Barf File from Right Firewall. firewall Sat Nov 30 09:02:43 UTC 2002 + _________________________ + + ipsec --version Linux FreeS/WAN 1.91 See `ipsec --copyright' for copyright information. + _________________________ + + cat /proc/version Linux version 2.2.19-3-LEAF (root@debian) (gcc version 2.7.2.3) #2 Sat Dec 1 12:34:52 CST 2001 + _________________________ + + cat /proc/net/ipsec_eroute 0 192.168.2.0/24 -> 192.168.1.0/24 => tun0x1006@208.180.134.97 + _________________________ + + cat /proc/net/ipsec_spi esp0x4edd642a@208.180.134.97 ESP_3DES_HMAC_MD5: dir=out src=208.180.134.7 iv_bits=64bits iv=0xe16db841412b55d2 ooowin=64 alen=128 aklen=128 eklen=192 life(c,s,h)=add(2874,0,0) esp0x4edd6429@208.180.134.97 ESP_3DES_HMAC_MD5: dir=out src=208.180.134.7 iv_bits=64bits iv=0x5eb0a2e95cb08257 ooowin=64 alen=128 aklen=128 eklen=192 life(c,s,h)=add(2890,0,0) esp0x4edd6428@208.180.134.97 ESP_3DES_HMAC_MD5: dir=out src=208.180.134.7 iv_bits=64bits iv=0x1f224551a2b4eed5 ooowin=64 seq=13 alen=128 aklen=128 eklen=192 life(c,s,h)=bytes(1504,0,0)add(17031,0,0)use(16682,0,0)packets(13,0,0) idle=16535 tun0x1006@208.180.134.97 IPIP: dir=out src=208.180.134.7 life(c,s,h)=add(2874,0,0) tun0x1004@208.180.134.97 IPIP: dir=out src=208.180.134.7 life(c,s,h)=add(2890,0,0) tun0x1002@208.180.134.97 IPIP: dir=out src=208.180.134.7 life(c,s,h)=bytes(1068,0,0)add(17031,0,0)use(16682,0,0)packets(13,0,0) idle=16535 esp0x291416a1@208.180.134.7 ESP_3DES_HMAC_MD5: dir=in src=208.180.134.97 iv_bits=64bits iv=0xbacf00a84c9092b4 ooowin=64 alen=128 aklen=128 eklen=192 life(c,s,h)=add(2874,0,0) esp0x291416a0@208.180.134.7 ESP_3DES_HMAC_MD5: dir=in src=208.180.134.97 iv_bits=64bits iv=0xadedbaf7ffaa2dac ooowin=64 alen=128 aklen=128 eklen=192 life(c,s,h)=add(2890,0,0) esp0x2914169f@208.180.134.7 ESP_3DES_HMAC_MD5: dir=in src=208.180.134.97 iv_bits=64bits iv=0x41d20600d691e8c2 ooowin=64 alen=128 aklen=128 eklen=192 life(c,s,h)=add(17031,0,0) tun0x1005@208.180.134.7 IPIP: dir=in src=208.180.134.97 life(c,s,h)=add(2874,0,0) tun0x1003@208.180.134.7 IPIP: dir=in src=208.180.134.97 life(c,s,h)=add(2890,0,0) tun0x1001@208.180.134.7 IPIP: dir=in src=208.180.134.97 life(c,s,h)=add(17031,0,0) + _________________________ + + cat /proc/net/ipsec_spigrp tun0x1006@208.180.134.97 esp0x4edd642a@208.180.134.97 tun0x1004@208.180.134.97 esp0x4edd6429@208.180.134.97 tun0x1002@208.180.134.97 esp0x4edd6428@208.180.134.97 tun0x1005@208.180.134.7 esp0x291416a1@208.180.134.7 tun0x1003@208.180.134.7 esp0x291416a0@208.180.134.7 tun0x1001@208.180.134.7 esp0x2914169f@208.180.134.7 + _________________________ + + netstat -nr Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 208.180.134.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 208.180.134.0 0.0.0.0 255.255.255.0 U 0 0 0 ipsec0 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 192.168.1.0 208.180.134.1 255.255.255.0 UG 0 0 0 ipsec0 0.0.0.0 208.180.134.1 0.0.0.0 UG 0 0 0 eth0 + _________________________ + + cat /proc/net/ipsec_tncfg ipsec0 -> eth0 mtu=16260(1443) -> 1500 ipsec1 -> NULL mtu=0(0) -> 0 ipsec2 -> NULL mtu=0(0) -> 0 ipsec3 -> NULL mtu=0(0) -> 0 + _________________________ + + cat /proc/net/pf_key sock pid socket next prev e n p sndbf Flags Type St c1656f90 1050 c163bdb8 0 0 0 0 2 32767 00000000 3 1 + _________________________ + + cd /proc/net + egrep ^ pf_key_registered pf_key_supported pf_key_registered:satype socket pid sk pf_key_registered: 2 c163bdb8 1050 c1656f90 pf_key_registered: 3 c163bdb8 1050 c1656f90 pf_key_registered: 9 c163bdb8 1050 c1656f90 pf_key_registered: 10 c163bdb8 1050 c1656f90 pf_key_supported:satype exttype alg_id ivlen minbits maxbits pf_key_supported: 2 14 3 0 160 160 pf_key_supported: 2 14 2 0 128 128 pf_key_supported: 3 15 3 128 168 168 pf_key_supported: 3 14 3 0 160 160 pf_key_supported: 3 14 2 0 128 128 pf_key_supported: 9 15 1 0 32 32 pf_key_supported: 10 15 2 0 1 1 + _________________________ + + cd /proc/sys/net/ipsec + egrep ^ debug_ah debug_eroute debug_esp debug_ipcomp debug_netlink debug_pfkey debug_radij debug_rcv debug_spi debug_tunnel debug_verbose debug_xform icmp inbound_policy_check tos debug_ah:0 debug_eroute:0 debug_esp:0 debug_ipcomp:0 debug_netlink:0 debug_pfkey:0 debug_radij:0 debug_rcv:0 debug_spi:0 debug_tunnel:0 debug_verbose:0 debug_xform:0 icmp:0 inbound_policy_check:1 tos:1 + _________________________ + + ipsec auto --status 000 interface ipsec0/eth0 208.180.134.7 000 000 "net": 192.168.2.0/24===208.180.134.7---208.180.134.1... 000 "net": ...208.180.134.1---208.180.134.97===192.168.1.0/24 000 "net": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0 000 "net": policy: PSK+ENCRYPT+TUNNEL+PFS; interface: eth0; erouted 000 "net": newest ISAKMP SA: #10; newest IPsec SA: #9; eroute owner: #9 000 000 #2: "net" STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 11017s 000 #2: "net" esp.4edd6428@208.180.134.97 esp.2914169f@208.180.134.7 tun.1002@208.180.134.97 tun.1001@208.180.134.7 000 #10: "net" STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 2157s; newest ISAKMP 000 #9: "net" STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 24972s; newest IPSEC; eroute owner 000 #9: "net" esp.4edd642a@208.180.134.97 esp.291416a1@208.180.134.7 tun.1006@208.180.134.97 tun.1005@208.180.134.7 000 #8: "net" STATE_QUICK_R2 (IPsec SA established); EVENT_SA_REPLACE in 25640s 000 #8: "net" esp.4edd6429@208.180.134.97 esp.291416a0@208.180.134.7 tun.1004@208.180.134.97 tun.1003@208.180.134.7 + _________________________ + + ifconfig -a lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:3924 Metric:1 RX packets:39 errors:0 dropped:0 overruns:0 frame:0 TX packets:39 errors:0 dropped:0 overruns:0 carrier:0 Collisions:0 ipsec0 Link encap:Ethernet HWaddr 00:20:AF:E8:BE:48 inet addr:208.180.134.7 Mask:255.255.255.0 UP RUNNING NOARP MTU:16260 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:13 errors:0 dropped:10 overruns:0 carrier:0 Collisions:0 ipsec1 Link encap:IPIP Tunnel HWaddr unspec addr:[NONE SET] Mask:[NONE SET] NOARP MTU:0 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 Collisions:0 ipsec2 Link encap:IPIP Tunnel HWaddr unspec addr:[NONE SET] Mask:[NONE SET] NOARP MTU:0 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 Collisions:0 ipsec3 Link encap:IPIP Tunnel HWaddr unspec addr:[NONE SET] Mask:[NONE SET] NOARP MTU:0 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 Collisions:0 eth0 Link encap:Ethernet HWaddr 00:20:AF:E8:BE:48 inet addr:208.180.134.7 Bcast:0.0.0.0 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:87181 errors:0 dropped:0 overruns:0 frame:0 TX packets:2357 errors:0 dropped:0 overruns:0 carrier:0 Collisions:9 Interrupt:10 Base address:0x300 eth1 Link encap:Ethernet HWaddr 00:A0:24:DB:73:CA inet addr:192.168.2.254 Bcast:192.168.2.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2490 errors:0 dropped:0 overruns:0 frame:0 TX packets:1942 errors:0 dropped:0 overruns:0 carrier:0 Collisions:5 Interrupt:11 Base address:0x280 + _________________________ + + ipsec --directory /usr/local/lib/ipsec + _________________________ + + hostname --fqdn hostname: invalid option -- - BusyBox v0.60.1 (2001.10.18-21:35+0000) multi-call binary Usage: hostname [OPTION] {hostname | -F FILE} + _________________________ + + hostname --ip-address hostname: invalid option -- - BusyBox v0.60.1 (2001.10.18-21:35+0000) multi-call binary Usage: hostname [OPTION] {hostname | -F FILE} + _________________________ + + uptime 09:02:43 up 0 Days (4h), load average: 0.10 0.03 0.01 + _________________________ + + ipsec showdefaults routephys=eth0 routephys=eth0 routevirt=ipsec0 routevirt=ipsec0 routeaddr=208.180.134.7 routeaddr=208.180.134.7 routenexthop=208.180.134.1 routenexthop=208.180.134.1 defaultroutephys=eth0 defaultroutevirt=ipsec0 defaultrouteaddr=208.180.134.7 defaultroutenexthop=208.180.134.1 + _________________________ + + ipsec _include /etc/ipsec.conf + ipsec _keycensor #< /etc/ipsec.conf 1 # /etc/ipsec.conf - FreeS/WAN IPsec configuration file # More elaborate and more varied sample configurations can be found # in FreeS/WAN's doc/examples file, and in the HTML documentation. # basic configuration config setup # THIS SETTING MUST BE CORRECT or almost nothing will work; # %defaultroute is okay for most simple cases. interfaces=%defaultroute # Debug-logging controls: "none" for (almost) none, "all" for lots. klipsdebug=none plutodebug=none # Use auto= parameters in conn descriptions to control startup actions. plutoload=%search plutostart=%search # Close down old connection when new one using same ID shows up. uniqueids=yes # defaults for subsequent connection descriptions conn %default type=tunnel #keyexchange=ike #keylife=8h # How persistent to be in (re)keying negotiations (0 means very). keyingtries=0 #disablearrivalcheck=no # RSA authentication with keys from DNS. #authby=rsasig #leftrsasigkey=%dns #rightrsasigkey=%dns # Preshared Secret Key authentication. authby=secret #pfs=no # Left security gateway, subnet behind it, next hope toward right. #left=208.180.144.21 #leftsubnet=192.168.2.0/24 #leftnexthop=%defaultroute #leftfirewall=yes # connection description for (experimental!) opportunistic encryption # (requires KEY record in your DNS reverse map; see doc/opportunism.howto) #conn me-to-anyone # left=%defaultroute # right=%opportunistic # # uncomment to enable incoming; change to auto=route for outgoing # #auto=add # sample VPN connection conn net #left left=208.180.134.97 leftsubnet=192.168.1.0/24 leftnexthop=%defaultroute # Right security gateway, subnet behind it, next hop toward left. right=208.180.134.7 rightsubnet=192.168.2.0/24 rightnexthop=%defaultroute rightfirewall=yes # To authorize this connection, but not actually start it, at startup, # uncomment this. To start the connection, change "add" to "start". auto=start + _________________________ + + ipsec _include /etc/ipsec.secrets + ipsec _secretcensor #< /etc/ipsec.secrets 1 # This file holds shared secrets or RSA private keys for inter-Pluto # authentication. See ipsec_pluto(8) manpage, and HTML documentation. # RSA private key for this host, authenticating it to any other host # which knows the public part. Suitable public keys, for ipsec.conf, DNS, # or configuration of other implementations, can be extracted conveniently md5sum: not found # with "[sums to #...]". md5sum: not found # # -- Create your own RSA key with "[sums to #...]" # } md5sum: not found # do not change the indenting of that "[sums to #...]" # Preshared Secret Key authentication. You can have ipsec create a md5sum: not found # secret key with the "[sums to #...]" command. md5sum: not found : PSK "[sums to :...]" + _________________________ + + ls -l /usr/local/lib/ipsec -rwxr-xr-x 1 root staff 10884 Jul 19 2001 _confread -rwxr-xr-x 1 root staff 2163 Jul 19 2001 _include -rwxr-xr-x 1 root staff 1383 Jul 19 2001 _keycensor -rwxr-xr-x 1 root staff 3271 Jul 19 2001 _plutoload -rwxr-xr-x 1 root staff 3404 Jul 19 2001 _plutorun -rwxr-xr-x 1 root staff 6709 Jul 19 2001 _realsetup -rwxr-xr-x 1 root staff 1904 Jul 19 2001 _secretcensor -rwxr-xr-x 1 root staff 6097 Oct 18 2001 _startklips -rwxr-xr-x 1 root staff 5466 Oct 18 2001 _updown -rwxr-xr-x 1 root staff 9994 Jul 19 2001 auto -rwxr-xr-x 1 root staff 4670 Jul 19 2001 barf -rwxr-xr-x 1 root staff 57332 Jul 19 2001 eroute -rwxr-xr-x 1 root staff 2846 Jul 19 2001 ipsec -rwxr-xr-x 1 root staff 39820 Jul 19 2001 klipsdebug -rwxr-xr-x 1 root staff 2552 Oct 24 2001 look -rwxr-xr-x 1 root staff 16172 Jul 19 2001 manual -rwxr-xr-x 1 root staff 277828 Jul 19 2001 pluto -rwxr-xr-x 1 root staff 6620 Jul 19 2001 ranbits -rwxr-xr-x 1 root staff 45364 Jul 19 2001 rsasigkey lrwxrwxrwx 1 root staff 17 Nov 30 04:18 setup -> /etc/init.d/ipsec -rwxr-xr-x 1 root staff 1041 Jul 19 2001 showdefaults -rwxr-xr-x 1 root staff 3055 Jul 19 2001 showhostkey -rwxr-xr-x 1 root staff 62220 Jul 19 2001 spi -rwxr-xr-x 1 root staff 48980 Jul 19 2001 spigrp -rwxr-xr-x 1 root staff 9240 Jul 19 2001 tncfg -rwxr-xr-x 1 root staff 29776 Jul 19 2001 whack + _________________________ + + ls /usr/local/lib/ipsec + egrep updown + cat /usr/local/lib/ipsec/_updown #! /bin/sh # default updown script # Copyright (C) 2000, 2001 D. Hugh Redelmeier, Henry Spencer # # This program is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by the # Free Software Foundation; either version 2 of the License, or (at your # option) any later version. See . # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License # for more details. # # RCSID $Id: _updown,v 1.14 2001/04/07 22:42:54 henry Exp $ # CAUTION: Installing a new version of FreeS/WAN will install a new # copy of this script, wiping out any custom changes you make. If # you need changes, make a copy of this under another name, and customize # that, and use the (left/right)updown parameters in ipsec.conf to make # FreeS/WAN use yours instead of this default one. # check interface version case "$PLUTO_VERSION" in 1.[0]) # Older Pluto?!? Play it safe, script may be using new features. echo "$0: obsolete interface version `$PLUTO_VERSION'," >&2 echo "$0: called by obsolete Pluto?" >&2 exit 2 ;; 1.*) ;; *) echo "$0: unknown interface version `$PLUTO_VERSION'" >&2 exit 2 ;; esac # check parameter(s) case "$*" in '') ;; ipfwadm) # caused by (left/right)firewall=yes; for default script only ;; *) echo "$0: unknown parameter `$1'" >&2 exit 2 ;; esac # utility functions for route manipulation # Meddling with this stuff should not be necessary and requires great care. uproute() { doroute add } downroute() { doroute del } doroute() { parms="-net $PLUTO_PEER_CLIENT_NET netmask $PLUTO_PEER_CLIENT_MASK" parms2="dev $PLUTO_INTERFACE gw $PLUTO_NEXT_HOP" case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in "0.0.0.0/0.0.0.0") # horrible kludge for obscure routing bug with opportunistic route $1 -net 0.0.0.0 netmask 128.0.0.0 $parms2 && route $1 -net 128.0.0.0 netmask 128.0.0.0 $parms2 ;; *) route $1 $parms $parms2 ;; esac st=$? if test $st -ne 0 then # route has already given its own cryptic message echo "$0: `route $1 $parms' failed" >&2 fi return $st } # the big choice case "$PLUTO_VERB:$1" in prepare-host:*|prepare-client:*) # delete possibly-existing route (preliminary to adding a route) case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in "0.0.0.0/0.0.0.0") # horrible kludge for obscure routing bug with opportunistic parms1="-net 0.0.0.0 netmask 128.0.0.0" parms2="-net 128.0.0.0 netmask 128.0.0.0" oops="`route del $parms1 2>&1 ; route del $parms2 2>&1`" ;; *) parms="-net $PLUTO_PEER_CLIENT_NET netmask $PLUTO_PEER_CLIENT_MASK" oops="`route del $parms 2>&1`" ;; esac status="$?" if test " $oops" = " " -a " $status" != " 0" then oops="silent error, exit status $status" fi case "$oops" in 'SIOCDELRT: No such process'*) # This is what route (currently -- not documented!) gives # for "could not find such a route". oops= status=0 ;; esac if test " $oops" != " " -o " $status" != " 0" then echo "$0: `route del $parms' failed ($oops)" >&2 fi exit $status ;; route-host:*|route-client:*) # connection to me or my client subnet being routed uproute ;; unroute-host:*|unroute-client:*) # connection to me or my client subnet being unrouted downroute ;; up-host:*) # connection to me coming up # If you are doing a custom version, firewall commands go here. ;; down-host:*) # connection to me going down # If you are doing a custom version, firewall commands go here. ;; up-client:) # connection to my client subnet coming up # If you are doing a custom version, firewall commands go here. ;; down-client:) # connection to my client subnet going down # If you are doing a custom version, firewall commands go here. ;; up-client:ipfwadm) # connection to client subnet, with (left/right)firewall=yes, coming up # This is used only by the default updown script, not by your custom # ones, so do not mess with it; see CAUTION comment up at top. # ipfwadm -F -i accept -b -S $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK # -D $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK ipchains -I forward -j ACCEPT -b -s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK # Insert firewall rule to accept ESP (Protocol 50) and AH (Protocol 51) # packets from peer ipchains -I input -j ACCEPT -p 50 -s $PLUTO_PEER/32 -d $PLUTO_ME/32 ipchains -I input -j ACCEPT -p 51 -s $PLUTO_PEER/32 -d $PLUTO_ME/32 ;; down-client:ipfwadm) # connection to client subnet, with (left/right)firewall=yes, going down # This is used only by the default updown script, not by your custom # ones, so do not mess with it; see CAUTION comment up at top. # ipfwadm -F -d accept -b -S $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK # -D $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK ipchains -D forward -j ACCEPT -b -s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK # Delete firewall rule to accept ESP (Protocol 50) and AH (Protocol 51) # packets from peer ipchains -D input -j ACCEPT -p 50 -s $PLUTO_PEER/32 -d $PLUTO_ME/32 ipchains -D input -j ACCEPT -p 51 -s $PLUTO_PEER/32 -d $PLUTO_ME/32 ;; *) echo "$0: unknown verb `$PLUTO_VERB' or parameter `$1'" >&2 exit 1 ;; esac + _________________________ + + cat /proc/net/dev Inter-| Receive | Transmit face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed lo: 5088 39 0 0 0 0 0 0 5088 39 0 0 0 0 0 0 ipsec0: 0 0 0 0 0 0 0 0 1686 13 0 10 0 0 0 0 ipsec1: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ipsec2: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ipsec3: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 eth0: 6691684 87182 0 0 0 0 0 0 212125 2357 0 0 0 9 0 0 eth1: 246901 2490 0 0 0 0 0 0 593797 1942 0 0 0 5 0 0 + _________________________ + + cat /proc/net/route Iface Destination Gateway Flags RefCnt Use Metric Mask MTU Window IRTT eth0 0086B4D0 00000000 0001 0 0 0 00FFFFFF 0 0 0 ipsec0 0086B4D0 00000000 0001 0 0 0 00FFFFFF 0 0 0 eth1 0002A8C0 00000000 0001 0 0 0 00FFFFFF 0 0 0 ipsec0 0001A8C0 0186B4D0 0003 0 0 0 00FFFFFF 0 0 0 eth0 00000000 0186B4D0 0003 0 0 0 00000000 0 0 0 + _________________________ + + cat /proc/sys/net/ipv4/ip_forward 1 + _________________________ + + uname -a Linux firewall 2.2.19-3-LEAF #2 Sat Dec 1 12:34:52 CST 2001 i386 unknown + _________________________ + + test -r /etc/redhat-release + _________________________ + + cat /proc/net/ipsec_version FreeS/WAN version: 1.91 + _________________________ + + ipchains -L -v -n Chain input (policy DENY: 3 packets, 817 bytes): pkts bytes target prot opt tosa tosx ifname mark outsize source destination ports 0 0 DENY icmp ----l- 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 5 -> * 0 0 DENY icmp ----l- 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 13 -> * 0 0 DENY icmp ----l- 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 14 -> * 0 0 DENY all ----l- 0xFF 0x00 eth0 0.0.0.0 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 255.255.255.255 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 127.0.0.0/8 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 224.0.0.0/4 0.0.0.0/0 n/a 27 864 DENY all ----l- 0xFF 0x00 eth0 10.0.0.0/8 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 172.16.0.0/12 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 192.168.0.0/16 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 0.0.0.0/8 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 128.0.0.0/16 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 191.255.0.0/16 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 192.0.0.0/24 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 223.255.255.0/24 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 240.0.0.0/4 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 192.168.2.0/24 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 208.180.134.7 0.0.0.0/0 n/a 0 0 REJECT all ----l- 0xFF 0x00 eth0 0.0.0.0/0 127.0.0.0/8 n/a 0 0 REJECT all ----l- 0xFF 0x00 eth0 0.0.0.0/0 192.168.2.0/24 n/a 0 0 REJECT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 137 0 0 REJECT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 135 3 234 REJECT udp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 137 0 0 REJECT udp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 135 0 0 REJECT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 138:139 0 0 REJECT udp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 138 0 0 REJECT udp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 137:138 -> * 0 0 REJECT udp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 135 -> * 0 0 REJECT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 137:139 -> * 0 0 REJECT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 135 -> * 0 0 REJECT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 113 389 304K ACCEPT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 1024:65535 0 0 REJECT udp ----l- 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 161:162 0 0 ACCEPT udp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 68 3 412 ACCEPT udp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 500 0 0 DENY udp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 67 489 175K ACCEPT udp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 1024:65535 23 1372 ACCEPT icmp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> * 0 0 ACCEPT ospf ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 n/a 0 0 ACCEPT 50 ------ 0xFF 0x00 eth0 0.0.0.0/0 208.180.134.7 n/a 0 0 ACCEPT 51 ------ 0xFF 0x00 eth0 0.0.0.0/0 208.180.134.7 n/a 590 22441 DENY all ----l- 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 n/a 0 0 REJECT udp ----l- 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 * -> 161:162 0 0 REJECT udp ----l- 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 161:162 -> * 407 32023 ACCEPT all ------ 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 n/a Chain forward (policy DENY: 0 packets, 0 bytes): pkts bytes target prot opt tosa tosx ifname mark outsize source destination ports 0 0 DENY icmp ----l- 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 5 -> * 336 25816 MASQ all ------ 0xFF 0x00 eth0 192.168.2.0/24 0.0.0.0/0 n/a 9 547 DENY all ------ 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 n/a Chain output (policy DENY: 0 packets, 0 bytes): pkts bytes target prot opt tosa tosx ifname mark outsize source destination ports 841 340K fairq all ------ 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 0.0.0.0 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 255.255.255.255 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 127.0.0.0/8 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 224.0.0.0/4 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 10.0.0.0/8 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 172.16.0.0/12 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 192.168.0.0/16 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 0.0.0.0/8 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 128.0.0.0/16 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 191.255.0.0/16 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 192.0.0.0/24 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 223.255.255.0/24 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 240.0.0.0/4 0.0.0.0/0 n/a 0 0 DENY all ------ 0xFF 0x00 eth0 192.168.2.0/24 0.0.0.0/0 n/a 0 0 REJECT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 137 0 0 REJECT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 135 0 0 REJECT udp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 137 0 0 REJECT udp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 135 0 0 REJECT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 138:139 0 0 REJECT udp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 138 0 0 REJECT udp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 137:138 -> * 0 0 REJECT udp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 135 -> * 0 0 REJECT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 137:139 -> * 0 0 REJECT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 135 -> * 841 340K ACCEPT all ------ 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 n/a Chain fairq (1 references): pkts bytes target prot opt tosa tosx ifname mark outsize source destination ports 0 0 RETURN ospf ------ 0xFF 0x00 * 0x1 0.0.0.0/0 0.0.0.0/0 n/a 0 0 RETURN ospf ------ 0xFF 0x00 * 0x1 0.0.0.0/0 0.0.0.0/0 n/a 0 0 RETURN udp ------ 0xFF 0x00 * 0x1 0.0.0.0/0 0.0.0.0/0 * -> 520 0 0 RETURN udp ------ 0xFF 0x00 * 0x1 0.0.0.0/0 0.0.0.0/0 520 -> * 0 0 RETURN tcp ------ 0xFF 0x00 * 0x1 0.0.0.0/0 0.0.0.0/0 * -> 179 0 0 RETURN tcp ------ 0xFF 0x00 * 0x1 0.0.0.0/0 0.0.0.0/0 179 -> * 0 0 RETURN tcp ------ 0xFF 0x00 * 0x1 0.0.0.0/0 0.0.0.0/0 * -> 53 0 0 RETURN tcp ------ 0xFF 0x00 * 0x1 0.0.0.0/0 0.0.0.0/0 53 -> * 66 4647 RETURN udp ------ 0xFF 0x00 * 0x1 0.0.0.0/0 0.0.0.0/0 * -> 53 26 3348 RETURN udp ------ 0xFF 0x00 * 0x1 0.0.0.0/0 0.0.0.0/0 53 -> * 0 0 RETURN tcp ------ 0xFF 0x00 * 0x2 0.0.0.0/0 0.0.0.0/0 * -> 23 0 0 RETURN tcp ------ 0xFF 0x00 * 0x2 0.0.0.0/0 0.0.0.0/0 23 -> * 0 0 RETURN tcp ------ 0xFF 0x00 * 0x2 0.0.0.0/0 0.0.0.0/0 * -> 22 0 0 RETURN tcp ------ 0xFF 0x00 * 0x2 0.0.0.0/0 0.0.0.0/0 22 -> * + _________________________ + + ipfwadm -F -l -n -e ipfwadm: not found + _________________________ + + ipfwadm -I -l -n -e ipfwadm: not found + _________________________ + + ipfwadm -O -l -n -e ipfwadm: not found + _________________________ + + ipchains -M -L -v -n IP masquerading entries prot expire initseq delta prevd source destination ports TCP 239:47.53 0 0 0 192.168.2.1 64.12.27.113 1092 (61023) -> 5190 TCP 239:43.68 0 0 0 192.168.2.1 205.188.9.156 1084 (61021) -> 5190 + _________________________ + + ipfwadm -M -l -n -e ipfwadm: not found + _________________________ + + cat /proc/modules ip_masq_vdolive 1180 0 (unused) ip_masq_user 3708 0 (unused) ip_masq_mfw 3196 0 (unused) ip_masq_autofw 2476 0 (unused) 3c509 5628 2 pci-scan 2296 0 + _________________________ + + cat /proc/meminfo total: used: free: shared: buffers: cached: Mem: 31555584 15511552 16044032 7737344 5627904 4292608 Swap: 0 0 0 MemTotal: 30816 kB MemFree: 15668 kB MemShared: 7556 kB Buffers: 5496 kB Cached: 4192 kB SwapTotal: 0 kB SwapFree: 0 kB + _________________________ + + ls -l /dev/ipsec* ls: /dev/ipsec*: No such file or directory + _________________________ + + ls -l /proc/net/ipsec_eroute /proc/net/ipsec_klipsdebug /proc/net/ipsec_spi /proc/net/ipsec_spigrp /proc/net/ipsec_tncfg /proc/net/ipsec_version -r--r--r-- 1 root root 0 Nov 30 09:02 /proc/net/ipsec_eroute -r--r--r-- 1 root root 0 Nov 30 09:02 /proc/net/ipsec_klipsdebug -r--r--r-- 1 root root 0 Nov 30 09:02 /proc/net/ipsec_spi -r--r--r-- 1 root root 0 Nov 30 09:02 /proc/net/ipsec_spigrp -r--r--r-- 1 root root 0 Nov 30 09:02 /proc/net/ipsec_tncfg -r--r--r-- 1 root root 0 Nov 30 09:02 /proc/net/ipsec_version + _________________________ + + test -f /usr/src/linux/.config + _________________________ + + cat /etc/syslog.conf # /etc/syslog.conf Configuration file for syslogd. # # For more information see syslog.conf(5) # manpage. # # Log everything remotely. The other machine must run syslog with '-r'. # WARNING: Doing this is unsecure and can open you up to a DoS attack. # #*.* @host.ip.address-or-name.here # # First some standard logfiles. Log by facility. # auth,authpriv.* /var/log/auth.log *.*;auth,authpriv.none -/var/log/syslog daemon.* -/var/log/daemon.log kern.* -/var/log/kern.log #cron.* /var/log/cron.log #lpr.* -/var/log/lpr.log #mail.* /var/log/mail.log #user.* -/var/log/user.log #uucp.* -/var/log/uucp.log # # Some `catch-all' logfiles. # *.=debug; auth,authpriv.none; news.none;mail.none -/var/log/debug *.=info;*.=notice;*.=warn; auth,authpriv.none; cron,daemon.none; mail,news.none -/var/log/messages # # Emergencies are sent to everybody logged in. # *.emerg * #ppp local2.* -/var/log/ppp.log #portslave local6.* -/var/log/pslave.log + _________________________ + + test -f /var/log/kern.debug + _________________________ + + cat + egrep -i ipsec|klips|pluto + egrep -n Starting FreeS.WAN /var/log/syslog.0 + sed -n $s/:.*//p + sed -n 61,$p /var/log/syslog.0 Nov 30 04:18:49 firewall ipsec_setup: Starting FreeS/WAN IPsec 1.91... Nov 30 04:18:49 firewall ipsec_setup: KLIPS debug `none' Nov 30 04:18:50 firewall ipsec_setup: KLIPS ipsec0 on eth0 208.180.134.7/255.255.255.0 broadcast 0.0.0.0 Nov 30 04:18:50 firewall ipsec_setup: ...FreeS/WAN IPsec started Nov 30 04:18:52 firewall ipsec__plutorun: 104 "net" #1: STATE_MAIN_I1: initiate Nov 30 04:18:52 firewall ipsec__plutorun: 106 "net" #1: STATE_MAIN_I2: from STATE_MAIN_I1; sent MI2, expecting MR2 Nov 30 04:18:52 firewall ipsec__plutorun: 108 "net" #1: STATE_MAIN_I3: from STATE_MAIN_I2; sent MI3, expecting MR3 Nov 30 04:18:52 firewall ipsec__plutorun: 004 "net" #1: STATE_MAIN_I4: ISAKMP SA established Nov 30 04:18:52 firewall ipsec__plutorun: 112 "net" #2: STATE_QUICK_I1: initiate Nov 30 04:18:52 firewall ipsec__plutorun: 004 "net" #2: STATE_QUICK_I2: sent QI2, IPsec SA established + _________________________ + + egrep -i pluto + egrep -n Starting Pluto /var/log/auth.log + cat + sed -n $s/:.*//p + sed -n 1,$p /var/log/auth.log Nov 30 04:18:50 firewall Pluto[1050]: Starting Pluto (FreeS/WAN Version 1.91) Nov 30 04:18:51 firewall Pluto[1050]: added connection description "net" Nov 30 04:18:51 firewall Pluto[1050]: listening for IKE messages Nov 30 04:18:51 firewall Pluto[1050]: adding interface ipsec0/eth0 208.180.134.7 Nov 30 04:18:51 firewall Pluto[1050]: loading secrets from "/etc/ipsec.secrets" Nov 30 04:18:51 firewall Pluto[1050]: "net" #1: initiating Main Mode Nov 30 04:18:51 firewall Pluto[1050]: "net" #1: STATE_MAIN_I4: ISAKMP SA established Nov 30 04:18:51 firewall Pluto[1050]: "net" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS Nov 30 04:18:52 firewall Pluto[1050]: "net" #2: STATE_QUICK_I2: sent QI2, IPsec SA established Nov 30 05:02:18 firewall Pluto[1050]: "net" #1: replacing stale ISAKMP SA Nov 30 05:02:18 firewall Pluto[1050]: "net" #3: initiating Main Mode Nov 30 05:02:18 firewall Pluto[1050]: "net" #3: STATE_MAIN_I4: ISAKMP SA established Nov 30 05:18:51 firewall Pluto[1050]: "net" #1: ISAKMP SA expired (superseded by #3) Nov 30 05:46:16 firewall Pluto[1050]: "net" #3: replacing stale ISAKMP SA Nov 30 05:46:16 firewall Pluto[1050]: "net" #4: initiating Main Mode Nov 30 05:46:17 firewall Pluto[1050]: "net" #4: STATE_MAIN_I4: ISAKMP SA established Nov 30 06:02:18 firewall Pluto[1050]: "net" #3: ISAKMP SA expired (superseded by #4) Nov 30 06:30:06 firewall Pluto[1050]: "net" #4: replacing stale ISAKMP SA Nov 30 06:30:06 firewall Pluto[1050]: "net" #5: initiating Main Mode Nov 30 06:30:06 firewall Pluto[1050]: "net" #5: STATE_MAIN_I4: ISAKMP SA established Nov 30 06:46:17 firewall Pluto[1050]: "net" #4: ISAKMP SA expired (superseded by #5) Nov 30 07:12:54 firewall Pluto[1050]: "net" #5: replacing stale ISAKMP SA Nov 30 07:12:54 firewall Pluto[1050]: "net" #6: initiating Main Mode Nov 30 07:12:54 firewall Pluto[1050]: "net" #6: STATE_MAIN_I4: ISAKMP SA established Nov 30 07:30:06 firewall Pluto[1050]: "net" #5: ISAKMP SA expired (superseded by #6) Nov 30 08:02:08 firewall Pluto[1050]: "net" #6: replacing stale ISAKMP SA Nov 30 08:02:08 firewall Pluto[1050]: "net" #7: initiating Main Mode Nov 30 08:02:09 firewall Pluto[1050]: "net" #7: STATE_MAIN_I4: ISAKMP SA established Nov 30 08:12:54 firewall Pluto[1050]: "net" #6: ISAKMP SA expired (superseded by #7) Nov 30 08:14:33 firewall Pluto[1050]: "net" #8: responding to Quick Mode Nov 30 08:14:33 firewall Pluto[1050]: "net" #8: STATE_QUICK_R2: IPsec SA established Nov 30 08:14:49 firewall Pluto[1050]: "net" #9: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS Nov 30 08:14:49 firewall Pluto[1050]: "net" #9: STATE_QUICK_I2: sent QI2, IPsec SA established Nov 30 08:50:08 firewall Pluto[1050]: "net" #7: replacing stale ISAKMP SA Nov 30 08:50:08 firewall Pluto[1050]: "net" #10: initiating Main Mode Nov 30 08:50:09 firewall Pluto[1050]: "net" #10: STATE_MAIN_I4: ISAKMP SA established Nov 30 09:02:09 firewall Pluto[1050]: "net" #7: ISAKMP SA expired (superseded by #10) + _________________________ + + date Sat Nov 30 09:02:47 UTC 2002