[ previous ] [ next ] [ threads ]
 
 From:  "Joey Morin" <joeymorin at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] more ez-ipupdate woes
 Date:  Wed, 18 Apr 2007 18:11:10 -0400
here's my (sanitized) config:

<?xml version="1.0"?>
<m0n0wall>
    <version>1.6</version>
    <system>
        <hostname>xxxxxxxx</hostname>
        <domain>xxxxxxxx.dyndns.org</domain>
        <username>root</username>
        <password>xxxxx</password>
        <timezone>EST5EDT</timezone>
        <time-update-interval>1437</time-update-interval>
        <timeservers>time.nrc.ca</timeservers>
        <webgui>
            <protocol>https</protocol>
            <port/>
            <certificate>xxxxxxxx</certificate>
            <private-key>xxxxxxxx</private-key>
            <expanddiags/>
        </webgui>
        <dnsallowoverride/>
        <harddiskstandby>1</harddiskstandby>

<notes>VXBncmFkZWQgZnJvbSAxLjIgdG8gMS4yMSAyMDA2LTAxLTA0LTE4OjMxDQpVcGdyYWRlZCB0byAxLjIyIDIwMDYtMDQtMjYtMTY6MTcNClVwZ3JhZGVkIHRvIDEuMjMxIDIwMDctMDQtMTYtMjE6MTANClJlLXRhc2tlZCBhcyAnZGlvY2huby5rYXRocmVmdGlzLmR5bmRucy5vcmcnIGZvciBCb3VuZGxlc3MgQWR2ZW50dXJlcyAyMDA3LTA0LTE2</notes>
        <group>
            <name>guest</name>
            <description>Guest</description>
            <pages>index.php</pages>
            <pages>system_usermanager.php</pages>
            <pages>graph_cpu.php</pages>
            <pages>graph.php</pages>
            <pages>diag_logs_vpn.php</pages>
            <pages>diag_ping.php</pages>
            <pages>license.php</pages>
            <pages>status_graph_cpu.php</pages>
        </group>
        <user>
            <name>guest</name>
            <fullname>Guest</fullname>
            <groupname>guest</groupname>
            <password>xxxxx</password>
        </user>
    </system>
    <interfaces>
        <lan>
            <if>ex1</if>
            <ipaddr>192.168.199.1</ipaddr>
            <subnet>24</subnet>
        </lan>
        <wan>
            <if>ex0</if>
            <blockpriv/>
            <spoofmac/>
            <mtu/>
            <ipaddr>pppoe</ipaddr>
        </wan>
    </interfaces>
    <staticroutes/>
    <pppoe>
        <username>xxxxxxxx</username>
        <password>xxxxx</password>
        <provider/>
        <timeout></timeout>
    </pppoe>
    <pptp/>
    <dyndns>
        <type>dyndns</type>
        <username>xxxxxxxx</username>
        <password>xxxxx</password>
        <host>xxxxxxxx.dyndns.org</host>
        <mx/>
        <enable/>
        <wildcard/>
        <server/>
        <port/>
    </dyndns>
    <dhcpd>
        <lan>
            <range>
                <from>192.168.199.128</from>
                <to>192.168.199.135</to>
            </range>
            <defaultleasetime>86400</defaultleasetime>
            <maxleasetime>86401</maxleasetime>
            <enable/>
        </lan>
    </dhcpd>
    <pptpd>
        <mode>server</mode>
        <redir>192.168.2.101</redir>
        <localip>192.168.211.1</localip>
        <remoteip>192.168.211.16</remoteip>
        <radius>
            <server/>
            <secret/>
        </radius>
        <req128/>
        <user>
            <name>xxxxxxxx</name>
            <ip>192.168.211.16</ip>
            <password>xxxxx</password>
        </user>
        <user>
            <name>xxxxxxxx</name>
            <ip>192.168.211.31</ip>
            <password>xxxxx</password>
        </user>
    </pptpd>
    <dnsmasq>
        <enable/>
        <hosts>
            <host/>
            <domain>xxxxxxxx.dyndns.org</domain>
            <ip>192.168.199.1</ip>
            <descr/>
        </hosts>
    </dnsmasq>
    <snmpd>
        <syslocation/>
        <syscontact/>
        <rocommunity>public</rocommunity>
        <enable/>
    </snmpd>
    <diag>
        <ipv6nat>
            <ipaddr/>
        </ipv6nat>
    </diag>
    <bridge/>
    <syslog>
        <nentries>1000</nentries>
        <remoteserver/>
        <nologdefaultblock/>
    </syslog>
    <nat>
        <rule>
            <protocol>tcp</protocol>
            <external-port>44443</external-port>
            <target>localhost</target>
            <local-port>443</local-port>
            <interface>wan</interface>
            <descr>WebGUI admin</descr>
        </rule>
    </nat>
    <filter>
        <rule>
            <type>block</type>
            <interface>wan</interface>
            <protocol>icmp</protocol>
            <icmptype>echo</icmptype>
            <source>
                <any/>
            </source>
            <destination>
                <network>wanip</network>
            </destination>
            <log/>
            <descr>DENY -&gt; WAN ping (but log)</descr>
        </rule>
        <rule>
            <type>pass</type>
            <interface>wan</interface>
            <protocol>tcp</protocol>
            <source>
                <any/>
            </source>
            <destination>
                <address>localhost</address>
                <port>443</port>
            </destination>
            <log/>
            <descr>NAT WebGUI admin</descr>
        </rule>
        <rule>
            <type>pass</type>
            <interface>pptp</interface>
            <source>
                <network>pptp</network>
            </source>
            <destination>
                <any/>
            </destination>
            <log/>
            <frags/>
            <descr>PPTP -&gt; any</descr>
        </rule>
        <rule>
            <type>pass</type>
            <interface>lan</interface>
            <source>
                <network>lan</network>
            </source>
            <destination>
                <any/>
            </destination>
            <descr>LAN -&gt; any</descr>
        </rule>
        <tcpidletimeout>1800</tcpidletimeout>
    </filter>
    <ipsec>
        <mobileclients>
            <p1>
                <mode>aggressive</mode>
                <myident>
                    <myaddress/>
                </myident>
                <encryption-algorithm>blowfish</encryption-algorithm>
                <hash-algorithm>sha1</hash-algorithm>
                <dhgroup>2</dhgroup>
                <lifetime>28800</lifetime>
                <private-key/>
                <cert/>

<authentication_method>pre_shared_key</authentication_method>
            </p1>
            <p2>
                <protocol>esp</protocol>

<encryption-algorithm-option>blowfish</encryption-algorithm-option>
                <hash-algorithm-option>hmac_sha1</hash-algorithm-option>
                <pfsgroup>2</pfsgroup>
                <lifetime>86400</lifetime>
            </p2>
        </mobileclients>
    </ipsec>
    <aliases>
        <alias>
            <name>localhost</name>
            <address>127.0.0.1</address>
            <descr>localhost</descr>
        </alias>
    </aliases>
    <proxyarp/>
    <captiveportal>
        <page/>
        <timeout>60</timeout>
        <interface>lan</interface>
        <idletimeout/>
        <radiusip/>
        <radiusport/>
        <radiuskey/>
    </captiveportal>
    <wol/>
    <lastchange>1176926997</lastchange>
    <dnsupdate>
        <host/>
        <ttl>60</ttl>
        <keyname/>
        <keydata/>
    </dnsupdate>
    <shaper>
        <magic>
            <p2plow/>
            <maskq/>
            <maxup>677</maxup>
            <maxdown>2600</maxdown>
        </magic>
    </shaper>
</m0n0wall>

cheers,
jj

On 4/18/07, Lee Sharp <leesharp at hal dash pc dot org> wrote:
>
> Odd... I have Dyndns on everything (over 30 boxes) and do not have this
> problem.  Can you post a sanitized config?
>
>                         Lee
>