[ previous ] [ next ] [ threads ]
 
 From:  "Soren Vanggaard Jensen" <svanggaard at hotmail dot com>
 To:  jurgenvv at xs4all dot nl, m0n0wall at lists dot m0n0 dot ch
 Subject:  RE: [m0n0wall] Version 1.22 freeze
 Date:  Fri, 30 Jun 2006 08:09:17 +0000
Are you having freeze problems?


BR






>From: "Jurgen van Vliet" <jurgenvv at xs4all dot nl>
>To: <m0n0wall at lists dot m0n0 dot ch>
>Subject: RE: [m0n0wall] Version 1.22 freeze
>Date: Fri, 30 Jun 2006 09:59:10 +0200
>

>
>In this case icmp traffic is allowed between lan and wan, and between opt
>and wan
>Hope it helps.
>
>Regards,
>
>Jurgen
>
>-----Original Message-----
>From: Soren Vanggaard Jensen [mailto:svanggaard at hotmail dot com]
>Sent: vrijdag 30 juni 2006 7:33
>To: leesharp at hal dash pc dot org; m0n0wall at lists dot m0n0 dot ch
>Subject: Re: [m0n0wall] Version 1.22 freeze
>
>
>Hi All,
>
>I have a gut feeling that the lockup problem is caused by ICMP traffic. I
>have no hard evidence but...
>
>A year ago i had a problem with a older version of monowall. The same
>problem went on for more than 4 months and for 3+ hardware setups. Back
>then, the problem suddently disappeared. The only thing that i can think of
>is that i removed all ICMP related traffic shaping rules.
>
>Also i saw this:
>ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:04.ipfw.asc
>I know that the advisory says that only FreeBSD 6.0 is affected - but i
>assume that the most recent version of ipfw isn't written from scratch.
>
>Right now i have a monowall installation that freequently freezes. This
>particular installation has no ICMP traffic shaping rules, but ICMP traffic
>is permitted for specific hosts.
>
>I'd like to ask you guys how youre handling ICMP traffic... If your 
>monowall
>freezes up - do you allow ICMP traffic or not? If your monowall never
>freezes - do you allow ICMP traffic or not?
>
>BR

>
>
>
>
>
> >From: "Lee Sharp" <leesharp at hal dash pc dot org>
> >To: <m0n0wall at lists dot m0n0 dot ch>
> >Subject: Re: [m0n0wall] Version 1.22 freeze
> >Date: Thu, 29 Jun 2006 11:18:20 -0500
> >
> >From: "Aaron Cherman" <aaronc at morad dot ab dot ca>
> >
> >>>For all following this thread, I have just finished a fresh install
> >>>and config of m0n0 1.22 on one of three new Dell PowerEdge 1850
> >>>servers, running off of a USB flash drive.  I plan on putting this
> >>>unit into production tomorrow afternoon.  I will let you know how it
>goes.
> >
> >>And the saga continues...  I didn't have chance yesterday to make the
> >>change to the Dell server so I let things run and was going to make
> >>the change today.  After just over 9 days uptime the existing box
> >>locked up last night at 12:26 am.  By the time I got the alarm, got to
> >>the office and got everything changed over, we were back up and
> >>running on the new server at 12:55 am.  At 8:06 am today, the Dell
> >>server locks up.  If I do the math right that's 7:11 of uptime.
> >>Again, this config is one built from scratch on 1.22, brand new server
> >>out of the box.  This now makes (I
> >>think) 6 different hardware platforms I've tried (all of which work
> >>great in my other m0n0 apps).  None of these hardware platforms have
> >>shared ANY of the same components, they are all unique.
> >
> >I feel your pain.  How about this...  You have plenty of hardware, so
> >set up a m0n0wall in front of your m0n0wall.  Have it do nothing.  (No
> >VPN, traffic shaping...  Just basic firewall, routing/NAT and
> >forwarding)  Put all the heaving lifting on the inside firewall.  See
> >what crashes.  Move apps from inside to outside, and see when the crash
> >moves.  If you end up with everything on the outside firewall, it is
> >some internal "poison packet" killing you.  If it dies with nothing, it
> >is an external "poison packet."
> >
> >                                    Lee
> >
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> >For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>