[ previous ] [ next ] [ threads ]
 
 From:  "Jernej Jakob" <jernej dot jakob at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Web server not working from the outside
 Date:  Sat, 26 Aug 2006 13:07:07 +0200
Hello.

I am having a problem with getting DMZ to work. I can access my web
server from the inside, but not from the outside. I've done everything
the DMZ manual said to do.
The IP of the server is 192.168.0.2, external IP is 193.138.45.81, my
computer is 10.1.0.45

P.S. Could it stop working due to enabling PPTP?

m0n0wall: status
Sat Aug 26 10:21:16 CEST 2006


System uptime

10:21AM  up  1:48, 0 users, load averages: 0.16, 0.06, 0.02

Interfaces

rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
       options=40<POLLING>
       ether 00:40:f4:77:24:6b
       media: Ethernet autoselect (100baseTX <full-duplex>)
       status: active
fxp0: flags=9843<UP,BROADCAST,RUNNING,SIMPLEX,LINK0,MULTICAST> mtu 1500
       options=40<POLLING>
       inet 10.1.0.1 netmask 0xffffff00 broadcast 10.1.0.255
       ether 00:90:27:36:6a:83
       media: Ethernet autoselect (100baseTX <full-duplex>)
       status: active
xl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
       options=1<RXCSUM>
       inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255
       ether 00:10:4b:06:8a:0d
       media: Ethernet autoselect (100baseTX <full-duplex>)
       status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
       inet 127.0.0.1 netmask 0xff000000
ng0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> mtu 1492
       inet 193.138.45.81 --> 193.138.34.254 netmask 0xffffffff
ng1: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> mtu 1500
ng2: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> mtu 1500
ng3: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> mtu 1500
ng4: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> mtu 1500
ng5: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> mtu 1500
ng6: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> mtu 1500
ng7: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> mtu 1500
ng8: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> mtu 1500
ng9: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> mtu 1500
ng10: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> mtu 1500
ng11: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> mtu 1500
ng12: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> mtu 1500
ng13: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> mtu 1500
ng14: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> mtu 1500
ng15: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> mtu 1500
ng16: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> mtu 1500

Routing tables

Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            193.138.34.254     UGSc        4     5637    ng0
10.1/24            link#2             UC          2        0   fxp0
10.1.0.45          00:03:0d:0e:54:48  UHLW       12    11543   fxp0    766
10.1.0.55          00:0d:56:39:f1:cd  UHLW        0      186   fxp0    981
127.0.0.1          127.0.0.1          UH          0      308    lo0
192.168.0          link#3             UC          1        0    xl0
192.168.0.2        00:80:ad:72:d8:d9  UHLW        2     2970    xl0    406
193.138.34.254     193.138.45.81      UH          4        0    ng0
193.138.45.81      lo0                UHS         0        0    lo0

ipfw show

ipfw: getsockopt(IP_FW_GET): Protocol not available

ipnat -lv

List of active MAP/Redirect filters:
map ng0 10.1.0.0/24 -> 0.0.0.0/32 proxy port ftp ftp/tcp
map ng0 10.1.0.0/24 -> 0.0.0.0/32 portmap tcp/udp auto
map ng0 10.1.0.0/24 -> 0.0.0.0/32
map ng0 192.168.0.0/24 -> 0.0.0.0/32 proxy port ftp ftp/tcp
map ng0 192.168.0.0/24 -> 0.0.0.0/32 portmap tcp/udp auto
map ng0 192.168.0.0/24 -> 0.0.0.0/32

List of active sessions:
MAP 10.1.0.45       2808  <- -> 193.138.45.81   12400 [66.249.93.99 80]
       age 17968 use 0 sumd 0xa26/0xa26 pr 6 bkt 1919/686 flags 1 drop 0/0
       ifp ng0 bytes 5644 pkts 21
MAP 10.1.0.45       2806  <- -> 193.138.45.81   12398 [212.58.226.29 80]
       age 380 use 0 sumd 0xa26/0xa26 pr 6 bkt 1596/363 flags 1 drop 0/0
       ifp ng0 bytes 1489 pkts 11
MAP 10.1.0.45       2805  <- -> 193.138.45.81   12397 [213.250.2.95 80]
       age 440 use 0 sumd 0xa26/0xa26 pr 6 bkt 1256/23 flags 1 drop 0/0
       ifp ng0 bytes 16020 pkts 28
MAP 10.1.0.45       2788  <- -> 193.138.45.81   12380 [66.249.91.83 80]
       age 379 use 0 sumd 0xa26/0xa26 pr 6 bkt 701/1515 flags 1 drop 0/0
       ifp ng0 bytes 1735 pkts 9
MAP 10.1.0.45       2784  <- -> 193.138.45.81   12376 [66.249.85.104 80]
       age 17969 use 0 sumd 0xa26/0xa26 pr 6 bkt 1562/329 flags 1 drop 0/0
       ifp ng0 bytes 28899 pkts 86
MAP 10.1.0.45       2783  <- -> 193.138.45.81   12375 [66.249.93.99 80]
       age 17999 use 0 sumd 0xa26/0xa26 pr 6 bkt 1660/427 flags 1 drop 0/0
       ifp ng0 bytes 24868 pkts 70
MAP 10.1.0.45       2781  <- -> 193.138.45.81   12373 [212.58.226.29 80]
       age 230 use 0 sumd 0xa26/0xa26 pr 6 bkt 1337/104 flags 1 drop 0/0
       ifp ng0 bytes 1490 pkts 11
MAP 10.1.0.45       2780  <- -> 193.138.45.81   12372 [213.250.2.95 80]
       age 290 use 0 sumd 0xa26/0xa26 pr 6 bkt 997/1811 flags 1 drop 0/0
       ifp ng0 bytes 16020 pkts 28
MAP 10.1.0.45       2779  <- -> 193.138.45.81   12371 [212.58.226.29 80]
       age 80 use 0 sumd 0xa26/0xa26 pr 6 bkt 825/1639 flags 1 drop 0/0
       ifp ng0 bytes 18929 pkts 30
MAP 10.1.0.45       2778  <- -> 193.138.45.81   12370 [213.250.2.95 80]
       age 140 use 0 sumd 0xa26/0xa26 pr 6 bkt 485/1299 flags 1 drop 0/0
       ifp ng0 bytes 16020 pkts 28
MAP 10.1.0.45       2777  <- -> 193.138.45.81   12369 [66.249.91.83 80]
       age 139 use 0 sumd 0xa26/0xa26 pr 6 bkt 1979/746 flags 1 drop 0/0
       ifp ng0 bytes 1735 pkts 9
MAP 10.1.0.45       2776  <- -> 193.138.45.81   12368 [66.249.91.18 80]
       age 17950 use 0 sumd 0xa26/0xa26 pr 6 bkt 1333/100 flags 1 drop 0/0
       ifp ng0 bytes 12948 pkts 41
MAP 192.168.0.2     123   <- -> 193.138.45.81   1651  [193.2.1.92 123]
       age 566 use 0 sumd 0x3429/0x3429 pr 17 bkt 1059/111 flags 2 drop 0/0
       ifp ng0 bytes 152 pkts 2
MAP 192.168.0.2     123   <- -> 193.138.45.81   1651  [193.2.1.66 123]
       age 538 use 0 sumd 0x3429/0x3429 pr 17 bkt 903/2002 flags 2 drop 0/0
       ifp ng0 bytes 152 pkts 2
MAP 10.1.0.45       2773  <- -> 193.138.45.81   12365 [66.249.85.104 80]
       age 170 use 0 sumd 0xa26/0xa26 pr 6 bkt 793/1607 flags 1 drop 0/0
       ifp ng0 bytes 1748 pkts 12
MAP 10.1.0.45       2772  <- -> 193.138.45.81   12364 [66.249.93.104 80]
       age 170 use 0 sumd 0xa26/0xa26 pr 6 bkt 921/1735 flags 1 drop 0/0
       ifp ng0 bytes 1692 pkts 12
MAP 10.1.0.45       2761  <- -> 193.138.45.81   12605 [66.249.91.18 80]
       age 430 use 0 sumd 0xb22/0xb22 pr 6 bkt 1587/1378 flags 1 drop 0/0
       ifp ng0 bytes 21954 pkts 72
MAP 10.1.0.45       2237  <- -> 193.138.45.81   12585 [63.245.209.21 80]
       age 17870 use 0 sumd 0xd1a/0xd1a pr 6 bkt 1121/913 flags 1 drop 0/0
       ifp ng0 bytes 73158 pkts 249
MAP 10.1.0.45       2211  <- -> 193.138.45.81   12559 [207.46.24.27 1863]
       age 17961 use 0 sumd 0xd1a/0xd1a pr 6 bkt 62/1901 flags 1 drop 0/0
       ifp ng0 bytes 33307 pkts 533
MAP 10.1.0.55       1159  <- -> 193.138.45.81   15035 [66.102.11.125 443]
       age 17950 use 0 sumd 0x1ad8/0x1ad8 pr 6 bkt 2004/1774 flags 1 drop 0/0
       ifp ng0 bytes 27370 pkts 243

List of active host mappings:
192.168.0.2 -> 0.0.0.0 (use = 2 hv = 221)
10.1.0.45 -> 0.0.0.0 (use = 3 hv = 446)
10.1.0.45 -> 0.0.0.0 (use = 12 hv = 446)
10.1.0.45 -> 0.0.0.0 (use = 1 hv = 446)
10.1.0.45 -> 0.0.0.0 (use = 1 hv = 446)
10.1.0.55 -> 0.0.0.0 (use = 1 hv = 486)

ipfstat -v

opts 0x40 name /dev/ipl
 IPv6 packets:          in 0 out 0
 input packets:         blocked 98 passed 19165 nomatch 0 counted 0 short 0
output packets:         blocked 0 passed 20863 nomatch 0 counted 0 short 0
 input packets logged:  blocked 98 passed 3
output packets logged:  blocked 0 passed 0
 packets logged:        input 0 output 0
 log failures:          input 0 output 0
fragment state(in):     kept 0  lost 0  not fragmented 0
fragment state(out):    kept 0  lost 0  not fragmented 0
packet state(in):       kept 1162       lost 0
packet state(out):      kept 34 lost 0
ICMP replies:   0       TCP RSTs sent:  0
Invalid source(in):     0
Result cache hits(in):  47      (out):  0
IN Pullups succeeded:   0       failed: 0
OUT Pullups succeeded:  0       failed: 0
Fastroute successes:    0       failures:       0
TCP cksum fails(in):    0       (out):  0
Packet log flags set: (0)
       none

ipfstat -nio

@1 pass out quick on lo0 from any to any
@2 pass out quick on fxp0 proto udp from 10.1.0.1/32 port = 67 to any port = 68
@3 pass out quick on ng0 proto udp from any port = 68 to any port = 67
@4 pass out quick on fxp0 from any to any keep state
@5 pass out quick on ng0 from any to any keep state
@6 pass out quick on xl0 from any to any keep state
@7 block out log quick from any to any
@1 pass in quick on lo0 from any to any
@2 block in log quick from any to any with short
@3 block in log quick from any to any with ipopt
@4 pass in quick on fxp0 proto udp from any port = 68 to
255.255.255.255/32 port = 67
@5 pass in quick on fxp0 proto udp from any port = 68 to 10.1.0.1/32 port = 67
@6 block in log quick on ng0 from 10.1.0.0/24 to any
@7 block in log quick on ng0 from 192.168.0.0/24 to any
@8 block in log quick on ng0 proto udp from any port = 67 to
10.1.0.0/24 port = 68
@9 pass in quick on ng0 proto udp from any port = 67 to any port = 68
@10 block in log quick on fxp0 from !10.1.0.0/24 to any
@11 block in log quick on xl0 from !192.168.0.0/24 to any
@12 block in log quick on ng0 from 10.0.0.0/8 to any
@13 block in log quick on ng0 from 127.0.0.0/8 to any
@14 block in log quick on ng0 from 172.16.0.0/12 to any
@15 block in log quick on ng0 from 192.168.0.0/16 to any
@16 skip 1 in proto tcp from any to any flags S/FSRA
@17 block in log quick proto tcp from any to any
@18 block in log quick on fxp0 from any to any head 100
@1 pass in quick from 10.1.0.0/24 to 10.1.0.1/32 keep state group 100
@2 pass in quick from 10.1.0.0/24 to any keep state group 100
@19 block in log quick on ng0 from any to any head 200
@1 pass in quick proto gre from any to 193.138.45.81/32 keep state group 200
@2 pass in quick proto tcp from any to 193.138.45.81/32 port = 1723
keep state group 200
@3 pass in log first quick proto tcp from any to 192.168.0.2/32 port =
80 keep state group 200
@4 pass in quick proto tcp/udp from any to 10.1.0.45/32 port = 6346
keep state group 200
@5 pass in quick proto tcp/udp from any to 10.1.0.56/32 port = 6347
keep state group 200
@20 block in log quick on xl0 from any to any head 300
@1 pass in log first quick proto tcp from any to 193.138.45.81/32 port
= 80 keep state group 300
@2 pass in quick from 192.168.0.0/24 to !10.1.0.0/24 keep state group 300
@21 block in log quick from any to any

unparsed ipnat rules

map ng0 10.1.0.0/24  -> 0/32 proxy port ftp ftp/tcp
map ng0 10.1.0.0/24  -> 0/32 portmap tcp/udp auto
map ng0 10.1.0.0/24  -> 0/32
map ng0 192.168.0.0/24  -> 0/32 proxy port ftp ftp/tcp
map ng0 192.168.0.0/24  -> 0/32 portmap tcp/udp auto
map ng0 192.168.0.0/24  -> 0/32
map ng0 /28  -> 0/32 proxy port ftp ftp/tcp
map ng0 /28  -> 0/32 portmap tcp/udp auto
map ng0 /28  -> 0/32
rdr ng0 0/0 port 6346 -> 10.1.0.45 port 6346 tcp/udp
rdr ng0 0/0 port 6347 -> 10.1.0.56 port 6347 tcp/udp
rdr ng0 0/0 port 80 -> 192.168.0.2 port 80 tcp

unparsed ipfilter rules

# loopback
pass in quick on lo0 all
pass out quick on lo0 all

# block short packets
block in log quick all with short

# block IP options
block in log quick all with ipopts

# allow access to DHCP server on LAN
pass in quick on fxp0 proto udp from any port = 68 to 255.255.255.255 port = 67
pass in quick on fxp0 proto udp from any port = 68 to 10.1.0.1 port = 67
pass out quick on fxp0 proto udp from 10.1.0.1 port = 67 to any port = 68

# WAN spoof check
block in log quick on ng0 from 10.1.0.0/24 to any
block in log quick on ng0 from 192.168.0.0/24 to any

# allow our DHCP client out to the WAN
# XXX - should be more restrictive
# (not possible at the moment - need 'me' like in ipfw)
pass out quick on ng0 proto udp from any port = 68 to any port = 67
block in log quick on ng0 proto udp from any port = 67 to 10.1.0.0/24 port = 68
pass in quick on ng0 proto udp from any port = 67 to any port = 68

# LAN/OPT spoof check (needs to be after DHCP because of broadcast addresses)
block in log quick on fxp0 from ! 10.1.0.0/24 to any
block in log quick on xl0 from ! 192.168.0.0/24 to any

# block anything from private networks on WAN interface
block in log quick on ng0 from 10.0.0.0/8 to any
block in log quick on ng0 from 127.0.0.0/8 to any
block in log quick on ng0 from 172.16.0.0/12 to any
block in log quick on ng0 from 192.168.0.0/16 to any

# Block TCP packets that do not mark the start of a connection
skip 1 in proto tcp all flags S/SAFR
block in log quick proto tcp all

#---------------------------------------------------------------------------
# group head 100 - LAN interface
#---------------------------------------------------------------------------
block in log quick on fxp0 all head 100

# let out anything from the firewall host itself and decrypted IPsec traffic
pass out quick on fxp0 all keep state

#---------------------------------------------------------------------------
# group head 200 - WAN interface
#---------------------------------------------------------------------------
block in log quick on ng0 all head 200

# let out anything from the firewall host itself and decrypted IPsec traffic
pass out quick on ng0 all keep state

#---------------------------------------------------------------------------
# group head 300 - opt1 interface
#---------------------------------------------------------------------------
block in log quick on xl0 all head 300

# let out anything from the firewall host itself and decrypted IPsec traffic
pass out quick on xl0 all keep state

# make sure the user cannot lock himself out of the webGUI
pass in quick from 10.1.0.0/24 to 10.1.0.1 keep state group 100

# PPTP rules
pass in quick proto gre from any to 193.138.45.81 keep state group 200
pass in quick proto tcp from any to 193.138.45.81 port = 1723 keep
state group 200

# User-defined rules follow
pass in log first quick proto tcp from any to 192.168.0.2 port = 80
keep state group 200
pass in quick proto tcp/udp from any to 10.1.0.45 port = 6346 keep
state group 200
pass in quick proto tcp/udp from any to 10.1.0.56 port = 6347 keep
state group 200
pass in quick on ng1 proto tcp from any to any keep state
pass in quick on ng2 proto tcp from any to any keep state
pass in quick on ng3 proto tcp from any to any keep state
pass in quick on ng4 proto tcp from any to any keep state
pass in quick on ng5 proto tcp from any to any keep state
pass in quick on ng6 proto tcp from any to any keep state
pass in quick on ng7 proto tcp from any to any keep state
pass in quick on ng8 proto tcp from any to any keep state
pass in quick on ng9 proto tcp from any to any keep state
pass in quick on ng10 proto tcp from any to any keep state
pass in quick on ng11 proto tcp from any to any keep state
pass in quick on ng12 proto tcp from any to any keep state
pass in quick on ng13 proto tcp from any to any keep state
pass in quick on ng14 proto tcp from any to any keep state
pass in quick on ng15 proto tcp from any to any keep state
pass in quick on ng16 proto tcp from any to any keep state
pass in quick from 192.168.0.0/24 to !10.1.0.0/24 keep state group 300
pass in quick from 10.1.0.0/24 to any keep state group 100

#---------------------------------------------------------------------------
# default rules (just to be sure)
#---------------------------------------------------------------------------
block in log quick all
block out log quick all

unparsed ipfw rules

add 50000 set 4 pass all from 10.1.0.1 to any
add 50001 set 4 pass all from any to 10.1.0.1

resolv.conf

domain jjakob.dyndns.org
nameserver 212.93.226.5
nameserver 212.93.226.6

Processes

USER     PID %CPU %MEM   VSZ  RSS  TT  STAT STARTED      TIME COMMAND
root    1121 35.0  8.1  7168 6564  ??  SN   10:21AM   0:00.36
/usr/local/bin/php status.php
root    1143  0.0  1.1  1332  876  ??  SN   10:21AM   0:00.01 sh -c ps
xauww 2>&1
root    1122  0.0  1.6  2256 1268  ??  S    10:21AM   0:00.01
/usr/local/sbin/mini_httpd -c **.php|**.cgi -u root -maxproc 16 -i
/var/run/mini_httpd.pid
root     545  0.0  1.0  1036  768  ??  SNs   8:56AM   0:00.17
/usr/sbin/syslogd -s -f /var/etc/syslog.conf
nobody   480  0.0  1.0  1020  788  ??  IN    8:44AM   0:00.08
/usr/local/sbin/dnsmasq
root     384  0.0  1.0  1104  824  ??  I     8:34AM   0:00.01
/usr/local/bin/msntp -r -P no -l /var/run/msntp.pid -x 300
ntp1.arnes.si
root     133  0.0  1.1  1336  888  ??  I     8:32AM   0:00.01 /bin/sh
/etc/rc.initial console
root     112  0.0  1.8  2436 1464  ??  Is    8:32AM   0:00.10
/usr/local/sbin/mpd -b -d /var/etc/mpd-vpn -p /var/run/mpd-vpn.pid
pptpd
root     108  0.0  1.0  1332  840 con- I     8:32AM   0:00.14 /bin/sh
/usr/local/bin/runmsntp.sh /var/run/runmsntp.pid /var/run/msntp.pid
300  ntp1.arnes.si
root     104  0.0  1.5  1544 1244 con- S     8:32AM   0:00.52
/usr/local/sbin/snmpd -c /var/etc/snmpd.conf -P /var/run/snmpd.pid
root     101  0.0  0.9   952  684 con- I     8:32AM   0:00.01
/usr/local/bin/ez-ipupdate -c /var/etc/ez-ipupdate.conf
root      94  0.0  1.5  2248 1224  ??  Ss    8:32AM   0:00.17
/usr/local/sbin/mini_httpd -c **.php|**.cgi -u root -maxproc 16 -i
/var/run/mini_httpd.pid
root      86  0.0  1.5  1456 1224  ??  Ss    8:32AM   0:00.26 /sbin/ipmon -sD
root      73  0.0  1.7  2256 1348  ??  Ss    8:32AM   0:00.35
/usr/local/sbin/mpd -b -d /var/etc -p /var/run/mpd.pid pppoe
root       9  0.0  0.0     0    0  ??  DL    8:32AM   0:00.05  (vnlru)
root       8  0.0  0.0     0    0  ??  DL    8:32AM   0:00.10  (syncer)
root       7  0.0  0.0     0    0  ??  DL    8:32AM   0:00.05  (bufdaemon)
root       6  0.0  0.0     0    0  ??  DL    8:32AM   0:00.01  (pagedaemon)
root       5  0.0  0.0     0    0  ??  DL    8:32AM   0:00.00  (usbtask)
root       4  0.0  0.0     0    0  ??  DL    8:32AM   0:00.00  (usb0)
root       3  0.0  0.0     0    0  ??  DL    8:32AM   0:00.00  (taskqueue)
root       2  0.0  0.0     0    0  ??  DL    8:32AM   0:00.00  (cryptoret)
root       1  0.0  0.9  1060  696  ??  SLs   8:32AM   0:00.03 /sbin/init --
root    1144  0.0  0.8  1080  676  ??  RN   10:21AM   0:00.00 ps xauww
root       0  0.0  0.0     0    0  ??  DLs   8:32AM   0:00.00  (swapper)

dhcpd.conf

cat: /var/etc/dhcpd.conf: No such file or directory

ez-ipupdate.cache

1156287028,193.138.45.81

df

Filesystem 512-blocks  Used Avail Capacity  Mounted on
/dev/md0c       21758 20166  1592    93%    /
procfs              8     8     0   100%    /proc
/dev/ad0a       13822 11124  2698    80%    /cf

racoon.conf

cat: /var/etc/racoon.conf: No such file or directory

SPD

No SPD entries.

SAD

No SAD entries.

last 200 system log entries

(this really is not neccessary, it only shows messages about PPPoE connecting)

last 50 (10) filter log entries

Aug 26 08:36:17 wall ipmon[86]: 08:36:17.036824 ng0 @0:17 b
63.245.209.21,80 -> 193.138.45.81,12477 PR tcp len 20 40 -AF IN
Aug 26 08:36:19 wall ipmon[86]: 08:36:19.046806 ng0 @0:17 b
63.245.209.21,80 -> 193.138.45.81,12477 PR tcp len 20 40 -AF IN
Aug 26 08:36:23 wall ipmon[86]: 08:36:23.058616 ng0 @0:17 b
63.245.209.21,80 -> 193.138.45.81,12477 PR tcp len 20 40 -AF IN
Aug 26 08:36:31 wall ipmon[86]: 08:36:31.067866 ng0 @0:17 b
63.245.209.21,80 -> 193.138.45.81,12477 PR tcp len 20 40 -AF IN
Aug 26 08:38:16 wall ipmon[86]: 08:38:16.300243 ng0 @0:19 b
24.155.40.246,42884 -> 193.138.45.81,80 PR tcp len 20 60 -S IN
Aug 26 08:38:19 wall ipmon[86]: 08:38:19.299474 ng0 @0:19 b
24.155.40.246,42884 -> 193.138.45.81,80 PR tcp len 20 60 -S IN
Aug 26 08:38:25 wall ipmon[86]: 08:38:25.299409 ng0 @0:19 b
24.155.40.246,42884 -> 193.138.45.81,80 PR tcp len 20 60 -S IN
Aug 26 08:38:37 wall ipmon[86]: 08:38:37.299789 ng0 @0:19 b
24.155.40.246,42884 -> 193.138.45.81,80 PR tcp len 20 60 -S IN
Aug 26 08:38:39 wall ipmon[86]: 08:38:39.694937 ng0 @0:19 b
204.16.209.59,32890 -> 193.138.45.81,1026 PR udp len 20 442 IN
Aug 26 08:38:39 wall ipmon[86]: 08:38:39.698803 ng0 @0:19 b
204.16.209.59,32892 -> 193.138.45.81,1027 PR udp len 20 442 IN
(this is a shortened output because of size, but it can still clearly
be seen that the 4 HTTP requests have been blocked by rule @0:19)

ls /conf

config.xml
ez-ipupdate.cache

ls /var/run

dev.db
dnsmasq.dirty
dnsmasq.pid
ez-ipupdate.pid
filter.conf.dirty
htpasswd
ipmon.pid
ld-elf.so.hints
log
mini_httpd.pid
mpd-vpn.pid
mpd.pid
msntp.pid
runmsntp.pid
snmpd.pid
syslog.pid
utmp

config.xml

<?xml version="1.0"?>
<m0n0wall>
   <version>1.6</version>
   <lastchange>1156580454</lastchange>
   <system>
       <hostname>wall</hostname>
       <domain>jjakob.dyndns.org</domain>
       <dnsallowoverride/>
       <username>admin</username>
       <password>xxxxx</password>
       <timezone>Europe/Ljubljana</timezone>
       <time-update-interval>300</time-update-interval>
       <timeservers>ntp1.arnes.si</timeservers>
       <webgui>
           <protocol>http</protocol>
           <port/>
           <certificate/>
           <private-key/>
           <expanddiags/>
       </webgui>
       <harddiskstandby>5</harddiskstandby>
       <notes>OTYgTUIgUkFNDQozMzMgTUh6IENFTEVST04=</notes>
   </system>
   <interfaces>
       <lan>
           <if>fxp0</if>
           <ipaddr>10.1.0.1</ipaddr>
           <subnet>24</subnet>
           <media/>
           <mediaopt/>
       </lan>
       <wan>
           <if>rl0</if>
           <mtu/>
           <blockpriv/>
           <media/>
           <mediaopt/>
           <spoofmac/>
           <ipaddr>pppoe</ipaddr>
       </wan>
       <opt1>
           <if>xl0</if>
           <descr>DMZ</descr>
           <ipaddr>192.168.0.1</ipaddr>
           <subnet>24</subnet>
           <bridge/>
           <enable/>
       </opt1>
   </interfaces>
   <staticroutes/>
   <pppoe>
       <username>*******@dsl.*********</username>
       <password>xxxxx</password>
       <provider/>
       <timeout/>
   </pppoe>
   <pptp/>
   <bigpond/>
   <dyndns>
       <type>dyndns-static</type>
       <username>*********</username>
       <password>xxxxx</password>
       <host>jjakob.dyndns.org</host>
       <mx/>
       <server/>
       <port/>
       <enable/>
       <wildcard/>
   </dyndns>
   <dnsupdate>
       <host/>
       <ttl>60</ttl>
       <keyname/>
       <keydata/>
   </dnsupdate>
   <dhcpd>
       <lan>
           <range>
               <from>192.168.1.100</from>
               <to>192.168.1.199</to>
           </range>
       </lan>
   </dhcpd>
   <pptpd>
       <mode>server</mode>
       <redir/>
       <localip>192.168.0.234</localip>
       <remoteip/>
       <radius>
           <server/>
           <secret/>
       </radius>
       <req128/>
       <user>
           <name>*******</name>
           <ip/>
           <password>xxxxx</password>
       </user>
   </pptpd>
   <dnsmasq>
       <enable/>
   </dnsmasq>
   <snmpd>
       <syslocation/>
       <syscontact/>
       <rocommunity>public</rocommunity>
       <enable/>
   </snmpd>
   <diag>
       <ipv6nat>
           <ipaddr/>
       </ipv6nat>
   </diag>
   <bridge/>
   <syslog>
       <reverse/>
       <nentries>50</nentries>
       <remoteserver>10.1.0.45</remoteserver>
       <filter/>
       <system/>
       <enable/>
       <vpn/>
       <rawfilter/>
   </syslog>
   <nat>
       <rule>
           <protocol>tcp/udp</protocol>
           <external-port>6346</external-port>
           <target>10.1.0.45</target>
           <local-port>6346</local-port>
           <interface>wan</interface>
           <descr>gnutella jernej</descr>
       </rule>
       <rule>
           <protocol>tcp/udp</protocol>
           <external-port>6347</external-port>
           <target>10.1.0.56</target>
           <local-port>6347</local-port>
           <interface>wan</interface>
           <descr>gnutella silvo</descr>
       </rule>
       <rule>
           <protocol>tcp</protocol>
           <external-port>80</external-port>
           <target>192.168.0.2</target>
           <local-port>80</local-port>
           <interface>wan</interface>
           <descr>www</descr>
       </rule>
       <advancedoutbound/>
   </nat>
   <filter>
       <rule>
           <type>pass</type>
           <interface>wan</interface>
           <protocol>tcp</protocol>
           <source>
               <any/>
           </source>
           <destination>
               <address>192.168.0.2</address>
               <port>80</port>
           </destination>
           <log/>
           <descr>NAT www</descr>
       </rule>
       <rule>
           <type>pass</type>
           <interface>wan</interface>
           <protocol>tcp/udp</protocol>
           <source>
               <any/>
           </source>
           <destination>
               <address>10.1.0.45</address>
               <port>6346</port>
           </destination>
           <descr/>
       </rule>
       <rule>
           <type>pass</type>
           <interface>wan</interface>
           <protocol>tcp/udp</protocol>
           <source>
               <any/>
           </source>
           <destination>
               <address>10.1.0.56</address>
               <port>6347</port>
           </destination>
           <descr/>
       </rule>
       <rule>
           <type>pass</type>
           <interface>pptp</interface>
           <protocol>tcp</protocol>
           <source>
               <any/>
           </source>
           <destination>
               <any/>
           </destination>
           <descr>Default PPTP -&gt; any</descr>
       </rule>
       <rule>
           <type>pass</type>
           <interface>opt1</interface>
           <source>
               <network>opt1</network>
           </source>
           <destination>
               <network>lan</network>
               <not/>
           </destination>
           <descr>allow DMZ anywhere but to LAN</descr>
       </rule>
       <rule>
           <type>pass</type>
           <descr>Default LAN -&gt; any</descr>
           <interface>lan</interface>
           <source>
               <network>lan</network>
           </source>
           <destination>
               <any/>
           </destination>
       </rule>
       <tcpidletimeout/>
   </filter>
   <ipsec/>
   <aliases/>
   <proxyarp/>
   <wol/>
   <vlans/>
   <shaper>
       <magic>
           <p2plow/>
           <maxup>256</maxup>
           <maxdown>1000</maxdown>
       </magic>
   </shaper>
</m0n0wall>