[ previous ] [ next ] [ threads ]
 
 From:  Raylund Lai <raylund dot lai at kankanwoo dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Could someone explain this firewall log
 Date:  Mon, 17 Apr 2006 00:50:41 -0400 
I really tired on the problem I'm facing. :(

Now my ISP support said want to take control of my m0n0wall for their 
testing.  Should I give away my m0n0wall to them?  They insisted that 
its my m0n0wall problem.  I don't want them to play with my m0n0wall and 
my settings will be exposed. :(

Could someone suggest what I should do now?

Cheers
Raylund

Raylund Lai wrote:
> Chris Buechler wrote:
>> On 4/15/06, Raylund Lai <raylund dot lai at kankanwoo dot com> wrote:
>>  
>>> Here I got one of the logs which when the user at 70.55.224.22 tried to
>>> access my http service.  The server that holds the http is at
>>> 192.168.0.21.  I've open port/nat/server-nat/outbound-nat all together
>>> that were working for about half year.
>>>
>>> [X]     16:03:08.498773     WAN     70.55.224.22     192.168.0.21, type
>>> unreach/needfrag     ICMP
>>>
>>>     
>>
>> That was blocked?  ICMP return traffic from an existing state should
>> be permitted.  That's a ICMP unreachable, fragmentation needed but DF
>> bit set message, it appears.  i.e. your server tried to send a packet
>> larger than some MTU along the path to that client machine.
>>   
>
> I haven't particular block anything.  I found out this log entry is 
> due to the user who was using vpn connected to other office and forgot 
> to disconnect before browsing into my web service.
>
>> Try lowering your server's MTU to 1400 and see if the problem still
>> exists.  Also make sure your m0n0wall's WAN MTU is set correctly for
>> your connection.
>>   
>
> This really gave me the clue.  :)
>
> I lowered m0n0wall's mtu to 1400 and everything seemed to go back to 
> normal.  I hope this is the reason.  Since the problem is 
> intermittent, this may be not showing for a whole day.
>
> But it's weird that I have no problem at all browsing/downloading from 
> internet behind m0n0wall.  Only happened on users accessing my 
> services outside m0n0wall.
>
> Thanks Chris. :)
>
> Cheers
> Raylund
>
>> -Chris
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>
>>   
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>