[ previous ] [ next ] [ threads ]
 
 From:  "James W. McKeand" <james at mckeand dot biz>
 To:  "Soren Vanggaard Jensen" <svanggaard at hotmail dot com>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Version 1.22 freeze
 Date:  Mon, 12 Jun 2006 10:38:39 -0500
I guess the answer to my question is: 
  Captive Portal -> Yes
  Traffic Shaper -> Yes
  PPTP VPN -> Yes
  DynDNS -> Yes
  DHCP on LAN
  Inbound NAT http & ssh to internal hosts

I did not offer to examine your config.xml. You should of sent it to the list not directly to me...

_________________________________
James W. McKeand



  
  

Soren Vanggaard Jensen wrote:
> See the below config.xml
> 
> <?xml version="1.0"?>
> <m0n0wall>
>     <version>1.6</version>
>     <lastchange>1150107197</lastchange>
>     <system>
>         <hostname>fw</hostname>
>         <domain>fw.local</domain>
>         <dnsallowoverride/>
>         <username>yyy</username>
>         <password>xxxxx</password>
>         <timezone>Europe/Copenhagen</timezone>
>         <time-update-interval>300</time-update-interval>
>         <timeservers>pool.ntp.org</timeservers>
>         <webgui>
>             <protocol>http</protocol>
>             <port/>
>             <certificate/>
>             <private-key/>
>             <expanddiags/>
>         </webgui>
>         <group>
>             <name>HIA superusers</name>
>             <description/>
>             <pages>index.php</pages>
>             <pages>system_usermanager.php</pages>
>             <pages>diag_arp.php</pages>
>             <pages>graph_cpu.php</pages>
>             <pages>diag_dhcp_leases.php</pages>
>             <pages>diag_ipfstat.php</pages>
>             <pages>graph.php</pages>
>             <pages>diag_logs_portal.php</pages>
>             <pages>diag_logs_dhcp.php</pages>
>             <pages>diag_logs_filter.php</pages>
>             <pages>diag_logs_vpn.php</pages>
>             <pages>diag_logs_settings.php</pages>
>             <pages>diag_logs.php</pages>
>             <pages>diag_ping.php</pages>
>             <pages>reboot.php</pages>
>             <pages>diag_resetstate.php</pages>
>             <pages>diag_traceroute.php</pages>
>             <pages>firewall_aliases.php</pages>
>             <pages>firewall_aliases_edit.php</pages>
>             <pages>firewall_rules.php</pages>
>             <pages>firewall_rules_edit.php</pages>
>             <pages>firewall_shaper_pipes_edit.php</pages>
>             <pages>firewall_shaper_queues_edit.php</pages>
>             <pages>firewall_shaper_edit.php</pages>
>             <pages>firewall_shaper_magic.php</pages>
>             <pages>firewall_shaper_pipes.php</pages>
>             <pages>firewall_shaper_queues.php</pages>
>             <pages>firewall_shaper.php</pages>
>             <pages>interfaces_lan.php</pages>
>             <pages>interfaces_opt.php</pages>
>             <pages>interfaces_wan.php</pages>
>             <pages>license.php</pages>
>             <pages>services_captiveportal.php</pages>
>             <pages>services_captiveportal_ip.php</pages>
>             <pages>services_captiveportal_ip_edit.php</pages>
>             <pages>services_captiveportal_mac_edit.php</pages>
>             <pages>services_captiveportal_users_edit.php</pages>
>             <pages>services_captiveportal_filemanager.php</pages>
>             <pages>services_captiveportal_mac.php</pages>
>             <pages>services_captiveportal_users.php</pages>
>             <pages>services_dhcp_relay.php</pages>
>             <pages>services_dhcp.php</pages>
>             <pages>services_dhcp_edit.php</pages>
>             <pages>services_dnsmasq.php</pages>
>             <pages>services_dnsmasq_domainoverride_edit.php</pages>
>             <pages>services_dnsmasq_edit.php</pages>
>             <pages>services_dyndns.php</pages>
>             <pages>services_proxyarp_edit.php</pages>
>             <pages>services_snmp.php</pages>
>             <pages>services_wol.php</pages>
>             <pages>services_wol_edit.php</pages>
>             <pages>status_graph_cpu.php</pages>
>             <pages>status_captiveportal.php</pages>
>             <pages>status_interfaces.php</pages>
>             <pages>status_graph.php</pages>
>             <pages>status_wireless.php</pages>
>             <pages>system_advanced.php</pages>
>             <pages>system_routes.php</pages>
>             <pages>system_routes_edit.php</pages>
>         </group>
>         <user>
>             <name>SSS</name>
>             <fullname>SSS</fullname>
>             <groupname>superusers</groupname>
>             <password>xxxxx</password>
>         </user>
>         <user>
>             <name>III</name>
>             <fullname>IIIII</fullname>
>             <groupname>superusers</groupname>
>             <password>xxxxx</password>
>         </user>
>         <dnsserver>194.239.134.83</dnsserver>
>         <dnsserver>193.162.153.164</dnsserver>
>     </system>
>     <interfaces>
>         <lan>
>             <if>sis0</if>
>             <ipaddr>192.168.2.1</ipaddr>
>             <subnet>24</subnet>
>             <media/>
>             <mediaopt/>
>         </lan>
>         <wan>
>             <if>sis1</if>
>             <mtu>1300</mtu>
>             <media/>
>             <mediaopt/>
>             <spoofmac/>
>             <ipaddr>aa.aa.aa.aa</ipaddr>
>             <subnet>30</subnet>
>             <gateway>bb.bb.bb.bb</gateway>
>         </wan>
>     </interfaces>
>     <staticroutes/>
>     <pppoe/>
>     <pptp/>
>     <bigpond/>
>     <dyndns>
>         <type>dyndns</type>
>         <username/>
>         <password/>
>         <host/>
>         <mx/>
>         <server/>
>         <port/>
>     </dyndns>
>     <dnsupdate/>
>     <dhcpd>
>         <lan>
>             <enable/>
>             <range>
>                 <from>192.168.2.100</from>
>                 <to>192.168.2.254</to>
>             </range>
>             <defaultleasetime/>
>             <maxleasetime/>
>         </lan>
>     </dhcpd>
>     <pptpd>
>         <mode>server</mode>
>         <redir/>
>         <localip>192.168.5.1</localip>
>         <remoteip>192.168.5.112</remoteip>
>         <radius>
>             <server/>
>             <secret/>
>         </radius>
>         <user>
>             <name>QQQQ</name>
>             <ip/>
>             <password>xxxxx</password>
>         </user>
>         <req128/>
>     </pptpd>
>     <dnsmasq>
>         <enable/>
>     </dnsmasq>
>     <snmpd>
>         <syslocation/>
>         <syscontact/>
>         <rocommunity>public</rocommunity>
>     </snmpd>
>     <diag>
>         <ipv6nat>
>             <ipaddr/>
>         </ipv6nat>
>     </diag>
>     <bridge/>
>     <syslog>
>         <reverse/>
>         <nentries>100</nentries>
>         <remoteserver>IP.IP.IP.IP</remoteserver>
>         <vpn/>
>         <system/>
>         <enable/>
>         <dhcp/>
>         <filter/>
>         <nologdefaultblock/>
>     </syslog>
>     <nat>
>         <rule>
>             <protocol>tcp</protocol>
>             <external-port>22</external-port>
>             <target>192.168.2.2</target>
>             <local-port>22</local-port>
>             <interface>wan</interface>
>             <descr>ssh-&gt;2</descr>
>         </rule>
>         <rule>
>             <protocol>tcp</protocol>
>             <external-port>43</external-port>
>             <target>192.168.2.43</target>
>             <local-port>80</local-port>
>             <interface>wan</interface>
>             <descr>to 2.43</descr>
>         </rule>
>         <rule>
>             <protocol>tcp</protocol>
>             <external-port>82</external-port>
>             <target>192.168.2.2</target>
>             <local-port>80</local-port>
>             <interface>wan</interface>
>             <descr>192.168.2.2</descr>
>         </rule>
>         <rule>
>             <protocol>tcp</protocol>
>             <external-port>84</external-port>
>             <target>192.168.2.4</target>
>             <local-port>80</local-port>
>             <interface>wan</interface>
>             <descr>192.168.2.4</descr>
>         </rule>
>         <rule>
>             <protocol>tcp</protocol>
>             <external-port>83</external-port>
>             <target>192.168.2.3</target>
>             <local-port>80</local-port>
>             <interface>wan</interface>
>             <descr>192.168.2.3</descr>
>         </rule>
>     </nat>
>     <filter>
>         <rule>
>             <type>pass</type>
>             <interface>wan</interface>
>             <protocol>tcp</protocol>
>             <source>
>                 <any/>
>             </source>
>             <destination>
>                 <network>wanip</network>
>                 <port>80</port>
>             </destination>
>             <descr>fjernadgang</descr>
>         </rule>
>         <rule>
>             <interface>wan</interface>
>             <protocol>tcp</protocol>
>             <source>
>                 <any/>
>             </source>
>             <destination>
>                 <address>192.168.2.2</address>
>                 <port>80</port>
>             </destination>
>             <descr>NAT 192.168.2.2</descr>
>         </rule>
>         <rule>
>             <interface>wan</interface>
>             <protocol>tcp</protocol>
>             <source>
>                 <any/>
>             </source>
>             <destination>
>                 <address>192.168.2.2</address>
>                 <port>22</port>
>             </destination>
>             <descr>NAT ssh-&gt;2</descr>
>         </rule>
>         <rule>
>             <interface>wan</interface>
>             <protocol>tcp</protocol>
>             <source>
>                 <any/>
>             </source>
>             <destination>
>                 <address>192.168.2.43</address>
>                 <port>80</port>
>             </destination>
>             <descr>NAT to 2.43</descr>
>         </rule>
>         <rule>
>             <interface>wan</interface>
>             <protocol>tcp</protocol>
>             <source>
>                 <any/>
>             </source>
>             <destination>
>                 <address>192.168.2.4</address>
>                 <port>80</port>
>             </destination>
>             <descr>NAT 192.168.2.4</descr>
>         </rule>
>         <rule>
>             <interface>wan</interface>
>             <protocol>tcp</protocol>
>             <source>
>                 <any/>
>             </source>
>             <destination>
>                 <address>192.168.2.3</address>
>                 <port>80</port>
>             </destination>
>             <descr>NAT 192.168.2.3</descr>
>         </rule>
>         <rule>
>             <type>pass</type>
>             <interface>wan</interface>
>             <protocol>icmp</protocol>
>             <source>
>                 <any/>
>             </source>
>             <destination>
>                 <network>wanip</network>
>             </destination>
>             <frags/>
>             <descr>Allow ping from outside</descr>
>         </rule>
>         <rule>
>             <type>pass</type>
>             <interface>pptp</interface>
>             <source>
>                 <network>pptp</network>
>             </source>
>             <destination>
>                 <any/>
>             </destination>
>             <descr>allow pptp</descr>
>         </rule>
>         <rule>
>             <type>block</type>
>             <interface>lan</interface>
>             <protocol>tcp/udp</protocol>
>             <source>
>                 <network>lan</network>
>             </source>
>             <destination>
>                 <any/>
>                 <port>445</port>
>             </destination>
>             <descr>block ms filesharing out</descr>
>         </rule>
>         <rule>
>             <type>block</type>
>             <interface>lan</interface>
>             <protocol>tcp/udp</protocol>
>             <source>
>                 <network>lan</network>
>             </source>
>             <destination>
>                 <any/>
>                 <port>135-140</port>
>             </destination>
>             <descr>block ms netbios, rpc etc.</descr>
>         </rule>
>         <rule>
>             <type>pass</type>
>             <interface>lan</interface>
>             <source>
>                 <network>lan</network>
>             </source>
>             <destination>
>                 <any/>
>             </destination>
>             <log/>
>             <frags/>
>             <descr>Default LAN -&gt; any</descr>
>         </rule>
>         <tcpidletimeout/>
>     </filter>
>     <ipsec/>
>     <aliases/>
>     <proxyarp/>
>     <wol/>
>     <shaper>
>         <enable/>
>         <pipe>
>             <descr>m_Total Upload</descr>
>             <bandwidth>691</bandwidth>
>         </pipe>
>         <pipe>
>             <descr>m_Total Download</descr>
>             <bandwidth>7600</bandwidth>
>         </pipe>
>         <queue>
>             <descr>m_High Priority #1 Upload</descr>
>             <targetpipe>0</targetpipe>
>             <weight>50</weight>
>             <mask>source</mask>
>         </queue>
>         <queue>
>             <descr>m_High Priority #2 Upload</descr>
>             <targetpipe>0</targetpipe>
>             <weight>30</weight>
>             <mask>source</mask>
>         </queue>
>         <queue>
>             <descr>m_High Priority #3 Upload</descr>
>             <targetpipe>0</targetpipe>
>             <weight>15</weight>
>             <mask>source</mask>
>         </queue>
>         <queue>
>             <descr>m_Bulk Upload</descr>
>             <targetpipe>0</targetpipe>
>             <weight>4</weight>
>             <mask>source</mask>
>         </queue>
>         <queue>
>             <descr>m_Hated Upload</descr>
>             <targetpipe>0</targetpipe>
>             <weight>1</weight>
>             <mask>source</mask>
>         </queue>
>         <queue>
>             <descr>m_Bulk Download</descr>
>             <targetpipe>1</targetpipe>
>             <weight>30</weight>
>             <mask>destination</mask>
>         </queue>
>         <queue>
>             <descr>m_Hated Download</descr>
>             <targetpipe>1</targetpipe>
>             <weight>10</weight>
>             <mask>destination</mask>
>         </queue>
>         <queue>
>             <descr>m_High Priority Download</descr>
>             <targetpipe>1</targetpipe>
>             <weight>60</weight>
>             <mask>destination</mask>
>         </queue>
>         <rule>
>             <descr>m_P2P BitTorrent</descr>
>             <interface>wan</interface>
>             <direction>in</direction>
>             <source>
>                 <any>1</any>
>                 <port>6881-6999</port>
>             </source>
>             <destination>
>                 <any>1</any>
>             </destination>
>             <protocol>tcp</protocol>
>             <targetqueue>6</targetqueue>
>         </rule>
>         <rule>
>             <descr>m_P2P BitTorrent</descr>
>             <interface>wan</interface>
>             <direction>in</direction>
>             <source>
>                 <any>1</any>
>             </source>
>             <destination>
>                 <any>1</any>
>                 <port>6881-6999</port>
>             </destination>
>             <protocol>tcp</protocol>
>             <targetqueue>6</targetqueue>
>         </rule>
>         <rule>
>             <descr>m_P2P BitTorrent</descr>
>             <interface>wan</interface>
>             <direction>out</direction>
>             <source>
>                 <any>1</any>
>                 <port>6881-6999</port>
>             </source>
>             <destination>
>                 <any>1</any>
>             </destination>
>             <protocol>tcp</protocol>
>             <targetqueue>4</targetqueue>
>         </rule>
>         <rule>
>             <descr>m_P2P BitTorrent</descr>
>             <interface>wan</interface>
>             <direction>out</direction>
>             <source>
>                 <any>1</any>
>             </source>
>             <destination>
>                 <any>1</any>
>                 <port>6881-6999</port>
>             </destination>
>             <protocol>tcp</protocol>
>             <targetqueue>4</targetqueue>
>         </rule>
>         <rule>
>             <descr>m_TCP ACK Upload</descr>
>             <targetqueue>2</targetqueue>
>             <interface>wan</interface>
>             <direction>out</direction>
>             <source>
>                 <any/>
>             </source>
>             <destination>
>                 <any/>
>             </destination>
>             <iplen>0-80</iplen>
>             <protocol>tcp</protocol>
>             <tcpflags>ack</tcpflags>
>         </rule>
>         <rule>
>             <interface>wan</interface>
>             <protocol>tcp</protocol>
>             <source>
>                 <any/>
>             </source>
>             <destination>
>                 <any/>
>             </destination>
>             <direction>out</direction>
>             <iplen>0-100</iplen>
>             <iptos/>
>             <tcpflags/>
>             <descr>m_Small TCP Pkt Upload</descr>
>             <targetqueue>0</targetqueue>
>         </rule>
>         <rule>
>             <interface>wan</interface>
>             <protocol>udp</protocol>
>             <source>
>                 <any/>
>             </source>
>             <destination>
>                 <any/>
>             </destination>
>             <direction>out</direction>
>             <iplen>0-100</iplen>
>             <iptos/>
>             <tcpflags/>
>             <descr>m_Small UDP Pkt Upload</descr>
>             <targetqueue>0</targetqueue>
>         </rule>
>         <rule>
>             <descr>m_Outbound DNS Query</descr>
>             <targetqueue>0</targetqueue>
>             <interface>wan</interface>
>             <direction>out</direction>
>             <source>
>                 <any/>
>             </source>
>             <destination>
>                 <any/>
>                 <port>53</port>
>             </destination>
>             <protocol>udp</protocol>
>         </rule>
>         <rule>
>             <interface>wan</interface>
>             <protocol>tcp</protocol>
>             <source>
>                 <any/>
>             </source>
>             <destination>
>                 <any/>
>             </destination>
>             <direction>out</direction>
>             <iplen/>
>             <iptos/>
>             <tcpflags/>
>             <descr>m_Catch-All TCP Upload</descr>
>             <targetqueue>3</targetqueue>
>         </rule>
>         <rule>
>             <interface>wan</interface>
>             <protocol>udp</protocol>
>             <source>
>                 <any/>
>             </source>
>             <destination>
>                 <any/>
>             </destination>
>             <direction>in</direction>
>             <iplen>0-100</iplen>
>             <iptos/>
>             <tcpflags/>
>             <descr>m_Small UDP Pkt Download</descr>
>             <targetqueue>7</targetqueue>
>         </rule>
>         <rule>
>             <interface>wan</interface>
>             <protocol>tcp</protocol>
>             <source>
>                 <any/>
>             </source>
>             <destination>
>                 <any/>
>             </destination>
>             <direction>in</direction>
>             <iplen/>
>             <iptos/>
>             <tcpflags/>
>             <descr>m_Catch-All Download</descr>
>             <targetqueue>5</targetqueue>
>         </rule>
>         <magic>
>             <p2plow/>
>             <maskq/>
>             <maxup>768</maxup>
>             <maxdown>8000</maxdown>
>         </magic>
>     </shaper>
>     <captiveportal>
>         <user>
>             <name>qqq</name>

>             <expirationdate/>
>             <password>xxxxx</password>
>         </user>
>         <passthrumac>
>          .... approx 25 entries removed for sequrity reasons
>         </passthrumac>
>         <interface>lan</interface>
>         <maxproc/>
>         <timeout/>
>         <idletimeout>30</idletimeout>
>         <auth_method>local</auth_method>
>         <reauthenticateacct/>
>         <httpsname/>
>         <certificate/>
>         <private-key/>
>         <redirurl/>
>         <radiusip/>
>         <radiusip2/>
>         <radiusport/>
>         <radiusport2/>
>         <radiusacctport/>
>         <radiuskey/>
>         <radiuskey2/>
>         <radiusvendor>default</radiusvendor>
>     </captiveportal>
> </m0n0wall>
> 
> 
> 
> BR

> 
> 
> 
> 
> 
>> From: "James W. McKeand" <james at mckeand dot biz>
>> To: <m0n0wall at lists dot m0n0 dot ch>
>> Subject: RE: [m0n0wall] Version 1.22 freeze
>> Date: Mon, 12 Jun 2006 09:11:53 -0500
>> 
>> Soren Vanggaard Jensen wrote:
>>> Hi,
>>> 
>>> This issues has been brought up before. Monowall/freebsd seems to
>>> have a bug that may cause a sporadic total OS freeze/lockup. I'm
>>> bringing this up again because i have an installation running
>>> monowall version 1.22, which freezes solid every once in a while.
>>> 
>>> Initially i used a SOEKRIS net 4501 hardware platform, but the
>>> system froze approx. every 2-3 hours. I replaced the haw with a
>>> SOEKRIS net 4801 (replaced the PSU too) and have just seen a lockup
>>> after 7 days of uptime. There's nothing in the setup out of the
>>> ordinary. 
>>> 
>>> What do you suggest i should do to eliminate the problem? Could i
>>> upload a script causing the monowall to reboot every night at 4AM?
>>> Any examples of such a script?
>>> 
>>> BR.

>> 
>> Your issues may be local. I have over 70 days uptime on a net4501
>> with v1.22. What features are you using? Captive Portal, PPTP, IPSec?
>> 
>> _________________________________
>> James W. McKeand