[ previous ] [ next ] [ threads ]
 
 From:  "Jurgen van Vliet" <jurgenvv at xs4all dot nl>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Version 1.22 freeze
 Date:  Fri, 30 Jun 2006 10:15:40 +0200
Yep, at one customer on a wrap board
I have +- 20-30 more wrap units running with 1.22 without problems.

Jurgen.

-----Original Message-----
From: Soren Vanggaard Jensen [mailto:svanggaard at hotmail dot com] 
Sent: vrijdag 30 juni 2006 10:09
To: jurgenvv at xs4all dot nl; m0n0wall at lists dot m0n0 dot ch
Subject: RE: [m0n0wall] Version 1.22 freeze

Are you having freeze problems?


BR






>From: "Jurgen van Vliet" <jurgenvv at xs4all dot nl>
>To: <m0n0wall at lists dot m0n0 dot ch>
>Subject: RE: [m0n0wall] Version 1.22 freeze
>Date: Fri, 30 Jun 2006 09:59:10 +0200
>

>
>In this case icmp traffic is allowed between lan and wan, and between 
>opt and wan Hope it helps.
>
>Regards,
>
>Jurgen
>
>-----Original Message-----
>From: Soren Vanggaard Jensen [mailto:svanggaard at hotmail dot com]
>Sent: vrijdag 30 juni 2006 7:33
>To: leesharp at hal dash pc dot org; m0n0wall at lists dot m0n0 dot ch
>Subject: Re: [m0n0wall] Version 1.22 freeze
>
>
>Hi All,
>
>I have a gut feeling that the lockup problem is caused by ICMP traffic. 
>I have no hard evidence but...
>
>A year ago i had a problem with a older version of monowall. The same 
>problem went on for more than 4 months and for 3+ hardware setups. Back 
>then, the problem suddently disappeared. The only thing that i can 
>think of is that i removed all ICMP related traffic shaping rules.
>
>Also i saw this:
>ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:04.ipfw
>.asc I know that the advisory says that only FreeBSD 6.0 is affected - 
>but i assume that the most recent version of ipfw isn't written from 
>scratch.
>
>Right now i have a monowall installation that freequently freezes. This 
>particular installation has no ICMP traffic shaping rules, but ICMP 
>traffic is permitted for specific hosts.
>
>I'd like to ask you guys how youre handling ICMP traffic... If your 
>monowall freezes up - do you allow ICMP traffic or not? If your 
>monowall never freezes - do you allow ICMP traffic or not?
>
>BR

>
>
>
>
>
> >From: "Lee Sharp" <leesharp at hal dash pc dot org>
> >To: <m0n0wall at lists dot m0n0 dot ch>
> >Subject: Re: [m0n0wall] Version 1.22 freeze
> >Date: Thu, 29 Jun 2006 11:18:20 -0500
> >
> >From: "Aaron Cherman" <aaronc at morad dot ab dot ca>
> >
> >>>For all following this thread, I have just finished a fresh install 
> >>>and config of m0n0 1.22 on one of three new Dell PowerEdge 1850 
> >>>servers, running off of a USB flash drive.  I plan on putting this 
> >>>unit into production tomorrow afternoon.  I will let you know how 
> >>>it
>goes.
> >
> >>And the saga continues...  I didn't have chance yesterday to make 
> >>the change to the Dell server so I let things run and was going to 
> >>make the change today.  After just over 9 days uptime the existing 
> >>box locked up last night at 12:26 am.  By the time I got the alarm, 
> >>got to the office and got everything changed over, we were back up 
> >>and running on the new server at 12:55 am.  At 8:06 am today, the 
> >>Dell server locks up.  If I do the math right that's 7:11 of uptime.
> >>Again, this config is one built from scratch on 1.22, brand new 
> >>server out of the box.  This now makes (I
> >>think) 6 different hardware platforms I've tried (all of which work 
> >>great in my other m0n0 apps).  None of these hardware platforms have 
> >>shared ANY of the same components, they are all unique.
> >
> >I feel your pain.  How about this...  You have plenty of hardware, so 
> >set up a m0n0wall in front of your m0n0wall.  Have it do nothing.  
> >(No VPN, traffic shaping...  Just basic firewall, routing/NAT and
> >forwarding)  Put all the heaving lifting on the inside firewall.  See 
> >what crashes.  Move apps from inside to outside, and see when the 
> >crash moves.  If you end up with everything on the outside firewall, 
> >it is some internal "poison packet" killing you.  If it dies with 
> >nothing, it is an external "poison packet."
> >
> >                                    Lee
> >
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> >For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>