System uptime 12:46PM up 4 mins, 0 users, load averages: 0.09, 0.07, 0.03 Interfaces rl0: flags=8843 mtu 1500 options=40 inet 192.168.3.1 netmask 0xffffff00 broadcast 192.168.3.255 ether 00:80:48:14:4f:34 media: Ethernet autoselect (100baseTX ) status: active rl1: flags=8843 mtu 1500 options=40 inet 10.0.2.213 netmask 0xfffffe00 broadcast 10.0.3.255 ether 00:80:48:14:45:e7 media: Ethernet autoselect (100baseTX ) status: active lo0: flags=8049 mtu 16384 inet 127.0.0.1 netmask 0xff000000 ng0: flags=88d1 mtu 1460 Routing tables Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 10.0.0.10 UGSc 2 0 rl1 10.0.0.10 10.0.2.1 UGHS 5 1231 rl1 10.0.2/23 link#2 UC 1 0 rl1 10.0.2.1 00:19:aa:00:4f:98 UHLW 1 0 rl1 1198 10.0.2.213 127.0.0.1 UGHS 0 0 lo0 91.215.89.123 lo0 UHS 0 0 lo0 127.0.0.1 127.0.0.1 UH 2 28 lo0 192.168.3 link#1 UC 1 0 rl0 192.168.3.99 00:20:ed:5b:34:67 UHLW 11 560 rl0 1182 Network buffers 6/176/17856 mbufs in use (current/peak/max): 6 mbufs allocated to data 0/8/4464 mbuf clusters in use (current/peak/max) 60 Kbytes allocated to network (0% of mb_map in use) 0 requests for memory denied 0 requests for memory delayed 0 calls to protocol drain routines Network protocol statistics tcp: 567 packets sent 429 data packets (410538 bytes) 0 data packets (0 bytes) retransmitted 0 resends initiated by MTU discovery 125 ack-only packets (0 delayed) 0 URG only packets 0 window probe packets 0 window update packets 13 control packets 362 packets received 235 acks (for 410124 bytes) 37 duplicate acks 0 acks for unsent data 86 packets (23128 bytes) received in-sequence 0 completely duplicate packets (0 bytes) 0 old duplicate packets 0 packets with some dup. data (0 bytes duped) 0 out-of-order packets (0 bytes) 0 packets (0 bytes) of data after window 0 window probes 4 window update packets 0 packets received after close 0 discarded for bad checksums 0 discarded for bad header offset fields 0 discarded because packet too short 1 connection request 38 connection accepts 0 bad connection attempts 0 listen queue overflows 39 connections established (including accepts) 29 connections closed (including 0 drops) 2 connections updated cached RTT on close 2 connections updated cached RTT variance on close 0 connections updated cached ssthresh on close 0 embryonic connections dropped 188 segments updated rtt (of 189 attempts) 0 retransmit timeouts 0 connections dropped by rexmit timeout 0 persist timeouts 0 connections dropped by persist timeout 0 keepalive timeouts 0 keepalive probes sent 0 connections dropped by keepalive 0 correct ACK header predictions 48 correct data packet header predictions 38 syncache entries added 0 retransmitted 0 dupsyn 0 dropped 38 completed 0 bucket overflow 0 cache overflow 0 reset 0 stale 0 aborted 0 badack 0 unreach 0 zone failures 0 cookies sent 0 cookies received udp: 162 datagrams received 0 with incomplete header 0 with bad data length field 0 with bad checksum 0 with no checksum 0 dropped due to no socket 86 broadcast/multicast datagrams dropped due to no socket 0 dropped due to full socket buffers 0 not for hashed pcb 76 delivered 149 datagrams output ip: 4008 total packets received 0 bad header checksums 0 with size smaller than minimum 0 with data size < data length 0 with ip length > max ip packet size 0 with header length < data size 0 with data length < header length 0 with bad options 0 with incorrect version number 0 fragments received 0 fragments dropped (dup or out of space) 0 fragments dropped after timeout 0 packets reassembled ok 2072 packets for this host 0 packets for unknown/unsupported protocol 0 packets forwarded (0 packets fast forwarded) 0 packets not forwardable 0 packets received for unknown multicast group 0 redirects sent 1942 packets sent from this host 0 packets sent with fabricated ip header 0 output packets dropped due to no bufs, etc. 8 output packets discarded due to no route 0 output datagrams fragmented 0 fragments created 0 datagrams that can't be fragmented 0 tunneling packets that can't find gif 0 datagrams with bad address in header icmp: 2 calls to icmp_error 0 errors not generated 'cuz old message was icmp Output histogram: echo reply: 5 destination unreachable: 2 0 messages with bad code fields 0 messages < minimum length 0 bad checksums 0 messages with bad length 0 multicast echo requests ignored 0 multicast timestamp requests ignored Input histogram: echo reply: 1 echo: 5 5 message responses generated 0 invalid return addresses 2 no return routes ICMP address mask responses are disabled igmp: 0 messages received 0 messages received with too few bytes 0 messages received with bad checksum 0 membership queries received 0 membership queries received with invalid field(s) 0 membership reports received 0 membership reports received with invalid field(s) 0 membership reports received for groups to which we belong 0 membership reports sent -- Bridging statistics (bdg) -- Name In Out Forward Drop Bcast Mcast Local Unknown pfkey: 4 requests sent to userland 64 bytes sent to userland histogram by message type: flush: 1 dump: 1 x_spddump: 1 x_spdflush: 1 0 messages with invalid length field 0 messages with invalid version field 0 messages with invalid message type field 0 messages too short 0 messages with memory allocation failure 0 messages with duplicate extension 0 messages with invalid extension type 0 messages with invalid sa type 0 messages with invalid address extension 4 requests sent from userland 64 bytes sent from userland histogram by message type: flush: 1 dump: 1 x_spddump: 1 x_spdflush: 1 0 messages toward single socket 0 messages toward all sockets 0 messages toward registered sockets 0 messages with memory allocation failure ipfw show ipfw: getsockopt(IP_FW_GET): Protocol not available ipnat -lv List of active MAP/Redirect filters: map ng0 192.168.3.0/24 -> 0.0.0.0/32 proxy port ftp ftp/tcp map ng0 192.168.3.0/24 -> 0.0.0.0/32 portmap tcp/udp 1024:64535 map ng0 192.168.3.0/24 -> 0.0.0.0/32 map rl1 192.168.3.0/24 -> 0.0.0.0/32 proxy port ftp ftp/tcp map rl1 192.168.3.0/24 -> 0.0.0.0/32 portmap tcp/udp 1024:64535 map rl1 192.168.3.0/24 -> 0.0.0.0/32 map rl1 from 10.0.2.213/32 to any port = 53 -> 0.0.0.0/32 List of active sessions: MAP 10.0.2.213 47258 <- -> 10.0.2.213 47258 [91.215.89.2 53] age 1188 use 0 sumd 0/0 pr 17 bkt 1403/1403 flags 2 drop 0/0 ifp rl1 bytes 58 pkts 1 MAP 10.0.2.213 49020 <- -> 10.0.2.213 49020 [91.215.91.2 53] age 1193 use 0 sumd 0/0 pr 17 bkt 2014/2014 flags 2 drop 0/0 ifp rl1 bytes 232 pkts 4 MAP 10.0.2.213 49020 <- -> 10.0.2.213 49020 [91.215.89.2 53] age 1193 use 0 sumd 0/0 pr 17 bkt 1918/1918 flags 2 drop 0/0 ifp rl1 bytes 232 pkts 4 MAP 10.0.2.213 43172 <- -> 10.0.2.213 43172 [91.215.91.2 53] age 1168 use 0 sumd 0/0 pr 17 bkt 1996/1996 flags 2 drop 0/0 ifp rl1 bytes 58 pkts 1 MAP 10.0.2.213 36247 <- -> 10.0.2.213 36247 [91.215.91.2 53] age 1166 use 0 sumd 0/0 pr 17 bkt 688/688 flags 2 drop 0/0 ifp rl1 bytes 290 pkts 5 MAP 10.0.2.213 36247 <- -> 10.0.2.213 36247 [91.215.89.2 53] age 1166 use 0 sumd 0/0 pr 17 bkt 592/592 flags 2 drop 0/0 ifp rl1 bytes 290 pkts 5 MAP 10.0.2.213 6649 <- -> 10.0.2.213 6649 [91.215.89.2 53] age 1148 use 0 sumd 0/0 pr 17 bkt 1000/1000 flags 2 drop 0/0 ifp rl1 bytes 58 pkts 1 MAP 10.0.2.213 39071 <- -> 10.0.2.213 39071 [91.215.91.2 53] age 1138 use 0 sumd 0/0 pr 17 bkt 700/700 flags 2 drop 0/0 ifp rl1 bytes 58 pkts 1 MAP 10.0.2.213 35421 <- -> 10.0.2.213 35421 [91.215.89.2 53] age 1128 use 0 sumd 0/0 pr 17 bkt 70/70 flags 2 drop 0/0 ifp rl1 bytes 58 pkts 1 MAP 10.0.2.213 41110 <- -> 10.0.2.213 41110 [91.215.91.2 53] age 1118 use 0 sumd 0/0 pr 17 bkt 451/451 flags 2 drop 0/0 ifp rl1 bytes 58 pkts 1 MAP 10.0.2.213 51695 <- -> 10.0.2.213 51695 [91.215.91.2 53] age 1132 use 0 sumd 0/0 pr 17 bkt 759/759 flags 2 drop 0/0 ifp rl1 bytes 290 pkts 5 MAP 10.0.2.213 51695 <- -> 10.0.2.213 51695 [91.215.89.2 53] age 1132 use 0 sumd 0/0 pr 17 bkt 663/663 flags 2 drop 0/0 ifp rl1 bytes 290 pkts 5 MAP 10.0.2.213 34081 <- -> 10.0.2.213 34081 [91.215.91.2 53] age 1125 use 0 sumd 0/0 pr 17 bkt 1177/1177 flags 2 drop 0/0 ifp rl1 bytes 290 pkts 5 MAP 10.0.2.213 34081 <- -> 10.0.2.213 34081 [91.215.89.2 53] age 1125 use 0 sumd 0/0 pr 17 bkt 1081/1081 flags 2 drop 0/0 ifp rl1 bytes 290 pkts 5 MAP 10.0.2.213 26641 <- -> 10.0.2.213 26641 [91.215.89.2 53] age 1108 use 0 sumd 0/0 pr 17 bkt 1050/1050 flags 2 drop 0/0 ifp rl1 bytes 58 pkts 1 MAP 10.0.2.213 25354 <- -> 10.0.2.213 25354 [91.215.91.2 53] age 1090 use 0 sumd 0/0 pr 17 bkt 1396/1396 flags 2 drop 0/0 ifp rl1 bytes 290 pkts 5 MAP 10.0.2.213 25354 <- -> 10.0.2.213 25354 [91.215.89.2 53] age 1090 use 0 sumd 0/0 pr 17 bkt 1300/1300 flags 2 drop 0/0 ifp rl1 bytes 290 pkts 5 MAP 10.0.2.213 12761 <- -> 10.0.2.213 12761 [91.215.91.2 53] age 1066 use 0 sumd 0/0 pr 17 bkt 1116/1116 flags 2 drop 0/0 ifp rl1 bytes 64 pkts 1 MAP 10.0.2.213 3466 <- -> 10.0.2.213 3466 [91.215.91.2 53] age 1055 use 0 sumd 0/0 pr 17 bkt 1326/1326 flags 2 drop 0/0 ifp rl1 bytes 290 pkts 5 MAP 10.0.2.213 3466 <- -> 10.0.2.213 3466 [91.215.89.2 53] age 1055 use 0 sumd 0/0 pr 17 bkt 1230/1230 flags 2 drop 0/0 ifp rl1 bytes 290 pkts 5 MAP 10.0.2.213 24672 <- -> 10.0.2.213 24672 [91.215.89.2 53] age 1026 use 0 sumd 0/0 pr 17 bkt 796/796 flags 2 drop 0/0 ifp rl1 bytes 64 pkts 1 MAP 10.0.2.213 26180 <- -> 10.0.2.213 26180 [91.215.91.2 53] age 1006 use 0 sumd 0/0 pr 17 bkt 1918/1918 flags 2 drop 0/0 ifp rl1 bytes 64 pkts 1 MAP 10.0.2.213 3922 <- -> 10.0.2.213 3922 [91.215.91.2 53] age 1020 use 0 sumd 0/0 pr 17 bkt 1321/1321 flags 2 drop 0/0 ifp rl1 bytes 290 pkts 5 MAP 10.0.2.213 3922 <- -> 10.0.2.213 3922 [91.215.89.2 53] age 1020 use 0 sumd 0/0 pr 17 bkt 1225/1225 flags 2 drop 0/0 ifp rl1 bytes 290 pkts 5 MAP 10.0.2.213 48770 <- -> 10.0.2.213 48770 [91.215.89.2 53] age 986 use 0 sumd 0/0 pr 17 bkt 1406/1406 flags 2 drop 0/0 ifp rl1 bytes 64 pkts 1 MAP 10.0.2.213 27191 <- -> 10.0.2.213 27191 [91.215.91.2 53] age 976 use 0 sumd 0/0 pr 17 bkt 641/641 flags 2 drop 0/0 ifp rl1 bytes 64 pkts 1 MAP 10.0.2.213 18975 <- -> 10.0.2.213 18975 [91.215.91.2 53] age 986 use 0 sumd 0/0 pr 17 bkt 606/606 flags 2 drop 0/0 ifp rl1 bytes 290 pkts 5 MAP 10.0.2.213 18975 <- -> 10.0.2.213 18975 [91.215.89.2 53] age 986 use 0 sumd 0/0 pr 17 bkt 510/510 flags 2 drop 0/0 ifp rl1 bytes 290 pkts 5 MAP 10.0.2.213 56932 <- -> 10.0.2.213 56932 [91.215.89.2 53] age 966 use 0 sumd 0/0 pr 17 bkt 1946/1946 flags 2 drop 0/0 ifp rl1 bytes 64 pkts 1 MAP 10.0.2.213 59648 <- -> 10.0.2.213 59648 [91.215.91.2 53] age 956 use 0 sumd 0/0 pr 17 bkt 1017/1017 flags 2 drop 0/0 ifp rl1 bytes 64 pkts 1 MAP 10.0.2.213 64252 <- -> 10.0.2.213 64252 [91.215.89.2 53] age 946 use 0 sumd 0/0 pr 17 bkt 1993/1993 flags 2 drop 0/0 ifp rl1 bytes 64 pkts 1 MAP 10.0.2.213 38895 <- -> 10.0.2.213 38895 [91.215.91.2 53] age 951 use 0 sumd 0/0 pr 17 bkt 709/709 flags 2 drop 0/0 ifp rl1 bytes 290 pkts 5 MAP 10.0.2.213 38895 <- -> 10.0.2.213 38895 [91.215.89.2 53] age 951 use 0 sumd 0/0 pr 17 bkt 613/613 flags 2 drop 0/0 ifp rl1 bytes 290 pkts 5 MAP 10.0.2.213 37531 <- -> 10.0.2.213 37531 [91.215.91.2 53] age 906 use 0 sumd 0/0 pr 17 bkt 1717/1717 flags 2 drop 0/0 ifp rl1 bytes 58 pkts 1 MAP 10.0.2.213 24786 <- -> 10.0.2.213 24786 [91.215.89.2 53] age 866 use 0 sumd 0/0 pr 17 bkt 1322/1322 flags 2 drop 0/0 ifp rl1 bytes 58 pkts 1 MAP 10.0.2.213 9796 <- -> 10.0.2.213 9796 [91.215.91.2 53] age 846 use 0 sumd 0/0 pr 17 bkt 1854/1854 flags 2 drop 0/0 ifp rl1 bytes 58 pkts 1 MAP 10.0.2.213 55543 <- -> 10.0.2.213 55543 [91.215.89.2 53] age 826 use 0 sumd 0/0 pr 17 bkt 679/679 flags 2 drop 0/0 ifp rl1 bytes 58 pkts 1 MAP 10.0.2.213 11532 <- -> 10.0.2.213 11532 [91.215.91.2 53] age 816 use 0 sumd 0/0 pr 17 bkt 1854/1854 flags 2 drop 0/0 ifp rl1 bytes 58 pkts 1 MAP 10.0.2.213 44307 <- -> 10.0.2.213 44307 [91.215.89.2 53] age 806 use 0 sumd 0/0 pr 17 bkt 1631/1631 flags 2 drop 0/0 ifp rl1 bytes 58 pkts 1 MAP 10.0.2.213 36974 <- -> 10.0.2.213 36974 [91.215.91.2 53] age 796 use 0 sumd 0/0 pr 17 bkt 430/430 flags 2 drop 0/0 ifp rl1 bytes 58 pkts 1 MAP 10.0.2.213 25366 <- -> 10.0.2.213 25366 [91.215.89.2 53] age 786 use 0 sumd 0/0 pr 17 bkt 278/278 flags 2 drop 0/0 ifp rl1 bytes 58 pkts 1 List of active host mappings: 10.0.2.213 -> 0.0.0.0 (use = 41 hv = 926) ipfstat -v opts 0x40 name /dev/ipl IPv6 packets: in 0 out 0 input packets: blocked 1934 passed 2081 nomatch 0 counted 0 short 0 output packets: blocked 0 passed 1948 nomatch 0 counted 0 short 0 input packets logged: blocked 1934 passed 0 output packets logged: blocked 0 passed 0 packets logged: input 0 output 0 log failures: input 0 output 0 fragment state(in): kept 0 lost 0 not fragmented 0 fragment state(out): kept 0 lost 0 not fragmented 0 packet state(in): kept 50 lost 0 packet state(out): kept 42 lost 0 ICMP replies: 0 TCP RSTs sent: 0 Invalid source(in): 0 Result cache hits(in): 27 (out): 1214 IN Pullups succeeded: 0 failed: 0 OUT Pullups succeeded: 0 failed: 0 Fastroute successes: 0 failures: 0 TCP cksum fails(in): 0 (out): 0 Packet log flags set: (0) none ipfstat -nio @1 pass out quick on lo0 from any to any @2 pass out quick on rl0 proto udp from 192.168.3.1/32 port = 67 to any port = 68 @3 pass out quick on rl1 proto gre from any to any @4 pass out quick on rl1 proto tcp from any to any port = 1723 @5 pass out quick on rl1 proto udp from any port = 68 to any port = 67 @6 pass out quick on ng0 proto udp from any port = 68 to any port = 67 @7 pass out quick on rl0 from any to any keep state @8 pass out quick on ng0 from any to any keep state @9 pass out quick on rl1 from any to any keep state @10 block out log quick from any to any @1 pass in quick on lo0 from any to any @2 block in log quick from any to any with short @3 block in log quick from any to any with ipopt @4 pass in quick on rl0 proto udp from any port = 68 to 255.255.255.255/32 port = 67 @5 pass in quick on rl0 proto udp from any port = 68 to 192.168.3.1/32 port = 67 @6 block in log quick on ng0 from 192.168.3.0/24 to any @7 block in log quick on rl1 from 192.168.3.0/24 to any @8 pass in quick on rl1 proto gre from any to any @9 pass in quick on rl1 proto tcp from any port = 1723 to any @10 block in log quick on rl1 proto udp from any port = 67 to 192.168.3.0/24 port = 68 @11 pass in quick on rl1 proto udp from any port = 67 to any port = 68 @12 block in log quick on ng0 proto udp from any port = 67 to 192.168.3.0/24 port = 68 @13 pass in quick on ng0 proto udp from any port = 67 to any port = 68 @14 block in log quick on rl0 from !192.168.3.0/24 to any @15 block in log quick on ng0 from 10.0.0.0/8 to any @16 block in log quick on ng0 from 127.0.0.0/8 to any @17 block in log quick on ng0 from 172.16.0.0/12 to any @18 block in log quick on ng0 from 192.168.0.0/16 to any @19 skip 1 in proto tcp from any to any flags S/FSRA @20 block in log quick proto tcp from any to any @21 block in log quick on rl0 from any to any head 100 @1 pass in quick from 192.168.3.0/24 to 192.168.3.1/32 keep state group 100 @2 pass in quick from 192.168.3.0/24 to any keep state group 100 @22 block in log quick on ng0 from any to any head 200 @23 block in log quick on rl1 from any to any head 300 @24 block in log quick from any to any unparsed ipnat rules map ng0 192.168.3.0/24 -> 0/32 proxy port ftp ftp/tcp map ng0 192.168.3.0/24 -> 0/32 portmap tcp/udp 1024:64535 map ng0 192.168.3.0/24 -> 0/32 map rl1 192.168.3.0/24 -> 0/32 proxy port ftp ftp/tcp map rl1 192.168.3.0/24 -> 0/32 portmap tcp/udp 1024:64535 map rl1 192.168.3.0/24 -> 0/32 map rl1 from 10.0.2.213/32 to any port = 53 -> 0.0.0.0/32 unparsed ipfilter rules # loopback pass in quick on lo0 all pass out quick on lo0 all # block short packets block in log quick all with short # block IP options block in log quick all with ipopts # allow access to DHCP server on LAN pass in quick on rl0 proto udp from any port = 68 to 255.255.255.255 port = 67 pass in quick on rl0 proto udp from any port = 68 to 192.168.3.1 port = 67 pass out quick on rl0 proto udp from 192.168.3.1 port = 67 to any port = 68 # WAN spoof check block in log quick on ng0 from 192.168.3.0/24 to any block in log quick on rl1 from 192.168.3.0/24 to any # allow PPTP client pass in quick on rl1 proto gre from any to any pass out quick on rl1 proto gre from any to any pass in quick on rl1 proto tcp from any port = 1723 to any pass out quick on rl1 proto tcp from any to any port = 1723 # allow our DHCP client out to the WAN # XXX - should be more restrictive # (not possible at the moment - need 'me' like in ipfw) pass out quick on rl1 proto udp from any port = 68 to any port = 67 block in log quick on rl1 proto udp from any port = 67 to 192.168.3.0/24 port = 68 pass in quick on rl1 proto udp from any port = 67 to any port = 68 pass out quick on ng0 proto udp from any port = 68 to any port = 67 block in log quick on ng0 proto udp from any port = 67 to 192.168.3.0/24 port = 68 pass in quick on ng0 proto udp from any port = 67 to any port = 68 # LAN/OPT spoof check (needs to be after DHCP because of broadcast addresses) block in log quick on rl0 from ! 192.168.3.0/24 to any # block anything from private networks on WAN interface block in log quick on ng0 from 10.0.0.0/8 to any block in log quick on ng0 from 127.0.0.0/8 to any block in log quick on ng0 from 172.16.0.0/12 to any block in log quick on ng0 from 192.168.0.0/16 to any # Block TCP packets that do not mark the start of a connection skip 1 in proto tcp all flags S/SAFR block in log quick proto tcp all #--------------------------------------------------------------------------- # group head 100 - LAN interface #--------------------------------------------------------------------------- block in log quick on rl0 all head 100 # let out anything from the firewall host itself and decrypted IPsec traffic pass out quick on rl0 all keep state #--------------------------------------------------------------------------- # group head 200 - WAN interface #--------------------------------------------------------------------------- block in log quick on ng0 all head 200 # let out anything from the firewall host itself and decrypted IPsec traffic pass out quick on ng0 all keep state #--------------------------------------------------------------------------- # group head 300 - opt1 interface #--------------------------------------------------------------------------- block in log quick on rl1 all head 300 # let out anything from the firewall host itself and decrypted IPsec traffic pass out quick on rl1 all keep state # make sure the user cannot lock himself out of the webGUI pass in quick from 192.168.3.0/24 to 192.168.3.1 keep state group 100 # User-defined rules follow pass in quick from 192.168.3.0/24 to any keep state group 100 #--------------------------------------------------------------------------- # default rules (just to be sure) #--------------------------------------------------------------------------- block in log quick all block out log quick all unparsed ipfw rules add 50000 set 4 pass all from 192.168.3.1 to any add 50001 set 4 pass all from any to 192.168.3.1 resolv.conf domain local nameserver 91.215.89.2 nameserver 91.215.91.2 Processes USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND root 463 13.0 1.3 7340 6808 ?? SN 12:46PM 0:00.15 /usr/local/bin/php status.php root 500 0.0 0.2 1332 876 ?? SN 12:46PM 0:00.00 sh -c ps xauww 2>&1 root 464 0.0 0.3 2256 1264 ?? S 12:46PM 0:00.01 /usr/local/sbin/mini_httpd -c **.php|**.cgi -u root -maxproc 16 -i /var/run/mini_httpd.pid root 434 0.0 0.2 1116 788 ?? S 12:45PM 0:00.00 /usr/local/bin/msntp -r -P no -l /var/run/msntp.pid -x 300 pool.ntp.org root 245 0.0 0.3 2256 1356 ?? Ss 12:43PM 0:00.01 /usr/local/sbin/mpd -b -d /var/etc -p /var/run/mpd.pid pptp root 135 0.0 0.2 1336 904 ?? I 12:43PM 0:00.00 /bin/sh /etc/rc.initial console root 117 0.0 0.2 1332 872 con- I 12:43PM 0:00.01 /bin/sh /usr/local/bin/runmsntp.sh /var/run/runmsntp.pid /var/run/msntp.pid 300 pool.ntp.org root 113 0.0 0.3 1812 1488 ?? Ss 12:43PM 0:00.00 /usr/local/sbin/dhcpd -cf /var/etc/dhcpd.conf rl0 nobody 110 0.0 0.2 1044 848 ?? S 12:43PM 0:00.01 /usr/local/sbin/dnsmasq root 106 0.0 0.2 2252 1224 ?? Ss 12:43PM 0:00.02 /usr/local/sbin/mini_httpd -c **.php|**.cgi -u root -maxproc 16 -i /var/run/mini_httpd.pid root 103 0.0 0.1 1004 704 ?? Ss 12:43PM 0:00.14 /usr/sbin/syslogd -ss root 98 0.0 0.2 1456 1240 ?? Ss 12:43PM 0:00.11 /sbin/ipmon -sD root 89 0.0 0.2 1436 1124 ?? Is 12:43PM 0:00.00 /sbin/dhclient -nw -cf /var/etc/dhclient.conf rl1 root 10 0.0 0.0 0 0 ?? DL 12:42PM 0:00.00 (vnlru) root 9 0.0 0.0 0 0 ?? DL 12:42PM 0:00.01 (syncer) root 8 0.0 0.0 0 0 ?? DL 12:42PM 0:00.00 (bufdaemon) root 7 0.0 0.0 0 0 ?? DL 12:42PM 0:00.00 (pagedaemon) root 6 0.0 0.0 0 0 ?? DL 12:42PM 0:00.00 (usb1) root 5 0.0 0.0 0 0 ?? DL 12:42PM 0:00.00 (usbtask) root 4 0.0 0.0 0 0 ?? DL 12:42PM 0:00.00 (usb0) root 3 0.0 0.0 0 0 ?? DL 12:42PM 0:00.00 (taskqueue) root 2 0.0 0.0 0 0 ?? DL 12:42PM 0:00.00 (cryptoret) root 1 0.0 0.1 1060 696 ?? SLs 12:42PM 0:00.01 /sbin/init -- root 501 0.0 0.1 1080 676 ?? RN 12:46PM 0:00.00 ps xauww root 0 0.0 0.0 0 0 ?? DLs 12:42PM 0:00.00 (swapper) ls /var/run dev.db dhclient.pid dhcpd.pid dnsmasq.pid htpasswd ipmon.pid ld-elf.so.hints log mini_httpd.pid mpd.pid runmsntp.pid syslog.pid utmp dhcpd.conf option domain-name "local"; default-lease-time 7200; max-lease-time 86400; authoritative; log-facility local7; ddns-update-style none; subnet 192.168.3.0 netmask 255.255.255.0 { pool { range 192.168.3.11 192.168.3.99; } option routers 192.168.3.1; option domain-name-servers 192.168.3.1; } ez-ipupdate.cache cat: /conf/ez-ipupdate.cache: No such file or directory racoon.conf cat: /var/etc/racoon.conf: No such file or directory SPD No SPD entries. SAD No SAD entries. df -k Filesystem 1K-blocks Used Avail Capacity Mounted on /dev/md0c 11871 10250 1621 86% / /dev/fd0 1424 13 1411 1% /cf procfs 4 4 0 100% /proc last 200 filter log entries Dec 24 12:46:33 m0n0wall ipmon[98]: 12:46:32.406039 rl1 @0:23 b 10.0.2.125,1126 -> 255.255.255.255,7533 PR udp len 20 53 IN Dec 24 12:46:33 m0n0wall ipmon[98]: 12:46:32.477264 ng0 @0:24 b 95.132.72.94,3182 -> 91.215.89.123,12525 PR tcp len 20 48 -S IN Dec 24 12:46:33 m0n0wall ipmon[98]: 12:46:32.649246 ng0 @0:24 b 217.66.146.120,29652 -> 91.215.89.123,12525 PR tcp len 20 44 -S IN Dec 24 12:46:33 m0n0wall ipmon[98]: 12:46:32.711233 ng0 @0:24 b 109.205.248.179,44860 -> 91.215.89.123,12525 PR udp len 20 58 IN Dec 24 12:46:33 m0n0wall ipmon[98]: 12:46:33.010464 ng0 @0:24 b 178.95.5.161,22004 -> 91.215.89.123,12525 PR udp len 20 58 IN Dec 24 12:46:33 m0n0wall ipmon[98]: 12:46:33.067215 ng0 @0:24 b 88.113.64.53,49060 -> 91.215.89.123,22749 PR udp len 20 131 IN Dec 24 12:46:33 m0n0wall ipmon[98]: 12:46:33.295335 ng0 @0:24 b 94.179.73.28,57922 -> 91.215.89.123,12525 PR udp len 20 58 IN Dec 24 12:46:33 m0n0wall ipmon[98]: 12:46:33.314657 ng0 @0:24 b 212.178.20.30,65344 -> 91.215.89.123,12525 PR tcp len 20 52 -S IN Dec 24 12:46:34 m0n0wall ipmon[98]: 12:46:33.437368 rl1 @0:23 b 10.0.2.125,1126 -> 255.255.255.255,7533 PR udp len 20 53 IN Dec 24 12:46:34 m0n0wall ipmon[98]: 12:46:33.476461 ng0 @0:24 b 87.251.152.126,2889 -> 91.215.89.123,12525 PR tcp len 20 48 -S IN Dec 24 12:46:34 m0n0wall ipmon[98]: 12:46:33.672456 ng0 @0:24 b 217.66.146.120,29652 -> 91.215.89.123,12525 PR tcp len 20 44 -S IN Dec 24 12:46:34 m0n0wall ipmon[98]: 12:46:33.759739 ng0 @0:24 b 212.1.70.79,4175 -> 91.215.89.123,12525 PR tcp len 20 48 -S IN Dec 24 12:46:34 m0n0wall ipmon[98]: 12:46:34.120416 ng0 @0:24 b 92.115.126.100,15024 -> 91.215.89.123,12525 PR udp len 20 58 IN Dec 24 12:46:34 m0n0wall ipmon[98]: 12:46:34.218201 ng0 @0:24 b 79.133.137.222,4860 -> 91.215.89.123,12525 PR tcp len 20 48 -S IN Dec 24 12:46:34 m0n0wall ipmon[98]: 12:46:34.242605 ng0 @0:24 b 85.113.203.82,44673 -> 91.215.89.123,12525 PR udp len 20 131 IN Dec 24 12:46:35 m0n0wall ipmon[98]: 12:46:34.437490 rl1 @0:23 b 10.0.2.125,1126 -> 255.255.255.255,7533 PR udp len 20 53 IN Dec 24 12:46:35 m0n0wall ipmon[98]: 12:46:34.523092 ng0 @0:24 b 188.114.46.183,15979 -> 91.215.89.123,12525 PR tcp len 20 48 -S IN Dec 24 12:46:35 m0n0wall ipmon[98]: 12:46:34.560239 ng0 @0:24 b 94.241.196.222,3090 -> 91.215.89.123,12525 PR tcp len 20 48 -S IN Dec 24 12:46:35 m0n0wall ipmon[98]: 12:46:34.640038 ng0 @0:24 b 79.126.94.10,1310 -> 91.215.89.123,12525 PR tcp len 20 48 -S IN Dec 24 12:46:35 m0n0wall ipmon[98]: 12:46:34.996779 ng0 @0:24 b 94.141.161.46,60916 -> 91.215.89.123,12525 PR tcp len 20 52 -S IN Dec 24 12:46:35 m0n0wall ipmon[98]: 12:46:34.997222 ng0 @0:24 b 94.141.161.46,25052 -> 91.215.89.123,12525 PR udp len 20 58 IN Dec 24 12:46:35 m0n0wall ipmon[98]: 12:46:35.109246 rl1 @0:23 b 10.10.6.1,1051 -> 255.255.255.255,1947 PR udp len 20 68 IN Dec 24 12:46:35 m0n0wall ipmon[98]: 12:46:35.147398 ng0 @0:24 b 92.243.166.122,37990 -> 91.215.89.123,12525 PR tcp len 20 48 -S IN Dec 24 12:46:36 m0n0wall ipmon[98]: 12:46:35.437754 rl1 @0:23 b 10.0.2.125,1126 -> 255.255.255.255,7533 PR udp len 20 53 IN Dec 24 12:46:36 m0n0wall ipmon[98]: 12:46:35.523929 ng0 @0:24 b 95.24.228.47,1689 -> 91.215.89.123,12525 PR tcp len 20 48 -S IN Dec 24 12:46:36 m0n0wall ipmon[98]: 12:46:35.603634 ng0 @0:24 b 109.201.65.190,49595 -> 91.215.89.123,12525 PR tcp len 20 48 -S IN Dec 24 12:46:36 m0n0wall ipmon[98]: 12:46:35.789238 ng0 @0:24 b 194.79.21.162,3230 -> 91.215.89.123,12525 PR tcp len 20 48 -S IN Dec 24 12:46:36 m0n0wall ipmon[98]: 12:46:35.843902 ng0 @0:24 b 85.173.68.60,3173 -> 91.215.89.123,12525 PR tcp len 20 52 -S IN Dec 24 12:46:36 m0n0wall ipmon[98]: 12:46:35.908444 ng0 @0:24 b 92.115.231.33,4140 -> 91.215.89.123,12525 PR tcp len 20 48 -S IN Dec 24 12:46:36 m0n0wall ipmon[98]: 12:46:36.006363 ng0 @0:24 b 178.95.5.161,22004 -> 91.215.89.123,12525 PR udp len 20 58 IN Dec 24 12:46:36 m0n0wall ipmon[98]: 12:46:36.133540 ng0 @0:24 b 91.202.27.244,4676 -> 91.215.89.123,12525 PR tcp len 20 48 -S IN Dec 24 12:46:36 m0n0wall ipmon[98]: 12:46:36.174285 2x ng0 @0:24 b 83.243.71.149,14160 -> 91.215.89.123,12525 PR udp len 20 95 IN last 1000 system log entries Dec 24 12:46:28 m0n0wall /kernel: arplookup 10.0.0.10 failed: host is not on local network Dec 24 12:46:28 m0n0wall /kernel: arpresolve: can't allocate llinfo for 10.0.0.10rt Dec 24 12:46:28 m0n0wall /kernel: arplookup 10.0.0.10 failed: host is not on local network Dec 24 12:46:28 m0n0wall /kernel: arpresolve: can't allocate llinfo for 10.0.0.10rt Dec 24 12:46:29 m0n0wall /kernel: arplookup 10.0.0.10 failed: host is not on local network Dec 24 12:46:29 m0n0wall /kernel: arpresolve: can't allocate llinfo for 10.0.0.10rt Dec 24 12:46:29 m0n0wall /kernel: arplookup 10.0.0.10 failed: host is not on local network Dec 24 12:46:29 m0n0wall /kernel: arpresolve: can't allocate llinfo for 10.0.0.10rt Dec 24 12:46:30 m0n0wall /kernel: arplookup 10.0.0.10 failed: host is not on local network Dec 24 12:46:30 m0n0wall /kernel: arpresolve: can't allocate llinfo for 10.0.0.10rt Dec 24 12:46:30 m0n0wall /kernel: arplookup 10.0.0.10 failed: host is not on local network Dec 24 12:46:30 m0n0wall /kernel: arpresolve: can't allocate llinfo for 10.0.0.10rt Dec 24 12:46:30 m0n0wall /kernel: arplookup 10.0.0.10 failed: host is not on local network Dec 24 12:46:30 m0n0wall /kernel: arpresolve: can't allocate llinfo for 10.0.0.10rt Dec 24 12:46:32 m0n0wall /kernel: arplookup 10.0.0.10 failed: host is not on local network Dec 24 12:46:32 m0n0wall /kernel: arpresolve: can't allocate llinfo for 10.0.0.10rt Dec 24 12:46:32 m0n0wall /kernel: arplookup 10.0.0.10 failed: host is not on local network Dec 24 12:46:32 m0n0wall /kernel: arpresolve: can't allocate llinfo for 10.0.0.10rt