LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 03-02-2012, 08:32 AM   #1
bluefish1
Member
 
Registered: Apr 2004
Location: PA
Distribution: RedHat 9
Posts: 49

Rep: Reputation: 0
Can't configure network for KVM guest.


I am so close. but am unable to get a network device connection for my KVM guests.

Followed this article:
http://www.cyberciti.biz/faq/centos-...tion-tutorial/

The host CentOS 6.2 - libvirtd (libvirt) 0.9.4
Code:
[08:28:51 root]$ getenforce
Disabled
Network:
Code:
br0	  Link encap:Ethernet  HWaddr 8C:89:A5:5E:D1:DF
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::8e89:a5ff:fe5e:d1df/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:594581 errors:0 dropped:0 overruns:0 frame:0
          TX packets:826160 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:56982997 (54.3 MiB)  TX bytes:1023484748 (976.0 MiB)

eth0      Link encap:Ethernet  HWaddr 8C:89:A5:5E:D1:DF
          inet6 addr: fe80::8e89:a5ff:fe5e:d1df/64 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:1147063 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1604053 errors:0 dropped:0 overruns:0 carrier:3
          collisions:0 txqueuelen:1000
          RX bytes:167666536 (159.8 MiB)  TX bytes:1799474034 (1.6 GiB)
          Interrupt:26

eth1	  Link encap:Ethernet  HWaddr 00:01:53:81:B6:39
          inet addr:69.242.80.204  Bcast:255.255.255.255  Mask:255.255.252.0
          inet6 addr: fe80::201:53ff:fe81:b639/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2657191 errors:0 dropped:0 overruns:0 frame:0
          TX packets:955092 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1815510683 (1.6 GiB)  TX bytes:146700246 (139.9 MiB)
          Interrupt:20 Base address:0xe800

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:32850 errors:0 dropped:0 overruns:0 frame:0
          TX packets:32850 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:14982310 (14.2 MiB)  TX bytes:14982310 (14.2 MiB)

vnet0     Link encap:Ethernet  HWaddr FE:54:00:F5:C7:93
          inet6 addr: fe80::fc54:ff:fef5:c793/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:37 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500
          RX bytes:9486 (9.2 KiB)  TX bytes:0 (0.0 b)



[08:16:35 root]$ brctl show
bridge name	bridge id		STP enabled	interfaces
br0		8000.8c89a55ed1df	no		eth0
							vnet1
br1		8000.000000000000	no		
virbr0		8000.525400ae0a23	yes		virbr0-nic
							vnet0


[08:18:57 root]$ route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.1.0     *               255.255.255.0   U     0      0        0 br0
69.242.80.0     *               255.255.252.0   U     0      0        0 eth1
link-local      *               255.255.0.0     U     1003   0        0 eth1
link-local      *               255.255.0.0     U     1011   0        0 br0
192.168.0.0     192.168.1.1     255.255.0.0     UG    0      0        0 br0
default         c-69-242-80-1.h 0.0.0.0
My KVM guest configured in the KDE gui:
Code:
[08:19:22 root]$ virsh dumpxml Haweater
<domain type='kvm' id='2'>
  <name>Haweater</name>
  <uuid>57153803-48c3-26aa-5fcc-4cccfed636f0</uuid>
  <memory>512000</memory>
  <currentMemory>512000</currentMemory>
  <vcpu>4</vcpu>
  <os>
    <type arch='x86_64' machine='rhel6.2.0'>hvm</type>
    <boot dev='hd'/>
  </os>
  <features>
    <acpi/>
    <apic/>
    <pae/>
  </features>
  <clock offset='utc'/>
  <on_poweroff>destroy</on_poweroff>
  <on_reboot>restart</on_reboot>
  <on_crash>restart</on_crash>
  <devices>
    <emulator>/usr/libexec/qemu-kvm</emulator>
    <disk type='block' device='disk'>
      <driver name='qemu' type='raw' cache='none' io='native'/>
      <source dev='/dev/md2'/>
      <target dev='vda' bus='virtio'/>
      <alias name='virtio-disk0'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>
    </disk>
    <interface type='network'>
      <mac address='52:54:00:f5:c7:93'/>
      <source network='default'/>
      <target dev='vnet0'/>
      <model type='rtl8139'/>
      <alias name='net0'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
    </interface>
    <interface type='bridge'>
      <mac address='52:54:00:49:b7:dd'/>
      <source bridge='br0'/>
      <target dev='vnet1'/>
      <model type='rtl8139'/>
      <alias name='net1'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x08' function='0x0'/>
    </interface>
    <serial type='pty'>
      <source path='/dev/pts/1'/>
      <target port='0'/>
      <alias name='serial0'/>
    </serial>
    <console type='pty' tty='/dev/pts/1'>
      <source path='/dev/pts/1'/>
      <target type='serial' port='0'/>
      <alias name='serial0'/>
    </console>
    <input type='tablet' bus='usb'>
      <alias name='input0'/>
    </input>
    <input type='mouse' bus='ps2'/>
    <graphics type='vnc' port='5900' autoport='yes'/>
    <sound model='ich6'>
      <alias name='sound0'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
    </sound>
    <video>
      <model type='cirrus' vram='9216' heads='1'/>
      <alias name='video0'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
    </video>
    <memballoon model='virtio'>
      <alias name='balloon0'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/>
    </memballoon>
  </devices>
</domain>

I have tried multiple interfaces options but none make a connection.
Code:
ifup eth0 
Determining IP information for eth0 ... failed
I had this working fine in Fedora 10 but I am at a stumped since I migrated to CentOS 6. I know I am missing something very simple.

I am using the default unedited configs for
 
Old 03-02-2012, 09:00 AM   #2
bluefish1
Member
 
Registered: Apr 2004
Location: PA
Distribution: RedHat 9
Posts: 49

Original Poster
Rep: Reputation: 0
ifup eth0
Device eth0 does not seem to be present, delaying initialization
 
Old 03-02-2012, 09:50 AM   #3
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
Can you use a virtio driver instead of rtl8319?

what does "ifconfig -a" say about the known interfaces on the system?

Similarily, "dmesg | grep -i eth" may be useful.
 
Old 03-02-2012, 10:07 AM   #4
bluefish1
Member
 
Registered: Apr 2004
Location: PA
Distribution: RedHat 9
Posts: 49

Original Poster
Rep: Reputation: 0
HW address was wrong....

Changed the address to the new "generated" nic address and the device is now available. however it is not picking up the dhcpd from the gateway 192.168.1.1
Click image for larger version

Name:	Screen shot 2012-03-02 at 9.57.33 AM.png
Views:	47
Size:	18.0 KB
ID:	9170

I can manually define the network ip but that is not ideal... could this be a firewall issue?:
Click image for larger version

Name:	Screen shot 2012-03-02 at 10.04.07 AM.png
Views:	44
Size:	22.5 KB
ID:	9171
 
Old 03-02-2012, 10:13 AM   #5
bluefish1
Member
 
Registered: Apr 2004
Location: PA
Distribution: RedHat 9
Posts: 49

Original Poster
Rep: Reputation: 0
not sure if this is related:

when I start the guest:
Code:
Mar  2 10:10:15 localhost libvirtd: 10:10:15.691: 27897: info : brProbeVnetHdr:442 : Enabling IFF_VNET_HDR
Mar  2 10:10:15 localhost kernel: device vnet1 entered promiscuous mode
Mar  2 10:10:15 localhost kernel: br0: port 3(vnet1) entering forwarding state
2012-03-02 10:10:15.693: starting up
LC_ALL=C PATH=/sbin:/usr/sbin:/bin:/usr/bin HOME=/root USER=james LOGNAME=james QEMU_AUDIO_DRV=none /usr/libexec/qemu-kvm -S -M rhel6.2.0 -enable-kvm -m 500 -smp 4,sockets=4,cores=1,threads=1 -name Haweater -uuid 57153803-48c3-26aa-5fcc-4cccfed636f0 -nodefconfig -nodefaults -chardev socket,id=charmonitor,path=/var/lib/libvirt/qemu/Haweater.monitor,server,nowait -mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc -no-shutdown -no-acpi -drive file=/dev/md2,if=none,id=drive-virtio-disk0,format=raw,cache=none,aio=native -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x5,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=1 -netdev tap,fd=21,id=hostnet0,vhost=on,vhostfd=24 -device virtio-net-pci,netdev=hostnet0,id=net0,mac=52:54:00:f5:c7:93,bus=pci.0,addr=0x3 -chardev pty,id=charserial0 -device isa-serial,chardev=charserial0,id=serial0 -usb -device usb-tablet,id=input0 -vnc 127.0.0.1:1 -vga cirrus -device intel-hda,id=sound0,bus=pci.0,addr=0x4 -device hda-duplex,id=sound0-codec0,bus=sound0.0,cad=0 -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x6
10:10:15.695: 21228: info : libvirt version: 0.9.4, package: 23.el6_2.6 (CentOS BuildSystem <http://bugs.centos.org>, 2012-03-01-10:07:12, c6b6.bsys.dev.centos.org)
10:10:15.695: 21228: debug : virCommandHook:1920 : Run hook 0x484900 0x7f312306e460
10:10:15.695: 21228: debug : qemuProcessHook:2147 : Obtaining domain lock
10:10:15.695: 21228: debug : virDomainLockManagerNew:123 : plugin=0x7f3118060b80 dom=0x7f3118008060 withResources=1
10:10:15.695: 21228: debug : virLockManagerNew:291 : plugin=0x7f3118060b80 type=0 nparams=4 params=0x7f312306d8b0 flags=0
10:10:15.695: 21228: debug : virLockManagerLogParams:98 :   key=uuid type=uuid value=57153803-48c3-26aa-5fcc-4cccfed636f0
10:10:15.695: 21228: debug : virLockManagerLogParams:94 :   key=name type=string value=Haweater
10:10:15.695: 21228: debug : virLockManagerLogParams:82 :   key=id type=uint value=8
10:10:15.695: 21228: debug : virLockManagerLogParams:82 :   key=pid type=uint value=21228
10:10:15.695: 21228: debug : virDomainLockManagerNew:135 : Adding leases
10:10:15.695: 21228: debug : virDomainLockManagerNew:140 : Adding disks
10:10:15.695: 21228: debug : virDomainLockManagerAddDisk:86 : Add disk /dev/md2
10:10:15.695: 21228: debug : virLockManagerAddResource:320 : lock=0x7f310800cf90 type=0 name=/dev/md2 nparams=0 params=(nil) flags=0
10:10:15.695: 21228: debug : virLockManagerAcquire:337 : lock=0x7f310800cf90 state='(null)' flags=3 fd=0x7f312306da1c
10:10:15.695: 21228: debug : virLockManagerFree:374 : lock=0x7f310800cf90
10:10:15.695: 21228: debug : qemuProcessHook:2172 : Moving procss to cgroup
10:10:15.695: 21228: debug : virCgroupNew:602 : New group /libvirt/qemu/Haweater
10:10:15.695: 21228: debug : virCgroupDetect:261 : Detected mount/mapping 0:cpu at /cgroup/cpu in 
10:10:15.695: 21228: debug : virCgroupDetect:261 : Detected mount/mapping 1:cpuacct at /cgroup/cpuacct in 
10:10:15.695: 21228: debug : virCgroupDetect:261 : Detected mount/mapping 2:cpuset at /cgroup/cpuset in 
10:10:15.695: 21228: debug : virCgroupDetect:261 : Detected mount/mapping 3:memory at /cgroup/memory in 
10:10:15.695: 21228: debug : virCgroupDetect:261 : Detected mount/mapping 4:devices at /cgroup/devices in 
10:10:15.695: 21228: debug : virCgroupDetect:261 : Detected mount/mapping 5:freezer at /cgroup/freezer in 
10:10:15.695: 21228: debug : virCgroupDetect:261 : Detected mount/mapping 6:blkio at /cgroup/blkio in 
10:10:15.695: 21228: debug : virCgroupMakeGroup:523 : Make group /libvirt/qemu/Haweater
10:10:15.695: 21228: debug : virCgroupMakeGroup:545 : Make controller /cgroup/cpu/libvirt/qemu/Haweater/
10:10:15.695: 21228: debug : virCgroupMakeGroup:545 : Make controller /cgroup/cpuacct/libvirt/qemu/Haweater/
10:10:15.695: 21228: debug : virCgroupMakeGroup:545 : Make controller /cgroup/cpuset/libvirt/qemu/Haweater/
10:10:15.695: 21228: debug : virCgroupMakeGroup:545 : Make controller /cgroup/memory/libvirt/qemu/Haweater/
10:10:15.695: 21228: debug : virCgroupMakeGroup:545 : Make controller /cgroup/devices/libvirt/qemu/Haweater/
10:10:15.695: 21228: debug : virCgroupMakeGroup:545 : Make controller /cgroup/freezer/libvirt/qemu/Haweater/
10:10:15.696: 21228: debug : virCgroupMakeGroup:545 : Make controller /cgroup/blkio/libvirt/qemu/Haweater/
10:10:15.696: 21228: debug : virCgroupSetValueStr:319 : Set value '/cgroup/cpu/libvirt/qemu/Haweater/tasks' to '21228'
10:10:15.699: 21228: debug : virCgroupSetValueStr:319 : Set value '/cgroup/cpuacct/libvirt/qemu/Haweater/tasks' to '21228'
10:10:15.703: 21228: debug : virCgroupSetValueStr:319 : Set value '/cgroup/cpuset/libvirt/qemu/Haweater/tasks' to '21228'
10:10:15.707: 21228: debug : virCgroupSetValueStr:319 : Set value '/cgroup/memory/libvirt/qemu/Haweater/tasks' to '21228'
10:10:15.711: 21228: debug : virCgroupSetValueStr:319 : Set value '/cgroup/devices/libvirt/qemu/Haweater/tasks' to '21228'
10:10:15.715: 21228: debug : virCgroupSetValueStr:319 : Set value '/cgroup/freezer/libvirt/qemu/Haweater/tasks' to '21228'
10:10:15.718: 21228: debug : virCgroupSetValueStr:319 : Set value '/cgroup/blkio/libvirt/qemu/Haweater/tasks' to '21228'
10:10:15.722: 21228: debug : qemuProcessHook:2178 : Setup CPU affinity
10:10:15.722: 21228: debug : qemuProcessInitCpuAffinity:1464 : Setting CPU affinity
10:10:15.722: 21228: debug : qemuProcessHook:2185 : Setting up security labelling
10:10:15.722: 21228: debug : virSecurityDACSetProcessLabel:630 : Dropping privileges of VM to 107:107
10:10:15.722: 21228: debug : qemuProcessHook:2192 : Hook complete ret=0
10:10:15.722: 21228: debug : virCommandHook:1922 : Done hook 0
10:10:15.722: 21228: debug : virCommandHook:1935 : Notifying parent for handshake start on 26
10:10:15.722: 21228: debug : virCommandHook:1956 : Waiting on parent for handshake complete on 27
10:10:15.727: 21228: debug : virCommandHook:1972 : Hook is done 0
Mar  2 10:10:15 localhost libvirtd: 10:10:15.727: 27897: info : virSecurityDACSetOwnership:99 : Setting DAC user and group on '/dev/md2' to '107:107'
char device redirected to /dev/pts/3
Mar  2 10:10:15 localhost qemu-kvm: Could not find keytab file: /etc/qemu/krb5.tab: No such file or directory
Mar  2 10:10:16 localhost avahi-daemon[1901]: Registering new address record for fe80::fc54:ff:fef5:c793 on vnet1.*.
Mar  2 10:10:18 localhost ntpd[15264]: Listening on interface #51 vnet1, fe80::fc54:ff:fef5:c793#123 Enabled
Mar  2 10:10:48 localhost avahi-daemon[1901]: dbus-protocol.c: Too many objects for client ':1.23', client request failed.
Mar  2 10:10:48 localhost avahi-daemon[1901]: dbus-protocol.c: Too many objects for client ':1.24', client request failed.
Mar  2 10:11:23 localhost avahi-daemon[1901]: dbus-protocol.c: Too many objects for client ':1.24', client request failed.
Mar  2 10:11:23 localhost avahi-daemon[1901]: dbus-protocol.c: Too many objects for client ':1.23', client request failed.
 
Old 03-02-2012, 10:38 AM   #6
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
well as libvirt / kvm utilizies a very large amount of the standard host network stack, there's plenty of places where the networking can get jammed up. Is dnsmasq listening for requests (pretty sure it should be dnsmasq) and what is the iptables rulebase that libvirt has built? (iptables -vnL)
 
Old 03-02-2012, 11:05 AM   #7
bluefish1
Member
 
Registered: Apr 2004
Location: PA
Distribution: RedHat 9
Posts: 49

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by acid_kewpie View Post
well as libvirt / kvm utilizies a very large amount of the standard host network stack, there's plenty of places where the networking can get jammed up. Is dnsmasq listening for requests (pretty sure it should be dnsmasq) and what is the iptables rulebase that libvirt has built? (iptables -vnL)
Not sure about dnsmasq, is this run within kvm? .. I am running bind for local system name resolution.

I have no idea what I am looking at:
Code:
[11:00:53 root]$ iptables -vnL
Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
40263 8214K BASE_INPUT_CHAIN  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 2654  419K INPUT_CHAIN  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 2654  419K HOST_BLOCK_SRC  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 2654  419K SPOOF_CHK  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 1174  174K VALID_CHK  all  --  eth1   *       0.0.0.0/0            0.0.0.0/0           
  544  147K EXT_INPUT_CHAIN !icmp --  eth1   *       0.0.0.0/0            0.0.0.0/0           state NEW 
  616 26784 EXT_INPUT_CHAIN  icmp --  eth1   *       0.0.0.0/0            0.0.0.0/0           state NEW limit: avg 60/sec burst 100 
    0     0 EXT_ICMP_FLOOD_CHAIN  icmp --  eth1   *       0.0.0.0/0            0.0.0.0/0           state NEW 
 1480  245K INT_INPUT_CHAIN  all  --  br0    *       0.0.0.0/0            0.0.0.0/0           
    0     0 POST_INPUT_CHAIN  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 1/sec burst 5 LOG flags 0 level 7 prefix `AIF:Dropped INPUT packet: ' 
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 256K  139M BASE_FORWARD_CHAIN  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  779 49852 TCPMSS     tcp  --  *      eth1    0.0.0.0/0            0.0.0.0/0           tcp flags:0x06/0x02 TCPMSS clamp to PMTU 
 1081  101K FORWARD_CHAIN  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 1081  101K HOST_BLOCK_SRC  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 1081  101K HOST_BLOCK_DST  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
   73  3356 EXT_FORWARD_IN_CHAIN  all  --  eth1   *       0.0.0.0/0            0.0.0.0/0           
 1008 97510 EXT_FORWARD_OUT_CHAIN  all  --  *      eth1    0.0.0.0/0            0.0.0.0/0           
 1008 97510 INT_FORWARD_IN_CHAIN  all  --  br0    *       0.0.0.0/0            0.0.0.0/0           
    0     0 INT_FORWARD_OUT_CHAIN  all  --  *      br0     0.0.0.0/0            0.0.0.0/0           
 1008 97510 SPOOF_CHK  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  br0    br0     0.0.0.0/0            0.0.0.0/0           
 1008 97510 LAN_INET_FORWARD_CHAIN  all  --  br0    eth1    0.0.0.0/0            0.0.0.0/0           
    0     0 POST_FORWARD_CHAIN  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 1/min burst 3 LOG flags 0 level 7 prefix `AIF:Dropped FORWARD packet: ' 
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
38056   13M BASE_OUTPUT_CHAIN  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    4   240 TCPMSS     tcp  --  *      eth1    0.0.0.0/0            0.0.0.0/0           tcp flags:0x06/0x02 TCPMSS clamp to PMTU 
 1510  147K OUTPUT_CHAIN  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 1505  147K HOST_BLOCK_DST  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  -f  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 3/min burst 5 LOG flags 0 level 7 prefix `AIF:Fragment packet: ' 
    0     0 DROP       all  -f  *      *       0.0.0.0/0            0.0.0.0/0           
 1166 91238 EXT_OUTPUT_CHAIN  all  --  *      eth1    0.0.0.0/0            0.0.0.0/0           
  339 55705 INT_OUTPUT_CHAIN  all  --  *      br0     0.0.0.0/0            0.0.0.0/0           
 1504  147K POST_OUTPUT_CHAIN  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 1504  147K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain BASE_FORWARD_CHAIN (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 265K  143M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state ESTABLISHED 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED tcp dpts:1024:65535 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED udp dpts:1024:65535 
   37  2072 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED 
    0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           

Chain BASE_INPUT_CHAIN (1 references)
 pkts bytes target     prot opt in     out     source               destination         
49317 9070K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state ESTABLISHED 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED tcp dpts:1024:65535 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED udp dpts:1024:65535 
   59  3997 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED 
   45  2721 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           

Chain BASE_OUTPUT_CHAIN (1 references)
 pkts bytes target     prot opt in     out     source               destination         
47531   16M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state ESTABLISHED 
   66  4590 ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0           

Chain DMZ_FORWARD_IN_CHAIN (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain DMZ_FORWARD_OUT_CHAIN (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain DMZ_INET_FORWARD_CHAIN (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain DMZ_INPUT_CHAIN (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain DMZ_LAN_FORWARD_CHAIN (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain DMZ_OUTPUT_CHAIN (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain EXT_BROADCAST_CHAIN (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpts:0:1023 limit: avg 6/min burst 2 LOG flags 0 level 7 prefix `AIF:PRIV TCP broadcast: ' 
    0     0 LOG        udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpts:0:1023 limit: avg 6/min burst 2 LOG flags 0 level 7 prefix `AIF:PRIV UDP broadcast: ' 
    0     0 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpts:1024:65535 limit: avg 6/min burst 2 LOG flags 0 level 7 prefix `AIF:UNPRIV TCP broadcast: ' 
    0     0 LOG        udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:1024 limit: avg 6/min burst 2 LOG flags 0 level 7 prefix `AIF:UNPRIV UDP broadcast: ' 
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain EXT_FORWARD_IN_CHAIN (1 references)
 pkts bytes target     prot opt in     out     source               destination         
   73  3356 VALID_CHK  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
   73  3356 RESERVED_NET_CHK  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    9   540 ACCEPT     tcp  --  eth1   !eth1   0.0.0.0/0            192.168.1.3         tcp dpt:80 
    0     0 ACCEPT     tcp  --  eth1   !eth1   0.0.0.0/0            192.168.1.3         tcp dpt:443 
    0     0 ACCEPT     tcp  --  eth1   !eth1   0.0.0.0/0            192.168.1.11        tcp dpt:8080 
    0     0 ACCEPT     tcp  --  eth1   !eth1   0.0.0.0/0            192.168.1.11        tcp dpt:8443 
    0     0 ACCEPT     tcp  --  eth1   !eth1   0.0.0.0/0            192.168.1.11        tcp dpt:37310 
   64  2816 ACCEPT     tcp  --  eth1   !eth1   0.0.0.0/0            192.168.1.11        tcp dpt:31220 
    0     0 ACCEPT     tcp  --  eth1   !eth1   0.0.0.0/0            192.168.1.11        tcp dpt:37690 
    0     0 ACCEPT     tcp  --  eth1   !eth1   0.0.0.0/0            192.168.1.11        tcp dpt:22 
    0     0 ACCEPT     tcp  --  eth1   !eth1   0.0.0.0/0            192.168.1.55        tcp dpt:22 
    0     0 ACCEPT     tcp  --  eth1   !eth1   0.0.0.0/0            192.168.1.3         tcp dpt:22 
    0     0 ACCEPT     udp  --  eth1   !eth1   0.0.0.0/0            192.168.1.3         udp dpt:80 
    0     0 ACCEPT     udp  --  eth1   !eth1   0.0.0.0/0            192.168.1.3         udp dpt:443 
    0     0 ACCEPT     udp  --  eth1   !eth1   0.0.0.0/0            192.168.1.11        udp dpt:8080 
    0     0 ACCEPT     udp  --  eth1   !eth1   0.0.0.0/0            192.168.1.11        udp dpt:8443 
    0     0 ACCEPT     udp  --  eth1   !eth1   0.0.0.0/0            192.168.1.11        udp dpt:37310 
    0     0 ACCEPT     udp  --  eth1   !eth1   0.0.0.0/0            192.168.1.11        udp dpt:31220 
    0     0 ACCEPT     udp  --  eth1   !eth1   0.0.0.0/0            192.168.1.11        udp dpt:37690 
    0     0 ACCEPT     udp  --  eth1   !eth1   0.0.0.0/0            192.168.1.11        udp dpt:22 
    0     0 ACCEPT     udp  --  eth1   !eth1   0.0.0.0/0            192.168.1.55        udp dpt:22 
    0     0 ACCEPT     udp  --  eth1   !eth1   0.0.0.0/0            192.168.1.3         udp dpt:22 

Chain EXT_FORWARD_OUT_CHAIN (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain EXT_ICMP_FLOOD_CHAIN (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 3 limit: avg 12/hour burst 1 LOG flags 0 level 7 prefix `AIF:ICMP-unreachable flood: ' 
    0     0 POST_INPUT_DROP_CHAIN  icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 3 
    0     0 LOG        icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 11 limit: avg 12/hour burst 1 LOG flags 0 level 7 prefix `AIF:ICMP-time-exceeded fld: ' 
    0     0 POST_INPUT_DROP_CHAIN  icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 11 
    0     0 LOG        icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 12 limit: avg 12/hour burst 1 LOG flags 0 level 7 prefix `AIF:ICMP-param-problem fld: ' 
    0     0 POST_INPUT_DROP_CHAIN  icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 12 
    0     0 LOG        icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 8 limit: avg 12/hour burst 1 LOG flags 0 level 7 prefix `AIF:ICMP-request(ping) fld: ' 
    0     0 POST_INPUT_DROP_CHAIN  icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 8 
    0     0 LOG        icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 0 limit: avg 12/hour burst 1 LOG flags 0 level 7 prefix `AIF:ICMP-reply(pong) flood: ' 
    0     0 POST_INPUT_DROP_CHAIN  icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 0 
    0     0 LOG        icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 4 limit: avg 12/hour burst 1 LOG flags 0 level 7 prefix `AIF:ICMP-source-quench fld: ' 
    0     0 POST_INPUT_DROP_CHAIN  icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 4 
    0     0 LOG        icmp --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 12/hour burst 1 LOG flags 0 level 7 prefix `AIF:ICMP(other) flood: ' 
    0     0 POST_INPUT_DROP_CHAIN  icmp --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain EXT_INPUT_CHAIN (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 SSH_CHK    tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:22 state NEW 
    0     0 SSH_CHK    tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:10022 state NEW 
    0     0 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:0 limit: avg 6/hour burst 1 LOG flags 0 level 7 prefix `AIF:Port 0 OS fingerprint: ' 
    0     0 LOG        udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:0 limit: avg 6/hour burst 1 LOG flags 0 level 7 prefix `AIF:Port 0 OS fingerprint: ' 
    0     0 POST_INPUT_DROP_CHAIN  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:0 
    0     0 POST_INPUT_DROP_CHAIN  udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:0 
    0     0 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:0 limit: avg 6/hour burst 5 LOG flags 0 level 7 prefix `AIF:TCP source port 0: ' 
    0     0 LOG        udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:0 limit: avg 6/hour burst 5 LOG flags 0 level 7 prefix `AIF:UDP source port 0: ' 
    0     0 POST_INPUT_DROP_CHAIN  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:0 
    0     0 POST_INPUT_DROP_CHAIN  udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:0 
  388  129K ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:67 dpt:68 
  772 45107 RESERVED_NET_CHK  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:!2049 multiport sports 20,21,22,23,80,110,143,443,993,995 limit: avg 6/hour burst 1 LOG flags 0 level 7 prefix `AIF:Possible DRDOS abuse: ' 
    0     0 LOG        udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:!2049 multiport sports 20,21,22,23,80,110,143,443,993,995 limit: avg 6/hour burst 1 LOG flags 0 level 7 prefix `AIF:Possible DRDOS abuse: ' 
    0     0 POST_INPUT_DROP_CHAIN  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:!2049 multiport sports 20,21,22,23,80,110,143,443,993,995 
    0     0 POST_INPUT_DROP_CHAIN  udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:!2049 multiport sports 20,21,22,23,80,110,143,443,993,995 
    0     0 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpts:1024:65535 flags:!0x17/0x02 limit: avg 3/min burst 5 LOG flags 0 level 7 prefix `AIF:Stealth scan? (UNPRIV): ' 
    0     0 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpts:0:1023 flags:!0x17/0x02 limit: avg 3/min burst 5 LOG flags 0 level 7 prefix `AIF:Stealth scan? (PRIV): ' 
    0     0 POST_INPUT_DROP_CHAIN  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:!0x17/0x02 
    0     0 EXT_BROADCAST_CHAIN  all  --  *      *       0.0.0.0/0            255.255.255.255     
    4  2318 EXT_MULTICAST_CHAIN  all  --  *      *       0.0.0.0/0            224.0.0.0/4         
   68  3776 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpts:0:1023 limit: avg 6/min burst 2 LOG flags 0 level 7 prefix `AIF:PRIV TCP packet: ' 
    0     0 LOG        udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpts:0:1023 limit: avg 6/min burst 2 LOG flags 0 level 7 prefix `AIF:PRIV UDP packet: ' 
    5   272 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpts:1024:65535 limit: avg 6/min burst 2 LOG flags 0 level 7 prefix `AIF:UNPRIV TCP packet: ' 
    5  3775 LOG        udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpts:1024:65535 limit: avg 6/min burst 2 LOG flags 0 level 7 prefix `AIF:UNPRIV UDP packet: ' 
    0     0 LOG        2    --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 1/min burst 5 LOG flags 0 level 7 prefix `AIF:IGMP packet: ' 
  768 42789 POST_INPUT_CHAIN  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
   26  1785 LOG        icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 8 limit: avg 3/min burst 1 LOG flags 0 level 7 prefix `AIF:ICMP-request: ' 
    0     0 LOG        icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp !type 8 limit: avg 12/hour burst 1 LOG flags 0 level 7 prefix `AIF:ICMP-other: ' 
  141  7700 POST_INPUT_DROP_CHAIN  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           
   11  8305 POST_INPUT_DROP_CHAIN  udp  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 POST_INPUT_DROP_CHAIN  2    --  *      *       0.0.0.0/0            0.0.0.0/0           
  616 26784 POST_INPUT_DROP_CHAIN  icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 1/min burst 5 LOG flags 0 level 7 prefix `AIF:Other connect: ' 
    0     0 POST_INPUT_DROP_CHAIN  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain EXT_MULTICAST_CHAIN (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpts:0:1023 limit: avg 6/min burst 2 LOG flags 0 level 7 prefix `AIF:PRIV TCP multicast: ' 
    0     0 LOG        udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpts:0:1023 limit: avg 6/min burst 2 LOG flags 0 level 7 prefix `AIF:PRIV UDP multicast: ' 
    0     0 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpts:1024:65535 limit: avg 6/min burst 2 LOG flags 0 level 7 prefix `AIF:UNPRIV TCP multicast: ' 
    0     0 LOG        udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:1024 limit: avg 6/min burst 2 LOG flags 0 level 7 prefix `AIF:UNPRIV UDP multicast: ' 
    0     0 LOG        icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 8 limit: avg 3/min burst 1 LOG flags 0 level 7 prefix `AIF:ICMP-multicast-request: ' 
    0     0 LOG        icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp !type 8 limit: avg 12/hour burst 1 LOG flags 0 level 7 prefix `AIF:ICMP-multicast-other: ' 
    4  2318 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain EXT_OUTPUT_CHAIN (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD_CHAIN (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain HOST_BLOCK_DROP (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 1/min burst 1 LOG flags 0 level 7 prefix `AIF:Blocked host(s): ' 
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain HOST_BLOCK_DST (2 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain HOST_BLOCK_SRC (2 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain INET_DMZ_FORWARD_CHAIN (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain INPUT_CHAIN (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain INT_FORWARD_IN_CHAIN (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain INT_FORWARD_OUT_CHAIN (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain INT_INPUT_CHAIN (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    2   168 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 8 limit: avg 20/sec burst 100 
    0     0 LOG        icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 8 limit: avg 3/min burst 1 LOG flags 0 level 7 prefix `AIF:ICMP-request: ' 
    0     0 DROP       icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 8 
 1478  245K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain INT_OUTPUT_CHAIN (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain LAN_INET_FORWARD_CHAIN (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    1    84 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 8 limit: avg 20/sec burst 100 
    0     0 LOG        icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 8 limit: avg 3/min burst 1 LOG flags 0 level 7 prefix `AIF:ICMP-request: ' 
    0     0 DROP       icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 8 
  786 50149 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           
  221 47277 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT_CHAIN (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain POST_FORWARD_CHAIN (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain POST_INPUT_CHAIN (2 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain POST_INPUT_DROP_CHAIN (30 references)
 pkts bytes target     prot opt in     out     source               destination         
  782 43381 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain POST_OUTPUT_CHAIN (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain RESERVED_NET_CHK (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  *      *       10.0.0.0/8           0.0.0.0/0           limit: avg 1/min burst 1 LOG flags 0 level 7 prefix `AIF:IPv4 Private address: ' 
    0     0 LOG        all  --  *      *       172.16.0.0/12        0.0.0.0/0           limit: avg 1/min burst 1 LOG flags 0 level 7 prefix `AIF:IPv4 Private address: ' 
    0     0 LOG        all  --  *      *       192.168.0.0/16       0.0.0.0/0           limit: avg 1/min burst 1 LOG flags 0 level 7 prefix `AIF:IPv4 Private address: ' 
    0     0 LOG        all  --  *      *       169.254.0.0/16       0.0.0.0/0           limit: avg 1/min burst 1 LOG flags 0 level 7 prefix `AIF:IPv4 Link-local address: ' 
    0     0 LOG        all  --  *      *       224.0.0.0/24         0.0.0.0/0           limit: avg 1/min burst 1 LOG flags 0 level 7 prefix `AIF:IPv4 Multicast address: ' 
    0     0 LOG        all  --  *      *       239.0.0.0/24         0.0.0.0/0           limit: avg 1/min burst 1 LOG flags 0 level 7 prefix `AIF:IPv4 Multicast address: ' 

Chain SPOOF_CHK (2 references)
 pkts bytes target     prot opt in     out     source               destination         
 2437  336K RETURN     all  --  br0    *       192.168.1.0/24       0.0.0.0/0           
    0     0 LOG        all  --  *      *       192.168.1.0/24       0.0.0.0/0           limit: avg 3/min burst 5 LOG flags 0 level 7 prefix `AIF:Spoofed packet: ' 
    0     0 POST_INPUT_DROP_CHAIN  all  --  *      *       192.168.1.0/24       0.0.0.0/0           
 1225  180K RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain SSH_CHK (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           recent: SET name: sshchk side: source 
    0     0 SSH_LOG_DROP  all  --  *      *       0.0.0.0/0            0.0.0.0/0           recent: UPDATE seconds: 60 hit_count: 4 name: sshchk side: source 
    0     0 SSH_LOG_DROP  all  --  *      *       0.0.0.0/0            0.0.0.0/0           recent: UPDATE seconds: 1800 hit_count: 10 name: sshchk side: source 

Chain SSH_LOG_DROP (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 1/min burst 1 LOG flags 0 level 7 prefix `AIF:SSH Brute force attack?: ' 
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain VALID_CHK (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x3F/0x29 limit: avg 3/min burst 5 LOG flags 0 level 7 prefix `AIF:Stealth XMAS scan: ' 
    0     0 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x3F/0x37 limit: avg 3/min burst 5 LOG flags 0 level 7 prefix `AIF:Stealth XMAS-PSH scan: ' 
    0     0 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x3F/0x3F limit: avg 3/min burst 5 LOG flags 0 level 7 prefix `AIF:Stealth XMAS-ALL scan: ' 
    0     0 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x3F/0x01 limit: avg 3/min burst 5 LOG flags 0 level 7 prefix `AIF:Stealth FIN scan: ' 
    0     0 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x06/0x06 limit: avg 3/min burst 5 LOG flags 0 level 7 prefix `AIF:Stealth SYN/RST scan: ' 
    0     0 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x03/0x03 limit: avg 3/min burst 5 LOG flags 0 level 7 prefix `AIF:Stealth SYN/FIN scan?: ' 
    0     0 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x3F/0x00 limit: avg 3/min burst 5 LOG flags 0 level 7 prefix `AIF:Stealth Null scan: ' 
    0     0 POST_INPUT_DROP_CHAIN  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x3F/0x29 
    0     0 POST_INPUT_DROP_CHAIN  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x3F/0x37 
    0     0 POST_INPUT_DROP_CHAIN  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x3F/0x3F 
    0     0 POST_INPUT_DROP_CHAIN  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x3F/0x01 
    0     0 POST_INPUT_DROP_CHAIN  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x06/0x06 
    0     0 POST_INPUT_DROP_CHAIN  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x03/0x03 
    0     0 POST_INPUT_DROP_CHAIN  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x3F/0x00 
    0     0 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp option=64 limit: avg 3/min burst 1 LOG flags 0 level 7 prefix `AIF:Bad TCP flag(64): ' 
    0     0 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp option=128 limit: avg 3/min burst 1 LOG flags 0 level 7 prefix `AIF:Bad TCP flag(128): ' 
    0     0 POST_INPUT_DROP_CHAIN  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp option=64 
    0     0 POST_INPUT_DROP_CHAIN  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp option=128 
   14   592 POST_INPUT_DROP_CHAIN  all  --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID 
    0     0 LOG        all  -f  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 3/min burst 1 LOG flags 0 level 4 prefix `AIF:Fragment packet: ' 
    0     0 DROP       all  -f  *      *       0.0.0.0/0            0.0.0.0/0
 
Old 03-02-2012, 11:13 AM   #8
bluefish1
Member
 
Registered: Apr 2004
Location: PA
Distribution: RedHat 9
Posts: 49

Original Poster
Rep: Reputation: 0
also seeing this: qemu-kvm: Could not find keytab file: /etc/qemu/krb5.tab
 
Old 03-02-2012, 02:03 PM   #9
bluefish1
Member
 
Registered: Apr 2004
Location: PA
Distribution: RedHat 9
Posts: 49

Original Poster
Rep: Reputation: 0
Captain obvious here: turn of the avahi-daemon service and the avahi-daemon noise stops. Go figure!
 
Old 05-09-2013, 02:25 PM   #10
chandan_raka
Member
 
Registered: Apr 2005
Location: BC
Distribution: Centos
Posts: 34

Rep: Reputation: 16
If you are getting delaying execution error in ifup eth0, that most likely means udev /mac address problem. Solution: Delete the rules in udev/rules.d/70-per**net, comment out the hardware mac address from ifcfg-eth0 and reboot the VM. it should fix it. This problem is only with CentOS 6 VM, you wont see it in CentOS 5 VMs.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
CIPSO Labeling of Network Packets from KVM Windows Guest OS djackso1 Linux - Security 5 01-06-2012 02:26 PM
LXer: Set up Spicevmc Channel on Ubuntu 11.04 as KVM Server and spice-vdagent as a KVM guest LXer Syndicated Linux News 0 06-15-2011 08:10 PM
KVM with Ubuntu guest - guest crashes when some apps are 'full screened' TonyRogers Linux - Virtualization and Cloud 0 05-15-2011 01:18 PM
[KVM] adding guest computer to the network djgerbavore Linux - Networking 5 06-10-2009 03:01 PM
LXer: HowTo: Install configure KVM Virtualization & run Guest OSes in openSUSE LXer Syndicated Linux News 0 10-01-2008 04:50 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 06:46 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration