Dank für den Hinweis mit tshark. Ich habe den jetzt mal auf vmbr0, die an dem Netzwerk-Interface enp65s0f1 hängt, durchgeführt. Alles mit xxx.yy.zz sind die externen IP-Adressen, die auf 192.168.1.uu weitergeleitet werden sollen. AAA.BBB.CCC.100 bin ich aus dem Internet und ich mache die ganze Aufzeichnung über
Code: Alles auswählen
1 0.000000000 xxx.yy.zz.66 → AAA.BBB.CCC.100 TCP 270 52066 → 46078 [PSH, ACK] Seq=1 Ack=1 Win=501 Len=204 TSval=2103963978 TSecr=4101267692
2 0.012441185 AAA.BBB.CCC.100 → xxx.yy.zz.66 TCP 66 46078 → 52066 [ACK] Seq=1 Ack=205 Win=976 Len=0 TSval=4101267723 TSecr=2103963978
3 0.473194254 xxx.yy.zz.72 → 8.8.4.4 DNS 81 Standard query 0x5808 A 3.debian.pool.ntp.org
4 0.473205724 xxx.yy.zz.72 → 8.8.4.4 DNS 81 Standard query 0x690d AAAA 3.debian.pool.ntp.org
5 0.503913556 xxx.yy.zz.66 → AAA.BBB.CCC.100 TCP 110 52066 → 46078 [PSH, ACK] Seq=205 Ack=1 Win=501 Len=44 TSval=2103964482 TSecr=4101267723
6 0.516980487 AAA.BBB.CCC.100 → xxx.yy.zz.66 TCP 66 46078 → 52066 [ACK] Seq=1 Ack=249 Win=976 Len=0 TSval=4101268227 TSecr=2103964482
7 0.660676462 Cisco_38:6d:12 → Broadcast ARP 60 Who has xxx.yy.zz.124? Tell xxx.yy.zz.65
8 0.784720484 Cisco_4b:9a:83 → Cisco_4b:9a:83 LOOP 60 Reply
9 0.899544983 Cisco_38:6d:12 → Broadcast ARP 60 Who has xxx.yy.zz.114? Tell xxx.yy.zz.65
10 0.977444389 Cisco_38:6d:12 → Broadcast ARP 60 Who has xxx.yy.zz.97? Tell xxx.yy.zz.65
11 1.016116659 xxx.yy.zz.66 → AAA.BBB.CCC.100 TCP 110 52066 → 46078 [PSH, ACK] Seq=249 Ack=1 Win=501 Len=44 TSval=2103964994 TSecr=4101268227
12 1.029088938 AAA.BBB.CCC.100 → xxx.yy.zz.66 TCP 66 46078 → 52066 [ACK] Seq=1 Ack=293 Win=976 Len=0 TSval=4101268739 TSecr=2103964994
13 1.254066396 Cisco_4b:9a:83 → Spanning-tree-(for-bridges)_00 STP 60 Conf. Root = 32768/200/00:17:e0:4b:9a:80 Cost = 0 Port = 0x8039
14 1.292951712 Cisco_38:6d:12 → Broadcast ARP 60 Who has xxx.yy.zz.88? Tell xxx.yy.zz.65
15 1.326924080 xxx.yy.zz.84 → 8.8.8.8 DNS 81 Standard query 0xa581 A 3.debian.pool.ntp.org
16 1.326966281 xxx.yy.zz.84 → 8.8.8.8 DNS 81 Standard query 0x9c8e AAAA 3.debian.pool.ntp.org
17 1.340300939 Cisco_38:6d:12 → Broadcast ARP 60 Who has xxx.yy.zz.84? Tell xxx.yy.zz.65
18 1.380556112 Cisco_4b:9a:83 → CDP/VTP/DTP/PAgP/UDLD CDP 455 Device ID: sw1.muc Port ID: GigabitEthernet2/0/3
19 1.382735939 Cisco_38:6d:12 → Broadcast ARP 60 Who has xxx.yy.zz.120? Tell xxx.yy.zz.65
20 1.430657540 Cisco_38:6d:12 → Broadcast ARP 60 Who has xxx.yy.zz.91? Tell xxx.yy.zz.65
21 1.520711133 Cisco_38:6d:12 → Broadcast ARP 60 Who has xxx.yy.zz.94? Tell xxx.yy.zz.65
22 1.528062225 xxx.yy.zz.66 → AAA.BBB.CCC.100 TCP 110 52066 → 46078 [PSH, ACK] Seq=293 Ack=1 Win=501 Len=44 TSval=2103965506 TSecr=4101268739
23 1.540832539 AAA.BBB.CCC.100 → xxx.yy.zz.66 TCP 66 46078 → 52066 [ACK] Seq=1 Ack=337 Win=976 Len=0 TSval=4101269251 TSecr=2103965506
24 1.644035516 xxx.yy.zz.85 → 8.8.8.8 DNS 93 Standard query 0x2b8a A 3.debian.pool.ntp.org.germany.com
25 1.644068257 xxx.yy.zz.85 → 8.8.8.8 DNS 93 Standard query 0x2596 AAAA 3.debian.pool.ntp.org.germany.com
26 1.652182269 Cisco_38:6d:12 → Broadcast ARP 60 Who has xxx.yy.zz.85? Tell xxx.yy.zz.65
27 2.025276208 99.79.48.100 → xxx.yy.zz.66 ICMP 60 Echo (ping) request id=0x001c, seq=5255/34580, ttl=235
28 2.025331159 xxx.yy.zz.66 → 99.79.48.100 ICMP 50 Echo (ping) reply id=0x001c, seq=5255/34580, ttl=64 (request in 27)
29 2.040143806 xxx.yy.zz.66 → AAA.BBB.CCC.100 TCP 110 52066 → 46078 [PSH, ACK] Seq=337 Ack=1 Win=501 Len=44 TSval=2103966018 TSecr=4101269251
30 2.053122476 AAA.BBB.CCC.100 → xxx.yy.zz.66 TCP 66 46078 → 52066 [ACK] Seq=1 Ack=381 Win=976 Len=0 TSval=4101269763 TSecr=2103966018
31 2.076770334 Cisco_38:6d:12 → Broadcast ARP 60 Who has xxx.yy.zz.74? Tell xxx.yy.zz.65
32 2.086228501 3.98.164.148 → xxx.yy.zz.66 ICMP 60 Echo (ping) request id=0x001c, seq=5255/34580, ttl=235
33 2.086261721 xxx.yy.zz.66 → 3.98.164.148 ICMP 50 Echo (ping) reply id=0x001c, seq=5255/34580, ttl=64 (request in 32)
34 2.100962595 xxx.yy.zz.79 → 9.9.9.9 DNS 81 Standard query 0xb5a6 A 3.debian.pool.ntp.org
35 2.100976236 xxx.yy.zz.79 → 9.9.9.9 DNS 81 Standard query 0xbfa7 AAAA 3.debian.pool.ntp.org
36 2.108057471 Cisco_38:6d:12 → Broadcast ARP 60 Who has xxx.yy.zz.79? Tell xxx.yy.zz.65
37 2.131911664 Cisco_38:6d:12 → Broadcast ARP 60 Who has xxx.yy.zz.76? Tell xxx.yy.zz.65
38 2.144462032 3.98.56.110 → xxx.yy.zz.66 ICMP 60 Echo (ping) request id=0x001c, seq=5255/34580, ttl=235
39 2.144477012 xxx.yy.zz.66 → 3.98.56.110 ICMP 50 Echo (ping) reply id=0x001c, seq=5255/34580, ttl=64 (request in 38)
40 2.291010151 Cisco_38:6d:12 → Broadcast ARP 60 Who has xxx.yy.zz.111? Tell xxx.yy.zz.65
41 2.316904258 Cisco_38:6d:12 → Broadcast ARP 60 Who has xxx.yy.zz.77? Tell xxx.yy.zz.65
42 2.352877657 Cisco_38:6d:12 → Broadcast ARP 60 Who has xxx.yy.zz.70? Tell xxx.yy.zz.65
43 2.416579573 50.18.18.122 → xxx.yy.zz.66 ICMP 60 Echo (ping) request id=0x0010, seq=4240/36880, ttl=240
44 2.416664695 xxx.yy.zz.66 → 50.18.18.122 ICMP 50 Echo (ping) reply id=0x0010, seq=4240/36880, ttl=64 (request in 43)
45 2.521162955 Cisco_38:6d:12 → Broadcast ARP 60 Who has xxx.yy.zz.123? Tell xxx.yy.zz.65
46 2.552056162 xxx.yy.zz.66 → AAA.BBB.CCC.100 TCP 110 52066 → 46078 [PSH, ACK] Seq=381 Ack=1 Win=501 Len=44 TSval=2103966530 TSecr=4101269763
47 2.565199356 AAA.BBB.CCC.100 → xxx.yy.zz.66 TCP 66 46078 → 52066 [ACK] Seq=1 Ack=425 Win=976 Len=0 TSval=4101270275 TSecr=2103966530
48 2.580807803 13.57.177.210 → xxx.yy.zz.66 ICMP 60 Echo (ping) request id=0x0010, seq=4240/36880, ttl=240
49 2.580834004 xxx.yy.zz.66 → 13.57.177.210 ICMP 50 Echo (ping) reply id=0x0010, seq=4240/36880, ttl=64 (request in 48)
50 2.632892734 Cisco_38:6d:12 → Broadcast ARP 60 Who has xxx.yy.zz.67? Tell xxx.yy.zz.65
51 2.843169158 15.228.121.86 → xxx.yy.zz.66 ICMP 60 Echo (ping) request id=0x001c, seq=3180/27660, ttl=240
52 2.843217650 xxx.yy.zz.66 → 15.228.121.86 ICMP 50 Echo (ping) reply id=0x001c, seq=3180/27660, ttl=64 (request in 51)
53 2.889001646 18.231.197.237 → xxx.yy.zz.66 ICMP 60 Echo (ping) request id=0x001c, seq=3180/27660, ttl=240
54 2.889039477 xxx.yy.zz.66 → 18.231.197.237 ICMP 50 Echo (ping) reply id=0x001c, seq=3180/27660, ttl=64 (request in 53)
55 3.008753755 Cisco_38:6d:12 → Broadcast ARP 60 Who has xxx.yy.zz.119? Tell xxx.yy.zz.65
56 3.011880907 43.198.182.71 → xxx.yy.zz.66 ICMP 60 Echo (ping) request id=0x0019, seq=7219/13084, ttl=239
57 3.011910388 xxx.yy.zz.66 → 43.198.182.71 ICMP 50 Echo (ping) reply id=0x0019, seq=7219/13084, ttl=64 (request in 56)
58 3.064075211 xxx.yy.zz.66 → AAA.BBB.CCC.100 TCP 110 52066 → 46078 [PSH, ACK] Seq=425 Ack=1 Win=501 Len=44 TSval=2103967042 TSecr=4101270275
59 3.077078642 AAA.BBB.CCC.100 → xxx.yy.zz.66 TCP 66 46078 → 52066 [ACK] Seq=1 Ack=469 Win=976 Len=0 TSval=4101270787 TSecr=2103967042
60 3.102958338 xxx.yy.zz.75 → 9.9.9.9 DNS 81 Standard query 0x814c A 3.debian.pool.ntp.org
61 3.102971398 xxx.yy.zz.75 → 9.9.9.9 DNS 81 Standard query 0xda49 AAAA 3.debian.pool.ntp.org
62 3.110296360 Cisco_38:6d:12 → Broadcast ARP 60 Who has xxx.yy.zz.75? Tell xxx.yy.zz.65
63 3.112782054 18.231.159.131 → xxx.yy.zz.66 ICMP 60 Echo (ping) request id=0x001c, seq=3180/27660, ttl=240
64 3.112820235 xxx.yy.zz.66 → 18.231.159.131 ICMP 50 Echo (ping) reply id=0x001c, seq=3180/27660, ttl=64 (request in 63)
65 3.259130359 Cisco_4b:9a:83 → Spanning-tree-(for-bridges)_00 STP 60 Conf. Root = 32768/200/00:17:e0:4b:9a:80 Cost = 0 Port = 0x8039
66 3.275905237 18.162.229.18 → xxx.yy.zz.66 ICMP 60 Echo (ping) request id=0x0019, seq=7219/13084, ttl=239
67 3.275943448 xxx.yy.zz.66 → 18.162.229.18 ICMP 50 Echo (ping) reply id=0x0019, seq=7219/13084, ttl=64 (request in 66)
68 3.297969844 Cisco_38:6d:12 → Broadcast ARP 60 Who has xxx.yy.zz.107? Tell xxx.yy.zz.65
69 3.306341852 Cisco_38:6d:12 → Broadcast ARP 60 Who has xxx.yy.zz.88? Tell xxx.yy.zz.65
70 3.390180006 18.166.78.236 → xxx.yy.zz.66 ICMP 60 Echo (ping) request id=0x0019, seq=7219/13084, ttl=239
71 3.390214777 xxx.yy.zz.66 → 18.166.78.236 ICMP 50 Echo (ping) reply id=0x0019, seq=7219/13084, ttl=64 (request in 70)
72 3.477311490 xxx.yy.zz.72 → 9.9.9.9 DNS 81 Standard query 0x5808 A 3.debian.pool.ntp.org
73 3.477330230 xxx.yy.zz.72 → 9.9.9.9 DNS 81 Standard query 0x690d AAAA 3.debian.pool.ntp.org
74 3.484476827 Cisco_38:6d:12 → Broadcast ARP 60 Who has xxx.yy.zz.72? Tell xxx.yy.zz.65
75 3.521324690 Cisco_38:6d:12 → Broadcast ARP 60 Who has xxx.yy.zz.90? Tell xxx.yy.zz.65
76 3.576024989 xxx.yy.zz.66 → AAA.BBB.CCC.100 TCP 110 52066 → 46078 [PSH, ACK] Seq=469 Ack=1 Win=501 Len=44 TSval=2103967554 TSecr=4101270787
77 3.588756381 AAA.BBB.CCC.100 → xxx.yy.zz.66 TCP 66 46078 → 52066 [ACK] Seq=1 Ack=513 Win=976 Len=0 TSval=4101271299 TSecr=2103967554
78 3.589325465 15.237.191.139 → xxx.yy.zz.66 ICMP 60 Echo (ping) request id=0x0013, seq=6909/64794, ttl=227
79 3.589359166 xxx.yy.zz.66 → 15.237.191.139 ICMP 50 Echo (ping) reply id=0x0013, seq=6909/64794, ttl=64 (request in 78)
80 3.627595686 35.93.111.226 → xxx.yy.zz.66 ICMP 60 Echo (ping) request id=0x001f, seq=9701/58661, ttl=230
81 3.627626226 xxx.yy.zz.66 → 35.93.111.226 ICMP 50 Echo (ping) reply id=0x001f, seq=9701/58661, ttl=64 (request in 80)
82 3.641402657 44.234.187.0 → xxx.yy.zz.66 ICMP 60 Echo (ping) request id=0x001f, seq=9701/58661, ttl=235
83 3.641431357 xxx.yy.zz.66 → 44.234.187.0 ICMP 50 Echo (ping) reply id=0x001f, seq=9701/58661, ttl=64 (request in 82)
84 3.653447571 34.211.216.213 → xxx.yy.zz.66 ICMP 60 Echo (ping) request id=0x001f, seq=9701/58661, ttl=235
85 3.653475792 xxx.yy.zz.66 → 34.211.216.213 ICMP 50 Echo (ping) reply id=0x001f, seq=9701/58661, ttl=64 (request in 84)
86 3.777317218 35.86.175.62 → xxx.yy.zz.66 ICMP 60 Echo (ping) request id=0x001f, seq=9701/58661, ttl=230
87 3.777349769 xxx.yy.zz.66 → 35.86.175.62 ICMP 50 Echo (ping) reply id=0x001f, seq=9701/58661, ttl=64 (request in 86)
88 3.783516331 15.188.55.70 → xxx.yy.zz.66 ICMP 60 Echo (ping) request id=0x0013, seq=6909/64794, ttl=230
89 3.783545501 xxx.yy.zz.66 → 15.188.55.70 ICMP 50 Echo (ping) reply id=0x0013, seq=6909/64794, ttl=64 (request in 88)
90 3.790172824 13.38.38.103 → xxx.yy.zz.66 ICMP 60 Echo (ping) request id=0x0013, seq=6909/64794, ttl=227
91 3.790202745 xxx.yy.zz.66 → 13.38.38.103 ICMP 50 Echo (ping) reply id=0x0013, seq=6909/64794, ttl=64 (request in 90)
92 3.978088546 15.152.213.193 → xxx.yy.zz.66 ICMP 60 Echo (ping) request id=0x001b, seq=8413/56608, ttl=239
93 3.978124246 xxx.yy.zz.66 → 15.152.213.193 ICMP 50 Echo (ping) reply id=0x001b, seq=8413/56608, ttl=64 (request in 92)
94 3.998845908 18.142.119.220 → xxx.yy.zz.66 ICMP 60 Echo (ping) request id=0x0010, seq=10979/58154, ttl=232
95 3.998876049 xxx.yy.zz.66 → 18.142.119.220 ICMP 50 Echo (ping) reply id=0x0010, seq=10979/58154, ttl=64 (request in 94)
96 4.036023579 13.213.15.99 → xxx.yy.zz.66 ICMP 60 Echo (ping) request id=0x0010, seq=10979/58154, ttl=233
97 4.036039530 xxx.yy.zz.66 → 13.213.15.99 ICMP 50 Echo (ping) reply id=0x0010, seq=10979/58154, ttl=64 (request in 96)
98 4.088093580 xxx.yy.zz.66 → AAA.BBB.CCC.100 TCP 110 52066 → 46078 [PSH, ACK] Seq=513 Ack=1 Win=501 Len=44 TSval=2103968066 TSecr=4101271299
99 4.101008767 AAA.BBB.CCC.100 → xxx.yy.zz.66 TCP 66 46078 → 52066 [ACK] Seq=1 Ack=557 Win=976 Len=0 TSval=4101271811 TSecr=2103968066
100 4.107838966 13.250.1.144 → xxx.yy.zz.66 ICMP 60 Echo (ping) request id=0x0010, seq=10979/58154, ttl=232
101 4.107871577 xxx.yy.zz.66 → 13.250.1.144 ICMP 50 Echo (ping) reply id=0x0010, seq=10979/58154, ttl=64 (request in 100)
102 4.121379900 13.246.24.76 → xxx.yy.zz.66 ICMP 60 Echo (ping) request id=0x0003, seq=11941/42286, ttl=218
103 4.121407080 xxx.yy.zz.66 → 13.246.24.76 ICMP 50 Echo (ping) reply id=0x0003, seq=11941/42286, ttl=64 (request in 102)
104 4.151933008 16.170.248.7 → xxx.yy.zz.66 ICMP 60 Echo (ping) request id=0x001c, seq=11847/18222, ttl=223
105 4.151945949 xxx.yy.zz.66 → 16.170.248.7 ICMP 50 Echo (ping) reply id=0x001c, seq=11847/18222, ttl=64 (request in 104)
106 4.152527104 13.245.75.183 → xxx.yy.zz.66 ICMP 60 Echo (ping) request id=0x0003, seq=11941/42286, ttl=217
107 4.152540434 xxx.yy.zz.66 → 13.245.75.183 ICMP 50 Echo (ping) reply id=0x0003, seq=11941/42286, ttl=64 (request in 106)
108 4.156140268 51.20.135.180 → xxx.yy.zz.66 ICMP 60 Echo (ping) request id=0x001c, seq=11847/18222, ttl=223
109 4.156171119 xxx.yy.zz.66 → 51.20.135.180 ICMP 50 Echo (ping) reply id=0x001c, seq=11847/18222, ttl=64 (request in 108)
110 4.174991721 43.218.128.209 → xxx.yy.zz.66 ICMP 60 Echo (ping) request id=0x0018, seq=7104/49179, ttl=236
111 4.175021852 xxx.yy.zz.66 → 43.218.128.209 ICMP 50 Echo (ping) reply id=0x0018, seq=7104/49179, ttl=64 (request in 110)
112 4.221632469 15.152.16.214 → xxx.yy.zz.66 ICMP 60 Echo (ping) request id=0x001b, seq=8413/56608, ttl=234
113 4.221659790 xxx.yy.zz.66 → 15.152.16.214 ICMP 50 Echo (ping) reply id=0x001b, seq=8413/56608, ttl=64 (request in 112)
114 4.228591711 35.177.88.72 → xxx.yy.zz.66 ICMP 60 Echo (ping) request id=0x001c, seq=11557/9517, ttl=221
115 4.228619782 xxx.yy.zz.66 → 35.177.88.72 ICMP 50 Echo (ping) reply id=0x001c, seq=11557/9517, ttl=64 (request in 114)
116 4.236361415 108.136.53.174 → xxx.yy.zz.66 ICMP 60 Echo (ping) request id=0x0018, seq=7104/49179, ttl=236
117 4.236395455 xxx.yy.zz.66 → 108.136.53.174 ICMP 50 Echo (ping) reply id=0x0018, seq=7104/49179, ttl=64 (request in 116)
118 4.242789752 13.208.242.249 → xxx.yy.zz.66 ICMP 60 Echo (ping) request id=0x001b, seq=8413/56608, ttl=234
119 4.242819313 xxx.yy.zz.66 → 13.208.242.249 ICMP 50 Echo (ping) reply id=0x001b, seq=8413/56608, ttl=64 (request in 118)
120 4.280620221 108.137.10.5 → xxx.yy.zz.66 ICMP 60 Echo (ping) request id=0x0018, seq=7104/49179, ttl=236
121 4.280649431 xxx.yy.zz.66 → 108.137.10.5 ICMP 50 Echo (ping) reply id=0x0018, seq=7104/49179, ttl=64 (request in 120)
122 4.290942720 108.136.169.188 → xxx.yy.zz.66 ICMP 60 Echo (ping) request id=0x0018, seq=7104/49179, ttl=236
123 4.290970531 xxx.yy.zz.66 → 108.136.169.188 ICMP 50 Echo (ping) reply id=0x0018, seq=7104/49179, ttl=64 (request in 122)
124 4.305231103 43.218.122.133 → xxx.yy.zz.66 ICMP 60 Echo (ping) request id=0x0018, seq=7104/49179, ttl=236
125 4.305258184 xxx.yy.zz.66 → 43.218.122.133 ICMP 50 Echo (ping) reply id=0x0018, seq=7104/49179, ttl=64 (request in 124)
126 4.326986992 Cisco_38:6d:12 → Broadcast ARP 60 Who has xxx.yy.zz.104? Tell xxx.yy.zz.65
127 4.327514916 xxx.yy.zz.84 → 9.9.9.9 DNS 81 Standard query 0xa581 A 3.debian.pool.ntp.org
128 4.327558327 xxx.yy.zz.84 → 9.9.9.9 DNS 81 Standard query 0x9c8e AAAA 3.debian.pool.ntp.org
129 4.335285719 Cisco_38:6d:12 → Broadcast ARP 60 Who has xxx.yy.zz.84? Tell xxx.yy.zz.65
130 4.335883485 13.48.132.73 → xxx.yy.zz.66 ICMP 60 Echo (ping) request id=0x001c, seq=11847/18222, ttl=231
131 4.335916855 xxx.yy.zz.66 → 13.48.132.73 ICMP 50 Echo (ping) reply id=0x001c, seq=11847/18222, ttl=64 (request in 130)
132 4.358499256 43.218.96.111 → xxx.yy.zz.66 ICMP 60 Echo (ping) request id=0x0018, seq=7104/49179, ttl=236
133 4.358526497 xxx.yy.zz.66 → 43.218.96.111 ICMP 50 Echo (ping) reply id=0x0018, seq=7104/49179, ttl=64 (request in 132)
134 4.447190213 18.133.157.17 → xxx.yy.zz.66 ICMP 60 Echo (ping) request id=0x001c, seq=11557/9517, ttl=221
135 4.447219094 xxx.yy.zz.66 → 18.133.157.17 ICMP 50 Echo (ping) reply id=0x001c, seq=11557/9517, ttl=64 (request in 134)
136 4.449259067 Cisco_38:6d:12 → Broadcast ARP 60 Who has xxx.yy.zz.98? Tell xxx.yy.zz.65
137 4.453182560 13.244.115.190 → xxx.yy.zz.66 ICMP 60 Echo (ping) request id=0x0003, seq=11941/42286, ttl=218
138 4.453210711 xxx.yy.zz.66 → 13.244.115.190 ICMP 50 Echo (ping) reply id=0x0003, seq=11941/42286, ttl=64 (request in 137)
139 4.463823607 Cisco_38:6d:12 → Broadcast ARP 60 Who has xxx.yy.zz.71? Tell xxx.yy.zz.65
140 4.500021642 15.160.165.39 → xxx.yy.zz.66 ICMP 60 Echo (ping) request id=0x0019, seq=14751/40761, ttl=230
141 4.500048743 xxx.yy.zz.66 → 15.160.165.39 ICMP 50 Echo (ping) reply id=0x0019, seq=14751/40761, ttl=64 (request in 140)
142 4.505587008 15.161.49.59 → xxx.yy.zz.66 ICMP 60 Echo (ping) request id=0x0019, seq=14751/40761, ttl=230
143 4.505614059 xxx.yy.zz.66 → 15.161.49.59 ICMP 50 Echo (ping) reply id=0x0019, seq=14751/40761, ttl=64 (request in 142)
144 4.511312558 184.72.74.241 → xxx.yy.zz.66 ICMP 60 Echo (ping) request id=0x0007, seq=1246/56836, ttl=241
145 4.511340179 xxx.yy.zz.66 → 184.72.74.241 ICMP 50 Echo (ping) reply id=0x0007, seq=1246/56836, ttl=64 (request in 144)
146 4.514543652 3.91.173.196 → xxx.yy.zz.66 ICMP 60 Echo (ping) request id=0x0007, seq=1246/56836, ttl=234
147 4.514559413 xxx.yy.zz.66 → 3.91.173.196 ICMP 50 Echo (ping) reply id=0x0007, seq=1246/56836, ttl=64 (request in 146)
148 4.539497274 Cisco_38:6d:12 → Broadcast ARP 60 Who has xxx.yy.zz.118? Tell xxx.yy.zz.65
149 4.548037617 107.22.59.24 → xxx.yy.zz.66 ICMP 60 Echo (ping) request id=0x0007, seq=1246/56836, ttl=243
150 4.548071808 xxx.yy.zz.66 → 107.22.59.24 ICMP 50 Echo (ping) reply id=0x0007, seq=1246/56836, ttl=64 (request in 149)
151 4.600039555 xxx.yy.zz.66 → AAA.BBB.CCC.100 TCP 110 52066 → 46078 [PSH, ACK] Seq=557 Ack=1 Win=501 Len=44 TSval=2103968578 TSecr=4101271811
152 4.612979573 AAA.BBB.CCC.100 → xxx.yy.zz.66 TCP 66 46078 → 52066 [ACK] Seq=1 Ack=601 Win=976 Len=0 TSval=4101272323 TSecr=2103968578
153 4.642188096 13.40.210.187 → xxx.yy.zz.66 ICMP 60 Echo (ping) request id=0x001c, seq=11557/9517, ttl=221
154 4.642205517 xxx.yy.zz.66 → 13.40.210.187 ICMP 50 Echo (ping) reply id=0x001c, seq=11557/9517, ttl=64 (request in 153)
155 4.645201846 3.81.37.36 → xxx.yy.zz.66 ICMP 60 Echo (ping) request id=0x0007, seq=1246/56836, ttl=239
156 4.645223056 xxx.yy.zz.66 → 3.81.37.36 ICMP 50 Echo (ping) reply id=0x0007, seq=1246/56836, ttl=64 (request in 155)
157 4.712159875 35.152.58.60 → xxx.yy.zz.66 ICMP 60 Echo (ping) request id=0x0019, seq=14751/40761, ttl=237
158 4.712197716 xxx.yy.zz.66 → 35.152.58.60 ICMP 50 Echo (ping) reply id=0x0019, seq=14751/40761, ttl=64 (request in 157)
159 4.727937797 3.238.94.144 → xxx.yy.zz.66 ICMP 60 Echo (ping) request id=0x0007, seq=1246/56836, ttl=241
160 4.727970908 xxx.yy.zz.66 → 3.238.94.144 ICMP 50 Echo (ping) reply id=0x0007, seq=1246/56836, ttl=64 (request in 159)
161 4.757016977 Cisco_38:6d:12 → Broadcast ARP 60 Who has xxx.yy.zz.111? Tell xxx.yy.zz.65
162 4.937402820 Cisco_38:6d:12 → Broadcast ARP 60 Who has xxx.yy.zz.87? Tell xxx.yy.zz.65
163 4.989249764 57.180.10.186 → xxx.yy.zz.66 ICMP 60 Echo (ping) request id=0x001a, seq=19015/18250, ttl=240
164 4.989278045 xxx.yy.zz.66 → 57.180.10.186 ICMP 50 Echo (ping) reply id=0x001a, seq=19015/18250, ttl=64 (request in 163)
165 5.112207617 xxx.yy.zz.66 → AAA.BBB.CCC.100 TCP 110 52066 → 46078 [PSH, ACK] Seq=601 Ack=1 Win=501 Len=44 TSval=2103969090 TSecr=4101272323
166 5.125105664 AAA.BBB.CCC.100 → xxx.yy.zz.66 TCP 66 46078 → 52066 [ACK] Seq=1 Ack=645 Win=976 Len=0 TSval=4101272835 TSecr=2103969090
167 5.212632121 Cisco_38:6d:12 → Broadcast ARP 60 Who has xxx.yy.zz.122? Tell xxx.yy.zz.65
168 5.264012714 Cisco_4b:9a:83 → Spanning-tree-(for-bridges)_00 STP 60 Conf. Root = 32768/200/00:17:e0:4b:9a:80 Cost = 0 Port = 0x8039
169 5.287631441 Cisco_38:6d:12 → Broadcast ARP 60 Who has xxx.yy.zz.89? Tell xxx.yy.zz.65
170 5.304689666 52.194.242.74 → xxx.yy.zz.66 ICMP 60 Echo (ping) request id=0x001a, seq=19015/18250, ttl=240
171 5.304726357 xxx.yy.zz.66 → 52.194.242.74 ICMP 50 Echo (ping) reply id=0x001a, seq=19015/18250, ttl=64 (request in 170)
172 5.306987946 Cisco_38:6d:12 → Broadcast ARP 60 Who has xxx.yy.zz.81? Tell xxx.yy.zz.65
173 5.401356382 Cisco_38:6d:12 → Broadcast ARP 60 Who has xxx.yy.zz.70? Tell xxx.yy.zz.65
174 5.424358014 35.77.36.234 → xxx.yy.zz.66 ICMP 60 Echo (ping) request id=0x001a, seq=19015/18250, ttl=236
175 5.424389285 xxx.yy.zz.66 → 35.77.36.234 ICMP 50 Echo (ping) reply id=0x001a, seq=19015/18250, ttl=64 (request in 174)
176 5.623788083 xxx.yy.zz.66 → AAA.BBB.CCC.100 TCP 110 52066 → 46078 [PSH, ACK] Seq=645 Ack=1 Win=501 Len=44 TSval=2103969602 TSecr=4101272835
177 5.636719841 AAA.BBB.CCC.100 → xxx.yy.zz.66 TCP 66 46078 → 52066 [ACK] Seq=1 Ack=689 Win=976 Len=0 TSval=4101273347 TSecr=2103969602
178 5.645716537 3.38.195.109 → xxx.yy.zz.66 ICMP 60 Echo (ping) request id=0x0011, seq=20803/17233, ttl=234
179 5.645734947 xxx.yy.zz.66 → 3.38.195.109 ICMP 50 Echo (ping) reply id=0x0011, seq=20803/17233, ttl=64 (request in 178)
180 5.671727546 Cisco_38:6d:12 → Broadcast ARP 60 Who has xxx.yy.zz.117? Tell xxx.yy.zz.65
181 5.698625419 3.249.209.39 → xxx.yy.zz.66 ICMP 60 Echo (ping) request id=0x000f, seq=20179/54094, ttl=242
182 5.698644990 xxx.yy.zz.66 → 3.249.209.39 ICMP 50 Echo (ping) reply id=0x000f, seq=20179/54094, ttl=64 (request in 181)
183 5.725291076 18.195.76.252 → xxx.yy.zz.66 ICMP 60 Echo (ping) request id=0x0018, seq=20299/19279, ttl=245
184 5.725319496 xxx.yy.zz.66 → 18.195.76.252 ICMP 50 Echo (ping) reply id=0x0018, seq=20299/19279, ttl=64 (request in 183)
185 5.749527569 34.207.155.111 → xxx.yy.zz.66 ICMP 60 Echo (ping) request id=0x0007, seq=1246/56836, ttl=240
186 5.749555820 xxx.yy.zz.66 → 34.207.155.111 ICMP 50 Echo (ping) reply id=0x0007, seq=1246/56836, ttl=64 (request in 185)
187 5.768613067 Cisco_38:6d:12 → Broadcast ARP 60 Who has xxx.yy.zz.119? Tell xxx.yy.zz.65
188 5.847884299 3.36.107.65 → xxx.yy.zz.66 ICMP 60 Echo (ping) request id=0x0011, seq=20803/17233, ttl=236
189 5.847919900 xxx.yy.zz.66 → 3.36.107.65 ICMP 50 Echo (ping) reply id=0x0011, seq=20803/17233, ttl=64 (request in 188)
190 5.870722905 3.75.133.205 → xxx.yy.zz.66 ICMP 60 Echo (ping) request id=0x0018, seq=20299/19279, ttl=245
191 5.870738346 xxx.yy.zz.66 → 3.75.133.205 ICMP 50 Echo (ping) reply id=0x0018, seq=20299/19279, ttl=64 (request in 190)
192 5.898272285 34.253.233.107 → xxx.yy.zz.66 ICMP 60 Echo (ping) request id=0x000f, seq=20179/54094, ttl=242
193 5.898300926 xxx.yy.zz.66 → 34.253.233.107 ICMP 50 Echo (ping) reply id=0x000f, seq=20179/54094, ttl=64 (request in 192)
194 5.912638270 3.79.155.238 → xxx.yy.zz.66 ICMP 60 Echo (ping) request id=0x0018, seq=20299/19279, ttl=245
195 5.912667041 xxx.yy.zz.66 → 3.79.155.238 ICMP 50 Echo (ping) reply id=0x0018, seq=20299/19279, ttl=64 (request in 194)
196 5.997925709 54.78.141.254 → xxx.yy.zz.66 ICMP 60 Echo (ping) request id=0x000f, seq=20179/54094, ttl=243
197 5.997953370 xxx.yy.zz.66 → 54.78.141.254 ICMP 50 Echo (ping) reply id=0x000f, seq=20179/54094, ttl=64 (request in 196)
198 6.064569640 Cisco_38:6d:12 → Broadcast ARP 60 Who has xxx.yy.zz.86? Tell xxx.yy.zz.65
199 6.078082723 3.34.146.76 → xxx.yy.zz.66 ICMP 60 Echo (ping) request id=0x0011, seq=20803/17233, ttl=234
200 6.078119224 xxx.yy.zz.66 → 3.34.146.76 ICMP 50 Echo (ping) reply id=0x0011, seq=20803/17233, ttl=64 (request in 199)
In den Zeilen 1/2, 5/6, 22/23 etc. sieht man, dass zwischen dem KVM-Host "xxx.yy.zz.66" und mir etwas passiert. "xxx.yy.zz.70", was ich anpinge taucht, nirgends auf.
Dafür sieht man in den Zeilen 15, 24 wie "xxx.yy.zz.84" und "xxx.yy.zz.85", zwei DNS-Server mit ihren externen IP-Adressen 8.8.8.8 abfragen, auch xxx.yy.zz.79 fragt den 9.9.9.9 in 34 ab.
Also in die eine Richtung scheint das Nat zu funktionieren, in die eingehende Richtung leider nicht.
Das Ändern des Parameters in der shorewall.conf hatte keine Auswirkung gezeigt.