.0/0

Chain log0 (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:net2fw:ACCEPT:'
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0

Chain log1 (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:loc2fw:ACCEPT:'
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0

Chain log10 (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 /* HTTP */ LOG flags 0 level 6 prefix `Shorewall:loc2net:ACCEPT:'
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* HTTP */

Chain log11 (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 /* HTTP */ LOG flags 0 level 6 prefix `Shorewall:loc2net:ACCEPT:'
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* HTTP */

Chain log12 (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 /* HTTP */ LOG flags 0 level 6 prefix `Shorewall:loc2net:ACCEPT:'
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* HTTP */

Chain log13 (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 /* HTTP */ LOG flags 0 level 6 prefix `Shorewall:loc2net:ACCEPT:'
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* HTTP */

Chain log14 (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 /* HTTP */ LOG flags 0 level 6 prefix `Shorewall:loc2net:ACCEPT:'
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* HTTP */

Chain log15 (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 /* HTTP */ LOG flags 0 level 6 prefix `Shorewall:loc2net:ACCEPT:'
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* HTTP */

Chain log16 (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 /* HTTP */ LOG flags 0 level 6 prefix `Shorewall:loc2net:ACCEPT:'
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* HTTP */

Chain log17 (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 /* HTTP */ LOG flags 0 level 6 prefix `Shorewall:loc2net:ACCEPT:'
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* HTTP */

Chain log18 (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 /* HTTP */ LOG flags 0 level 6 prefix `Shorewall:loc2net:ACCEPT:'
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* HTTP */

Chain log19 (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 /* HTTP */ LOG flags 0 level 6 prefix `Shorewall:loc2net:ACCEPT:'
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* HTTP */

Chain log2 (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:loc2fw:ACCEPT:'
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0

Chain log3 (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:loc2fw:ACCEPT:'
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0

Chain log4 (1 references)
pkts bytes target prot opt in out source destination
14 728 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 /* HTTPS */ LOG flags 0 level 6 prefix `Shorewall:loc2net:ACCEPT:'
14 728 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* HTTPS */

Chain log5 (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 /* HTTPS */ LOG flags 0 level 6 prefix `Shorewall:vpn2net:ACCEPT:'
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* HTTPS */

Chain log6 (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 /* HTTP */ LOG flags 0 level 6 prefix `Shorewall:vpn2net:ACCEPT:'
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* HTTP */

Chain log7 (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 /* HTTP */ LOG flags 0 level 6 prefix `Shorewall:loc2net:ACCEPT:'
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* HTTP */

Chain log8 (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 /* HTTP */ LOG flags 0 level 6 prefix `Shorewall:loc2net:ACCEPT:'
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* HTTP */

Chain log9 (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 /* HTTP */ LOG flags 0 level 6 prefix `Shorewall:loc2net:ACCEPT:'
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* HTTP */

Chain logdrop (0 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0

Chain logreject (0 references)
pkts bytes target prot opt in out source destination
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0

Chain net2fw (1 references)
pkts bytes target prot opt in out source destination
1043 1006K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 log0 tcp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] tcp dpt:9999
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5000
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:5000
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5001
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:5001
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:137
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:137
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:138
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:138
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:139
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:139
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:445
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:445
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 /* Ping */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 code 4 /* Needed ICMP types */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 11 /* Needed ICMP types */
5 1640 Drop all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:net2fw:DROP:'
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0

Chain net2loc (1 references)
pkts bytes target prot opt in out source destination
1161 1166K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 10.1.1.1 tcp dpt:137 ctorigdstport 137
0 0 ACCEPT udp -- * * 0.0.0.0/0 10.1.1.1 udp dpt:137 ctorigdstport 137
0 0 ACCEPT tcp -- * * 0.0.0.0/0 10.1.1.1 tcp dpt:138 ctorigdstport 138
0 0 ACCEPT udp -- * * 0.0.0.0/0 10.1.1.1 udp dpt:138 ctorigdstport 138
0 0 ACCEPT tcp -- * * 0.0.0.0/0 10.1.1.1 tcp dpt:139 ctorigdstport 139
0 0 ACCEPT udp -- * * 0.0.0.0/0 10.1.1.1 udp dpt:139 ctorigdstport 139
0 0 ACCEPT tcp -- * * 0.0.0.0/0 10.1.1.1 tcp dpt:445 ctorigdstport 445
0 0 ACCEPT udp -- * * 0.0.0.0/0 10.1.1.1 udp dpt:445 ctorigdstport 445
0 0 ACCEPT tcp -- * * 0.0.0.0/0 10.1.1.237 tcp dpt:3390 ctorigdstport 3390
0 0 ACCEPT udp -- * * 0.0.0.0/0 10.1.1.237 udp dpt:3390 ctorigdstport 3390
0 0 ACCEPT tcp -- * * 0.0.0.0/0 10.1.1.98 tcp dpt:5000 ctorigdstport 5000
0 0 ACCEPT udp -- * * 0.0.0.0/0 10.1.1.98 udp dpt:5000 ctorigdstport 5000
0 0 Drop all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:net2loc:DROP:'
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0

Chain net2vpn (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 Drop all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:net2vpn:DROP:'
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0

Chain net_frwd (1 references)
pkts bytes target prot opt in out source destination
1161 1166K net2loc all -- * eth1 0.0.0.0/0 0.0.0.0/0
0 0 net2vpn all -- * tun 0.0.0.0/0 0.0.0.0/0

Chain reject (15 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match src-type BROADCAST
0 0 DROP all -- * * 224.0.0.0/4 0.0.0.0/0
0 0 DROP 2 -- * * 0.0.0.0/0 0.0.0.0/0
96 4864 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset
33 2640 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
2 120 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-unreachable
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Chain shorewall (0 references)
pkts bytes target prot opt in out source destination

Chain smurfs (0 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- * * 0.0.0.0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match src-type BROADCAST LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match src-type BROADCAST
0 0 LOG all -- * * 224.0.0.0/4 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'
0 0 DROP all -- * * 224.0.0.0/4 0.0.0.0/0

Chain vpn2fw (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5001
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:5001
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:137
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:137
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:138
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:138
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:139
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:139
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:445
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:445
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 /* DNS */
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 /* DNS */
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 135,445 /* SMB */
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:137:139 /* SMB */
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:137 dpts:1024:65535 /* SMB */
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 135,139,445 /* SMB */
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:67
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 /* Ping */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 code 4 /* Needed ICMP types */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 11 /* Needed ICMP types */
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:vpn2fw:REJECT:'
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 [goto]

Chain vpn2loc (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:vpn2loc:REJECT:'
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 [goto]

Chain vpn2net (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 log5 tcp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] tcp dpt:443 /* HTTPS */
0 0 log6 tcp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] tcp dpt:80 /* HTTP */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 /* Ping */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 code 4 /* Needed ICMP types */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 11 /* Needed ICMP types */
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:vpn2net:REJECT:'
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 [goto]

Chain vpn_frwd (1 references)
pkts bytes target prot opt in out source destination
0 0 vpn2net all -- * eth0 0.0.0.0/0 0.0.0.0/0
0 0 vpn2loc all -- * eth1 0.0.0.0/0 0.0.0.0/0


Mas ainda não pingo.. ;s

removido
(usa Nenhuma)

Enviado em 22/06/2012 - 00:36h

essa máquina onde está o shorewall roda é de alguma empresa ? e qual distro roda no servidor ?