[ previous ] [ next ] [ threads ]
 
 From:  "Soren Vanggaard Jensen" <svanggaard at hotmail dot com>
 To:  jurgenvv at xs4all dot nl, m0n0wall at lists dot m0n0 dot ch
 Subject:  RE: [m0n0wall] Version 1.22 freeze
 Date:  Fri, 30 Jun 2006 08:58:49 +0000 
I assume that your mono's are more or less configured the same way....


so... what's the difference between the networks at the customer premises? 
Well - my gues is that IP and/or ICMP fragmentation (and perhaps MTU) is 
different in the problem site. Is there any way you could check this?


BR
Søren Vanggaard Jensen





>From: "Jurgen van Vliet" <jurgenvv at xs4all dot nl>
>To: <m0n0wall at lists dot m0n0 dot ch>
>Subject: RE: [m0n0wall] Version 1.22 freeze
>Date: Fri, 30 Jun 2006 10:15:40 +0200
>
>Yep, at one customer on a wrap board
>I have +- 20-30 more wrap units running with 1.22 without problems.
>
>Jurgen.
>
>-----Original Message-----
>From: Soren Vanggaard Jensen [mailto:svanggaard at hotmail dot com]
>Sent: vrijdag 30 juni 2006 10:09
>To: jurgenvv at xs4all dot nl; m0n0wall at lists dot m0n0 dot ch
>Subject: RE: [m0n0wall] Version 1.22 freeze
>
>Are you having freeze problems?
>
>
>BR
>Søren Vanggaard Jensen
>
>
>
>
>
> >From: "Jurgen van Vliet" <jurgenvv at xs4all dot nl>
> >To: <m0n0wall at lists dot m0n0 dot ch>
> >Subject: RE: [m0n0wall] Version 1.22 freeze
> >Date: Fri, 30 Jun 2006 09:59:10 +0200
> >
> >Hi Søren
> >
> >In this case icmp traffic is allowed between lan and wan, and between
> >opt and wan Hope it helps.
> >
> >Regards,
> >
> >Jurgen
> >
> >-----Original Message-----
> >From: Soren Vanggaard Jensen [mailto:svanggaard at hotmail dot com]
> >Sent: vrijdag 30 juni 2006 7:33
> >To: leesharp at hal dash pc dot org; m0n0wall at lists dot m0n0 dot ch
> >Subject: Re: [m0n0wall] Version 1.22 freeze
> >
> >
> >Hi All,
> >
> >I have a gut feeling that the lockup problem is caused by ICMP traffic.
> >I have no hard evidence but...
> >
> >A year ago i had a problem with a older version of monowall. The same
> >problem went on for more than 4 months and for 3+ hardware setups. Back
> >then, the problem suddently disappeared. The only thing that i can
> >think of is that i removed all ICMP related traffic shaping rules.
> >
> >Also i saw this:
> >ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:04.ipfw
> >.asc I know that the advisory says that only FreeBSD 6.0 is affected -
> >but i assume that the most recent version of ipfw isn't written from
> >scratch.
> >
> >Right now i have a monowall installation that freequently freezes. This
> >particular installation has no ICMP traffic shaping rules, but ICMP
> >traffic is permitted for specific hosts.
> >
> >I'd like to ask you guys how youre handling ICMP traffic... If your
> >monowall freezes up - do you allow ICMP traffic or not? If your
> >monowall never freezes - do you allow ICMP traffic or not?
> >
> >BR
> >Søren Vanggaard Jensen
> >
> >
> >
> >
> >
> > >From: "Lee Sharp" <leesharp at hal dash pc dot org>
> > >To: <m0n0wall at lists dot m0n0 dot ch>
> > >Subject: Re: [m0n0wall] Version 1.22 freeze
> > >Date: Thu, 29 Jun 2006 11:18:20 -0500
> > >
> > >From: "Aaron Cherman" <aaronc at morad dot ab dot ca>
> > >
> > >>>For all following this thread, I have just finished a fresh install
> > >>>and config of m0n0 1.22 on one of three new Dell PowerEdge 1850
> > >>>servers, running off of a USB flash drive.  I plan on putting this
> > >>>unit into production tomorrow afternoon.  I will let you know how
> > >>>it
> >goes.
> > >
> > >>And the saga continues...  I didn't have chance yesterday to make
> > >>the change to the Dell server so I let things run and was going to
> > >>make the change today.  After just over 9 days uptime the existing
> > >>box locked up last night at 12:26 am.  By the time I got the alarm,
> > >>got to the office and got everything changed over, we were back up
> > >>and running on the new server at 12:55 am.  At 8:06 am today, the
> > >>Dell server locks up.  If I do the math right that's 7:11 of uptime.
> > >>Again, this config is one built from scratch on 1.22, brand new
> > >>server out of the box.  This now makes (I
> > >>think) 6 different hardware platforms I've tried (all of which work
> > >>great in my other m0n0 apps).  None of these hardware platforms have
> > >>shared ANY of the same components, they are all unique.
> > >
> > >I feel your pain.  How about this...  You have plenty of hardware, so
> > >set up a m0n0wall in front of your m0n0wall.  Have it do nothing.
> > >(No VPN, traffic shaping...  Just basic firewall, routing/NAT and
> > >forwarding)  Put all the heaving lifting on the inside firewall.  See
> > >what crashes.  Move apps from inside to outside, and see when the
> > >crash moves.  If you end up with everything on the outside firewall,
> > >it is some internal "poison packet" killing you.  If it dies with
> > >nothing, it is an external "poison packet."
> > >
> > >                                    Lee
> > >
> > >
> > >---------------------------------------------------------------------
> > >To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > >For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> > >
> >
> >
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> >For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >
> >
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> >For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >
>
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>