[ previous ] [ next ] [ threads ]
 
 From:  "Jernej Jakob" <jernej dot jakob at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: Web server not working from the outside
 Date:  Sat, 26 Aug 2006 17:52:29 +0200
2006/8/26, Jernej Jakob <jernej dot jakob at gmail dot com>:
> Hello.
>
> I am having a problem with getting DMZ to work. I can access my web
> server from the inside, but not from the outside. I've done everything
> the DMZ manual said to do.
> The IP of the server is 192.168.0.2, external IP is 193.138.45.81, my
> computer is 10.1.0.45
>
> P.S. Could it stop working due to enabling PPTP?
>
> m0n0wall: status
> Sat Aug 26 10:21:16 CEST 2006
>
>
> System uptime
>
> 10:21AM  up  1:48, 0 users, load averages: 0.16, 0.06, 0.02
>
> Interfaces
>
> rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>        options=40<POLLING>
>        ether 00:40:f4:77:24:6b
>        media: Ethernet autoselect (100baseTX <full-duplex>)
>        status: active
> fxp0: flags=9843<UP,BROADCAST,RUNNING,SIMPLEX,LINK0,MULTICAST> mtu 1500
>        options=40<POLLING>
>        inet 10.1.0.1 netmask 0xffffff00 broadcast 10.1.0.255
>        ether 00:90:27:36:6a:83
>        media: Ethernet autoselect (100baseTX <full-duplex>)
>        status: active
> xl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>        options=1<RXCSUM>
>        inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255
>        ether 00:10:4b:06:8a:0d
>        media: Ethernet autoselect (100baseTX <full-duplex>)
>        status: active
> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
>        inet 127.0.0.1 netmask 0xff000000
> ng0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> mtu 1492
>        inet 193.138.45.81 --> 193.138.34.254 netmask 0xffffffff
> ng1: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> mtu 1500
> ng2: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> mtu 1500
> ng3: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> mtu 1500
> ng4: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> mtu 1500
> ng5: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> mtu 1500
> ng6: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> mtu 1500
> ng7: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> mtu 1500
> ng8: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> mtu 1500
> ng9: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> mtu 1500
> ng10: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> mtu 1500
> ng11: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> mtu 1500
> ng12: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> mtu 1500
> ng13: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> mtu 1500
> ng14: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> mtu 1500
> ng15: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> mtu 1500
> ng16: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> mtu 1500
>
> Routing tables
>
> Routing tables
>
> Internet:
> Destination        Gateway            Flags    Refs      Use  Netif Expire
> default            193.138.34.254     UGSc        4     5637    ng0
> 10.1/24            link#2             UC          2        0   fxp0
> 10.1.0.45          00:03:0d:0e:54:48  UHLW       12    11543   fxp0    766
> 10.1.0.55          00:0d:56:39:f1:cd  UHLW        0      186   fxp0    981
> 127.0.0.1          127.0.0.1          UH          0      308    lo0
> 192.168.0          link#3             UC          1        0    xl0
> 192.168.0.2        00:80:ad:72:d8:d9  UHLW        2     2970    xl0    406
> 193.138.34.254     193.138.45.81      UH          4        0    ng0
> 193.138.45.81      lo0                UHS         0        0    lo0
>
> ipfw show
>
> ipfw: getsockopt(IP_FW_GET): Protocol not available
>
> ipnat -lv
>
> List of active MAP/Redirect filters:
> map ng0 10.1.0.0/24 -> 0.0.0.0/32 proxy port ftp ftp/tcp
> map ng0 10.1.0.0/24 -> 0.0.0.0/32 portmap tcp/udp auto
> map ng0 10.1.0.0/24 -> 0.0.0.0/32
> map ng0 192.168.0.0/24 -> 0.0.0.0/32 proxy port ftp ftp/tcp
> map ng0 192.168.0.0/24 -> 0.0.0.0/32 portmap tcp/udp auto
> map ng0 192.168.0.0/24 -> 0.0.0.0/32
>
> List of active sessions:
> MAP 10.1.0.45       2808  <- -> 193.138.45.81   12400 [66.249.93.99 80]
>        age 17968 use 0 sumd 0xa26/0xa26 pr 6 bkt 1919/686 flags 1 drop 0/0
>        ifp ng0 bytes 5644 pkts 21
> MAP 10.1.0.45       2806  <- -> 193.138.45.81   12398 [212.58.226.29 80]
>        age 380 use 0 sumd 0xa26/0xa26 pr 6 bkt 1596/363 flags 1 drop 0/0
>        ifp ng0 bytes 1489 pkts 11
> MAP 10.1.0.45       2805  <- -> 193.138.45.81   12397 [213.250.2.95 80]
>        age 440 use 0 sumd 0xa26/0xa26 pr 6 bkt 1256/23 flags 1 drop 0/0
>        ifp ng0 bytes 16020 pkts 28
> MAP 10.1.0.45       2788  <- -> 193.138.45.81   12380 [66.249.91.83 80]
>        age 379 use 0 sumd 0xa26/0xa26 pr 6 bkt 701/1515 flags 1 drop 0/0
>        ifp ng0 bytes 1735 pkts 9
> MAP 10.1.0.45       2784  <- -> 193.138.45.81   12376 [66.249.85.104 80]
>        age 17969 use 0 sumd 0xa26/0xa26 pr 6 bkt 1562/329 flags 1 drop 0/0
>        ifp ng0 bytes 28899 pkts 86
> MAP 10.1.0.45       2783  <- -> 193.138.45.81   12375 [66.249.93.99 80]
>        age 17999 use 0 sumd 0xa26/0xa26 pr 6 bkt 1660/427 flags 1 drop 0/0
>        ifp ng0 bytes 24868 pkts 70
> MAP 10.1.0.45       2781  <- -> 193.138.45.81   12373 [212.58.226.29 80]
>        age 230 use 0 sumd 0xa26/0xa26 pr 6 bkt 1337/104 flags 1 drop 0/0
>        ifp ng0 bytes 1490 pkts 11
> MAP 10.1.0.45       2780  <- -> 193.138.45.81   12372 [213.250.2.95 80]
>        age 290 use 0 sumd 0xa26/0xa26 pr 6 bkt 997/1811 flags 1 drop 0/0
>        ifp ng0 bytes 16020 pkts 28
> MAP 10.1.0.45       2779  <- -> 193.138.45.81   12371 [212.58.226.29 80]
>        age 80 use 0 sumd 0xa26/0xa26 pr 6 bkt 825/1639 flags 1 drop 0/0
>        ifp ng0 bytes 18929 pkts 30
> MAP 10.1.0.45       2778  <- -> 193.138.45.81   12370 [213.250.2.95 80]
>        age 140 use 0 sumd 0xa26/0xa26 pr 6 bkt 485/1299 flags 1 drop 0/0
>        ifp ng0 bytes 16020 pkts 28
> MAP 10.1.0.45       2777  <- -> 193.138.45.81   12369 [66.249.91.83 80]
>        age 139 use 0 sumd 0xa26/0xa26 pr 6 bkt 1979/746 flags 1 drop 0/0
>        ifp ng0 bytes 1735 pkts 9
> MAP 10.1.0.45       2776  <- -> 193.138.45.81   12368 [66.249.91.18 80]
>        age 17950 use 0 sumd 0xa26/0xa26 pr 6 bkt 1333/100 flags 1 drop 0/0
>        ifp ng0 bytes 12948 pkts 41
> MAP 192.168.0.2     123   <- -> 193.138.45.81   1651  [193.2.1.92 123]
>        age 566 use 0 sumd 0x3429/0x3429 pr 17 bkt 1059/111 flags 2 drop 0/0
>        ifp ng0 bytes 152 pkts 2
> MAP 192.168.0.2     123   <- -> 193.138.45.81   1651  [193.2.1.66 123]
>        age 538 use 0 sumd 0x3429/0x3429 pr 17 bkt 903/2002 flags 2 drop 0/0
>        ifp ng0 bytes 152 pkts 2
> MAP 10.1.0.45       2773  <- -> 193.138.45.81   12365 [66.249.85.104 80]
>        age 170 use 0 sumd 0xa26/0xa26 pr 6 bkt 793/1607 flags 1 drop 0/0
>        ifp ng0 bytes 1748 pkts 12
> MAP 10.1.0.45       2772  <- -> 193.138.45.81   12364 [66.249.93.104 80]
>        age 170 use 0 sumd 0xa26/0xa26 pr 6 bkt 921/1735 flags 1 drop 0/0
>        ifp ng0 bytes 1692 pkts 12
> MAP 10.1.0.45       2761  <- -> 193.138.45.81   12605 [66.249.91.18 80]
>        age 430 use 0 sumd 0xb22/0xb22 pr 6 bkt 1587/1378 flags 1 drop 0/0
>        ifp ng0 bytes 21954 pkts 72
> MAP 10.1.0.45       2237  <- -> 193.138.45.81   12585 [63.245.209.21 80]
>        age 17870 use 0 sumd 0xd1a/0xd1a pr 6 bkt 1121/913 flags 1 drop 0/0
>        ifp ng0 bytes 73158 pkts 249
> MAP 10.1.0.45       2211  <- -> 193.138.45.81   12559 [207.46.24.27 1863]
>        age 17961 use 0 sumd 0xd1a/0xd1a pr 6 bkt 62/1901 flags 1 drop 0/0
>        ifp ng0 bytes 33307 pkts 533
> MAP 10.1.0.55       1159  <- -> 193.138.45.81   15035 [66.102.11.125 443]
>        age 17950 use 0 sumd 0x1ad8/0x1ad8 pr 6 bkt 2004/1774 flags 1 drop 0/0
>        ifp ng0 bytes 27370 pkts 243
>
> List of active host mappings:
> 192.168.0.2 -> 0.0.0.0 (use = 2 hv = 221)
> 10.1.0.45 -> 0.0.0.0 (use = 3 hv = 446)
> 10.1.0.45 -> 0.0.0.0 (use = 12 hv = 446)
> 10.1.0.45 -> 0.0.0.0 (use = 1 hv = 446)
> 10.1.0.45 -> 0.0.0.0 (use = 1 hv = 446)
> 10.1.0.55 -> 0.0.0.0 (use = 1 hv = 486)
>
> ipfstat -v
>
> opts 0x40 name /dev/ipl
>  IPv6 packets:          in 0 out 0
>  input packets:         blocked 98 passed 19165 nomatch 0 counted 0 short 0
> output packets:         blocked 0 passed 20863 nomatch 0 counted 0 short 0
>  input packets logged:  blocked 98 passed 3
> output packets logged:  blocked 0 passed 0
>  packets logged:        input 0 output 0
>  log failures:          input 0 output 0
> fragment state(in):     kept 0  lost 0  not fragmented 0
> fragment state(out):    kept 0  lost 0  not fragmented 0
> packet state(in):       kept 1162       lost 0
> packet state(out):      kept 34 lost 0
> ICMP replies:   0       TCP RSTs sent:  0
> Invalid source(in):     0
> Result cache hits(in):  47      (out):  0
> IN Pullups succeeded:   0       failed: 0
> OUT Pullups succeeded:  0       failed: 0
> Fastroute successes:    0       failures:       0
> TCP cksum fails(in):    0       (out):  0
> Packet log flags set: (0)
>        none
>
> ipfstat -nio
>
> @1 pass out quick on lo0 from any to any
> @2 pass out quick on fxp0 proto udp from 10.1.0.1/32 port = 67 to any port = 68
> @3 pass out quick on ng0 proto udp from any port = 68 to any port = 67
> @4 pass out quick on fxp0 from any to any keep state
> @5 pass out quick on ng0 from any to any keep state
> @6 pass out quick on xl0 from any to any keep state
> @7 block out log quick from any to any
> @1 pass in quick on lo0 from any to any
> @2 block in log quick from any to any with short
> @3 block in log quick from any to any with ipopt
> @4 pass in quick on fxp0 proto udp from any port = 68 to
> 255.255.255.255/32 port = 67
> @5 pass in quick on fxp0 proto udp from any port = 68 to 10.1.0.1/32 port = 67
> @6 block in log quick on ng0 from 10.1.0.0/24 to any
> @7 block in log quick on ng0 from 192.168.0.0/24 to any
> @8 block in log quick on ng0 proto udp from any port = 67 to
> 10.1.0.0/24 port = 68
> @9 pass in quick on ng0 proto udp from any port = 67 to any port = 68
> @10 block in log quick on fxp0 from !10.1.0.0/24 to any
> @11 block in log quick on xl0 from !192.168.0.0/24 to any
> @12 block in log quick on ng0 from 10.0.0.0/8 to any
> @13 block in log quick on ng0 from 127.0.0.0/8 to any
> @14 block in log quick on ng0 from 172.16.0.0/12 to any
> @15 block in log quick on ng0 from 192.168.0.0/16 to any
> @16 skip 1 in proto tcp from any to any flags S/FSRA
> @17 block in log quick proto tcp from any to any
> @18 block in log quick on fxp0 from any to any head 100
> @1 pass in quick from 10.1.0.0/24 to 10.1.0.1/32 keep state group 100
> @2 pass in quick from 10.1.0.0/24 to any keep state group 100
> @19 block in log quick on ng0 from any to any head 200
> @1 pass in quick proto gre from any to 193.138.45.81/32 keep state group 200
> @2 pass in quick proto tcp from any to 193.138.45.81/32 port = 1723
> keep state group 200
> @3 pass in log first quick proto tcp from any to 192.168.0.2/32 port =
> 80 keep state group 200
> @4 pass in quick proto tcp/udp from any to 10.1.0.45/32 port = 6346
> keep state group 200
> @5 pass in quick proto tcp/udp from any to 10.1.0.56/32 port = 6347
> keep state group 200
> @20 block in log quick on xl0 from any to any head 300
> @1 pass in log first quick proto tcp from any to 193.138.45.81/32 port
> = 80 keep state group 300
> @2 pass in quick from 192.168.0.0/24 to !10.1.0.0/24 keep state group 300
> @21 block in log quick from any to any
>
> unparsed ipnat rules
>
> map ng0 10.1.0.0/24  -> 0/32 proxy port ftp ftp/tcp
> map ng0 10.1.0.0/24  -> 0/32 portmap tcp/udp auto
> map ng0 10.1.0.0/24  -> 0/32
> map ng0 192.168.0.0/24  -> 0/32 proxy port ftp ftp/tcp
> map ng0 192.168.0.0/24  -> 0/32 portmap tcp/udp auto
> map ng0 192.168.0.0/24  -> 0/32
> map ng0 /28  -> 0/32 proxy port ftp ftp/tcp
> map ng0 /28  -> 0/32 portmap tcp/udp auto
> map ng0 /28  -> 0/32
> rdr ng0 0/0 port 6346 -> 10.1.0.45 port 6346 tcp/udp
> rdr ng0 0/0 port 6347 -> 10.1.0.56 port 6347 tcp/udp
> rdr ng0 0/0 port 80 -> 192.168.0.2 port 80 tcp
>
> unparsed ipfilter rules
>
> # loopback
> pass in quick on lo0 all
> pass out quick on lo0 all
>
> # block short packets
> block in log quick all with short
>
> # block IP options
> block in log quick all with ipopts
>
> # allow access to DHCP server on LAN
> pass in quick on fxp0 proto udp from any port = 68 to 255.255.255.255 port = 67
> pass in quick on fxp0 proto udp from any port = 68 to 10.1.0.1 port = 67
> pass out quick on fxp0 proto udp from 10.1.0.1 port = 67 to any port = 68
>
> # WAN spoof check
> block in log quick on ng0 from 10.1.0.0/24 to any
> block in log quick on ng0 from 192.168.0.0/24 to any
>
> # allow our DHCP client out to the WAN
> # XXX - should be more restrictive
> # (not possible at the moment - need 'me' like in ipfw)
> pass out quick on ng0 proto udp from any port = 68 to any port = 67
> block in log quick on ng0 proto udp from any port = 67 to 10.1.0.0/24 port = 68
> pass in quick on ng0 proto udp from any port = 67 to any port = 68
>
> # LAN/OPT spoof check (needs to be after DHCP because of broadcast addresses)
> block in log quick on fxp0 from ! 10.1.0.0/24 to any
> block in log quick on xl0 from ! 192.168.0.0/24 to any
>
> # block anything from private networks on WAN interface
> block in log quick on ng0 from 10.0.0.0/8 to any
> block in log quick on ng0 from 127.0.0.0/8 to any
> block in log quick on ng0 from 172.16.0.0/12 to any
> block in log quick on ng0 from 192.168.0.0/16 to any
>
> # Block TCP packets that do not mark the start of a connection
> skip 1 in proto tcp all flags S/SAFR
> block in log quick proto tcp all
>
> #---------------------------------------------------------------------------
> # group head 100 - LAN interface
> #---------------------------------------------------------------------------
> block in log quick on fxp0 all head 100
>
> # let out anything from the firewall host itself and decrypted IPsec traffic
> pass out quick on fxp0 all keep state
>
> #---------------------------------------------------------------------------
> # group head 200 - WAN interface
> #---------------------------------------------------------------------------
> block in log quick on ng0 all head 200
>
> # let out anything from the firewall host itself and decrypted IPsec traffic
> pass out quick on ng0 all keep state
>
> #---------------------------------------------------------------------------
> # group head 300 - opt1 interface
> #---------------------------------------------------------------------------
> block in log quick on xl0 all head 300
>
> # let out anything from the firewall host itself and decrypted IPsec traffic
> pass out quick on xl0 all keep state
>
> # make sure the user cannot lock himself out of the webGUI
> pass in quick from 10.1.0.0/24 to 10.1.0.1 keep state group 100
>
> # PPTP rules
> pass in quick proto gre from any to 193.138.45.81 keep state group 200
> pass in quick proto tcp from any to 193.138.45.81 port = 1723 keep
> state group 200
>
> # User-defined rules follow
> pass in log first quick proto tcp from any to 192.168.0.2 port = 80
> keep state group 200
> pass in quick proto tcp/udp from any to 10.1.0.45 port = 6346 keep
> state group 200
> pass in quick proto tcp/udp from any to 10.1.0.56 port = 6347 keep
> state group 200
> pass in quick on ng1 proto tcp from any to any keep state
> pass in quick on ng2 proto tcp from any to any keep state
> pass in quick on ng3 proto tcp from any to any keep state
> pass in quick on ng4 proto tcp from any to any keep state
> pass in quick on ng5 proto tcp from any to any keep state
> pass in quick on ng6 proto tcp from any to any keep state
> pass in quick on ng7 proto tcp from any to any keep state
> pass in quick on ng8 proto tcp from any to any keep state
> pass in quick on ng9 proto tcp from any to any keep state
> pass in quick on ng10 proto tcp from any to any keep state
> pass in quick on ng11 proto tcp from any to any keep state
> pass in quick on ng12 proto tcp from any to any keep state
> pass in quick on ng13 proto tcp from any to any keep state
> pass in quick on ng14 proto tcp from any to any keep state
> pass in quick on ng15 proto tcp from any to any keep state
> pass in quick on ng16 proto tcp from any to any keep state
> pass in quick from 192.168.0.0/24 to !10.1.0.0/24 keep state group 300
> pass in quick from 10.1.0.0/24 to any keep state group 100
>
> #---------------------------------------------------------------------------
> # default rules (just to be sure)
> #---------------------------------------------------------------------------
> block in log quick all
> block out log quick all
>
> unparsed ipfw rules
>
> add 50000 set 4 pass all from 10.1.0.1 to any
> add 50001 set 4 pass all from any to 10.1.0.1
>
> resolv.conf
>
> domain jjakob.dyndns.org
> nameserver 212.93.226.5
> nameserver 212.93.226.6
>
> Processes
>
> USER     PID %CPU %MEM   VSZ  RSS  TT  STAT STARTED      TIME COMMAND
> root    1121 35.0  8.1  7168 6564  ??  SN   10:21AM   0:00.36
> /usr/local/bin/php status.php
> root    1143  0.0  1.1  1332  876  ??  SN   10:21AM   0:00.01 sh -c ps
> xauww 2>&1
> root    1122  0.0  1.6  2256 1268  ??  S    10:21AM   0:00.01
> /usr/local/sbin/mini_httpd -c **.php|**.cgi -u root -maxproc 16 -i
> /var/run/mini_httpd.pid
> root     545  0.0  1.0  1036  768  ??  SNs   8:56AM   0:00.17
> /usr/sbin/syslogd -s -f /var/etc/syslog.conf
> nobody   480  0.0  1.0  1020  788  ??  IN    8:44AM   0:00.08
> /usr/local/sbin/dnsmasq
> root     384  0.0  1.0  1104  824  ??  I     8:34AM   0:00.01
> /usr/local/bin/msntp -r -P no -l /var/run/msntp.pid -x 300
> ntp1.arnes.si
> root     133  0.0  1.1  1336  888  ??  I     8:32AM   0:00.01 /bin/sh
> /etc/rc.initial console
> root     112  0.0  1.8  2436 1464  ??  Is    8:32AM   0:00.10
> /usr/local/sbin/mpd -b -d /var/etc/mpd-vpn -p /var/run/mpd-vpn.pid
> pptpd
> root     108  0.0  1.0  1332  840 con- I     8:32AM   0:00.14 /bin/sh
> /usr/local/bin/runmsntp.sh /var/run/runmsntp.pid /var/run/msntp.pid
> 300  ntp1.arnes.si
> root     104  0.0  1.5  1544 1244 con- S     8:32AM   0:00.52
> /usr/local/sbin/snmpd -c /var/etc/snmpd.conf -P /var/run/snmpd.pid
> root     101  0.0  0.9   952  684 con- I     8:32AM   0:00.01
> /usr/local/bin/ez-ipupdate -c /var/etc/ez-ipupdate.conf
> root      94  0.0  1.5  2248 1224  ??  Ss    8:32AM   0:00.17
> /usr/local/sbin/mini_httpd -c **.php|**.cgi -u root -maxproc 16 -i
> /var/run/mini_httpd.pid
> root      86  0.0  1.5  1456 1224  ??  Ss    8:32AM   0:00.26 /sbin/ipmon -sD
> root      73  0.0  1.7  2256 1348  ??  Ss    8:32AM   0:00.35
> /usr/local/sbin/mpd -b -d /var/etc -p /var/run/mpd.pid pppoe
> root       9  0.0  0.0     0    0  ??  DL    8:32AM   0:00.05  (vnlru)
> root       8  0.0  0.0     0    0  ??  DL    8:32AM   0:00.10  (syncer)
> root       7  0.0  0.0     0    0  ??  DL    8:32AM   0:00.05  (bufdaemon)
> root       6  0.0  0.0     0    0  ??  DL    8:32AM   0:00.01  (pagedaemon)
> root       5  0.0  0.0     0    0  ??  DL    8:32AM   0:00.00  (usbtask)
> root       4  0.0  0.0     0    0  ??  DL    8:32AM   0:00.00  (usb0)
> root       3  0.0  0.0     0    0  ??  DL    8:32AM   0:00.00  (taskqueue)
> root       2  0.0  0.0     0    0  ??  DL    8:32AM   0:00.00  (cryptoret)
> root       1  0.0  0.9  1060  696  ??  SLs   8:32AM   0:00.03 /sbin/init --
> root    1144  0.0  0.8  1080  676  ??  RN   10:21AM   0:00.00 ps xauww
> root       0  0.0  0.0     0    0  ??  DLs   8:32AM   0:00.00  (swapper)
>
> dhcpd.conf
>
> cat: /var/etc/dhcpd.conf: No such file or directory
>
> ez-ipupdate.cache
>
> 1156287028,193.138.45.81
>
> df
>
> Filesystem 512-blocks  Used Avail Capacity  Mounted on
> /dev/md0c       21758 20166  1592    93%    /
> procfs              8     8     0   100%    /proc
> /dev/ad0a       13822 11124  2698    80%    /cf
>
> racoon.conf
>
> cat: /var/etc/racoon.conf: No such file or directory
>
> SPD
>
> No SPD entries.
>
> SAD
>
> No SAD entries.
>
> last 200 system log entries
>
> (this really is not neccessary, it only shows messages about PPPoE connecting)
>
> last 50 (10) filter log entries
>
> Aug 26 08:36:17 wall ipmon[86]: 08:36:17.036824 ng0 @0:17 b
> 63.245.209.21,80 -> 193.138.45.81,12477 PR tcp len 20 40 -AF IN
> Aug 26 08:36:19 wall ipmon[86]: 08:36:19.046806 ng0 @0:17 b
> 63.245.209.21,80 -> 193.138.45.81,12477 PR tcp len 20 40 -AF IN
> Aug 26 08:36:23 wall ipmon[86]: 08:36:23.058616 ng0 @0:17 b
> 63.245.209.21,80 -> 193.138.45.81,12477 PR tcp len 20 40 -AF IN
> Aug 26 08:36:31 wall ipmon[86]: 08:36:31.067866 ng0 @0:17 b
> 63.245.209.21,80 -> 193.138.45.81,12477 PR tcp len 20 40 -AF IN
> Aug 26 08:38:16 wall ipmon[86]: 08:38:16.300243 ng0 @0:19 b
> 24.155.40.246,42884 -> 193.138.45.81,80 PR tcp len 20 60 -S IN
> Aug 26 08:38:19 wall ipmon[86]: 08:38:19.299474 ng0 @0:19 b
> 24.155.40.246,42884 -> 193.138.45.81,80 PR tcp len 20 60 -S IN
> Aug 26 08:38:25 wall ipmon[86]: 08:38:25.299409 ng0 @0:19 b
> 24.155.40.246,42884 -> 193.138.45.81,80 PR tcp len 20 60 -S IN
> Aug 26 08:38:37 wall ipmon[86]: 08:38:37.299789 ng0 @0:19 b
> 24.155.40.246,42884 -> 193.138.45.81,80 PR tcp len 20 60 -S IN
> Aug 26 08:38:39 wall ipmon[86]: 08:38:39.694937 ng0 @0:19 b
> 204.16.209.59,32890 -> 193.138.45.81,1026 PR udp len 20 442 IN
> Aug 26 08:38:39 wall ipmon[86]: 08:38:39.698803 ng0 @0:19 b
> 204.16.209.59,32892 -> 193.138.45.81,1027 PR udp len 20 442 IN
> (this is a shortened output because of size, but it can still clearly
> be seen that the 4 HTTP requests have been blocked by rule @0:19)
>
> ls /conf
>
> config.xml
> ez-ipupdate.cache
>
> ls /var/run
>
> dev.db
> dnsmasq.dirty
> dnsmasq.pid
> ez-ipupdate.pid
> filter.conf.dirty
> htpasswd
> ipmon.pid
> ld-elf.so.hints
> log
> mini_httpd.pid
> mpd-vpn.pid
> mpd.pid
> msntp.pid
> runmsntp.pid
> snmpd.pid
> syslog.pid
> utmp
>
> config.xml
>
> <?xml version="1.0"?>
> <m0n0wall>
>    <version>1.6</version>
>    <lastchange>1156580454</lastchange>
>    <system>
>        <hostname>wall</hostname>
>        <domain>jjakob.dyndns.org</domain>
>        <dnsallowoverride/>
>        <username>admin</username>
>        <password>xxxxx</password>
>        <timezone>Europe/Ljubljana</timezone>
>        <time-update-interval>300</time-update-interval>
>        <timeservers>ntp1.arnes.si</timeservers>
>        <webgui>
>            <protocol>http</protocol>
>            <port/>
>            <certificate/>
>            <private-key/>
>            <expanddiags/>
>        </webgui>
>        <harddiskstandby>5</harddiskstandby>
>        <notes>OTYgTUIgUkFNDQozMzMgTUh6IENFTEVST04=</notes>
>    </system>
>    <interfaces>
>        <lan>
>            <if>fxp0</if>
>            <ipaddr>10.1.0.1</ipaddr>
>            <subnet>24</subnet>
>            <media/>
>            <mediaopt/>
>        </lan>
>        <wan>
>            <if>rl0</if>
>            <mtu/>
>            <blockpriv/>
>            <media/>
>            <mediaopt/>
>            <spoofmac/>
>            <ipaddr>pppoe</ipaddr>
>        </wan>
>        <opt1>
>            <if>xl0</if>
>            <descr>DMZ</descr>
>            <ipaddr>192.168.0.1</ipaddr>
>            <subnet>24</subnet>
>            <bridge/>
>            <enable/>
>        </opt1>
>    </interfaces>
>    <staticroutes/>
>    <pppoe>
>        <username>*******@dsl.*********</username>
>        <password>xxxxx</password>
>        <provider/>
>        <timeout/>
>    </pppoe>
>    <pptp/>
>    <bigpond/>
>    <dyndns>
>        <type>dyndns-static</type>
>        <username>*********</username>
>        <password>xxxxx</password>
>        <host>jjakob.dyndns.org</host>
>        <mx/>
>        <server/>
>        <port/>
>        <enable/>
>        <wildcard/>
>    </dyndns>
>    <dnsupdate>
>        <host/>
>        <ttl>60</ttl>
>        <keyname/>
>        <keydata/>
>    </dnsupdate>
>    <dhcpd>
>        <lan>
>            <range>
>                <from>192.168.1.100</from>
>                <to>192.168.1.199</to>
>            </range>
>        </lan>
>    </dhcpd>
>    <pptpd>
>        <mode>server</mode>
>        <redir/>
>        <localip>192.168.0.234</localip>
>        <remoteip/>
>        <radius>
>            <server/>
>            <secret/>
>        </radius>
>        <req128/>
>        <user>
>            <name>*******</name>
>            <ip/>
>            <password>xxxxx</password>
>        </user>
>    </pptpd>
>    <dnsmasq>
>        <enable/>
>    </dnsmasq>
>    <snmpd>
>        <syslocation/>
>        <syscontact/>
>        <rocommunity>public</rocommunity>
>        <enable/>
>    </snmpd>
>    <diag>
>        <ipv6nat>
>            <ipaddr/>
>        </ipv6nat>
>    </diag>
>    <bridge/>
>    <syslog>
>        <reverse/>
>        <nentries>50</nentries>
>        <remoteserver>10.1.0.45</remoteserver>
>        <filter/>
>        <system/>
>        <enable/>
>        <vpn/>
>        <rawfilter/>
>    </syslog>
>    <nat>
>        <rule>
>            <protocol>tcp/udp</protocol>
>            <external-port>6346</external-port>
>            <target>10.1.0.45</target>
>            <local-port>6346</local-port>
>            <interface>wan</interface>
>            <descr>gnutella jernej</descr>
>        </rule>
>        <rule>
>            <protocol>tcp/udp</protocol>
>            <external-port>6347</external-port>
>            <target>10.1.0.56</target>
>            <local-port>6347</local-port>
>            <interface>wan</interface>
>            <descr>gnutella silvo</descr>
>        </rule>
>        <rule>
>            <protocol>tcp</protocol>
>            <external-port>80</external-port>
>            <target>192.168.0.2</target>
>            <local-port>80</local-port>
>            <interface>wan</interface>
>            <descr>www</descr>
>        </rule>
>        <advancedoutbound/>
>    </nat>
>    <filter>
>        <rule>
>            <type>pass</type>
>            <interface>wan</interface>
>            <protocol>tcp</protocol>
>            <source>
>                <any/>
>            </source>
>            <destination>
>                <address>192.168.0.2</address>
>                <port>80</port>
>            </destination>
>            <log/>
>            <descr>NAT www</descr>
>        </rule>
>        <rule>
>            <type>pass</type>
>            <interface>wan</interface>
>            <protocol>tcp/udp</protocol>
>            <source>
>                <any/>
>            </source>
>            <destination>
>                <address>10.1.0.45</address>
>                <port>6346</port>
>            </destination>
>            <descr/>
>        </rule>
>        <rule>
>            <type>pass</type>
>            <interface>wan</interface>
>            <protocol>tcp/udp</protocol>
>            <source>
>                <any/>
>            </source>
>            <destination>
>                <address>10.1.0.56</address>
>                <port>6347</port>
>            </destination>
>            <descr/>
>        </rule>
>        <rule>
>            <type>pass</type>
>            <interface>pptp</interface>
>            <protocol>tcp</protocol>
>            <source>
>                <any/>
>            </source>
>            <destination>
>                <any/>
>            </destination>
>            <descr>Default PPTP -&gt; any</descr>
>        </rule>
>        <rule>
>            <type>pass</type>
>            <interface>opt1</interface>
>            <source>
>                <network>opt1</network>
>            </source>
>            <destination>
>                <network>lan</network>
>                <not/>
>            </destination>
>            <descr>allow DMZ anywhere but to LAN</descr>
>        </rule>
>        <rule>
>            <type>pass</type>
>            <descr>Default LAN -&gt; any</descr>
>            <interface>lan</interface>
>            <source>
>                <network>lan</network>
>            </source>
>            <destination>
>                <any/>
>            </destination>
>        </rule>
>        <tcpidletimeout/>
>    </filter>
>    <ipsec/>
>    <aliases/>
>    <proxyarp/>
>    <wol/>
>    <vlans/>
>    <shaper>
>        <magic>
>            <p2plow/>
>            <maxup>256</maxup>
>            <maxdown>1000</maxdown>
>        </magic>
>    </shaper>
> </m0n0wall>
>