[root@apogee root]# ipsec barf
apogee.integrated-group.com
Tue Dec 9 16:29:46 EET 2003
+ _________________________ version
+ ipsec --version
Linux FreeS/WAN 2.04
See `ipsec --copyright' for copyright information.
+ _________________________ proc/version
+ cat /proc/version
Linux version 2.4.20-20.9 (bhcompile@xxxxxxxxxxxxxxxxxxxxxxxxxx) (gcc version 3.2.2 20030222 (Red Hat Linux 3.2.2-5)) #1 Mon Aug 18 11:45:58 EDT 2003
+ _________________________ ipsec_verify
+ ipsec verify --nocolour
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux FreeS/WAN 2.04
Checking for KLIPS support in kernel [OK]
Checking for RSA private key (/etc/ipsec.secrets) [FAILED]
ipsec showhostkey: no default key in "/etc/ipsec.secrets"
Checking that pluto is running [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking NAT and MASQUERADEing
Opportunistic Encryption DNS checks:
Looking for TXT in forward map: apogee.integrated-group.com [MISSING]
Does the machine have at least one non-private address? [OK]
Looking for TXT in reverse map: 130.75.131.213.in-addr.arpa. [MISSING]
+ _________________________ proc/net/ipsec_eroute
+ sort -sg +3 /proc/net/ipsec_eroute
+ _________________________ netstat-rn
+ netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
62.241.134.0 0.0.0.0 255.255.255.240 U 0 0 0 ipsec0
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
213.131.75.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
213.131.75.0 0.0.0.0 255.255.255.0 U 0 0 0 ipsec0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 213.131.75.129 0.0.0.0 UG 0 0 0 eth0
+ _________________________ proc/net/ipsec_spi
+ cat /proc/net/ipsec_spi
+ _________________________ proc/net/ipsec_spigrp
+ cat /proc/net/ipsec_spigrp
+ _________________________ proc/net/ipsec_tncfg
+ cat /proc/net/ipsec_tncfg
ipsec0 -> eth0 mtu=16260(1500) -> 1500
ipsec1 -> NULL mtu=0(0) -> 0
ipsec2 -> NULL mtu=0(0) -> 0
ipsec3 -> NULL mtu=0(0) -> 0
+ _________________________ proc/net/pf_key
+ cat /proc/net/pf_key
sock pid socket next prev e n p sndbf Flags Type St
c0e26a80 17937 c6488594 0 0 0 0 2 65535 00000000 3 1
+ _________________________ proc/net/pf_key-star
+ cd /proc/net
+ egrep '^' pf_key_registered pf_key_supported
pf_key_registered:satype socket pid sk
pf_key_registered: 2 c6488594 17937 c0e26a80
pf_key_registered: 3 c6488594 17937 c0e26a80
pf_key_registered: 9 c6488594 17937 c0e26a80
pf_key_registered: 10 c6488594 17937 c0e26a80
pf_key_supported:satype exttype alg_id ivlen minbits maxbits
pf_key_supported: 2 14 3 0 160 160
pf_key_supported: 2 14 2 0 128 128
pf_key_supported: 3 15 3 128 168 168
pf_key_supported: 3 14 3 0 160 160
pf_key_supported: 3 14 2 0 128 128
pf_key_supported: 9 15 4 0 128 128
pf_key_supported: 9 15 3 0 32 128
pf_key_supported: 9 15 2 0 128 32
pf_key_supported: 9 15 1 0 32 32
pf_key_supported: 10 15 2 0 1 1
+ _________________________ proc/sys/net/ipsec-star
+ cd /proc/sys/net/ipsec
+ egrep '^' debug_ah debug_eroute debug_esp debug_ipcomp debug_netlink debug_pfkey debug_radij debug_rcv debug_spi debug_tunnel debug_verbose debug_xform icmp inbound_policy_check pfkey_lossage tos
debug_ah:0
debug_eroute:0
debug_esp:0
debug_ipcomp:0
debug_netlink:0
debug_pfkey:0
debug_radij:0
debug_rcv:0
debug_spi:0
debug_tunnel:0
debug_verbose:0
debug_xform:0
icmp:1
inbound_policy_check:1
pfkey_lossage:0
tos:1
+ _________________________ ipsec/status
+ ipsec auto --status
000 interface ipsec0/eth0 213.131.75.130
000 %myid = (none)
000 debug none
000
000 "cisco": 10.0.0.0/24===10.0.0.16---213.131.75.130...213.131.64.249===62.241.134.0/28; unrouted; eroute owner: #0
000 "cisco": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
000 "cisco": policy: PSK+ENCRYPT+TUNNEL; prio: 24,28; interface: ;
000 "cisco": newest ISAKMP SA: #0; newest IPsec SA: #0;
000
000
+ _________________________ ifconfig-a
+ ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:05:5D:2F:6F:65
inet addr:213.131.75.130 Bcast:213.131.75.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2543138 errors:0 dropped:0 overruns:0 frame:0
TX packets:2689049 errors:0 dropped:0 overruns:0 carrier:0
collisions:387 txqueuelen:100
RX bytes:881033501 (840.2 Mb) TX bytes:1810010507 (1726.1 Mb)
Interrupt:11 Base address:0x3000
eth1 Link encap:Ethernet HWaddr 00:00:1C:DC:08:09 inet addr:10.0.0.16 Bcast:10.0.0.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2980833 errors:76 dropped:0 overruns:0 frame:0 TX packets:3336244 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:1243464969 (1185.8 Mb) TX bytes:3304614585 (3151.5 Mb) Interrupt:11 Base address:0x5000
ipsec0 Link encap:Ethernet HWaddr 00:05:5D:2F:6F:65 inet addr:213.131.75.130 Mask:255.255.255.0 UP RUNNING NOARP MTU:16260 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:10 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
ipsec1 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 NOARP MTU:0 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:10 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
ipsec2 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 NOARP MTU:0 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:10 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
ipsec3 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 NOARP MTU:0 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:10 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:591382 errors:0 dropped:0 overruns:0 frame:0 TX packets:591382 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:60240568 (57.4 Mb) TX bytes:60240568 (57.4 Mb)
+ _________________________ mii-tool
+ '[' -x /sbin/mii-tool ']'
+ /sbin/mii-tool -v
eth0: autonegotiation failed, link ok
product info: vendor 00:00:00, model 0 rev 0
basic mode: autonegotiation enabled
basic status: autonegotiation complete, link ok
capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
eth1: negotiated 100baseTx-FD, link ok
product info: vendor 00:00:00, model 0 rev 0
basic mode: autonegotiation enabled
basic status: autonegotiation complete, link ok
capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
link partner: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control
+ _________________________ ipsec/directory
+ ipsec --directory
/usr/local/lib/ipsec
+ _________________________ hostname/fqdn
+ hostname --fqdn
apogee.integrated-group.com
+ _________________________ hostname/ipaddress
+ hostname --ip-address
213.131.75.130
+ _________________________ uptime
+ uptime
16:29:47 up 4 days, 18:33, 6 users, load average: 2.44, 1.31, 0.64
+ _________________________ ps
+ ps alxwf
+ egrep -i 'ppid|pluto|ipsec|klips'
F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME COMMAND
0 0 18036 2707 25 0 4152 1108 wait4 S pts/2 0:00 | | \_ /bin/sh /usr/local/libexec/ipsec/barf
0 0 18162 18036 25 0 1504 460 pipe_w S pts/2 0:00 | | \_ grep -E -i ppid|pluto|ipsec|klips
1 0 17935 1 25 0 2120 780 wait4 S pts/1 0:00 /bin/sh /usr/local/lib/ipsec/_plutorun --debug none --uniqueids yes --dump --opts --stderrlog --wait no --pre --post --log daemon.error --pid /var/run/pluto.pid
1 0 17936 17935 25 0 2120 784 wait4 S pts/1 0:00 \_ /bin/sh /usr/local/lib/ipsec/_plutorun --debug none --uniqueids yes --dump --opts --stderrlog --wait no --pre --post --log daemon.error --pid /var/run/pluto.pid
4 0 17937 17936 15 0 2020 776 schedu S pts/1 0:00 | \_ /usr/local/libexec/ipsec/pluto --nofork --secretsfile /etc/ipsec.secrets --policygroupsdir /etc/ipsec.d/policies --debug-none --uniqueids
0 0 17959 17937 25 0 1424 212 schedu S pts/1 0:00 | \_ _pluto_adns
0 0 17938 17935 25 0 2096 756 pipe_w S pts/1 0:00 \_ /bin/sh /usr/local/lib/ipsec/_plutoload --wait no --post
0 0 17939 1 25 0 1364 424 pipe_w S pts/1 0:00 logger -s -p daemon.error -t ipsec__plutorun
+ _________________________ ipsec/showdefaults
+ ipsec showdefaults
routephys=eth0
routevirt=ipsec0
routeaddr=213.131.75.130
routenexthop=213.131.75.129
+ _________________________ ipsec/conf
+ ipsec _include /etc/ipsec.conf
+ ipsec _keycensor
#< /etc/ipsec.conf 1 # /etc/ipsec.conf - FreeS/WAN IPsec configuration file # RCSID $Id: ipsec.conf.in,v 1.11 2003/06/13 23:28:41 sam Exp $
# This file: /usr/local/share/doc/freeswan/ipsec.conf-sample # # Manual: ipsec.conf.5 # # Help: # http://www.freeswan.org/freeswan_trees/freeswan-2.04/doc/quickstart.html # http://www.freeswan.org/freeswan_trees/freeswan-2.04/doc/config.html # http://www.freeswan.org/freeswan_trees/freeswan-2.04/doc/adv_config.html # # Policy groups are enabled by default. See: # http://www.freeswan.org/freeswan_trees/freeswan-2.04/doc/policygroups.html # # Examples: # http://www.freeswan.org/freeswan_trees/freeswan-2.04/doc/examples
version 2.0 # conforms to second version of ipsec.conf specification
config setup # THIS SETTING MUST BE CORRECT or almost nothing will work; # %defaultroute is okay for most simple cases. interfaces=%defaultroute # Debug-logging controls: "none" for (almost) none, "all" for lots. klipsdebug=none plutodebug=none # Use auto= parameters in conn descriptions to control startup actions. # Close down old connection when new one using same ID shows up.
conn cisco type=tunnel authby=secret # Left security gateway, subnet behind it, next hop toward right. left=10.0.0.16 leftnexthop=213.131.75.130 leftsubnet=10.0.0.0/24 # Right security gateway, subnet behind it, next hop toward left. right=213.131.64.249 #rightnexthop=213.131.64.249 rightsubnet=62.241.134.0/28 pfs=no keyexchange=ike auto=start # How persistent to be in (re)keying negotiations (0 means very). esp=3des-md5-96 # key lifetime (before automatic rekeying)
conn block auto=ignore
conn private auto=ignore
conn private-or-clear auto=ignore
conn clear-or-private auto=ignore
conn clear auto=ignore
conn packetdefault auto=ignore + _________________________ ipsec/secrets + ipsec _include /etc/ipsec.secrets + ipsec _secretcensor
#< /etc/ipsec.secrets 1 # do not change the indenting of that "[sums to 7d9d...]" 213.131.75.130 213.131.64.249: PSK "[sums to 0548...]"
+ '[' /etc/ipsec.d/policies ']' ++ basename /etc/ipsec.d/policies/block + base=block + _________________________ ipsec/policies/block + cat /etc/ipsec.d/policies/block # This file defines the set of CIDRs (network/mask-length) to which # communication should never be allowed. # # See /usr/local/share/doc/freeswan/policygroups.html for details. # # $Id: block.in,v 1.4 2003/02/17 02:22:15 mcr Exp $ #
++ basename /etc/ipsec.d/policies/clear + base=clear + _________________________ ipsec/policies/clear + cat /etc/ipsec.d/policies/clear # This file defines the set of CIDRs (network/mask-length) to which # communication should always be in the clear. # # See /usr/local/share/doc/freeswan/policygroups.html for details. # # $Id: clear.in,v 1.4 2003/02/17 02:22:15 mcr Exp $ # ++ basename /etc/ipsec.d/policies/clear-or-private + base=clear-or-private + _________________________ ipsec/policies/clear-or-private + cat /etc/ipsec.d/policies/clear-or-private # This file defines the set of CIDRs (network/mask-length) to which # we will communicate in the clear, or, if the other side initiates IPSEC, # using encryption. This behaviour is also called "Opportunistic Responder". # # See /usr/local/share/doc/freeswan/policygroups.html for details. # # $Id: clear-or-private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $ # ++ basename /etc/ipsec.d/policies/private + base=private + _________________________ ipsec/policies/private + cat /etc/ipsec.d/policies/private # This file defines the set of CIDRs (network/mask-length) to which # communication should always be private (i.e. encrypted). # See /usr/local/share/doc/freeswan/policygroups.html for details. # # $Id: private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $ # #62.241.134.0/28 # 2600 router ++ basename /etc/ipsec.d/policies/private-or-clear + base=private-or-clear + _________________________ ipsec/policies/private-or-clear + cat /etc/ipsec.d/policies/private-or-clear # This file defines the set of CIDRs (network/mask-length) to which # communication should be private, if possible, but in the clear otherwise. # # If the target has a TXT (later IPSECKEY) record that specifies # authentication material, we will require private (i.e. encrypted) # communications. If no such record is found, communications will be # in the clear. # # See /usr/local/share/doc/freeswan/policygroups.html for details. # # $Id: private-or-clear.in,v 1.5 2003/02/17 02:22:15 mcr Exp $ #
0.0.0.0/0
+ _________________________ ipsec/ls-libdir
+ ls -l /usr/local/lib/ipsec
total 192
-rwxr-xr-x 1 root root 14890 Nov 12 01:13 _confread
-rwxr-xr-x 1 root root 48463 Nov 12 01:13 _copyright
-rwxr-xr-x 1 root root 2379 Nov 12 01:13 _include
-rwxr-xr-x 1 root root 1475 Nov 12 01:13 _keycensor
-rwxr-xr-x 1 root root 69077 Nov 12 01:13 _pluto_adns
-rwxr-xr-x 1 root root 3586 Nov 12 01:13 _plutoload
-rwxr-xr-x 1 root root 5165 Nov 12 01:13 _plutorun
-rwxr-xr-x 1 root root 9719 Nov 12 01:13 _realsetup
-rwxr-xr-x 1 root root 1975 Nov 12 01:13 _secretcensor
-rwxr-xr-x 1 root root 8065 Nov 12 01:13 _startklips
-rwxr-xr-x 1 root root 7959 Nov 12 01:13 _updown
-rwxr-xr-x 1 root root 1942 Nov 12 01:13 ipsec_pr.template
+ _________________________ ipsec/ls-execdir
+ ls -l /usr/local/libexec/ipsec
total 2968
-rwxr-xr-x 1 root root 12195 Nov 12 01:13 auto
-rwxr-xr-x 1 root root 8591 Nov 12 01:13 barf
-rwxr-xr-x 1 root root 816 Nov 12 01:13 calcgoo
-rwxr-xr-x 1 root root 308253 Nov 12 01:13 eroute
-rwxr-xr-x 1 root root 176522 Nov 12 01:13 klipsdebug
-rwxr-xr-x 1 root root 2449 Nov 12 01:13 look
-rwxr-xr-x 1 root root 7130 Nov 12 01:13 mailkey
-rwxr-xr-x 1 root root 16188 Nov 12 01:13 manual
-rwxr-xr-x 1 root root 1874 Nov 12 01:13 newhostkey
-rwxr-xr-x 1 root root 147317 Nov 12 01:13 pf_key
-rwxr-xr-x 1 root root 1271170 Nov 12 01:13 pluto
-rwxr-xr-x 1 root root 53629 Nov 12 01:13 ranbits
-rwxr-xr-x 1 root root 83667 Nov 12 01:13 rsasigkey
-rwxr-xr-x 1 root root 17602 Nov 12 01:13 send-pr
lrwxrwxrwx 1 root root 22 Dec 6 00:26 setup -> /etc/rc.d/init.d/ipsec
-rwxr-xr-x 1 root root 1048 Nov 12 01:13 showdefaults
-rwxr-xr-x 1 root root 4321 Nov 12 01:13 showhostkey
-rwxr-xr-x 1 root root 319429 Nov 12 01:13 spi
-rwxr-xr-x 1 root root 251326 Nov 12 01:13 spigrp
-rwxr-xr-x 1 root root 52065 Nov 12 01:13 tncfg
-rwxr-xr-x 1 root root 9292 Nov 12 01:13 verify
-rwxr-xr-x 1 root root 206957 Nov 12 01:13 whack
+ _________________________ ipsec/updowns
++ ls /usr/local/libexec/ipsec
++ egrep updown
+ _________________________ proc/net/dev
+ cat /proc/net/dev
Inter-| Receive | Transmit
face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed
lo:60240568 591382 0 0 0 0 0 0 60240568 591382 0 0 0 0 0 0
eth0:881033859 2543140 0 0 0 0 0 0 1810010681 2689051 0 0 0 387 0 0
eth1:1243465029 2980834 76 0 0 0 0 0 3304614645 3336245 0 0 0 0 0 0
ipsec0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
ipsec1: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
ipsec2: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
ipsec3: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
+ _________________________ proc/net/route
+ cat /proc/net/route
Iface Destination Gateway Flags RefCnt Use Metric Mask MTU Window IRTT
ipsec0 0086F13E 00000000 0001 0 0 0 F0FFFFFF 0 0 0
eth1 0000000A 00000000 0001 0 0 0 00FFFFFF 0 0 0
eth0 004B83D5 00000000 0001 0 0 0 00FFFFFF 0 0 0
ipsec0 004B83D5 00000000 0001 0 0 0 00FFFFFF 0 0 0
eth1 0000FEA9 00000000 0001 0 0 0 0000FFFF 0 0 0
lo 0000007F 00000000 0001 0 0 0 000000FF 0 0 0
eth0 00000000 814B83D5 0003 0 0 0 00000000 0 0 0
+ _________________________ proc/sys/net/ipv4/ip_forward
+ cat /proc/sys/net/ipv4/ip_forward
1
+ _________________________ proc/sys/net/ipv4/conf/star-rp_filter
+ cd /proc/sys/net/ipv4/conf
+ egrep '^' all/rp_filter default/rp_filter eth0/rp_filter eth1/rp_filter ipsec0/rp_filter lo/rp_filter
all/rp_filter:1
default/rp_filter:1
eth0/rp_filter:0
eth1/rp_filter:0
ipsec0/rp_filter:1
lo/rp_filter:1
+ _________________________ uname-a
+ uname -a
Linux apogee.integrated-group.com 2.4.20-20.9 #1 Mon Aug 18 11:45:58 EDT 2003 i686 i686 i386 GNU/Linux
+ _________________________ redhat-release
+ test -r /etc/redhat-release
+ cat /etc/redhat-release
Red Hat Linux release 9 (Shrike)
+ _________________________ proc/net/ipsec_version
+ cat /proc/net/ipsec_version
FreeS/WAN version: 2.04
+ _________________________ iptables/list
+ iptables -L -v -n
Chain INPUT (policy DROP 1 packets, 40 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT esp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:10000 dpt:10000
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:500 dpt:500
0 0 DROP icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 18
0 0 DROP icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 17
0 0 DROP icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 10
0 0 DROP icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 9
0 0 DROP icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 5
1091K 909M ACCEPT all -- eth1 * 0.0.0.0/0 0.0.0.0/0
27687 2337K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
51661 9243K ACCEPT all -- eth0 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
644 59192 ACCEPT icmp -- eth0 * 0.0.0.0/0 0.0.0.0/0 icmp type 8 limit: avg 1/sec burst 5
95 5512 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
1 48 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:110
53 2891 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
8 444 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:4662
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:500
591 47062 LOG tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 5 tcp LOG flags 0 level 4 prefix `tcp connection: '
442 71396 LOG udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 5 udp LOG flags 0 level 4 prefix `udp connection: '
791 58854 DROP tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp
465 72628 DROP udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp
Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10000 218K 49M ACCEPT all -- eth1 * 0.0.0.0/0 0.0.0.0/0 209K 120M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
Chain OUTPUT (policy ACCEPT 56331 packets, 6991K bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT esp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:10000 dpt:10000 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:500 dpt:500 2 80 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10000 1088K 1020M ACCEPT all -- * eth1 0.0.0.0/0 0.0.0.0/0 27687 2337K ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0 259 21476 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW + _________________________ ipchains/list + ipchains -L -v -n /usr/local/libexec/ipsec/barf: line 236: ipchains: command not found + _________________________ ipfwadm/forward + ipfwadm -F -l -n -e /usr/local/libexec/ipsec/barf: line 238: ipfwadm: command not found + _________________________ ipfwadm/input + ipfwadm -I -l -n -e /usr/local/libexec/ipsec/barf: line 240: ipfwadm: command not found + _________________________ ipfwadm/output + ipfwadm -O -l -n -e /usr/local/libexec/ipsec/barf: line 242: ipfwadm: command not found + _________________________ iptables/nat + iptables -t nat -L -v -n Chain PREROUTING (policy ACCEPT 98810 packets, 6863K bytes) pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 128K packets, 6558K bytes) pkts bytes target prot opt in out source destination 9555 529K SNAT all -- * eth0 10.0.0.0/24 0.0.0.0/0 to:213.131.75.130
Chain OUTPUT (policy ACCEPT 128K packets, 6548K bytes) pkts bytes target prot opt in out source destination + _________________________ ipchains/masq + ipchains -M -L -v -n /usr/local/libexec/ipsec/barf: line 246: ipchains: command not found + _________________________ ipfwadm/masq + ipfwadm -M -l -n -e /usr/local/libexec/ipsec/barf: line 248: ipfwadm: command not found + _________________________ iptables/mangle + iptables -t mangle -L -v -n Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
+ _________________________ proc/modules
+ cat /proc/modules
iptable_mangle 2776 0 (autoclean) (unused)
ipsec 265376 2
smbfs 44368 0 (autoclean)
i810_audio 27624 1 (autoclean)
ac97_codec 14568 0 (autoclean) [i810_audio]
soundcore 6404 2 (autoclean) [i810_audio]
ipt_LOG 4184 2 (autoclean)
ipt_limit 1560 3 (autoclean)
ipt_state 1080 4 (autoclean)
iptable_filter 2412 1 (autoclean)
ip_nat_ftp 4112 0 (unused)
ip_conntrack_ftp 5296 1
ip_conntrack_irc 4112 1 (autoclean)
ip_nat_irc 3280 0 (unused)
iptable_nat 21752 3 [ip_nat_ftp ip_nat_irc]
ip_tables 15096 8 [iptable_mangle ipt_LOG ipt_limit ipt_state iptable_filter iptable_nat]
ip_conntrack 27272 4 [ipt_state ip_nat_ftp ip_conntrack_ftp ip_conntrack_irc ip_nat_irc iptable_nat]
autofs 13268 0 (autoclean) (unused)
8139too 18120 2
mii 3976 0 [8139too]
keybdev 2976 0 (unused)
mousedev 5556 1
hid 22244 0 (unused)
input 5856 0 [keybdev mousedev hid]
usb-uhci 26412 0 (unused)
usbcore 79040 1 [hid usb-uhci]
ext3 70784 2
jbd 51924 2 [ext3]
+ _________________________ proc/meminfo
+ cat /proc/meminfo
total: used: free: shared: buffers: cached:
Mem: 393744384 386453504 7290880 0 45178880 254484480
Swap: 797843456 205168640 592674816
MemTotal: 384516 kB
MemFree: 7120 kB
MemShared: 0 kB
Buffers: 44120 kB
Cached: 160180 kB
SwapCached: 88340 kB
Active: 283748 kB
ActiveAnon: 144796 kB
ActiveCache: 138952 kB
Inact_dirty: 0 kB
Inact_laundry: 54908 kB
Inact_clean: 11192 kB
Inact_target: 69968 kB
HighTotal: 0 kB
HighFree: 0 kB
LowTotal: 384516 kB
LowFree: 7120 kB
SwapTotal: 779144 kB
SwapFree: 578784 kB
+ _________________________ dev/ipsec-ls
+ ls -l '/dev/ipsec*'
ls: /dev/ipsec*: No such file or directory
+ _________________________ proc/net/ipsec-ls
+ ls -l /proc/net/ipsec_eroute /proc/net/ipsec_klipsdebug /proc/net/ipsec_spi /proc/net/ipsec_spigrp /proc/net/ipsec_tncfg /proc/net/ipsec_version
lrwxrwxrwx 1 root root 16 Dec 9 16:29 /proc/net/ipsec_eroute -> ipsec/eroute/all
lrwxrwxrwx 1 root root 16 Dec 9 16:29 /proc/net/ipsec_klipsdebug -> ipsec/klipsdebug
lrwxrwxrwx 1 root root 13 Dec 9 16:29 /proc/net/ipsec_spi -> ipsec/spi/all
lrwxrwxrwx 1 root root 16 Dec 9 16:29 /proc/net/ipsec_spigrp -> ipsec/spigrp/all
lrwxrwxrwx 1 root root 11 Dec 9 16:29 /proc/net/ipsec_tncfg -> ipsec/tncfg
lrwxrwxrwx 1 root root 13 Dec 9 16:29 /proc/net/ipsec_version -> ipsec/version
+ _________________________ usr/src/linux/.config
+ test -f /usr/src/linux/.config
+ _________________________ etc/syslog.conf
+ cat /etc/syslog.conf
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# Log anything (except mail) of level info or higher. # Don't log private authentication messages! *.info;mail.none;authpriv.none;cron.none /var/log/messages *.debug /var/log/messages # The authpriv file has restricted access. authpriv.* /var/log/secure
# Log all the mail messages in one place. mail.* /var/log/maillog
# Log cron stuff cron.* /var/log/cron
# Everybody gets emergency messages *.emerg *
# Save news errors of level crit and higher in a special file. uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log local7.* /var/log/boot.log + _________________________ etc/resolv.conf + cat /etc/resolv.conf #nameserver 213.131.75.130 nameserver 213.131.64.2 nameserver 213.131.64.3 search link.com.eg + _________________________ lib/modules-ls + ls -ltr /lib/modules total 4 drwxr-xr-x 4 root root 4096 Dec 8 07:06 2.4.20-20.9 + _________________________ proc/ksyms-netif_rx + egrep netif_rx /proc/ksyms c01f7d50 netif_rx_R733de01d + _________________________ lib/modules-netif_rx + modulegoo kernel/net/ipv4/ipip.o netif_rx + set +x 2.4.20-20.9: U netif_rx_R733de01d + _________________________ kern.debug + test -f /var/log/kern.debug + _________________________ klog + sed -n '2073128,$p' /var/log/messages + egrep -i 'ipsec|klips|pluto' + cat Dec 9 16:22:03 apogee ipsec_setup: Starting FreeS/WAN IPsec 2.04... Dec 9 16:22:03 apogee kernel: klips_info:ipsec_init: KLIPS startup, FreeS/WAN IPSec version: 2.04 Dec 9 16:22:03 apogee kernel: klips_info:ipsec_init: KLIPS startup, FreeS/WAN IPSec version: 2.04 Dec 9 16:22:03 apogee kernel: divert: not allocating divert_blk for non-ethernet device ipsec0 Dec 9 16:22:03 apogee ipsec_setup: Using /lib/modules/2.4.20-20.9/kernel/net/ipsec/ipsec.o Dec 9 16:22:03 apogee ipsec_setup: Using /lib/modules/2.4.20-20.9/kernel/net/ipsec/ipsec.o Dec 9 16:22:03 apogee kernel: divert: not allocating divert_blk for non-ethernet device ipsec1 Dec 9 16:22:03 apogee kernel: divert: not allocating divert_blk for non-ethernet device ipsec2 Dec 9 16:22:03 apogee /etc/hotplug/net.agent: invoke ifup ipsec2 Dec 9 16:22:03 apogee /etc/hotplug/net.agent: invoke ifup ipsec2 Dec 9 16:22:03 apogee kernel: divert: not allocating divert_blk for non-ethernet device ipsec3 Dec 9 16:22:03 apogee /etc/hotplug/net.agent: invoke ifup ipsec1 Dec 9 16:22:03 apogee /etc/hotplug/net.agent: invoke ifup ipsec1 Dec 9 16:22:03 apogee ipsec_setup: KLIPS debug `none' Dec 9 16:22:03 apogee ipsec_setup: KLIPS debug `none' Dec 9 16:22:03 apogee /etc/hotplug/net.agent: invoke ifup ipsec0 Dec 9 16:22:03 apogee /etc/hotplug/net.agent: invoke ifup ipsec0 Dec 9 16:22:04 apogee /etc/hotplug/net.agent: invoke ifup ipsec3 Dec 9 16:22:04 apogee /etc/hotplug/net.agent: invoke ifup ipsec3 Dec 9 16:22:04 apogee ipsec_setup: KLIPS ipsec0 on eth0 213.131.75.130/255.255.255.0 broadcast 213.131.75.255 Dec 9 16:22:04 apogee ipsec_setup: KLIPS ipsec0 on eth0 213.131.75.130/255.255.255.0 broadcast 213.131.75.255 Dec 9 16:22:04 apogee ipsec__plutorun: Starting Pluto subsystem... Dec 9 16:22:04 apogee pluto[17937]: Starting Pluto (FreeS/WAN Version 2.04 PLUTO_USES_KEYRR) Dec 9 16:22:04 apogee ipsec_setup: ...FreeS/WAN IPsec started Dec 9 16:22:04 apogee ipsec_setup: ...FreeS/WAN IPsec started Dec 9 16:22:04 apogee pluto[17937]: Using KLIPS IPsec interface code Dec 9 16:22:04 apogee pluto[17937]: added connection description "cisco" Dec 9 16:22:04 apogee pluto[17937]: listening for IKE messages Dec 9 16:22:04 apogee pluto[17937]: adding interface ipsec0/eth0 213.131.75.130 Dec 9 16:22:04 apogee pluto[17937]: loading secrets from "/etc/ipsec.secrets" Dec 9 16:22:04 apogee ipsec__plutorun: 022 "cisco": we have no ipsecN interface for either end of this connection Dec 9 16:22:04 apogee ipsec__plutorun: 022 "cisco": we have no ipsecN interface for either end of this connection Dec 9 16:22:04 apogee ipsec__plutorun: ...could not route conn "cisco" Dec 9 16:22:04 apogee ipsec__plutorun: ...could not route conn "cisco" Dec 9 16:22:04 apogee pluto[17937]: "cisco": we have no ipsecN interface for either end of this connection Dec 9 16:22:04 apogee ipsec__plutorun: 022 "cisco": we have no ipsecN interface for either end of this connection Dec 9 16:22:04 apogee ipsec__plutorun: 022 "cisco": we have no ipsecN interface for either end of this connection Dec 9 16:22:04 apogee ipsec__plutorun: ...could not start conn "cisco" Dec 9 16:22:04 apogee ipsec__plutorun: ...could not start conn "cisco" Dec 9 16:30:28 apogee pluto[17937]: "cisco": we have no ipsecN interface for either end of this connection + _________________________ plog + sed -n '497148,$p' /var/log/secure + egrep -i pluto + cat Dec 9 16:22:04 apogee ipsec__plutorun: Starting Pluto subsystem... Dec 9 16:22:04 apogee pluto[17937]: Starting Pluto (FreeS/WAN Version 2.04 PLUTO_USES_KEYRR) Dec 9 16:22:04 apogee pluto[17937]: Using KLIPS IPsec interface code Dec 9 16:22:04 apogee pluto[17937]: added connection description "cisco" Dec 9 16:22:04 apogee pluto[17937]: listening for IKE messages Dec 9 16:22:04 apogee pluto[17937]: adding interface ipsec0/eth0 213.131.75.130 Dec 9 16:22:04 apogee pluto[17937]: loading secrets from "/etc/ipsec.secrets" Dec 9 16:22:04 apogee pluto[17937]: "cisco": we have no ipsecN interface for either end of this connection Dec 9 16:30:28 apogee pluto[17937]: "cisco": we have no ipsecN interface for either end of this connection + _________________________ date + date
-- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list