here's my (sanitized) config:
<?xml version="1.0"?>
<m0n0wall>
<version>1.6</version>
<system>
<hostname>xxxxxxxx</hostname>
<domain>xxxxxxxx.dyndns.org</domain>
<username>root</username>
<password>xxxxx</password>
<timezone>EST5EDT</timezone>
<time-update-interval>1437</time-update-interval>
<timeservers>time.nrc.ca</timeservers>
<webgui>
<protocol>https</protocol>
<port/>
<certificate>xxxxxxxx</certificate>
<private-key>xxxxxxxx</private-key>
<expanddiags/>
</webgui>
<dnsallowoverride/>
<harddiskstandby>1</harddiskstandby>
<notes>VXBncmFkZWQgZnJvbSAxLjIgdG8gMS4yMSAyMDA2LTAxLTA0LTE4OjMxDQpVcGdyYWRlZCB0byAxLjIyIDIwMDYtMDQtMjYtMTY6MTcNClVwZ3JhZGVkIHRvIDEuMjMxIDIwMDctMDQtMTYtMjE6MTANClJlLXRhc2tlZCBhcyAnZGlvY2huby5rYXRocmVmdGlzLmR5bmRucy5vcmcnIGZvciBCb3VuZGxlc3MgQWR2ZW50dXJlcyAyMDA3LTA0LTE2</notes>
<group>
<name>guest</name>
<description>Guest</description>
<pages>index.php</pages>
<pages>system_usermanager.php</pages>
<pages>graph_cpu.php</pages>
<pages>graph.php</pages>
<pages>diag_logs_vpn.php</pages>
<pages>diag_ping.php</pages>
<pages>license.php</pages>
<pages>status_graph_cpu.php</pages>
</group>
<user>
<name>guest</name>
<fullname>Guest</fullname>
<groupname>guest</groupname>
<password>xxxxx</password>
</user>
</system>
<interfaces>
<lan>
<if>ex1</if>
<ipaddr>192.168.199.1</ipaddr>
<subnet>24</subnet>
</lan>
<wan>
<if>ex0</if>
<blockpriv/>
<spoofmac/>
<mtu/>
<ipaddr>pppoe</ipaddr>
</wan>
</interfaces>
<staticroutes/>
<pppoe>
<username>xxxxxxxx</username>
<password>xxxxx</password>
<provider/>
<timeout></timeout>
</pppoe>
<pptp/>
<dyndns>
<type>dyndns</type>
<username>xxxxxxxx</username>
<password>xxxxx</password>
<host>xxxxxxxx.dyndns.org</host>
<mx/>
<enable/>
<wildcard/>
<server/>
<port/>
</dyndns>
<dhcpd>
<lan>
<range>
<from>192.168.199.128</from>
<to>192.168.199.135</to>
</range>
<defaultleasetime>86400</defaultleasetime>
<maxleasetime>86401</maxleasetime>
<enable/>
</lan>
</dhcpd>
<pptpd>
<mode>server</mode>
<redir>192.168.2.101</redir>
<localip>192.168.211.1</localip>
<remoteip>192.168.211.16</remoteip>
<radius>
<server/>
<secret/>
</radius>
<req128/>
<user>
<name>xxxxxxxx</name>
<ip>192.168.211.16</ip>
<password>xxxxx</password>
</user>
<user>
<name>xxxxxxxx</name>
<ip>192.168.211.31</ip>
<password>xxxxx</password>
</user>
</pptpd>
<dnsmasq>
<enable/>
<hosts>
<host/>
<domain>xxxxxxxx.dyndns.org</domain>
<ip>192.168.199.1</ip>
<descr/>
</hosts>
</dnsmasq>
<snmpd>
<syslocation/>
<syscontact/>
<rocommunity>public</rocommunity>
<enable/>
</snmpd>
<diag>
<ipv6nat>
<ipaddr/>
</ipv6nat>
</diag>
<bridge/>
<syslog>
<nentries>1000</nentries>
<remoteserver/>
<nologdefaultblock/>
</syslog>
<nat>
<rule>
<protocol>tcp</protocol>
<external-port>44443</external-port>
<target>localhost</target>
<local-port>443</local-port>
<interface>wan</interface>
<descr>WebGUI admin</descr>
</rule>
</nat>
<filter>
<rule>
<type>block</type>
<interface>wan</interface>
<protocol>icmp</protocol>
<icmptype>echo</icmptype>
<source>
<any/>
</source>
<destination>
<network>wanip</network>
</destination>
<log/>
<descr>DENY -> WAN ping (but log)</descr>
</rule>
<rule>
<type>pass</type>
<interface>wan</interface>
<protocol>tcp</protocol>
<source>
<any/>
</source>
<destination>
<address>localhost</address>
<port>443</port>
</destination>
<log/>
<descr>NAT WebGUI admin</descr>
</rule>
<rule>
<type>pass</type>
<interface>pptp</interface>
<source>
<network>pptp</network>
</source>
<destination>
<any/>
</destination>
<log/>
<frags/>
<descr>PPTP -> any</descr>
</rule>
<rule>
<type>pass</type>
<interface>lan</interface>
<source>
<network>lan</network>
</source>
<destination>
<any/>
</destination>
<descr>LAN -> any</descr>
</rule>
<tcpidletimeout>1800</tcpidletimeout>
</filter>
<ipsec>
<mobileclients>
<p1>
<mode>aggressive</mode>
<myident>
<myaddress/>
</myident>
<encryption-algorithm>blowfish</encryption-algorithm>
<hash-algorithm>sha1</hash-algorithm>
<dhgroup>2</dhgroup>
<lifetime>28800</lifetime>
<private-key/>
<cert/>
<authentication_method>pre_shared_key</authentication_method>
</p1>
<p2>
<protocol>esp</protocol>
<encryption-algorithm-option>blowfish</encryption-algorithm-option>
<hash-algorithm-option>hmac_sha1</hash-algorithm-option>
<pfsgroup>2</pfsgroup>
<lifetime>86400</lifetime>
</p2>
</mobileclients>
</ipsec>
<aliases>
<alias>
<name>localhost</name>
<address>127.0.0.1</address>
<descr>localhost</descr>
</alias>
</aliases>
<proxyarp/>
<captiveportal>
<page/>
<timeout>60</timeout>
<interface>lan</interface>
<idletimeout/>
<radiusip/>
<radiusport/>
<radiuskey/>
</captiveportal>
<wol/>
<lastchange>1176926997</lastchange>
<dnsupdate>
<host/>
<ttl>60</ttl>
<keyname/>
<keydata/>
</dnsupdate>
<shaper>
<magic>
<p2plow/>
<maskq/>
<maxup>677</maxup>
<maxdown>2600</maxdown>
</magic>
</shaper>
</m0n0wall>
cheers,
jj
On 4/18/07, Lee Sharp <leesharp at hal dash pc dot org> wrote:
>
> Odd... I have Dyndns on everything (over 30 boxes) and do not have this
> problem. Can you post a sanitized config?
>
> Lee
>
| 