[ previous ] [ next ] [ threads ]
 
 From:  "Bostjan Hojkar" <bostjan dot hojkar at fov dot uni dash mb dot si>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Filtering bridge - packet loss
 Date:  Wed, 31 Aug 2005 08:24:00 +0200 
>>> Sometimes i notice packet loss like this:
>>>
>>> 2241 packets transmitted, 2196 received, 2% packet loss, time 1915ms
>>> (ping through firewall)
>>>
>>> I'm always pinging same host (uplink router),
>>
>>I bet if you ping the router without the firewall, you'll still see
>>~2% packet loss over a long period.  Routers tend to ignore ICMP echo
>>requests when they have better things to do (i.e. are under a bit of
>>load).  Or, put a packet sniffer on both sides of m0n0wall and see if
>>you're seeing all the echo requests on the outside of the firewall.
>>I'm betting you will see them getting through the firewall and never
>>coming back from the router.
>
> Not realy. Without m0n0 (direct connect) - no packetloss.
> I traced the problem - if i pull out RJ45 for WAN or OPT1 (one is enough)
> for 5 sec, plug it back in - i notice packetloss.
> I can fix packetloss by clicking "interfaces" - my guess is ifconfig
> resets
> something. After that, all pings come back the way expected.
> And this is repeatable - see atached .txt file for more info on how i got
> this results.
>
> Next step (if no idea in m0n0wall config or sysctl) i'm going to do is
> change network cards, both WAN and OPT1. Currently i use 3Com 905-TX NM.
>
> Should m0n0wall work out of the box for my network (~ 3 C-class subnets of
> public IPs through bridge firewall) or should i tweak something with
> sysctl?
> (i'm still looking about this on list archive, so sorry if it has been
> discussed)
>
Well to reply myself and continue on this thread how i ended this.

I located exactly the "fix" for my problems and it was actualy "ifconfig". 
If
i run it via exec.php after the m0n0 boot's up, the firewall works OK,
without packetloss, so a quickfix for me would be ifconfig in shellcmd tag.

I tryed last beta (1.2b9) version with same results.

After that i built identical firewall, on another box, same 
CPU/motherboard/NIC type.

Tested firewall, works flawlessly - so i'm guessing one of NIC to be the 
problem.
Ending the story here, hope some1 else can benifit from this...

Regards, Bostjan