[ previous ] [ next ] [ threads ]
 
 From:  "Soren Vanggaard Jensen" <svanggaard at hotmail dot com>
 To:  leesharp at hal dash pc dot org, m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Mono lockup - status?
 Date:  Sun, 20 Nov 2005 20:11:44 +0000
Hi,

Below you'll find the configfile. Note that the 3'rd NIC has been added 3 
days ago. That is, the 3 NIC's does not have any influence on the problem.

regards


<?xml version="1.0"?>
<m0n0wall>
	<version>1.6</version>
	<lastchange>1132440572</lastchange>
	<system>
		<hostname>m0n0wallveb</hostname>
		<domain>veb.local</domain>
		<username>qqq</username>
		<password>zzz/</password>
		<timezone>Europe/Copenhagen</timezone>
		<time-update-interval>300</time-update-interval>
		<timeservers>193.162.159.194 193.162.145.130</timeservers>
		<webgui>
			<protocol>http</protocol>
			<port/>
			<certificate/>
			<private-key/>
			<expanddiags/>
		</webgui>
		<dnsserver>194.239.134.83</dnsserver>
		<dnsserver>193.162.153.164</dnsserver>
	</system>
	<interfaces>
		<lan>
			<if>bge0</if>
			<ipaddr>192.168.0.1</ipaddr>
			<subnet>24</subnet>
			<media/>
			<mediaopt/>
		</lan>
		<wan>
			<if>bge1</if>
			<mtu>1500</mtu>
			<media/>
			<mediaopt/>
			<spoofmac/>
			<ipaddr>xxx.yyy.57.2</ipaddr>
			<subnet>28</subnet>
			<gateway>xxx.yyy.57.1</gateway>
		</wan>
		<opt1>
			<if>sk0</if>
			<descr>OPT1 DMZ</descr>
			<ipaddr/>
			<subnet>31</subnet>
			<bridge>wan</bridge>
			<enable/>
		</opt1>
	</interfaces>
	<staticroutes>
		<route>
			<interface>lan</interface>
			<network>xxx.yyy.57.6/32</network>
			<gateway>192.168.0.10</gateway>
			<descr>ASMASTER </descr>
		</route>
		<route>
			<interface>lan</interface>
			<network>xxx.yyy.57.7/32</network>
			<gateway>192.168.0.10</gateway>
			<descr> ASCOMET</descr>
		</route>
		<route>
			<interface>lan</interface>
			<network>xxx.yyy.57.8/32</network>
			<gateway>192.168.0.10</gateway>
			<descr>ASTEROID</descr>
		</route>
		<route>
			<interface>lan</interface>
			<network>xxx.yyy.57.9/32</network>
			<gateway>192.168.0.10</gateway>
			<descr>xxx</descr>
		</route>
		<route>
			<interface>lan</interface>
			<network>xxx.yyy.57.5/32</network>
			<gateway>192.168.0.50</gateway>
			<descr>static to xxx</descr>
		</route>
	</staticroutes>
	<pppoe/>
	<pptp/>
	<bigpond/>
	<dyndns>
		<type>dyndns</type>
		<username/>
		<password/>
		<host/>
		<mx/>
	</dyndns>
	<dnsupdate/>
	<dhcpd>
		<lan>
			<enable/>
			<range>
				<from>192.168.0.101</from>
				<to>192.168.0.250</to>
			</range>
			<defaultleasetime/>
			<maxleasetime/>
			<staticmap>
				<mac>00:12:d9:6f:e4:93</mac>
				<ipaddr>192.168.0.10</ipaddr>
				<descr>internal firewall</descr>
			</staticmap>
			<staticmap>
				<mac>00:01:e6:59:7a:ba</mac>
				<ipaddr>192.168.0.15</ipaddr>
				<descr>Shared laser printer</descr>
			</staticmap>
			<staticmap>
				<mac>00:0c:41:9d:61:e2</mac>
				<ipaddr>192.168.0.40</ipaddr>
				<descr>int firewall WAN</descr>
			</staticmap>
			<staticmap>
				<mac>00:0c:6e:b8:e6:d6</mac>
				<ipaddr>192.168.0.50</ipaddr>
				<descr> CVS</descr>
			</staticmap>
			<staticmap>
				<mac>00:0d:88:63:04:db</mac>
				<ipaddr>192.168.0.100</ipaddr>
				<descr>Asterisk PBX</descr>
			</staticmap>
			<staticmap>
				<mac>00:40:F4:D2:2A:BB</mac>
				<ipaddr>192.168.0.254</ipaddr>

			</staticmap>
		</lan>
	</dhcpd>
	<pptpd>
		<mode>off</mode>
		<redir/>
		<localip>xxx.yyy.57.2</localip>
		<remoteip>192.168.1.0</remoteip>
		<radius>
			<server/>
			<secret/>
		</radius>
	</pptpd>
	<dnsmasq>
		<hosts>
			<host>apps</host>
			<domain>abc.dk</domain>
			<ip>xxx.yyy.57.8</ip>
			<descr> apps server</descr>
		</hosts>
		<hosts>
			<host>asxerox6100</host>
			<domain>abc.dk</domain>
			<ip>192.168.0.10</ip>
			<descr>Xerox printer in our domain</descr>
		</hosts>
		<hosts>
			<host>demo</host>
			<domain>abc.dk</domain>
			<ip>xxx.yyy.57.8</ip>
			<descr>demo</descr>
		</hosts>
		<hosts>
			<host>ftp</host>
			<domain>app-solutions.com</domain>
			<ip>xxx.yyy.57.7</ip>
			<descr>ftp to ascomet</descr>
		</hosts>
		<hosts>
			<host>server1</host>
			<domain>uvdata.dk</domain>
			<ip>192.168.0.240</ip>
			<descr>server</descr>
		</hosts>
		<enable/>
	</dnsmasq>
	<snmpd>
		<syslocation>site</syslocation>
		<syscontact>svanggaard at hotmail dot com</syscontact>
		<rocommunity>public</rocommunity>
		<enable/>
	</snmpd>
	<diag>
		<ipv6nat>
			<ipaddr/>
		</ipv6nat>
	</diag>
	<bridge>
		<filteringbridge/>
	</bridge>
	<syslog>
		<nentries>300</nentries>
		<remoteserver/>
	</syslog>
	<nat>
		<advancedoutbound>
			<rule>
				<source>
					<network>192.168.0.0/24</network>
				</source>
				<descr>default public ip for clients connected to monowall LAN 
if</descr>
				<target/>
				<interface>wan</interface>
				<destination>
					<any/>
				</destination>
			</rule>
			<rule>
				<source>
					<network>192.168.0.50/32</network>
				</source>
				<descr>Intrapeople public ip</descr>
				<target>xxx.yyy.57.5</target>
				<interface>wan</interface>
				<destination>
					<any/>
				</destination>
			</rule>
			<enable/>
		</advancedoutbound>
		<onetoone>
			<external>xxx.yyy.57.4</external>
			<internal>192.168.0.100</internal>
			<subnet>32</subnet>
			<descr>1:1 to asterisk</descr>
			<interface>wan</interface>
		</onetoone>
	</nat>
	<filter>
		<rule>
			<type>pass</type>
			<interface>wan</interface>
			<source>
				<any/>
			</source>
			<destination>
				<network>opt1</network>
			</destination>
			<log/>
			<frags/>
			<descr>allow traffic to xxx.yyy.57.4</descr>
		</rule>
		<rule>
			<type>pass</type>
			<interface>wan</interface>
			<protocol>tcp/udp</protocol>
			<source>
				<any/>
			</source>
			<destination>
				<address>192.168.0.100</address>
				<port>5060</port>
			</destination>
			<descr>NAT tcp/udp port 5060 to 192.168.0.100(asterisk)</descr>
		</rule>
		<rule>
			<type>pass</type>
			<interface>wan</interface>
			<protocol>udp</protocol>
			<source>
				<any/>
			</source>
			<destination>
				<address>192.168.0.100</address>
				<port>10000-20000</port>
			</destination>
			<descr>NAT inbound RTP til Asterisk</descr>
		</rule>
		<rule>
			<interface>wan</interface>
			<protocol>tcp/udp</protocol>
			<source>
				<any/>
			</source>
			<destination>
				<address>192.168.0.100</address>
				<port>8000</port>
			</destination>
			<descr>NAT RTP to asterisk</descr>
		</rule>
		<rule>
			<type>pass</type>
			<interface>wan</interface>
			<protocol>icmp</protocol>
			<source>
				<any/>
			</source>
			<destination>
				<network>wanip</network>
			</destination>
			<descr>allow ping to firewall</descr>
		</rule>
		<rule>
			<type>pass</type>
			<interface>wan</interface>
			<protocol>tcp</protocol>
			<source>
				<any/>
			</source>
			<destination>
				<network>wanip</network>
				<port>80</port>
			</destination>
			<descr>management from WAN</descr>
		</rule>
		<rule>
			<type>pass</type>
			<interface>wan</interface>
			<protocol>tcp</protocol>
			<source>
				<any/>
			</source>
			<destination>
				<address>192.168.0.100</address>
				<port>80</port>
			</destination>
			<descr>HTTP to asterisk</descr>
		</rule>
		<rule>
			<type>pass</type>
			<interface>wan</interface>
			<protocol>tcp</protocol>
			<source>
				<any/>
			</source>
			<destination>
				<address>192.168.0.100</address>
				<port>22</port>
			</destination>
			<descr>SSH to asterisk</descr>
		</rule>
		<rule>
			<type>pass</type>
			<interface>wan</interface>
			<protocol>icmp</protocol>
			<source>
				<any/>
			</source>
			<destination>
				<address>192.168.0.100</address>
			</destination>
			<descr>allow ping to asterisk</descr>
		</rule>
		<rule>
			<type>pass</type>
			<interface>wan</interface>
			<source>
				<address>212.88.77.218</address>
			</source>
			<destination>
				<any/>
			</destination>
			<log/>
			<frags/>
			<descr>allow kpc vpn in</descr>
		</rule>
		<rule>
			<type>pass</type>
			<interface>wan</interface>
			<source>
				<any/>
			</source>
			<destination>
				<address>212.88.77.218</address>
			</destination>
			<log/>
			<frags/>
			<descr>allow out to zz</descr>
		</rule>
		<rule>
			<type>block</type>
			<interface>wan</interface>
			<protocol>tcp/udp</protocol>
			<source>
				<any/>
			</source>
			<destination>
				<any/>
				<port>6881-6889</port>
			</destination>
			<descr>block bittorrent</descr>
		</rule>
		<rule>
			<type>block</type>
			<interface>wan</interface>
			<protocol>tcp/udp</protocol>
			<source>
				<any/>
			</source>
			<destination>
				<any/>
				<port>445</port>
			</destination>
			<descr>block ms file sharing</descr>
		</rule>
		<rule>
			<type>block</type>
			<interface>wan</interface>
			<protocol>tcp/udp</protocol>
			<source>
				<any/>
			</source>
			<destination>
				<any/>
				<port>135-139</port>
			</destination>
			<descr>block ms netBios, rpc, etc</descr>
		</rule>
		<rule>
			<type>pass</type>
			<interface>wan</interface>
			<source>
				<any/>
			</source>
			<destination>
				<address>192.168.0.10</address>
			</destination>
			<log/>
			<frags/>
			<descr>allow anything to yyy</descr>
		</rule>
		<rule>
			<type>pass</type>
			<interface>wan</interface>
			<protocol>tcp</protocol>
			<source>
				<any/>
			</source>
			<destination>
				<address>xxx.yyy.57.6</address>
			</destination>
			<descr>appSolutions fw -&gt; ASMASTER</descr>
		</rule>
		<rule>
			<type>pass</type>
			<interface>wan</interface>
			<source>
				<any/>
			</source>
			<destination>
				<address>xxx.yyy.57.7</address>
			</destination>
			<descr>appSolutions fw -&gt; ASCOMET</descr>
		</rule>
		<rule>
			<type>pass</type>
			<interface>wan</interface>
			<source>
				<any/>
			</source>
			<destination>
				<address>xxx.yyy.57.8</address>
			</destination>
			<descr>appSolutions fw -&gt; ASTEROID</descr>
		</rule>
		<rule>
			<type>pass</type>
			<interface>wan</interface>
			<protocol>tcp</protocol>
			<source>
				<any/>
			</source>
			<destination>
				<address>xxx.yyy.57.9</address>
			</destination>
			<descr>internal fw -&gt; host</descr>
		</rule>
		<rule>
			<type>pass</type>
			<interface>wan</interface>
			<protocol>esp</protocol>
			<source>
				<any/>
			</source>
			<destination>
				<any/>
			</destination>
			<log/>
			<frags/>
			<descr>allow esp to lan</descr>
		</rule>
		<rule>
			<type>pass</type>
			<interface>wan</interface>
			<protocol>ah</protocol>
			<source>
				<any/>
			</source>
			<destination>
				<any/>
			</destination>
			<log/>
			<frags/>
			<descr>allow AH to lan</descr>
		</rule>
		<rule>
			<type>pass</type>
			<interface>wan</interface>
			<protocol>gre</protocol>
			<source>
				<any/>
			</source>
			<destination>
				<any/>
			</destination>
			<log/>
			<frags/>
			<descr>allow GRE to lan</descr>
		</rule>
		<rule>
			<type>reject</type>
			<interface>wan</interface>
			<protocol>udp</protocol>
			<source>
				<any/>
			</source>
			<destination>
				<any/>
			</destination>
			<log/>
			<descr>tell senders that the nw is unavailable</descr>
		</rule>
		<rule>
			<type>reject</type>
			<interface>wan</interface>
			<protocol>tcp</protocol>
			<source>
				<any/>
			</source>
			<destination>
				<any/>
			</destination>
			<log/>
			<descr>tell senders that the nw is unavailable</descr>
		</rule>
		<rule>
			<type>block</type>
			<interface>wan</interface>
			<source>
				<any/>
			</source>
			<destination>
				<any/>
			</destination>
			<log/>
			<descr>block all</descr>
		</rule>
		<rule>
			<type>pass</type>
			<interface>opt1</interface>
			<source>
				<any/>
			</source>
			<destination>
				<any/>
			</destination>
			<log/>
			<frags/>
			<descr>outbound from DMZ</descr>
		</rule>
		<rule>
			<type>pass</type>
			<interface>lan</interface>
			<source>
				<any/>
			</source>
			<destination>
				<network>opt1</network>
			</destination>
			<frags/>
			<descr>Allow LAN to DMZ</descr>
		</rule>
		<rule>
			<type>pass</type>
			<interface>lan</interface>
			<source>
				<network>opt1</network>
			</source>
			<destination>
				<network>lan</network>
			</destination>
			<frags/>
			<descr>Allow LAN to DMZ</descr>
		</rule>
		<rule>
			<type>block</type>
			<interface>lan</interface>
			<protocol>tcp/udp</protocol>
			<source>
				<any/>
			</source>
			<destination>
				<any/>
				<port>130-140</port>
			</destination>
			<descr>Disallow Outbound netbios</descr>
		</rule>
		<rule>
			<type>block</type>
			<interface>lan</interface>
			<protocol>tcp/udp</protocol>
			<source>
				<any/>
			</source>
			<destination>
				<any/>
				<port>6969</port>
			</destination>
			<descr>Disallow Outbound Bittorrent Setup</descr>
		</rule>
		<rule>
			<type>block</type>
			<interface>lan</interface>
			<protocol>tcp/udp</protocol>
			<source>
				<any/>
			</source>
			<destination>
				<any/>
				<port>6667</port>
			</destination>
			<log/>
			<descr>Disallow Outbound IRC</descr>
		</rule>
		<rule>
			<type>block</type>
			<interface>lan</interface>
			<protocol>tcp/udp</protocol>
			<source>
				<any/>
			</source>
			<destination>
				<any/>
				<port>445</port>
			</destination>
			<descr>Disallow Outbound MS file sharing</descr>
		</rule>
		<rule>
			<type>pass</type>
			<interface>lan</interface>
			<source>
				<any/>
			</source>
			<destination>
				<address>212.88.77.218</address>
			</destination>
			<log/>
			<frags/>
			<descr>Explicitely allow traffic towards rrr</descr>
		</rule>
		<rule>
			<type>pass</type>
			<interface>lan</interface>
			<source>
				<address>192.168.0.100</address>
			</source>
			<destination>
				<any/>
			</destination>
			<descr>allow asterisk out</descr>
		</rule>
		<rule>
			<type>pass</type>
			<interface>lan</interface>
			<source>
				<address>xxx.yyy.57.6</address>
			</source>
			<destination>
				<any/>
			</destination>
			<descr>allow outgoing asmaster</descr>
		</rule>
		<rule>
			<type>pass</type>
			<interface>lan</interface>
			<source>
				<address>xxx.yyy.57.7</address>
			</source>
			<destination>
				<any/>
			</destination>
			<descr>allow outgoing ascomet</descr>
		</rule>
		<rule>
			<type>pass</type>
			<interface>lan</interface>
			<source>
				<address>xxx.yyy.57.8</address>
			</source>
			<destination>
				<any/>
			</destination>
			<descr>allow outgoing asteroid</descr>
		</rule>
		<rule>
			<type>pass</type>
			<interface>lan</interface>
			<source>
				<address>xxx.yyy.57.9</address>
			</source>
			<destination>
				<any/>
			</destination>
			<descr>allow outgoing tt</descr>
		</rule>
		<rule>
			<type>pass</type>
			<interface>lan</interface>
			<source>
				<address>192.168.0.10</address>
			</source>
			<destination>
				<any/>
			</destination>
			<descr>allow outgoing asmono</descr>
		</rule>
		<rule>
			<type>pass</type>
			<interface>lan</interface>
			<source>
				<address>192.168.0.20</address>
			</source>
			<destination>
				<any/>
			</destination>
			<descr>allow outgoing qq</descr>
		</rule>
		<rule>
			<type>pass</type>
			<interface>lan</interface>
			<source>
				<address>192.168.0.30</address>
			</source>
			<destination>
				<any/>
			</destination>
			<descr>allow outgoing nn</descr>
		</rule>
		<rule>
			<type>pass</type>
			<interface>lan</interface>
			<source>
				<address>192.168.0.40</address>
			</source>
			<destination>
				<any/>
			</destination>
			<descr>allow outgoing UVData</descr>
		</rule>
		<rule>
			<type>pass</type>
			<interface>lan</interface>
			<source>
				<network>lan</network>
			</source>
			<destination>
				<any/>
			</destination>
			<frags/>
			<descr>Default LAN -&gt; any</descr>
		</rule>
		<tcpidletimeout/>
		<bypassstaticroutes/>
	</filter>
	<shaper>
		<pipe>
			<bandwidth>1800</bandwidth>
			<descr>Upload Pipe</descr>
		</pipe>
		<pipe>
			<bandwidth>1700</bandwidth>
			<descr>Download Pipe</descr>
		</pipe>
		<queue>
			<targetpipe>0</targetpipe>
			<weight>95</weight>
			<mask>source</mask>
			<descr>Priority 1 Upload - VoIP and Small Pkg</descr>
		</queue>
		<queue>
			<targetpipe>1</targetpipe>
			<weight>95</weight>
			<mask>destination</mask>
			<descr>Priority 1 Download - VoIP and Small Pkg</descr>
		</queue>
		<queue>
			<targetpipe>0</targetpipe>
			<weight>4</weight>
			<mask>source</mask>
			<descr>Priority #2 Upload - Streaming Media</descr>
		</queue>
		<queue>
			<targetpipe>1</targetpipe>
			<weight>4</weight>
			<mask>destination</mask>
			<descr>Priority #2 download - Streaming media</descr>
		</queue>
		<queue>
			<targetpipe>0</targetpipe>
			<weight>1</weight>
			<mask>source</mask>
			<descr>Priority #3 - Garbage upload. NNTP, FTP, P2P, Etc..</descr>
		</queue>
		<queue>
			<targetpipe>1</targetpipe>
			<weight>1</weight>
			<mask>destination</mask>
			<descr>Priority #3 - Garbage download. NNTP, FTP, P2P, Etc..</descr>
		</queue>
		<rule>
			<interface>wan</interface>
			<source>
				<any/>
			</source>
			<destination>
				<address>212.130.83.36</address>
			</destination>
			<direction>out</direction>
			<iplen>0-300</iplen>
			<iptos/>
			<tcpflags/>
			<descr>RTP to telsome Upload</descr>
			<targetqueue>0</targetqueue>
		</rule>
		<rule>
			<interface>wan</interface>
			<source>
				<any/>
			</source>
			<destination>
				<address>193.223.99.20</address>
			</destination>
			<direction>out</direction>
			<iplen>0-300</iplen>
			<iptos/>
			<tcpflags/>
			<descr>RTP to voip6.telsome.com</descr>
			<targetqueue>0</targetqueue>
		</rule>
		<rule>
			<interface>wan</interface>
			<source>
				<address>212.130.83.36</address>
			</source>
			<destination>
				<any/>
			</destination>
			<direction>in</direction>
			<iplen>0-500</iplen>
			<iptos/>
			<tcpflags/>
			<descr>RTP from telsome</descr>
			<targetqueue>1</targetqueue>
		</rule>
		<rule>
			<interface>wan</interface>
			<source>
				<address>193.223.99.20</address>
			</source>
			<destination>
				<any/>
			</destination>
			<direction>in</direction>
			<iplen>0-500</iplen>
			<iptos/>
			<tcpflags/>
			<descr>RTP from voip6.telsome.com</descr>
			<targetqueue>1</targetqueue>
		</rule>
		<rule>
			<interface>lan</interface>
			<protocol>icmp</protocol>
			<source>
				<any/>
			</source>
			<destination>
				<any/>
			</destination>
			<direction>out</direction>
			<iplen/>
			<iptos/>
			<tcpflags/>
			<descr>outbound ping</descr>
			<targetqueue>0</targetqueue>
		</rule>
		<rule>
			<interface>wan</interface>
			<protocol>icmp</protocol>
			<source>
				<any/>
			</source>
			<destination>
				<any/>
			</destination>
			<direction>in</direction>
			<iplen/>
			<iptos/>
			<tcpflags/>
			<descr>inbound ping</descr>
			<targetqueue>1</targetqueue>
		</rule>
		<rule>
			<interface>wan</interface>
			<source>
				<any/>
			</source>
			<destination>
				<any/>
				<port>53</port>
			</destination>
			<direction>out</direction>
			<iplen/>
			<iptos/>
			<tcpflags/>
			<descr>outbount dns queries</descr>
			<targetqueue>1</targetqueue>
		</rule>
		<rule>
			<interface>lan</interface>
			<protocol>tcp</protocol>
			<source>
				<any/>
			</source>
			<destination>
				<any/>
				<port>3389</port>
			</destination>
			<direction>out</direction>
			<iplen>0-300</iplen>
			<iptos/>
			<tcpflags/>
			<descr>Outbound Windows RDP (Terminal services) upload</descr>
			<targetqueue>2</targetqueue>
		</rule>
		<rule>
			<interface>wan</interface>
			<protocol>tcp</protocol>
			<source>
				<any/>
			</source>
			<destination>
				<any/>
				<port>3389</port>
			</destination>
			<direction>in</direction>
			<iplen/>
			<iptos/>
			<tcpflags/>
			<descr>Inbound Windows RDP (terminal services) download</descr>
			<targetqueue>3</targetqueue>
		</rule>
		<rule>
			<interface>lan</interface>
			<protocol>tcp</protocol>
			<source>
				<any/>
			</source>
			<destination>
				<any/>
				<port>5900</port>
			</destination>
			<direction>out</direction>
			<iplen/>
			<iptos/>
			<tcpflags/>
			<descr>Outgoing VNC upload</descr>
			<targetqueue>2</targetqueue>
		</rule>
		<rule>
			<interface>wan</interface>
			<protocol>tcp</protocol>
			<source>
				<any/>
			</source>
			<destination>
				<any/>
				<port>5900</port>
			</destination>
			<direction>in</direction>
			<iplen>0-300</iplen>
			<iptos/>
			<tcpflags/>
			<descr>Outgoing VNC download</descr>
			<targetqueue>3</targetqueue>
		</rule>
		<rule>
			<interface>wan</interface>
			<protocol>tcp</protocol>
			<source>
				<any/>
				<port>10000</port>
			</source>
			<destination>
				<any/>
			</destination>
			<direction>in</direction>
			<iplen/>
			<iptos/>
			<tcpflags/>
			<descr>Inbound cisco vpn over tcp</descr>
			<targetqueue>5</targetqueue>
		</rule>
		<rule>
			<interface>wan</interface>
			<protocol>tcp</protocol>
			<source>
				<any/>
			</source>
			<destination>
				<any/>
				<port>10000</port>
			</destination>
			<direction>out</direction>
			<iplen/>
			<iptos/>
			<tcpflags/>
			<descr>Outbound cisco vpn over tcp</descr>
			<targetqueue>4</targetqueue>
		</rule>
		<rule>
			<interface>wan</interface>
			<source>
				<any/>
			</source>
			<destination>
				<any/>
			</destination>
			<direction>in</direction>
			<iplen/>
			<iptos/>
			<tcpflags/>
			<descr>catch all download</descr>
			<targetqueue>5</targetqueue>
		</rule>
		<rule>
			<interface>lan</interface>
			<source>
				<any/>
			</source>
			<destination>
				<any/>
			</destination>
			<direction>out</direction>
			<iplen/>
			<iptos/>
			<tcpflags/>
			<descr>catch all upload</descr>
			<targetqueue>4</targetqueue>
		</rule>
		<rule>
			<interface>opt1</interface>
			<source>
				<any/>
			</source>
			<destination>
				<any/>
			</destination>
			<direction>out</direction>
			<iplen/>
			<iptos/>
			<tcpflags/>
			<descr>DMZ upload</descr>
			<targetqueue>4</targetqueue>
		</rule>
		<rule>
			<interface>lan</interface>
			<source>
				<any/>
			</source>
			<destination>
				<any/>
			</destination>
			<direction>in</direction>
			<iplen/>
			<iptos/>
			<tcpflags/>
			<descr>DMZ Download</descr>
			<targetqueue>5</targetqueue>
		</rule>
		<enable/>
	</shaper>
	<ipsec>
		<mobilekey>
			<ident>testkey</ident>
			<pre-shared-key>detteerentest</pre-shared-key>
		</mobilekey>
	</ipsec>
	<aliases/>
	<proxyarp>
		<proxyarpnet>
			<interface>wan</interface>
			<network>xxx.yyy.57.5/32</network>
			<descr>NAT 1:1 corp</descr>
		</proxyarpnet>
		<proxyarpnet>
			<interface>wan</interface>
			<network>xxx.yyy.57.6/32</network>
			<descr>NAT 1:1 asmaster</descr>
		</proxyarpnet>
		<proxyarpnet>
			<interface>wan</interface>
			<network>xxx.yyy.57.7/32</network>
			<descr>NAT 1:1 ascomet</descr>
		</proxyarpnet>
		<proxyarpnet>
			<interface>wan</interface>
			<network>xxx.yyy.57.8/32</network>
			<descr>NAT 1:1 asteroid</descr>
		</proxyarpnet>
		<proxyarpnet>
			<interface>wan</interface>
			<network>xxx.yyy.57.9/32</network>
			<descr>company</descr>
		</proxyarpnet>
		<proxyarpnet>
			<interface>wan</interface>
			<network>xxx.yyy.57.11/32</network>
			<descr>NAT 1:1 company2</descr>
		</proxyarpnet>
		<proxyarpnet>
			<interface>wan</interface>
			<network>xxx.yyy.57.4/32</network>
			<descr>NAT 1:1 to asterisk</descr>
		</proxyarpnet>
	</proxyarp>
	<wol/>
</m0n0wall>