[ previous ] [ next ] [ threads ]
 
 From:  "Jurgen van Vliet" <jurgenvv at xs4all dot nl>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Version 1.22 freeze
 Date:  Fri, 30 Jun 2006 09:59:10 +0200
In this case icmp traffic is allowed between lan and wan, and between opt
and wan
Hope it helps.

Regards, 

Jurgen 

-----Original Message-----
From: Soren Vanggaard Jensen [mailto:svanggaard at hotmail dot com] 
Sent: vrijdag 30 juni 2006 7:33
To: leesharp at hal dash pc dot org; m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] Version 1.22 freeze


Hi All,

I have a gut feeling that the lockup problem is caused by ICMP traffic. I
have no hard evidence but...

A year ago i had a problem with a older version of monowall. The same
problem went on for more than 4 months and for 3+ hardware setups. Back
then, the problem suddently disappeared. The only thing that i can think of
is that i removed all ICMP related traffic shaping rules.

Also i saw this: 
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:04.ipfw.asc
I know that the advisory says that only FreeBSD 6.0 is affected - but i
assume that the most recent version of ipfw isn't written from scratch.

Right now i have a monowall installation that freequently freezes. This
particular installation has no ICMP traffic shaping rules, but ICMP traffic
is permitted for specific hosts.

I'd like to ask you guys how youre handling ICMP traffic... If your monowall
freezes up - do you allow ICMP traffic or not? If your monowall never
freezes - do you allow ICMP traffic or not?

BR






>From: "Lee Sharp" <leesharp at hal dash pc dot org>
>To: <m0n0wall at lists dot m0n0 dot ch>
>Subject: Re: [m0n0wall] Version 1.22 freeze
>Date: Thu, 29 Jun 2006 11:18:20 -0500
>
>From: "Aaron Cherman" <aaronc at morad dot ab dot ca>
>
>>>For all following this thread, I have just finished a fresh install 
>>>and config of m0n0 1.22 on one of three new Dell PowerEdge 1850 
>>>servers, running off of a USB flash drive.  I plan on putting this 
>>>unit into production tomorrow afternoon.  I will let you know how it
goes.
>
>>And the saga continues...  I didn't have chance yesterday to make the 
>>change to the Dell server so I let things run and was going to make 
>>the change today.  After just over 9 days uptime the existing box 
>>locked up last night at 12:26 am.  By the time I got the alarm, got to 
>>the office and got everything changed over, we were back up and 
>>running on the new server at 12:55 am.  At 8:06 am today, the Dell 
>>server locks up.  If I do the math right that's 7:11 of uptime.  
>>Again, this config is one built from scratch on 1.22, brand new server 
>>out of the box.  This now makes (I
>>think) 6 different hardware platforms I've tried (all of which work 
>>great in my other m0n0 apps).  None of these hardware platforms have 
>>shared ANY of the same components, they are all unique.
>
>I feel your pain.  How about this...  You have plenty of hardware, so 
>set up a m0n0wall in front of your m0n0wall.  Have it do nothing.  (No 
>VPN, traffic shaping...  Just basic firewall, routing/NAT and 
>forwarding)  Put all the heaving lifting on the inside firewall.  See 
>what crashes.  Move apps from inside to outside, and see when the crash 
>moves.  If you end up with everything on the outside firewall, it is 
>some internal "poison packet" killing you.  If it dies with nothing, it 
>is an external "poison packet."
>
>                                    Lee
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>



---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch