|
||||||||
I guess the answer to my question is: Captive Portal -> Yes Traffic Shaper -> Yes PPTP VPN -> Yes DynDNS -> Yes DHCP on LAN Inbound NAT http & ssh to internal hosts I did not offer to examine your config.xml. You should of sent it to the list not directly to me... _________________________________ James W. McKeand Soren Vanggaard Jensen wrote: > See the below config.xml > > <?xml version="1.0"?> > <m0n0wall> > <version>1.6</version> > <lastchange>1150107197</lastchange> > <system> > <hostname>fw</hostname> > <domain>fw.local</domain> > <dnsallowoverride/> > <username>yyy</username> > <password>xxxxx</password> > <timezone>Europe/Copenhagen</timezone> > <time-update-interval>300</time-update-interval> > <timeservers>pool.ntp.org</timeservers> > <webgui> > <protocol>http</protocol> > <port/> > <certificate/> > <private-key/> > <expanddiags/> > </webgui> > <group> > <name>HIA superusers</name> > <description/> > <pages>index.php</pages> > <pages>system_usermanager.php</pages> > <pages>diag_arp.php</pages> > <pages>graph_cpu.php</pages> > <pages>diag_dhcp_leases.php</pages> > <pages>diag_ipfstat.php</pages> > <pages>graph.php</pages> > <pages>diag_logs_portal.php</pages> > <pages>diag_logs_dhcp.php</pages> > <pages>diag_logs_filter.php</pages> > <pages>diag_logs_vpn.php</pages> > <pages>diag_logs_settings.php</pages> > <pages>diag_logs.php</pages> > <pages>diag_ping.php</pages> > <pages>reboot.php</pages> > <pages>diag_resetstate.php</pages> > <pages>diag_traceroute.php</pages> > <pages>firewall_aliases.php</pages> > <pages>firewall_aliases_edit.php</pages> > <pages>firewall_rules.php</pages> > <pages>firewall_rules_edit.php</pages> > <pages>firewall_shaper_pipes_edit.php</pages> > <pages>firewall_shaper_queues_edit.php</pages> > <pages>firewall_shaper_edit.php</pages> > <pages>firewall_shaper_magic.php</pages> > <pages>firewall_shaper_pipes.php</pages> > <pages>firewall_shaper_queues.php</pages> > <pages>firewall_shaper.php</pages> > <pages>interfaces_lan.php</pages> > <pages>interfaces_opt.php</pages> > <pages>interfaces_wan.php</pages> > <pages>license.php</pages> > <pages>services_captiveportal.php</pages> > <pages>services_captiveportal_ip.php</pages> > <pages>services_captiveportal_ip_edit.php</pages> > <pages>services_captiveportal_mac_edit.php</pages> > <pages>services_captiveportal_users_edit.php</pages> > <pages>services_captiveportal_filemanager.php</pages> > <pages>services_captiveportal_mac.php</pages> > <pages>services_captiveportal_users.php</pages> > <pages>services_dhcp_relay.php</pages> > <pages>services_dhcp.php</pages> > <pages>services_dhcp_edit.php</pages> > <pages>services_dnsmasq.php</pages> > <pages>services_dnsmasq_domainoverride_edit.php</pages> > <pages>services_dnsmasq_edit.php</pages> > <pages>services_dyndns.php</pages> > <pages>services_proxyarp_edit.php</pages> > <pages>services_snmp.php</pages> > <pages>services_wol.php</pages> > <pages>services_wol_edit.php</pages> > <pages>status_graph_cpu.php</pages> > <pages>status_captiveportal.php</pages> > <pages>status_interfaces.php</pages> > <pages>status_graph.php</pages> > <pages>status_wireless.php</pages> > <pages>system_advanced.php</pages> > <pages>system_routes.php</pages> > <pages>system_routes_edit.php</pages> > </group> > <user> > <name>SSS</name> > <fullname>SSS</fullname> > <groupname>superusers</groupname> > <password>xxxxx</password> > </user> > <user> > <name>III</name> > <fullname>IIIII</fullname> > <groupname>superusers</groupname> > <password>xxxxx</password> > </user> > <dnsserver>194.239.134.83</dnsserver> > <dnsserver>193.162.153.164</dnsserver> > </system> > <interfaces> > <lan> > <if>sis0</if> > <ipaddr>192.168.2.1</ipaddr> > <subnet>24</subnet> > <media/> > <mediaopt/> > </lan> > <wan> > <if>sis1</if> > <mtu>1300</mtu> > <media/> > <mediaopt/> > <spoofmac/> > <ipaddr>aa.aa.aa.aa</ipaddr> > <subnet>30</subnet> > <gateway>bb.bb.bb.bb</gateway> > </wan> > </interfaces> > <staticroutes/> > <pppoe/> > <pptp/> > <bigpond/> > <dyndns> > <type>dyndns</type> > <username/> > <password/> > <host/> > <mx/> > <server/> > <port/> > </dyndns> > <dnsupdate/> > <dhcpd> > <lan> > <enable/> > <range> > <from>192.168.2.100</from> > <to>192.168.2.254</to> > </range> > <defaultleasetime/> > <maxleasetime/> > </lan> > </dhcpd> > <pptpd> > <mode>server</mode> > <redir/> > <localip>192.168.5.1</localip> > <remoteip>192.168.5.112</remoteip> > <radius> > <server/> > <secret/> > </radius> > <user> > <name>QQQQ</name> > <ip/> > <password>xxxxx</password> > </user> > <req128/> > </pptpd> > <dnsmasq> > <enable/> > </dnsmasq> > <snmpd> > <syslocation/> > <syscontact/> > <rocommunity>public</rocommunity> > </snmpd> > <diag> > <ipv6nat> > <ipaddr/> > </ipv6nat> > </diag> > <bridge/> > <syslog> > <reverse/> > <nentries>100</nentries> > <remoteserver>IP.IP.IP.IP</remoteserver> > <vpn/> > <system/> > <enable/> > <dhcp/> > <filter/> > <nologdefaultblock/> > </syslog> > <nat> > <rule> > <protocol>tcp</protocol> > <external-port>22</external-port> > <target>192.168.2.2</target> > <local-port>22</local-port> > <interface>wan</interface> > <descr>ssh->2</descr> > </rule> > <rule> > <protocol>tcp</protocol> > <external-port>43</external-port> > <target>192.168.2.43</target> > <local-port>80</local-port> > <interface>wan</interface> > <descr>to 2.43</descr> > </rule> > <rule> > <protocol>tcp</protocol> > <external-port>82</external-port> > <target>192.168.2.2</target> > <local-port>80</local-port> > <interface>wan</interface> > <descr>192.168.2.2</descr> > </rule> > <rule> > <protocol>tcp</protocol> > <external-port>84</external-port> > <target>192.168.2.4</target> > <local-port>80</local-port> > <interface>wan</interface> > <descr>192.168.2.4</descr> > </rule> > <rule> > <protocol>tcp</protocol> > <external-port>83</external-port> > <target>192.168.2.3</target> > <local-port>80</local-port> > <interface>wan</interface> > <descr>192.168.2.3</descr> > </rule> > </nat> > <filter> > <rule> > <type>pass</type> > <interface>wan</interface> > <protocol>tcp</protocol> > <source> > <any/> > </source> > <destination> > <network>wanip</network> > <port>80</port> > </destination> > <descr>fjernadgang</descr> > </rule> > <rule> > <interface>wan</interface> > <protocol>tcp</protocol> > <source> > <any/> > </source> > <destination> > <address>192.168.2.2</address> > <port>80</port> > </destination> > <descr>NAT 192.168.2.2</descr> > </rule> > <rule> > <interface>wan</interface> > <protocol>tcp</protocol> > <source> > <any/> > </source> > <destination> > <address>192.168.2.2</address> > <port>22</port> > </destination> > <descr>NAT ssh->2</descr> > </rule> > <rule> > <interface>wan</interface> > <protocol>tcp</protocol> > <source> > <any/> > </source> > <destination> > <address>192.168.2.43</address> > <port>80</port> > </destination> > <descr>NAT to 2.43</descr> > </rule> > <rule> > <interface>wan</interface> > <protocol>tcp</protocol> > <source> > <any/> > </source> > <destination> > <address>192.168.2.4</address> > <port>80</port> > </destination> > <descr>NAT 192.168.2.4</descr> > </rule> > <rule> > <interface>wan</interface> > <protocol>tcp</protocol> > <source> > <any/> > </source> > <destination> > <address>192.168.2.3</address> > <port>80</port> > </destination> > <descr>NAT 192.168.2.3</descr> > </rule> > <rule> > <type>pass</type> > <interface>wan</interface> > <protocol>icmp</protocol> > <source> > <any/> > </source> > <destination> > <network>wanip</network> > </destination> > <frags/> > <descr>Allow ping from outside</descr> > </rule> > <rule> > <type>pass</type> > <interface>pptp</interface> > <source> > <network>pptp</network> > </source> > <destination> > <any/> > </destination> > <descr>allow pptp</descr> > </rule> > <rule> > <type>block</type> > <interface>lan</interface> > <protocol>tcp/udp</protocol> > <source> > <network>lan</network> > </source> > <destination> > <any/> > <port>445</port> > </destination> > <descr>block ms filesharing out</descr> > </rule> > <rule> > <type>block</type> > <interface>lan</interface> > <protocol>tcp/udp</protocol> > <source> > <network>lan</network> > </source> > <destination> > <any/> > <port>135-140</port> > </destination> > <descr>block ms netbios, rpc etc.</descr> > </rule> > <rule> > <type>pass</type> > <interface>lan</interface> > <source> > <network>lan</network> > </source> > <destination> > <any/> > </destination> > <log/> > <frags/> > <descr>Default LAN -> any</descr> > </rule> > <tcpidletimeout/> > </filter> > <ipsec/> > <aliases/> > <proxyarp/> > <wol/> > <shaper> > <enable/> > <pipe> > <descr>m_Total Upload</descr> > <bandwidth>691</bandwidth> > </pipe> > <pipe> > <descr>m_Total Download</descr> > <bandwidth>7600</bandwidth> > </pipe> > <queue> > <descr>m_High Priority #1 Upload</descr> > <targetpipe>0</targetpipe> > <weight>50</weight> > <mask>source</mask> > </queue> > <queue> > <descr>m_High Priority #2 Upload</descr> > <targetpipe>0</targetpipe> > <weight>30</weight> > <mask>source</mask> > </queue> > <queue> > <descr>m_High Priority #3 Upload</descr> > <targetpipe>0</targetpipe> > <weight>15</weight> > <mask>source</mask> > </queue> > <queue> > <descr>m_Bulk Upload</descr> > <targetpipe>0</targetpipe> > <weight>4</weight> > <mask>source</mask> > </queue> > <queue> > <descr>m_Hated Upload</descr> > <targetpipe>0</targetpipe> > <weight>1</weight> > <mask>source</mask> > </queue> > <queue> > <descr>m_Bulk Download</descr> > <targetpipe>1</targetpipe> > <weight>30</weight> > <mask>destination</mask> > </queue> > <queue> > <descr>m_Hated Download</descr> > <targetpipe>1</targetpipe> > <weight>10</weight> > <mask>destination</mask> > </queue> > <queue> > <descr>m_High Priority Download</descr> > <targetpipe>1</targetpipe> > <weight>60</weight> > <mask>destination</mask> > </queue> > <rule> > <descr>m_P2P BitTorrent</descr> > <interface>wan</interface> > <direction>in</direction> > <source> > <any>1</any> > <port>6881-6999</port> > </source> > <destination> > <any>1</any> > </destination> > <protocol>tcp</protocol> > <targetqueue>6</targetqueue> > </rule> > <rule> > <descr>m_P2P BitTorrent</descr> > <interface>wan</interface> > <direction>in</direction> > <source> > <any>1</any> > </source> > <destination> > <any>1</any> > <port>6881-6999</port> > </destination> > <protocol>tcp</protocol> > <targetqueue>6</targetqueue> > </rule> > <rule> > <descr>m_P2P BitTorrent</descr> > <interface>wan</interface> > <direction>out</direction> > <source> > <any>1</any> > <port>6881-6999</port> > </source> > <destination> > <any>1</any> > </destination> > <protocol>tcp</protocol> > <targetqueue>4</targetqueue> > </rule> > <rule> > <descr>m_P2P BitTorrent</descr> > <interface>wan</interface> > <direction>out</direction> > <source> > <any>1</any> > </source> > <destination> > <any>1</any> > <port>6881-6999</port> > </destination> > <protocol>tcp</protocol> > <targetqueue>4</targetqueue> > </rule> > <rule> > <descr>m_TCP ACK Upload</descr> > <targetqueue>2</targetqueue> > <interface>wan</interface> > <direction>out</direction> > <source> > <any/> > </source> > <destination> > <any/> > </destination> > <iplen>0-80</iplen> > <protocol>tcp</protocol> > <tcpflags>ack</tcpflags> > </rule> > <rule> > <interface>wan</interface> > <protocol>tcp</protocol> > <source> > <any/> > </source> > <destination> > <any/> > </destination> > <direction>out</direction> > <iplen>0-100</iplen> > <iptos/> > <tcpflags/> > <descr>m_Small TCP Pkt Upload</descr> > <targetqueue>0</targetqueue> > </rule> > <rule> > <interface>wan</interface> > <protocol>udp</protocol> > <source> > <any/> > </source> > <destination> > <any/> > </destination> > <direction>out</direction> > <iplen>0-100</iplen> > <iptos/> > <tcpflags/> > <descr>m_Small UDP Pkt Upload</descr> > <targetqueue>0</targetqueue> > </rule> > <rule> > <descr>m_Outbound DNS Query</descr> > <targetqueue>0</targetqueue> > <interface>wan</interface> > <direction>out</direction> > <source> > <any/> > </source> > <destination> > <any/> > <port>53</port> > </destination> > <protocol>udp</protocol> > </rule> > <rule> > <interface>wan</interface> > <protocol>tcp</protocol> > <source> > <any/> > </source> > <destination> > <any/> > </destination> > <direction>out</direction> > <iplen/> > <iptos/> > <tcpflags/> > <descr>m_Catch-All TCP Upload</descr> > <targetqueue>3</targetqueue> > </rule> > <rule> > <interface>wan</interface> > <protocol>udp</protocol> > <source> > <any/> > </source> > <destination> > <any/> > </destination> > <direction>in</direction> > <iplen>0-100</iplen> > <iptos/> > <tcpflags/> > <descr>m_Small UDP Pkt Download</descr> > <targetqueue>7</targetqueue> > </rule> > <rule> > <interface>wan</interface> > <protocol>tcp</protocol> > <source> > <any/> > </source> > <destination> > <any/> > </destination> > <direction>in</direction> > <iplen/> > <iptos/> > <tcpflags/> > <descr>m_Catch-All Download</descr> > <targetqueue>5</targetqueue> > </rule> > <magic> > <p2plow/> > <maskq/> > <maxup>768</maxup> > <maxdown>8000</maxdown> > </magic> > </shaper> > <captiveportal> > <user> > <name>qqq</name> > <fullname>Søren Vanggaard Jensen</fullname> > <expirationdate/> > <password>xxxxx</password> > </user> > <passthrumac> > .... approx 25 entries removed for sequrity reasons > </passthrumac> > <interface>lan</interface> > <maxproc/> > <timeout/> > <idletimeout>30</idletimeout> > <auth_method>local</auth_method> > <reauthenticateacct/> > <httpsname/> > <certificate/> > <private-key/> > <redirurl/> > <radiusip/> > <radiusip2/> > <radiusport/> > <radiusport2/> > <radiusacctport/> > <radiuskey/> > <radiuskey2/> > <radiusvendor>default</radiusvendor> > </captiveportal> > </m0n0wall> > > > > BR > Søren Vanggaard Jensen > > > > > >> From: "James W. McKeand" <james at mckeand dot biz> >> To: <m0n0wall at lists dot m0n0 dot ch> >> Subject: RE: [m0n0wall] Version 1.22 freeze >> Date: Mon, 12 Jun 2006 09:11:53 -0500 >> >> Soren Vanggaard Jensen wrote: >>> Hi, >>> >>> This issues has been brought up before. Monowall/freebsd seems to >>> have a bug that may cause a sporadic total OS freeze/lockup. I'm >>> bringing this up again because i have an installation running >>> monowall version 1.22, which freezes solid every once in a while. >>> >>> Initially i used a SOEKRIS net 4501 hardware platform, but the >>> system froze approx. every 2-3 hours. I replaced the haw with a >>> SOEKRIS net 4801 (replaced the PSU too) and have just seen a lockup >>> after 7 days of uptime. There's nothing in the setup out of the >>> ordinary. >>> >>> What do you suggest i should do to eliminate the problem? Could i >>> upload a script causing the monowall to reboot every night at 4AM? >>> Any examples of such a script? >>> >>> BR. >>> Søren Vanggaard Jensen >> >> Your issues may be local. I have over 70 days uptime on a net4501 >> with v1.22. What features are you using? Captive Portal, PPTP, IPSec? >> >> _________________________________ >> James W. McKeand |