The Network Status subsection displays the following in top-down order:
Interfaces - This section displays information on all your network devices. This includes PPP, OpenVPN, IPSec, Loopback, etc. Basically this is the output of ifconfig
You will find each interface name colored with the appropriate zones color. The purple color identifies interfaces which belongs to a VPN. Since each zone in reality is a bridge to which all assigned interface are joined, you need to take a look at the interfaces beginning with br. They are the real zone interfaces which are holding the ip addresses you configured, however they are virtual interfaces. The interfaces beginning with eth are the physically existing network cards. The interface called lo is the loopback interface. This one is needed to allow communication with the machine itself without to leave any real network card. You may also find interfaces beginning with tap. That one will be used for openvpn tunnels.
Each interface shows a bunch of information at the right side. If you like to know more than it would be probably better to read the Network Administrators Guide. Here you will find a short description about the most important values:
Specifies the link type. Values like Ethernet, Local Loopback, Pont-to-Point Protocol may appear here.
The hardware address (MAC) of the respective interface
The IP address which has been assigned to the interface. You may notice that the interfaces which are part of a bridge does not have an ip address.
The broadcast address which has been assigned to the interface.
The network mask which has been assigned to the interface.
This lines shows how many packets has been received or transmitted errorfree, how many error occurred, how many packets were dropped, probably because of low memory, and how many were lost because of an overrun. Receiver overruns usually happen when packets come in faster than the kernel can service the last interrupt.
This lines shows the data volume which has been received or transmitted by this interface.
Between the lines descibed above you find a line with information about the status and options set for the respective interface. You probably may be concerned about the PROMISC option which is set for most interfaces. Most physically mounted network cards are put into promiscuous mode since they are all part of a bridge and therefore need to be in this mode.
Displays the DHCP configuration on your RED interfaces if the DHCP is required by your internet connection.
Displays the contents of the /var/state/dhcp/dhcpd.leases file if the DHCP server is enabled. The current dynamic leases are listed, with hostnames if available, and expiry dates.
Leases that have expired are scored through.
This section will only be visible if DHCP is enabled. Refer to the section on the DHCP Server for details.
This is the output of route -n, which shows the kernel routing table. The routing table lets the kernel know which block of ip addresses it can find behind which interface. Most of the lines which you see in the output contain information about your local networks. But since you need the firewall to have connections to the internet, which in fact are all destinations with ip addresses which are not directly known to the kernel there is need of an entry which sends all packets to a specific ip address in hope that that host knows more about the delivery. That host is called default gateway. Within your output you may identify this configuration in the line with destination network address 0.0.0.0, which means all destinations.
Besides, each line shows you the following information:
Specifies the destination network address. The kernel compares the destination ip address of each packet passing through it with this destination network address and so searches an entry to which network the ip address may belong to.
Specifies the gateway, which is the host to which the packet should be sent. 0.0.0.0 means, put it on the media (LAN) and do not send it to a specific host.
The network mask of the respective network.
The only interesting flags would be the following:
U - means that the route is up.
G - means that the route uses the gateway address specified by gateway.
H - means that the route entry is a host route, which is true only for a host instead a whole network. You may notice that the netmask in this case is 255.255.255.255.
Specifies the interface through which the kernel will send the packets away if the respective routing entry applies.
This is the output of arp -n, which displays the ARP cache. In LAN's on deepest layer the network interfaces will not be addressed by an IP addres, but by the MAC address. In order to let the kernel know which IP address is assigned to which MAC address, the kernel sends an ARP request which basically is a broadcast packet which asks all connected network interfaces who has the desired IP address. The one who has the relevant IP address, responds with an ARP response including it's MAC address. In order that the kernel does not have to send ARP requests all the time, responses will be cached in the ARP table for a while.
The output will show you the actual cached assignements of the ip address (Address) to MAC address (HWaddress). Additionally you see also behind which interface you can find the network card with the respective MAC address (Iface).
You may notice lines with [incomplete] instead of a MAC address. This will happen if someone tried to reach an ip address which is currently not available because it is wrong or the device with the assigned ip address is currently down or not connected.