[ previous ] [ next ] [ threads ]
 
 From:  "Andrew Kemp" <akemp at iquest dot net>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Version 1.22 freeze
 Date:  Fri, 30 Jun 2006 16:42:42 -0400
And in response to myself, it looks like my m0n0 didn't lock up as I had
previously thought a few hours ago, my DSL line is just being crap right
now. I looked at the logs and the m0n0 box has been trying to reconnect
to the DSL the whole time it was down. Disregard my latest notice that
it locked up, we are still kickin for now.  


Andrew


-----Original Message-----
From: Andrew Kemp [mailto:akemp at iquest dot net] 
Sent: Friday, June 30, 2006 4:11 PM
To: m0n0wall at lists dot m0n0 dot ch
Subject: RE: [m0n0wall] Version 1.22 freeze

I know that my m0n0 deals with bit torrent traffic. No other P2P traffic
gets in or out though. My m0n0 is constantly blocking traffic from P2P
networks, even if it is supposed to be coming in. I never quite figured
out why but the network runs ok and speed/performance has never suffered
from it so I have left it be. I am using NAT, but I was using NAT at my
old house as well so that shouldn't be the problem I wouldn't think. 


Andrew

-----Original Message-----
From: Jeroen Visser [mailto:monowall at forty dash two dot nl]
Sent: Friday, June 30, 2006 1:05 PM
Cc: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] Version 1.22 freeze

On Fri, 30 Jun 2006 10:31:55 -0400, Chris Buechler wrote -----[snip lots
removed here]---------
> FWIW, Aaron emailed me his config.xml off list and he isn't using the 
> traffic shaper or captive portal, so ipfw isn't even loaded on his 
> problem system (which is by far the most reliable case for software 
> issues that I've heard yet - nobody's gone to near the extent that he 
> has to rule out hardware).  ipfw is a kernel module that gets 
> loaded/unloaded depending on what you have enabled.  It's definitely 
> not Aaron's problem.

Same here, allthough Aaron has changed his hardware an awfull lot, more
than me, I'm also convinced it's not a hardware problem.

The last time I rebooted the firewall at work, I disabled access to
anything other then a few ports for business related stuph. I believe
it's indeed related to weird traffic. I also found that just before the
m0n0wall, which is connected to the internet, crashed, the GNUTELLA P2P
traffic just boomed. There were a LOT of packets dropped on the m0n0wall
that does NAT, just before it crashed. All related to port 6346.

I now block that traffic and other than my collegues panic-rebooting the
thing because of a provider issue, it has been up since. I block the
traffic on another box though. I mentioned earlier it had crashed after
I put the new rules in effect (or was this an e-mail to aaron, I do not
remember) but I forgot to press the APPLY button.... (grr).

Just a wild guess, I've got nothing else but my gut feeling on this one.
NAT and Gnutella/Limewire causing the problems? Can anyone confirm this
maybe?

You do not need to block the traffic, just look in your logs for an
awful lot of drop with dest. port 6346 and/or src. port 6346.

Also see:
http://www.emailbattles.com/archive/battles/security_ajiiibhajf_gg/

It might be the software called Limewire that causes this problem.
People using it at home (connected via the crashing m0n0wall) told me it
was popular because the rest (edonkey/overnet etc etc.) do not handle
NAT very well.


--
Jeroen Visser.
--
Sure, we know Unix, we've seen it in Jurassic Park...


---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch


---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch