[ previous ] [ next ] [ threads ]
 From:  "Aaron Cherman" <aaronc at morad dot ab dot ca>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Version 1.22 freeze
 Date:  Thu, 29 Jun 2006 10:50:05 -0600
> So you're saying in this particular installation, systems that work
> fine in other installations will freeze?  Can you give some details of
> this particular site?

Chris, that's exactly what I'm saying.  I had one box (same hardware 
platform as another that froze) that had an uptime of 105 days - I put that 
box in place with this config and it froze after a few days.  It just seems 
really strange that sometimes it will run for 20 days (I think that's the 
max I've seen lately) and sometimes it will freeze within 24 hours.  I can 
give you any details and my config.xml if you are willing to help me sort 
this out.

You mentioned capturing all packets in and out of the units using an 
external device.  Would this be the same thing as using a managed switch 
with mirrored ports?  Then I can sniff all packets and store them.  Let me 
know, I will get you my config in a separate email.

> You have plenty of hardware, so set up a m0n0wall in front of your 
> m0n0wall.  Have it do nothing.  (No VPN, traffic shaping...  Just basic 
> firewall, routing/NAT and forwarding)  Put all the heaving lifting on the 
> inside firewall.  See what crashes.  Move apps from inside to outside, and 
> see when the crash moves.  If you end up with everything on the outside 
> firewall, it is some internal "poison packet" killing you.  If it dies 
> with nothing, it is an external "poison packet."

Lee, I like this idea, that will be fairly easy.  I don't use VPN (I do pass 
connections from clients behind m0n0), don't use traffic shaper, no aliases. 
The only thing I can think of that's significant about this installation is 
the number of VLANs in use.  Other than that I use DHCP on one VLAN, some 
routing between them, DNS forwarding, 1:1, Inbound and Outbound NAT.