> So you're saying in this particular installation, systems that work
> fine in other installations will freeze? Can you give some details of
> this particular site?
Chris, that's exactly what I'm saying. I had one box (same hardware
platform as another that froze) that had an uptime of 105 days - I put that
box in place with this config and it froze after a few days. It just seems
really strange that sometimes it will run for 20 days (I think that's the
max I've seen lately) and sometimes it will freeze within 24 hours. I can
give you any details and my config.xml if you are willing to help me sort
You mentioned capturing all packets in and out of the units using an
external device. Would this be the same thing as using a managed switch
with mirrored ports? Then I can sniff all packets and store them. Let me
know, I will get you my config in a separate email.
> You have plenty of hardware, so set up a m0n0wall in front of your
> m0n0wall. Have it do nothing. (No VPN, traffic shaping... Just basic
> firewall, routing/NAT and forwarding) Put all the heaving lifting on the
> inside firewall. See what crashes. Move apps from inside to outside, and
> see when the crash moves. If you end up with everything on the outside
> firewall, it is some internal "poison packet" killing you. If it dies
> with nothing, it is an external "poison packet."
Lee, I like this idea, that will be fairly easy. I don't use VPN (I do pass
connections from clients behind m0n0), don't use traffic shaper, no aliases.
The only thing I can think of that's significant about this installation is
the number of VLANs in use. Other than that I use DHCP on one VLAN, some
routing between them, DNS forwarding, 1:1, Inbound and Outbound NAT.