[MBT] new ticket for pkg freeswan "Problem in PLUTO Run Script"
bugs at pld.org.pl
bugs at pld.org.pl
Fri Nov 22 22:32:25 CET 2002
Date: 2002-11-22 22:32:23+01 Author: (gglas) <georg at glas.eu.org>
Title: Problem in PLUTO Run Script
Ticket ID: #446
Ticket URL: http://bugs.pld.org.pl/?bug=446
Package: freeswan-1.97-1
Distribution: PLD-1.0.devel.main PLD-1.0.devel.test PLD-1.0.devel.supported
Category: doesn't work as it should
Current state: opened
Text:
Hi,
when trying to start ipsec throug the init script i get:
Nov 22 21:29:13 home ipsec_setup: Starting FreeS/WAN IPsec 1.97...
Nov 22 21:29:14 home ipsec_setup: KLIPS ipsec0 on eth0 212.17.106.212/255.255.25
5.0 broadcast 212.17.106.255
Nov 22 21:29:14 home ipsec_setup: ...FreeS/WAN IPsec started
Nov 22 21:29:14 home ipsec__plutorun: ipsec_auto: fatal error in "": (/etc/ipsec
/ipsec.conf, line 0) invalid section name "/etc/ipsec/ipsec.conf"
the config file is from the rpm (only removed the comment wich sayed "uncommend the next line to enable it" ..
it has be reproduced on another machine
------------------- barf begin -------------------------
Fri Nov 22 22:25:45 CET 2002
+ _________________________ version
+ ipsec --version
Linux FreeS/WAN 1.97
See `ipsec --copyright' for copyright information.
+ _________________________ proc/version
+ cat /proc/version
Linux version 2.4.19ctx-14 (root at home) (gcc version 3.1) #4 Sat Nov 16 11:20:15
CET 2002
+ _________________________ proc/net/ipsec_eroute
+ sort +3 /proc/net/ipsec_eroute
+ _________________________ proc/net/ipsec_spi
+ cat /proc/net/ipsec_spi
+ _________________________ proc/net/ipsec_spigrp
+ cat /proc/net/ipsec_spigrp
+ _________________________ netstart-rn
+ netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
195.34.149.5 0.0.0.0 255.255.255.255 UH 40 0 0 eth0
212.17.106.0 0.0.0.0 255.255.255.0 U 40 0 0 eth0
212.17.106.0 0.0.0.0 255.255.255.0 U 40 0 0 ipsec0
192.168.0.0 0.0.0.0 255.255.255.0 U 40 0 0 eth1
0.0.0.0 212.17.106.1 0.0.0.0 UG 40 0 0 eth0
+ _________________________ proc/net/ipsec_tncfg
+ cat /proc/net/ipsec_tncfg
ipsec0 -> eth0 mtu=16260(1500) -> 1500
ipsec1 -> NULL mtu=0(0) -> 0
ipsec2 -> NULL mtu=0(0) -> 0
ipsec3 -> NULL mtu=0(0) -> 0
+ _________________________ proc/net/pf_key
+ cat /proc/net/pf_key
sock pid socket next prev e n p sndbf Flags Type St
c5251bc0 11902 cfbd0310 0 0 0 0 2 65535 00000000 3 1
+ _________________________ proc/net/pf_key-star
+ cd /proc/net
+ egrep ^ pf_key_registered pf_key_supported
pf_key_registered:satype socket pid sk
pf_key_registered: 2 cfbd0310 11902 c5251bc0
pf_key_registered: 3 cfbd0310 11902 c5251bc0
pf_key_registered: 9 cfbd0310 11902 c5251bc0
pf_key_registered: 10 cfbd0310 11902 c5251bc0
pf_key_supported:satype exttype alg_id ivlen minbits maxbits
pf_key_supported: 2 14 3 0 160 160
pf_key_supported: 2 14 2 0 128 128
pf_key_supported: 3 15 3 128 168 168
pf_key_supported: 3 14 3 0 160 160
pf_key_supported: 3 14 2 0 128 128
pf_key_supported: 9 15 4 0 128 128
pf_key_supported: 9 15 3 0 32 128
pf_key_supported: 9 15 2 0 128 32
pf_key_supported: 9 15 1 0 32 32
pf_key_supported: 10 15 2 0 1 1
+ _________________________ proc/sys/net/ipsec-star
+ cd /proc/sys/net/ipsec
+ egrep ^ icmp inbound_policy_check tos
icmp:1
inbound_policy_check:1
tos:1
+ _________________________ ipsec/status
+ ipsec auto --status
000 interface ipsec0/eth0 212.17.106.212
000
000
+ _________________________ ifconfig-a
+ ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:10:5A:C6:2B:31
inet addr:212.17.106.212 Bcast:212.17.106.255 Mask:255.255.255.0
inet6 addr: fe80::210:5aff:fec6:2b31/10 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:14045 errors:0 dropped:0 overruns:0 frame:2508
TX packets:9893 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:11496679 (10.9 Mb) TX bytes:794135 (775.5 Kb)
Interrupt:11 Base address:0xa800
eth1 Link encap:Ethernet HWaddr 00:50:BA:BB:27:D9
inet addr:192.168.0.254 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::250:baff:febb:27d9/10 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:19808 errors:0 dropped:0 overruns:0 frame:0
TX packets:19704 errors:0 dropped:0 overruns:0 carrier:0
collisions:17 txqueuelen:100
RX bytes:2295424 (2.1 Mb) TX bytes:9600535 (9.1 Mb)
Interrupt:5 Base address:0xa400
ipsec0 Link encap:Ethernet HWaddr 00:10:5A:C6:2B:31
inet addr:212.17.106.212 Mask:255.255.255.0
inet6 addr: fe80::210:5aff:fec6:2b31/10 Scope:Link
UP RUNNING NOARP MTU:16260 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:3 overruns:0 carrier:0
collisions:0 txqueuelen:10
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
ipsec1 Link encap:IPIP Tunnel HWaddr
NOARP MTU:0 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:10
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
ipsec2 Link encap:IPIP Tunnel HWaddr
NOARP MTU:0 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:10
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
ipsec3 Link encap:IPIP Tunnel HWaddr
NOARP MTU:0 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:10
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:5921 errors:0 dropped:0 overruns:0 frame:0
TX packets:5921 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:689575 (673.4 Kb) TX bytes:689575 (673.4 Kb)
sit0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
-00
NOARP MTU:1480 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
+ _________________________ ipsec/directory
+ ipsec --directory
/usr/lib/ipsec
+ _________________________ hostname/fqdn
+ hostname --fqdn
home
+ _________________________ hostname/ipaddress
+ hostname --ip-address
212.17.106.212
+ _________________________ uptime
+ uptime
10:26pm up 1:43, 7 users, load average: 0.00, 0.00, 0.00
+ _________________________ ps
+ ps alxwf
+ egrep -i ppid|pluto|ipsec|klips
F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME COMMAND
000 0 12243 12203 15 0 1408 488 pipe_w S pts/3 0:00
| \_ /bin/grep -E -i ppid|pluto|ipsec|klips
040 0 11895 1 9 0 1508 552 rt_sig S pts/2 0:00 /bin/sh /us
r/lib/ipsec/_plutorun --debug none --uniqueids yes -
040 0 11900 11895 9 0 1516 560 rt_sig S pts/2 0:00 \_ /bin/sh
/usr/lib/ipsec/_plutorun --debug none --uniqueids y
100 0 11902 11900 9 0 1956 888 do_sel S pts/2 0:00 | \_ /us
r/lib/ipsec/pluto --nofork --debug-none --uniqueids
000 0 11921 11902 9 0 1364 320 do_sel S pts/2 0:00 | \_
_pluto_adns 9 12
000 0 11901 11895 8 0 1504 548 pipe_w S pts/2 0:00 \_ /bin/sh
/usr/lib/ipsec/_plutoload --load %search --start %s
000 0 11896 1 9 0 1312 504 pipe_w S pts/2 0:00 logger -p d
aemon.error -t ipsec__plutorun
+ _________________________ ipsec/showdefaults
+ ipsec showdefaults
routephys=eth0
routephys=eth0
routevirt=ipsec0
routevirt=ipsec0
routeaddr=212.17.106.212
routeaddr=212.17.106.212
routenexthop=212.17.106.1
routenexthop=212.17.106.1
defaultroutephys=eth0
defaultroutevirt=ipsec0
defaultrouteaddr=212.17.106.212
defaultroutenexthop=212.17.106.1
+ _________________________ ipsec/conf
+ ipsec _include /etc/ipsec/ipsec.conf/ipsec.conf
+ ipsec _keycensor
#:cannot open configuration file "/etc/ipsec/ipsec.conf/ipsec.conf"
+ _________________________ ipsec/secrets
+ ipsec _include /etc/ipsec/ipsec.conf/ipsec.secrets
+ ipsec _secretcensor
#:cannot open configuration file "[sums to 0280...]"
+ _________________________ ipsec/ls-dir
+ ls -l /usr/local/lib/ipsec
total 12
-rwxr-xr-x 1 root root 11896 Mar 9 2002 fswcert
+ _________________________ ipsec/updowns
+ ls /usr/local/lib/ipsec
+ egrep updown
+ _________________________ proc/net/dev
+ cat /proc/net/dev
Inter-| Receive | Transmit
face |bytes packets errs drop fifo frame compressed multicast|bytes packe
ts errs drop fifo colls carrier compressed
lo: 689603 5922 0 0 0 0 0 0 689603 59
22 0 0 0 0 0 0
eth0:11497360 14055 0 0 0 2508 0 3090 794255 98
95 0 0 0 0 0 0
eth1: 2298107 19834 0 0 0 0 0 0 9604865 197
24 0 0 0 17 0 0
sit0: 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0
ipsec0: 0 0 0 0 0 0 0 0 0
0 0 3 0 0 0 0
ipsec1: 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0
ipsec2: 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0
ipsec3: 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0
+ _________________________ proc/net/route
+ cat /proc/net/route
Iface Destination Gateway Flags RefCnt Use Metric Mask
MTU Window IRTT
eth0 059522C3 00000000 0005 0 0 0 FFFFFFFF
40 0 0
eth0 006A11D4 00000000 0001 0 0 0 00FFFFFF
40 0 0
ipsec0 006A11D4 00000000 0001 0 0 0 00FFFFFF
40 0 0
eth1 0000A8C0 00000000 0001 0 0 0 00FFFFFF
40 0 0
eth0 00000000 016A11D4 0003 0 0 0 00000000
40 0 0
+ _________________________ proc/sys/net/ipv4/ip_forward
+ cat /proc/sys/net/ipv4/ip_forward
1
+ _________________________ proc/sys/net/ipv4/conf/star-rp_filter
+ cd /proc/sys/net/ipv4/conf
+ egrep ^ all/rp_filter default/rp_filter eth0/rp_filter eth1/rp_filter ipsec0/r
p_filter lo/rp_filter
all/rp_filter:1
default/rp_filter:1
eth0/rp_filter:0
eth1/rp_filter:1
ipsec0/rp_filter:1
lo/rp_filter:1
+ _________________________ uname-a
+ uname -a
Linux home 2.4.19ctx-14 #4 Sat Nov 16 11:20:15 CET 2002 i686 AMD_Duron(tm)_Proce
ssor unknown PLD Linux
+ _________________________ redhat-release
+ test -r /etc/redhat-release
+ cat /etc/redhat-release
Red Hat Linux release 7.2 (Enigma)
+ _________________________ proc/net/ipsec_version
+ cat /proc/net/ipsec_version
FreeS/WAN version: 1.97
+ _________________________ iptables/list
+ iptables -L -v -n
Chain INPUT (policy DROP 1 packets, 78 bytes)
pkts bytes target prot opt in out source destination
5924 690K loopback all --- lo * 0.0.0.0/0 0.0.0.0/0
19672 1978K ACCEPT all --- eth1 * 192.168.0.0/24 192.168.0.0
/24
0 0 ACCEPT all --- !eth0 * 192.168.0.0/24 192.168.0.0
/24
1 56 RESERVED all --- eth0 * 10.0.0.0/8 0.0.0.0/0
0 0 RESERVED all --- eth0 * 172.16.0.0/12 0.0.0.0/0
0 0 RESERVED all --- eth0 * 192.168.0.0/16 0.0.0.0/0
0 0 RESERVED all --- eth0 * 224.0.0.1 0.0.0.0/0
0 0 RESERVED all --- eth0 * 224.0.0.2 0.0.0.0/0
0 0 RESERVED all --- eth0 * 224.0.0.4 0.0.0.0/0
0 0 RESERVED all --- eth0 * 224.0.0.5 0.0.0.0/0
0 0 RESERVED all --- eth0 * 224.0.0.6 0.0.0.0/0
0 0 RESERVED all --- eth0 * 224.0.0.9 0.0.0.0/0
0 0 RESERVED all --- eth0 * 224.0.0.13 0.0.0.0/0
0 0 RESERVED all --- eth0 * 224.0.0.15 0.0.0.0/0
7 555 ACCEPT icmp --- * * 0.0.0.0/0 0.0.0.0/0
icmp type 3
0 0 ACCEPT icmp --- * * 0.0.0.0/0 0.0.0.0/0
icmp type 11
19 1051 ACCEPT icmp --- * * 0.0.0.0/0 0.0.0.0/0
icmp type 0
2 3000 DROPICMP icmp --- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp --- * * 0.0.0.0/0 0.0.0.0/0
udp spts:32769:65535 dpts:33434:33523
0 0 ACCEPT udp --- * * 131.130.1.11 0.0.0.0/0
udp spt:123 dpts:1024:65535
0 0 ACCEPT udp --- * * 132.163.135.130 0.0.0.0/0
udp spt:123 dpts:1024:65535
0 0 ACCEPT udp --- * * 128.118.25.3 0.0.0.0/0
udp spt:123 dpts:1024:65535
0 0 ACCEPT udp --- * * 131.107.1.10 0.0.0.0/0
udp spt:123 dpts:1024:65535
0 0 ACCEPT udp --- * * 0.0.0.0/0 0.0.0.0
udp spts:32769:65535 dpts:33434:33523
0 0 DNS udp --- * * 192.168.0.254 0.0.0.0/0
udp spt:53
29 3723 DNS udp --- * * 195.34.133.10 0.0.0.0/0
udp spt:53
0 0 PUBLIC tcp --- * * 0.0.0.0/0 212.17.106.
212 tcp dpt:21
0 0 PUBLIC tcp --- * * 0.0.0.0/0 212.17.106.
212 tcp dpt:20
41 2764 PUBLIC tcp --- * * 0.0.0.0/0 212.17.106.
212 tcp dpt:80
0 0 PUBLIC udp --- * * 0.0.0.0/0 212.17.106.
212 udp dpt:80
0 0 PUBLIC tcp --- * * 0.0.0.0/0 212.17.106.
212 tcp dpt:443
0 0 PUBLIC udp --- * * 0.0.0.0/0 212.17.106.
212 udp dpt:443
12 2519 PUBLIC tcp --- * * 0.0.0.0/0 212.17.106.
212 tcp dpt:25
0 0 PUBLIC udp --- * * 0.0.0.0/0 212.17.106.
212 udp dpt:25
0 0 PUBLIC tcp --- * * 213.47.157.236 212.17.106.
212 tcp dpt:5000
0 0 PUBLIC udp --- * * 213.47.157.236 212.17.106.
212 udp dpt:5000
0 0 PUBLIC tcp --- * * 62.99.140.141 212.17.106.
212 tcp dpt:370
0 0 PUBLIC udp --- * * 62.99.140.141 212.17.106.
212 udp dpt:370
0 0 PUBLIC udp --- * * 62.99.140.141 212.17.106.
212 udp dpt:2432
0 0 PUBLIC udp --- * * 62.99.140.141 212.17.106.
212 udp dpt:2433
0 0 PUBLIC tcp --- * * 62.99.140.141 212.17.106.
212 tcp dpt:2433
0 0 PUBLIC tcp --- * * 0.0.0.0/0 212.17.106.
212 tcp dpt:993
0 0 PUBLIC udp --- * * 0.0.0.0/0 212.17.106.
212 udp dpt:993
0 0 PUBLIC tcp --- * * 0.0.0.0/0 212.17.106.
212 tcp dpt:22
0 0 PUBLIC udp --- * * 0.0.0.0/0 212.17.106.
212 udp dpt:22
1 44 PUBLIC tcp --- * * 0.0.0.0/0 212.17.106.
212 tcp dpt:113
0 0 PUBLIC udp --- * * 0.0.0.0/0 212.17.106.
212 udp dpt:113
0 0 CLIENT tcp --- * * 195.34.132.19 212.17.106.
212 tcp dpt:20
0 0 CLIENT udp --- * * 195.34.132.19 212.17.106.
212 udp dpt:20
0 0 CLIENT tcp --- * * 195.34.132.19 212.17.106.
212 tcp dpt:21
0 0 CLIENT udp --- * * 195.34.132.19 212.17.106.
212 udp dpt:21
0 0 CLIENT tcp --- * * 195.34.132.19 212.17.106.
212 tcp dpt:22
0 0 CLIENT udp --- * * 195.34.132.19 212.17.106.
212 udp dpt:22
0 0 CLIENT tcp --- * * 195.34.132.19 212.17.106.
212 tcp dpt:110
0 0 CLIENT udp --- * * 195.34.132.19 212.17.106.
212 udp dpt:110
0 0 CLIENT tcp --- * * 195.34.132.19 212.17.106.
212 tcp dpt:80
0 0 CLIENT udp --- * * 195.34.132.19 212.17.106.
212 udp dpt:80
0 0 CLIENT tcp --- * * 195.34.132.19 212.17.106.
212 tcp dpt:443
0 0 CLIENT udp --- * * 195.34.132.19 212.17.106.
212 udp dpt:443
0 0 CLIENT tcp --- * * 195.34.132.19 212.17.106.
212 tcp dpt:8000
0 0 CLIENT udp --- * * 195.34.132.19 212.17.106.
212 udp dpt:8000
0 0 CLIENT tcp --- * * 62.99.140.141 212.17.106.
212 tcp dpt:20
0 0 CLIENT udp --- * * 62.99.140.141 212.17.106.
212 udp dpt:20
0 0 CLIENT tcp --- * * 62.99.140.141 212.17.106.
212 tcp dpt:21
0 0 CLIENT udp --- * * 62.99.140.141 212.17.106.
212 udp dpt:21
0 0 CLIENT tcp --- * * 62.99.140.141 212.17.106.
212 tcp dpt:22
0 0 CLIENT udp --- * * 62.99.140.141 212.17.106.
212 udp dpt:22
0 0 CLIENT tcp --- * * 62.99.140.141 212.17.106.
212 tcp dpt:110
0 0 CLIENT udp --- * * 62.99.140.141 212.17.106.
212 udp dpt:110
0 0 CLIENT tcp --- * * 62.99.140.141 212.17.106.
212 tcp dpt:80
0 0 CLIENT udp --- * * 62.99.140.141 212.17.106.
212 udp dpt:80
0 0 CLIENT tcp --- * * 62.99.140.141 212.17.106.
212 tcp dpt:443
0 0 CLIENT udp --- * * 62.99.140.141 212.17.106.
212 udp dpt:443
0 0 CLIENT tcp --- * * 62.99.140.141 212.17.106.212 tcp dpt:8000
0 0 CLIENT udp --- * * 62.99.140.141 212.17.106.
212 udp dpt:8000
0 0 OPENPORT tcp --- * * 0.0.0.0/0 0.0.0.0/0
tcp dpts:3000:3100
4 573 OPENPORT udp --- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:3000:3100
0 0 SCAN tcp --- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:0x3F/0x3F state INVALID,NEW,RELATED,NONE
0 0 SCAN tcp --- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:0x3F/0x00 state INVALID,NEW,RELATED,NONE
0 0 SCAN tcp --- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:0x3F/0x01 state INVALID,NEW,RELATED,NONE
9277 9322K STATEFUL all --- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp --- * * 0.0.0.0/0 0.0.0.0
udp spts:32769:65535 dpts:33434:33523
0 0 SCAN tcp --- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:0x3F/0x3F
0 0 SCAN tcp --- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:0x3F/0x00
0 0 BLOCK_OUT tcp --- * eth0 0.0.0.0/0 0.0.0.0/0
tcp dpt:137
0 0 BLOCK_OUT udp --- * eth0 0.0.0.0/0 0.0.0.0/0
udp dpt:137
0 0 BLOCK_OUT tcp --- * eth0 0.0.0.0/0 0.0.0.0/0
tcp dpt:138
0 0 BLOCK_OUT udp --- * eth0 0.0.0.0/0 0.0.0.0/0
udp dpt:138
0 0 BLOCK_OUT tcp --- * eth0 0.0.0.0/0 0.0.0.0/0
tcp dpt:139
0 0 BLOCK_OUT udp --- * eth0 0.0.0.0/0 0.0.0.0/0
udp dpt:139
683 59899 STATEFUL all --- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 34949 packets, 11M bytes)
pkts bytes target prot opt in out source destination
5924 690K loopback all --- * lo 0.0.0.0/0 0.0.0.0/0
0 0 BLOCK_OUT tcp --- * eth0 0.0.0.0/0 0.0.0.0/0
tcp dpt:137
0 0 BLOCK_OUT udp --- * eth0 0.0.0.0/0 0.0.0.0/0
udp dpt:137
0 0 BLOCK_OUT tcp --- * eth0 0.0.0.0/0 0.0.0.0/0
tcp dpt:138
0 0 BLOCK_OUT udp --- * eth0 0.0.0.0/0 0.0.0.0/0
udp dpt:138
0 0 BLOCK_OUT tcp --- * eth0 0.0.0.0/0 0.0.0.0/0
tcp dpt:139
0 0 BLOCK_OUT udp --- * eth0 0.0.0.0/0 0.0.0.0/0
udp dpt:139
Chain ACCEPTnLOG (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG all --- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 4 prefix `gShield (accept) '
0 0 ACCEPT all --- * * 0.0.0.0/0 0.0.0.0/0
Chain BLACKLIST (0 references)
pkts bytes target prot opt in out source destination
[....]
+ ipchains -L -v -n
./barf[197]: ipchains: not found
+ _________________________ ipfwadm/forward
+ ipfwadm -F -l -n -e
./barf[199]: ipfwadm: not found
+ _________________________ ipfwadm/input
+ ipfwadm -I -l -n -e
./barf[201]: ipfwadm: not found
+ _________________________ ipfwadm/output
+ ipfwadm -O -l -n -e
./barf[203]: ipfwadm: not found
+ _________________________ iptables/nat
+ iptables -t nat -L -v -n
Chain PREROUTING (policy ACCEPT 131 packets, 12398 bytes)
pkts bytes target prot opt in out source destination
0 0 REDIRECT tcp --- * * 192.168.0.0/24 !192.168.0.0
/24 tcp dpt:80 redir ports 3128
0 0 REDIRECT udp --- * * 192.168.0.0/24 !192.168.0.0
/24 udp dpt:80 redir ports 3128
Chain POSTROUTING (policy ACCEPT 2272 packets, 156K bytes)
pkts bytes target prot opt in out source destination
1 48 MASQUERADE all --- * eth0 192.168.0.0/24 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 2266 packets, 156K bytes)
pkts bytes target prot opt in out source destination
+ _________________________ ipchains/masq
+ ipchains -M -L -v -n
./barf[207]: ipchains: not found
+ _________________________ ipfwadm/masq
+ ipfwadm -M -l -n -e
./barf[209]: ipfwadm: not found
+ _________________________ iptables/mangle
+ iptables -t mangle -L -v -n
Chain PREROUTING (policy ACCEPT 37910 packets, 14M bytes)
pkts bytes target prot opt in out source destination
0 0 TOS tcp --- * * 0.0.0.0/0 0.0.0.0/0
tcp spt:20 TOS set 0x08
0 0 TOS tcp --- * * 0.0.0.0/0 0.0.0.0/0
tcp spt:22 TOS set 0x10
0 0 TOS tcp --- * * 0.0.0.0/0 0.0.0.0/0
tcp spt:23 TOS set 0x10
12 2519 MARK tcp --- eth0 * 0.0.0.0/0 0.0.0.0/0
tcp dpt:25 MARK set 0x1
0 0 MARK udp --- eth0 * 0.0.0.0/0 0.0.0.0/0
udp dpt:25 MARK set 0x1
0 0 MARK tcp --- eth0 * 0.0.0.0/0 0.0.0.0/0
tcp dpt:110 MARK set 0x1
0 0 MARK udp --- eth0 * 0.0.0.0/0 0.0.0.0/0
udp dpt:110 MARK set 0x1
0 0 MARK tcp --- eth0 * 0.0.0.0/0 0.0.0.0/0
tcp dpt:119 MARK set 0x1
0 0 MARK udp --- eth0 * 0.0.0.0/0 0.0.0.0/0
udp dpt:119 MARK set 0x1
0 0 MARK tcp --- eth0 * 0.0.0.0/0 0.0.0.0/0
tcp dpt:143 MARK set 0x1
0 0 MARK udp --- eth0 * 0.0.0.0/0 0.0.0.0/0
udp dpt:143 MARK set 0x1
0 0 MARK tcp --- eth0 * 0.0.0.0/0 0.0.0.0/0
tcp dpt:993 MARK set 0x1
0 0 MARK udp --- eth0 * 0.0.0.0/0 0.0.0.0/0
udp dpt:993 MARK set 0x1
0 0 MARK tcp --- eth0 * 0.0.0.0/0 0.0.0.0/0
tcp dpt:995 MARK set 0x1
0 0 MARK udp --- eth0 * 0.0.0.0/0 0.0.0.0/0
udp dpt:995 MARK set 0x1
0 0 MARK tcp --- eth0 * 0.0.0.0/0 0.0.0.0/0
tcp dpt:22 MARK set 0x2
0 0 MARK udp --- eth0 * 0.0.0.0/0 0.0.0.0/0
udp dpt:22 MARK set 0x2
0 0 MARK tcp --- eth0 * 0.0.0.0/0 0.0.0.0/0
tcp dpt:23 MARK set 0x2
0 0 MARK udp --- eth0 * 0.0.0.0/0 0.0.0.0/0
udp dpt:23 MARK set 0x2
0 0 MARK tcp --- eth0 * 0.0.0.0/0 0.0.0.0/0
tcp dpt:6667 MARK set 0x2
0 0 MARK udp --- eth0 * 0.0.0.0/0 0.0.0.0/0
udp dpt:6667 MARK set 0x2
41 2764 MARK tcp --- eth0 * 0.0.0.0/0 0.0.0.0/0
tcp dpt:80 MARK set 0x3
0 0 MARK udp --- eth0 * 0.0.0.0/0 0.0.0.0/0
udp dpt:80 MARK set 0x3
0 0 MARK tcp --- eth0 * 0.0.0.0/0 0.0.0.0/0
tcp dpt:443 MARK set 0x3
0 0 MARK udp --- eth0 * 0.0.0.0/0 0.0.0.0/0
udp dpt:443 MARK set 0x3
0 0 MARK tcp --- eth0 * 0.0.0.0/0 0.0.0.0/0
[...]
+ cat /etc/syslog.conf
cat: /etc/syslog.conf: No such file or directory
+ _________________________ lib/modules-ls
+ ls -ltr /lib/modules
total 12
lrwxrwxrwx 1 root root 8 Nov 6 14:54 2.4.18 -> 2.4.18-2
drwxr-xr-x 5 root root 4096 Nov 6 16:33 2.4.18-2
drwxr-xr-x 4 root root 4096 Nov 14 17:10 2.4.18-14
drwxrwxrwx 6 root root 4096 Nov 18 16:31 2.4.19ctx-14
+ _________________________ proc/ksyms-netif_rx
+ egrep netif_rx /proc/ksyms
c02093e0 netif_rx_R7b2e94e8
+ _________________________ lib/modules-netif_rx
+ modulegoo kernel/net/ipv4/ipip.o netif_rx
2.4.18: U netif_rx
2.4.18-14: U netif_rx_R61b6a4ab
2.4.18-2: U netif_rx
+ _________________________ kern.debug
+ test -f /var/log/kern.debug
+ _________________________ klog
+ sed -n 8636,$p /var/log/syslog
+ egrep -i ipsec|klips|pluto
+ cat
Nov 22 21:29:13 home ipsec_setup: Starting FreeS/WAN IPsec 1.97...
Nov 22 21:29:14 home ipsec_setup: KLIPS ipsec0 on eth0 212.17.106.212/255.255.25
5.0 broadcast 212.17.106.255
Nov 22 21:29:14 home ipsec_setup: ...FreeS/WAN IPsec started
Nov 22 21:29:14 home ipsec__plutorun: ipsec_auto: fatal error in "": (/etc/ipsec
/ipsec.conf, line 0) invalid section name "/etc/ipsec/ipsec.conf"
Nov 22 21:29:14 home ipsec__plutorun: ...could not add conn "me-to-anyone"
Nov 22 21:29:14 home ipsec__plutorun: 021 no connection named "me-to-anyone"
Nov 22 21:29:14 home ipsec__plutorun: ...could not route conn "me-to-anyone"
Nov 22 21:29:23 home kernel: ipsec0: no IPv6 routers present
+ _________________________ plog
+ sed -n 16479,$p /var/log/secure
+ egrep -i pluto
+ cat
Nov 22 21:29:14 home ipsec__plutorun: Starting Pluto subsystem...
Nov 22 21:29:14 home Pluto[11902]: Starting Pluto (FreeS/WAN Version 1.97)
Nov 22 21:29:14 home Pluto[11902]: including X.509 patch (Version 0.9.11)
Nov 22 21:29:14 home Pluto[11902]: Changing to directory '/etc/ipsec.d/cacerts'
Nov 22 21:29:14 home Pluto[11902]: Warning: empty directory
Nov 22 21:29:14 home Pluto[11902]: Changing to directory '/etc/ipsec.d/crls'
Nov 22 21:29:14 home Pluto[11902]: Warning: empty directory
Nov 22 21:29:14 home Pluto[11902]: loaded my default X.509 cert file '/etc/x50
9cert.der' (1266 bytes)
Nov 22 21:29:14 home Pluto[11902]: listening for IKE messages
Nov 22 21:29:14 home Pluto[11902]: adding interface ipsec0/eth0 212.17.106.212
Nov 22 21:29:14 home Pluto[11902]: loading secrets from "/etc/ipsec/ipsec.secret
s"
+ _________________________ date
+ date
Fri Nov 22 22:30:44 CET 2002
More information about the pld-bugs
mailing list