Hello.
I am having a problem with getting DMZ to work. I can access my web
server from the inside, but not from the outside. I've done everything
the DMZ manual said to do.
The IP of the server is 192.168.0.2, external IP is 193.138.45.81, my
computer is 10.1.0.45
P.S. Could it stop working due to enabling PPTP?
m0n0wall: status
Sat Aug 26 10:21:16 CEST 2006
System uptime
10:21AM up 1:48, 0 users, load averages: 0.16, 0.06, 0.02
Interfaces
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=40<POLLING>
ether 00:40:f4:77:24:6b
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
fxp0: flags=9843<UP,BROADCAST,RUNNING,SIMPLEX,LINK0,MULTICAST> mtu 1500
options=40<POLLING>
inet 10.1.0.1 netmask 0xffffff00 broadcast 10.1.0.255
ether 00:90:27:36:6a:83
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
xl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=1<RXCSUM>
inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255
ether 00:10:4b:06:8a:0d
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet 127.0.0.1 netmask 0xff000000
ng0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> mtu 1492
inet 193.138.45.81 --> 193.138.34.254 netmask 0xffffffff
ng1: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> mtu 1500
ng2: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> mtu 1500
ng3: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> mtu 1500
ng4: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> mtu 1500
ng5: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> mtu 1500
ng6: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> mtu 1500
ng7: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> mtu 1500
ng8: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> mtu 1500
ng9: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> mtu 1500
ng10: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> mtu 1500
ng11: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> mtu 1500
ng12: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> mtu 1500
ng13: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> mtu 1500
ng14: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> mtu 1500
ng15: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> mtu 1500
ng16: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> mtu 1500
Routing tables
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 193.138.34.254 UGSc 4 5637 ng0
10.1/24 link#2 UC 2 0 fxp0
10.1.0.45 00:03:0d:0e:54:48 UHLW 12 11543 fxp0 766
10.1.0.55 00:0d:56:39:f1:cd UHLW 0 186 fxp0 981
127.0.0.1 127.0.0.1 UH 0 308 lo0
192.168.0 link#3 UC 1 0 xl0
192.168.0.2 00:80:ad:72:d8:d9 UHLW 2 2970 xl0 406
193.138.34.254 193.138.45.81 UH 4 0 ng0
193.138.45.81 lo0 UHS 0 0 lo0
ipfw show
ipfw: getsockopt(IP_FW_GET): Protocol not available
ipnat -lv
List of active MAP/Redirect filters:
map ng0 10.1.0.0/24 -> 0.0.0.0/32 proxy port ftp ftp/tcp
map ng0 10.1.0.0/24 -> 0.0.0.0/32 portmap tcp/udp auto
map ng0 10.1.0.0/24 -> 0.0.0.0/32
map ng0 192.168.0.0/24 -> 0.0.0.0/32 proxy port ftp ftp/tcp
map ng0 192.168.0.0/24 -> 0.0.0.0/32 portmap tcp/udp auto
map ng0 192.168.0.0/24 -> 0.0.0.0/32
List of active sessions:
MAP 10.1.0.45 2808 <- -> 193.138.45.81 12400 [66.249.93.99 80]
age 17968 use 0 sumd 0xa26/0xa26 pr 6 bkt 1919/686 flags 1 drop 0/0
ifp ng0 bytes 5644 pkts 21
MAP 10.1.0.45 2806 <- -> 193.138.45.81 12398 [212.58.226.29 80]
age 380 use 0 sumd 0xa26/0xa26 pr 6 bkt 1596/363 flags 1 drop 0/0
ifp ng0 bytes 1489 pkts 11
MAP 10.1.0.45 2805 <- -> 193.138.45.81 12397 [213.250.2.95 80]
age 440 use 0 sumd 0xa26/0xa26 pr 6 bkt 1256/23 flags 1 drop 0/0
ifp ng0 bytes 16020 pkts 28
MAP 10.1.0.45 2788 <- -> 193.138.45.81 12380 [66.249.91.83 80]
age 379 use 0 sumd 0xa26/0xa26 pr 6 bkt 701/1515 flags 1 drop 0/0
ifp ng0 bytes 1735 pkts 9
MAP 10.1.0.45 2784 <- -> 193.138.45.81 12376 [66.249.85.104 80]
age 17969 use 0 sumd 0xa26/0xa26 pr 6 bkt 1562/329 flags 1 drop 0/0
ifp ng0 bytes 28899 pkts 86
MAP 10.1.0.45 2783 <- -> 193.138.45.81 12375 [66.249.93.99 80]
age 17999 use 0 sumd 0xa26/0xa26 pr 6 bkt 1660/427 flags 1 drop 0/0
ifp ng0 bytes 24868 pkts 70
MAP 10.1.0.45 2781 <- -> 193.138.45.81 12373 [212.58.226.29 80]
age 230 use 0 sumd 0xa26/0xa26 pr 6 bkt 1337/104 flags 1 drop 0/0
ifp ng0 bytes 1490 pkts 11
MAP 10.1.0.45 2780 <- -> 193.138.45.81 12372 [213.250.2.95 80]
age 290 use 0 sumd 0xa26/0xa26 pr 6 bkt 997/1811 flags 1 drop 0/0
ifp ng0 bytes 16020 pkts 28
MAP 10.1.0.45 2779 <- -> 193.138.45.81 12371 [212.58.226.29 80]
age 80 use 0 sumd 0xa26/0xa26 pr 6 bkt 825/1639 flags 1 drop 0/0
ifp ng0 bytes 18929 pkts 30
MAP 10.1.0.45 2778 <- -> 193.138.45.81 12370 [213.250.2.95 80]
age 140 use 0 sumd 0xa26/0xa26 pr 6 bkt 485/1299 flags 1 drop 0/0
ifp ng0 bytes 16020 pkts 28
MAP 10.1.0.45 2777 <- -> 193.138.45.81 12369 [66.249.91.83 80]
age 139 use 0 sumd 0xa26/0xa26 pr 6 bkt 1979/746 flags 1 drop 0/0
ifp ng0 bytes 1735 pkts 9
MAP 10.1.0.45 2776 <- -> 193.138.45.81 12368 [66.249.91.18 80]
age 17950 use 0 sumd 0xa26/0xa26 pr 6 bkt 1333/100 flags 1 drop 0/0
ifp ng0 bytes 12948 pkts 41
MAP 192.168.0.2 123 <- -> 193.138.45.81 1651 [193.2.1.92 123]
age 566 use 0 sumd 0x3429/0x3429 pr 17 bkt 1059/111 flags 2 drop 0/0
ifp ng0 bytes 152 pkts 2
MAP 192.168.0.2 123 <- -> 193.138.45.81 1651 [193.2.1.66 123]
age 538 use 0 sumd 0x3429/0x3429 pr 17 bkt 903/2002 flags 2 drop 0/0
ifp ng0 bytes 152 pkts 2
MAP 10.1.0.45 2773 <- -> 193.138.45.81 12365 [66.249.85.104 80]
age 170 use 0 sumd 0xa26/0xa26 pr 6 bkt 793/1607 flags 1 drop 0/0
ifp ng0 bytes 1748 pkts 12
MAP 10.1.0.45 2772 <- -> 193.138.45.81 12364 [66.249.93.104 80]
age 170 use 0 sumd 0xa26/0xa26 pr 6 bkt 921/1735 flags 1 drop 0/0
ifp ng0 bytes 1692 pkts 12
MAP 10.1.0.45 2761 <- -> 193.138.45.81 12605 [66.249.91.18 80]
age 430 use 0 sumd 0xb22/0xb22 pr 6 bkt 1587/1378 flags 1 drop 0/0
ifp ng0 bytes 21954 pkts 72
MAP 10.1.0.45 2237 <- -> 193.138.45.81 12585 [63.245.209.21 80]
age 17870 use 0 sumd 0xd1a/0xd1a pr 6 bkt 1121/913 flags 1 drop 0/0
ifp ng0 bytes 73158 pkts 249
MAP 10.1.0.45 2211 <- -> 193.138.45.81 12559 [207.46.24.27 1863]
age 17961 use 0 sumd 0xd1a/0xd1a pr 6 bkt 62/1901 flags 1 drop 0/0
ifp ng0 bytes 33307 pkts 533
MAP 10.1.0.55 1159 <- -> 193.138.45.81 15035 [66.102.11.125 443]
age 17950 use 0 sumd 0x1ad8/0x1ad8 pr 6 bkt 2004/1774 flags 1 drop 0/0
ifp ng0 bytes 27370 pkts 243
List of active host mappings:
192.168.0.2 -> 0.0.0.0 (use = 2 hv = 221)
10.1.0.45 -> 0.0.0.0 (use = 3 hv = 446)
10.1.0.45 -> 0.0.0.0 (use = 12 hv = 446)
10.1.0.45 -> 0.0.0.0 (use = 1 hv = 446)
10.1.0.45 -> 0.0.0.0 (use = 1 hv = 446)
10.1.0.55 -> 0.0.0.0 (use = 1 hv = 486)
ipfstat -v
opts 0x40 name /dev/ipl
IPv6 packets: in 0 out 0
input packets: blocked 98 passed 19165 nomatch 0 counted 0 short 0
output packets: blocked 0 passed 20863 nomatch 0 counted 0 short 0
input packets logged: blocked 98 passed 3
output packets logged: blocked 0 passed 0
packets logged: input 0 output 0
log failures: input 0 output 0
fragment state(in): kept 0 lost 0 not fragmented 0
fragment state(out): kept 0 lost 0 not fragmented 0
packet state(in): kept 1162 lost 0
packet state(out): kept 34 lost 0
ICMP replies: 0 TCP RSTs sent: 0
Invalid source(in): 0
Result cache hits(in): 47 (out): 0
IN Pullups succeeded: 0 failed: 0
OUT Pullups succeeded: 0 failed: 0
Fastroute successes: 0 failures: 0
TCP cksum fails(in): 0 (out): 0
Packet log flags set: (0)
none
ipfstat -nio
@1 pass out quick on lo0 from any to any
@2 pass out quick on fxp0 proto udp from 10.1.0.1/32 port = 67 to any port = 68
@3 pass out quick on ng0 proto udp from any port = 68 to any port = 67
@4 pass out quick on fxp0 from any to any keep state
@5 pass out quick on ng0 from any to any keep state
@6 pass out quick on xl0 from any to any keep state
@7 block out log quick from any to any
@1 pass in quick on lo0 from any to any
@2 block in log quick from any to any with short
@3 block in log quick from any to any with ipopt
@4 pass in quick on fxp0 proto udp from any port = 68 to
255.255.255.255/32 port = 67
@5 pass in quick on fxp0 proto udp from any port = 68 to 10.1.0.1/32 port = 67
@6 block in log quick on ng0 from 10.1.0.0/24 to any
@7 block in log quick on ng0 from 192.168.0.0/24 to any
@8 block in log quick on ng0 proto udp from any port = 67 to
10.1.0.0/24 port = 68
@9 pass in quick on ng0 proto udp from any port = 67 to any port = 68
@10 block in log quick on fxp0 from !10.1.0.0/24 to any
@11 block in log quick on xl0 from !192.168.0.0/24 to any
@12 block in log quick on ng0 from 10.0.0.0/8 to any
@13 block in log quick on ng0 from 127.0.0.0/8 to any
@14 block in log quick on ng0 from 172.16.0.0/12 to any
@15 block in log quick on ng0 from 192.168.0.0/16 to any
@16 skip 1 in proto tcp from any to any flags S/FSRA
@17 block in log quick proto tcp from any to any
@18 block in log quick on fxp0 from any to any head 100
@1 pass in quick from 10.1.0.0/24 to 10.1.0.1/32 keep state group 100
@2 pass in quick from 10.1.0.0/24 to any keep state group 100
@19 block in log quick on ng0 from any to any head 200
@1 pass in quick proto gre from any to 193.138.45.81/32 keep state group 200
@2 pass in quick proto tcp from any to 193.138.45.81/32 port = 1723
keep state group 200
@3 pass in log first quick proto tcp from any to 192.168.0.2/32 port =
80 keep state group 200
@4 pass in quick proto tcp/udp from any to 10.1.0.45/32 port = 6346
keep state group 200
@5 pass in quick proto tcp/udp from any to 10.1.0.56/32 port = 6347
keep state group 200
@20 block in log quick on xl0 from any to any head 300
@1 pass in log first quick proto tcp from any to 193.138.45.81/32 port
= 80 keep state group 300
@2 pass in quick from 192.168.0.0/24 to !10.1.0.0/24 keep state group 300
@21 block in log quick from any to any
unparsed ipnat rules
map ng0 10.1.0.0/24 -> 0/32 proxy port ftp ftp/tcp
map ng0 10.1.0.0/24 -> 0/32 portmap tcp/udp auto
map ng0 10.1.0.0/24 -> 0/32
map ng0 192.168.0.0/24 -> 0/32 proxy port ftp ftp/tcp
map ng0 192.168.0.0/24 -> 0/32 portmap tcp/udp auto
map ng0 192.168.0.0/24 -> 0/32
map ng0 /28 -> 0/32 proxy port ftp ftp/tcp
map ng0 /28 -> 0/32 portmap tcp/udp auto
map ng0 /28 -> 0/32
rdr ng0 0/0 port 6346 -> 10.1.0.45 port 6346 tcp/udp
rdr ng0 0/0 port 6347 -> 10.1.0.56 port 6347 tcp/udp
rdr ng0 0/0 port 80 -> 192.168.0.2 port 80 tcp
unparsed ipfilter rules
# loopback
pass in quick on lo0 all
pass out quick on lo0 all
# block short packets
block in log quick all with short
# block IP options
block in log quick all with ipopts
# allow access to DHCP server on LAN
pass in quick on fxp0 proto udp from any port = 68 to 255.255.255.255 port = 67
pass in quick on fxp0 proto udp from any port = 68 to 10.1.0.1 port = 67
pass out quick on fxp0 proto udp from 10.1.0.1 port = 67 to any port = 68
# WAN spoof check
block in log quick on ng0 from 10.1.0.0/24 to any
block in log quick on ng0 from 192.168.0.0/24 to any
# allow our DHCP client out to the WAN
# XXX - should be more restrictive
# (not possible at the moment - need 'me' like in ipfw)
pass out quick on ng0 proto udp from any port = 68 to any port = 67
block in log quick on ng0 proto udp from any port = 67 to 10.1.0.0/24 port = 68
pass in quick on ng0 proto udp from any port = 67 to any port = 68
# LAN/OPT spoof check (needs to be after DHCP because of broadcast addresses)
block in log quick on fxp0 from ! 10.1.0.0/24 to any
block in log quick on xl0 from ! 192.168.0.0/24 to any
# block anything from private networks on WAN interface
block in log quick on ng0 from 10.0.0.0/8 to any
block in log quick on ng0 from 127.0.0.0/8 to any
block in log quick on ng0 from 172.16.0.0/12 to any
block in log quick on ng0 from 192.168.0.0/16 to any
# Block TCP packets that do not mark the start of a connection
skip 1 in proto tcp all flags S/SAFR
block in log quick proto tcp all
#---------------------------------------------------------------------------
# group head 100 - LAN interface
#---------------------------------------------------------------------------
block in log quick on fxp0 all head 100
# let out anything from the firewall host itself and decrypted IPsec traffic
pass out quick on fxp0 all keep state
#---------------------------------------------------------------------------
# group head 200 - WAN interface
#---------------------------------------------------------------------------
block in log quick on ng0 all head 200
# let out anything from the firewall host itself and decrypted IPsec traffic
pass out quick on ng0 all keep state
#---------------------------------------------------------------------------
# group head 300 - opt1 interface
#---------------------------------------------------------------------------
block in log quick on xl0 all head 300
# let out anything from the firewall host itself and decrypted IPsec traffic
pass out quick on xl0 all keep state
# make sure the user cannot lock himself out of the webGUI
pass in quick from 10.1.0.0/24 to 10.1.0.1 keep state group 100
# PPTP rules
pass in quick proto gre from any to 193.138.45.81 keep state group 200
pass in quick proto tcp from any to 193.138.45.81 port = 1723 keep
state group 200
# User-defined rules follow
pass in log first quick proto tcp from any to 192.168.0.2 port = 80
keep state group 200
pass in quick proto tcp/udp from any to 10.1.0.45 port = 6346 keep
state group 200
pass in quick proto tcp/udp from any to 10.1.0.56 port = 6347 keep
state group 200
pass in quick on ng1 proto tcp from any to any keep state
pass in quick on ng2 proto tcp from any to any keep state
pass in quick on ng3 proto tcp from any to any keep state
pass in quick on ng4 proto tcp from any to any keep state
pass in quick on ng5 proto tcp from any to any keep state
pass in quick on ng6 proto tcp from any to any keep state
pass in quick on ng7 proto tcp from any to any keep state
pass in quick on ng8 proto tcp from any to any keep state
pass in quick on ng9 proto tcp from any to any keep state
pass in quick on ng10 proto tcp from any to any keep state
pass in quick on ng11 proto tcp from any to any keep state
pass in quick on ng12 proto tcp from any to any keep state
pass in quick on ng13 proto tcp from any to any keep state
pass in quick on ng14 proto tcp from any to any keep state
pass in quick on ng15 proto tcp from any to any keep state
pass in quick on ng16 proto tcp from any to any keep state
pass in quick from 192.168.0.0/24 to !10.1.0.0/24 keep state group 300
pass in quick from 10.1.0.0/24 to any keep state group 100
#---------------------------------------------------------------------------
# default rules (just to be sure)
#---------------------------------------------------------------------------
block in log quick all
block out log quick all
unparsed ipfw rules
add 50000 set 4 pass all from 10.1.0.1 to any
add 50001 set 4 pass all from any to 10.1.0.1
resolv.conf
domain jjakob.dyndns.org
nameserver 212.93.226.5
nameserver 212.93.226.6
Processes
USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND
root 1121 35.0 8.1 7168 6564 ?? SN 10:21AM 0:00.36
/usr/local/bin/php status.php
root 1143 0.0 1.1 1332 876 ?? SN 10:21AM 0:00.01 sh -c ps
xauww 2>&1
root 1122 0.0 1.6 2256 1268 ?? S 10:21AM 0:00.01
/usr/local/sbin/mini_httpd -c **.php|**.cgi -u root -maxproc 16 -i
/var/run/mini_httpd.pid
root 545 0.0 1.0 1036 768 ?? SNs 8:56AM 0:00.17
/usr/sbin/syslogd -s -f /var/etc/syslog.conf
nobody 480 0.0 1.0 1020 788 ?? IN 8:44AM 0:00.08
/usr/local/sbin/dnsmasq
root 384 0.0 1.0 1104 824 ?? I 8:34AM 0:00.01
/usr/local/bin/msntp -r -P no -l /var/run/msntp.pid -x 300
ntp1.arnes.si
root 133 0.0 1.1 1336 888 ?? I 8:32AM 0:00.01 /bin/sh
/etc/rc.initial console
root 112 0.0 1.8 2436 1464 ?? Is 8:32AM 0:00.10
/usr/local/sbin/mpd -b -d /var/etc/mpd-vpn -p /var/run/mpd-vpn.pid
pptpd
root 108 0.0 1.0 1332 840 con- I 8:32AM 0:00.14 /bin/sh
/usr/local/bin/runmsntp.sh /var/run/runmsntp.pid /var/run/msntp.pid
300 ntp1.arnes.si
root 104 0.0 1.5 1544 1244 con- S 8:32AM 0:00.52
/usr/local/sbin/snmpd -c /var/etc/snmpd.conf -P /var/run/snmpd.pid
root 101 0.0 0.9 952 684 con- I 8:32AM 0:00.01
/usr/local/bin/ez-ipupdate -c /var/etc/ez-ipupdate.conf
root 94 0.0 1.5 2248 1224 ?? Ss 8:32AM 0:00.17
/usr/local/sbin/mini_httpd -c **.php|**.cgi -u root -maxproc 16 -i
/var/run/mini_httpd.pid
root 86 0.0 1.5 1456 1224 ?? Ss 8:32AM 0:00.26 /sbin/ipmon -sD
root 73 0.0 1.7 2256 1348 ?? Ss 8:32AM 0:00.35
/usr/local/sbin/mpd -b -d /var/etc -p /var/run/mpd.pid pppoe
root 9 0.0 0.0 0 0 ?? DL 8:32AM 0:00.05 (vnlru)
root 8 0.0 0.0 0 0 ?? DL 8:32AM 0:00.10 (syncer)
root 7 0.0 0.0 0 0 ?? DL 8:32AM 0:00.05 (bufdaemon)
root 6 0.0 0.0 0 0 ?? DL 8:32AM 0:00.01 (pagedaemon)
root 5 0.0 0.0 0 0 ?? DL 8:32AM 0:00.00 (usbtask)
root 4 0.0 0.0 0 0 ?? DL 8:32AM 0:00.00 (usb0)
root 3 0.0 0.0 0 0 ?? DL 8:32AM 0:00.00 (taskqueue)
root 2 0.0 0.0 0 0 ?? DL 8:32AM 0:00.00 (cryptoret)
root 1 0.0 0.9 1060 696 ?? SLs 8:32AM 0:00.03 /sbin/init --
root 1144 0.0 0.8 1080 676 ?? RN 10:21AM 0:00.00 ps xauww
root 0 0.0 0.0 0 0 ?? DLs 8:32AM 0:00.00 (swapper)
dhcpd.conf
cat: /var/etc/dhcpd.conf: No such file or directory
ez-ipupdate.cache
1156287028,193.138.45.81
df
Filesystem 512-blocks Used Avail Capacity Mounted on
/dev/md0c 21758 20166 1592 93% /
procfs 8 8 0 100% /proc
/dev/ad0a 13822 11124 2698 80% /cf
racoon.conf
cat: /var/etc/racoon.conf: No such file or directory
SPD
No SPD entries.
SAD
No SAD entries.
last 200 system log entries
(this really is not neccessary, it only shows messages about PPPoE connecting)
last 50 (10) filter log entries
Aug 26 08:36:17 wall ipmon[86]: 08:36:17.036824 ng0 @0:17 b
63.245.209.21,80 -> 193.138.45.81,12477 PR tcp len 20 40 -AF IN
Aug 26 08:36:19 wall ipmon[86]: 08:36:19.046806 ng0 @0:17 b
63.245.209.21,80 -> 193.138.45.81,12477 PR tcp len 20 40 -AF IN
Aug 26 08:36:23 wall ipmon[86]: 08:36:23.058616 ng0 @0:17 b
63.245.209.21,80 -> 193.138.45.81,12477 PR tcp len 20 40 -AF IN
Aug 26 08:36:31 wall ipmon[86]: 08:36:31.067866 ng0 @0:17 b
63.245.209.21,80 -> 193.138.45.81,12477 PR tcp len 20 40 -AF IN
Aug 26 08:38:16 wall ipmon[86]: 08:38:16.300243 ng0 @0:19 b
24.155.40.246,42884 -> 193.138.45.81,80 PR tcp len 20 60 -S IN
Aug 26 08:38:19 wall ipmon[86]: 08:38:19.299474 ng0 @0:19 b
24.155.40.246,42884 -> 193.138.45.81,80 PR tcp len 20 60 -S IN
Aug 26 08:38:25 wall ipmon[86]: 08:38:25.299409 ng0 @0:19 b
24.155.40.246,42884 -> 193.138.45.81,80 PR tcp len 20 60 -S IN
Aug 26 08:38:37 wall ipmon[86]: 08:38:37.299789 ng0 @0:19 b
24.155.40.246,42884 -> 193.138.45.81,80 PR tcp len 20 60 -S IN
Aug 26 08:38:39 wall ipmon[86]: 08:38:39.694937 ng0 @0:19 b
204.16.209.59,32890 -> 193.138.45.81,1026 PR udp len 20 442 IN
Aug 26 08:38:39 wall ipmon[86]: 08:38:39.698803 ng0 @0:19 b
204.16.209.59,32892 -> 193.138.45.81,1027 PR udp len 20 442 IN
(this is a shortened output because of size, but it can still clearly
be seen that the 4 HTTP requests have been blocked by rule @0:19)
ls /conf
config.xml
ez-ipupdate.cache
ls /var/run
dev.db
dnsmasq.dirty
dnsmasq.pid
ez-ipupdate.pid
filter.conf.dirty
htpasswd
ipmon.pid
ld-elf.so.hints
log
mini_httpd.pid
mpd-vpn.pid
mpd.pid
msntp.pid
runmsntp.pid
snmpd.pid
syslog.pid
utmp
config.xml
<?xml version="1.0"?>
<m0n0wall>
<version>1.6</version>
<lastchange>1156580454</lastchange>
<system>
<hostname>wall</hostname>
<domain>jjakob.dyndns.org</domain>
<dnsallowoverride/>
<username>admin</username>
<password>xxxxx</password>
<timezone>Europe/Ljubljana</timezone>
<time-update-interval>300</time-update-interval>
<timeservers>ntp1.arnes.si</timeservers>
<webgui>
<protocol>http</protocol>
<port/>
<certificate/>
<private-key/>
<expanddiags/>
</webgui>
<harddiskstandby>5</harddiskstandby>
<notes>OTYgTUIgUkFNDQozMzMgTUh6IENFTEVST04=</notes>
</system>
<interfaces>
<lan>
<if>fxp0</if>
<ipaddr>10.1.0.1</ipaddr>
<subnet>24</subnet>
<media/>
<mediaopt/>
</lan>
<wan>
<if>rl0</if>
<mtu/>
<blockpriv/>
<media/>
<mediaopt/>
<spoofmac/>
<ipaddr>pppoe</ipaddr>
</wan>
<opt1>
<if>xl0</if>
<descr>DMZ</descr>
<ipaddr>192.168.0.1</ipaddr>
<subnet>24</subnet>
<bridge/>
<enable/>
</opt1>
</interfaces>
<staticroutes/>
<pppoe>
<username>*******@dsl.*********</username>
<password>xxxxx</password>
<provider/>
<timeout/>
</pppoe>
<pptp/>
<bigpond/>
<dyndns>
<type>dyndns-static</type>
<username>*********</username>
<password>xxxxx</password>
<host>jjakob.dyndns.org</host>
<mx/>
<server/>
<port/>
<enable/>
<wildcard/>
</dyndns>
<dnsupdate>
<host/>
<ttl>60</ttl>
<keyname/>
<keydata/>
</dnsupdate>
<dhcpd>
<lan>
<range>
<from>192.168.1.100</from>
<to>192.168.1.199</to>
</range>
</lan>
</dhcpd>
<pptpd>
<mode>server</mode>
<redir/>
<localip>192.168.0.234</localip>
<remoteip/>
<radius>
<server/>
<secret/>
</radius>
<req128/>
<user>
<name>*******</name>
<ip/>
<password>xxxxx</password>
</user>
</pptpd>
<dnsmasq>
<enable/>
</dnsmasq>
<snmpd>
<syslocation/>
<syscontact/>
<rocommunity>public</rocommunity>
<enable/>
</snmpd>
<diag>
<ipv6nat>
<ipaddr/>
</ipv6nat>
</diag>
<bridge/>
<syslog>
<reverse/>
<nentries>50</nentries>
<remoteserver>10.1.0.45</remoteserver>
<filter/>
<system/>
<enable/>
<vpn/>
<rawfilter/>
</syslog>
<nat>
<rule>
<protocol>tcp/udp</protocol>
<external-port>6346</external-port>
<target>10.1.0.45</target>
<local-port>6346</local-port>
<interface>wan</interface>
<descr>gnutella jernej</descr>
</rule>
<rule>
<protocol>tcp/udp</protocol>
<external-port>6347</external-port>
<target>10.1.0.56</target>
<local-port>6347</local-port>
<interface>wan</interface>
<descr>gnutella silvo</descr>
</rule>
<rule>
<protocol>tcp</protocol>
<external-port>80</external-port>
<target>192.168.0.2</target>
<local-port>80</local-port>
<interface>wan</interface>
<descr>www</descr>
</rule>
<advancedoutbound/>
</nat>
<filter>
<rule>
<type>pass</type>
<interface>wan</interface>
<protocol>tcp</protocol>
<source>
<any/>
</source>
<destination>
<address>192.168.0.2</address>
<port>80</port>
</destination>
<log/>
<descr>NAT www</descr>
</rule>
<rule>
<type>pass</type>
<interface>wan</interface>
<protocol>tcp/udp</protocol>
<source>
<any/>
</source>
<destination>
<address>10.1.0.45</address>
<port>6346</port>
</destination>
<descr/>
</rule>
<rule>
<type>pass</type>
<interface>wan</interface>
<protocol>tcp/udp</protocol>
<source>
<any/>
</source>
<destination>
<address>10.1.0.56</address>
<port>6347</port>
</destination>
<descr/>
</rule>
<rule>
<type>pass</type>
<interface>pptp</interface>
<protocol>tcp</protocol>
<source>
<any/>
</source>
<destination>
<any/>
</destination>
<descr>Default PPTP -> any</descr>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<source>
<network>opt1</network>
</source>
<destination>
<network>lan</network>
<not/>
</destination>
<descr>allow DMZ anywhere but to LAN</descr>
</rule>
<rule>
<type>pass</type>
<descr>Default LAN -> any</descr>
<interface>lan</interface>
<source>
<network>lan</network>
</source>
<destination>
<any/>
</destination>
</rule>
<tcpidletimeout/>
</filter>
<ipsec/>
<aliases/>
<proxyarp/>
<wol/>
<vlans/>
<shaper>
<magic>
<p2plow/>
<maxup>256</maxup>
<maxdown>1000</maxdown>
</magic>
</shaper>
</m0n0wall> |
