[ previous ] [ next ] [ threads ]
 From:  "Jeroen Visser" <monowall at forty dash two dot nl>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Version 1.22 freeze
 Date:  Fri, 30 Jun 2006 19:04:31 +0200
On Fri, 30 Jun 2006 10:31:55 -0400, Chris Buechler wrote
-----[snip lots removed here]---------
> FWIW, Aaron emailed me his config.xml off list and he isn't using the
> traffic shaper or captive portal, so ipfw isn't even loaded on his
> problem system (which is by far the most reliable case for software
> issues that I've heard yet - nobody's gone to near the extent that he
> has to rule out hardware).  ipfw is a kernel module that gets
> loaded/unloaded depending on what you have enabled.  It's definitely
> not Aaron's problem.

Same here, allthough Aaron has changed his hardware an awfull lot, more than me,
I'm also convinced it's not a hardware problem.

The last time I rebooted the firewall at work, I disabled access to anything other
then a few ports for business related stuph. I believe it's indeed related to
weird traffic. I also found that just before the m0n0wall, which is connected to
the internet, crashed, the GNUTELLA P2P traffic just boomed. There were a LOT of
packets dropped on the m0n0wall that does NAT, just before it crashed. All related
to port 6346.

I now block that traffic and other than my collegues panic-rebooting the thing
because of a provider issue, it has been up since. I block the traffic on another
box though. I mentioned earlier it had crashed after I put the new rules in effect
(or was this an e-mail to aaron, I do not remember) but I forgot to press the
APPLY button.... (grr).

Just a wild guess, I've got nothing else but my gut feeling on this one. NAT and
Gnutella/Limewire causing the problems? Can anyone confirm this maybe?

You do not need to block the traffic, just look in your logs for an awful lot of
drop with dest. port 6346 and/or src. port 6346.

Also see: http://www.emailbattles.com/archive/battles/security_ajiiibhajf_gg/

It might be the software called Limewire that causes this problem. People using it
at home (connected via the crashing m0n0wall) told me it was popular because the
rest (edonkey/overnet etc etc.) do not handle NAT very well.

Jeroen Visser.
Sure, we know Unix, we've seen it in Jurassic Park...