[ previous ] [ next ] [ threads ]
 
 From:  "Andrew Kemp" <akemp at iquest dot net>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Version 1.22 freeze
 Date:  Thu, 6 Jul 2006 08:22:02 -0400
I had no ICMP rules specified before this single rule to allow from one
host.  


Andrew


-----Original Message-----
From: Jonathan Karras [mailto:jkarras at karras dot net] 
Sent: Thursday, July 06, 2006 12:13 AM
To: Andrew Kemp
Cc: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] Version 1.22 freeze

A bigger question is before this no ICMP rule was added did you have any
ICMP specific rules? My thinking is if you had a block ICMP (other than
the default block all rules) and then added an allow ICMP rule. If this
were true maybe its some ICMP specific code.

Jonathan

Andrew Kemp wrote:
> That could have been a freak accident though. If the box continues to 
> lock up every few days as long as that ICMP rule is in place, that 
> could be the culprit, but I only allow ICMP from one host and it was 
> locking up long before that rule was added(before that, no ICMP was 
> allowed from
> anywhere) so I don't believe it is the only thing that causes the
lockups.
> 
> Andrew
> 
> PF: m0n0wall wrote:
> 
>> OK, My home mono has been running perfectly for many months.  Three 
>> days ago, I added a rule for ICMP and it locked up today.
>>
>> I have a Netgear wireless router on OPT1 with captive portal and 
>> traffic shaping. There is a windows 2000 machine (with god knows what

>> on it) and a neoware terminal on OPT1 also.  There is not a lot of 
>> traffic on this segment.
>>
>> Rules on opt1 are basically to allow certain ports (RDP) to my LAN 
>> and allow TCP and UDP to the internet once the captive portal is 
>> authenticated.
>>
>> I was playing with rules in an attempt to get my wife's Nintendo DS 
>> to work on my wireless (which still doesn't work.) I created an entry

>> to allow the MAC address of the DS to bypass the captive portal. I 
>> also added a rule to allow ICMP. By looking in the log, I found that 
>> the DS is not using ICMP at all, but I didn't remove the rule.
>>
>> Nothing has changed other than adding the MAC bypass rule and ICMP 
>> rule three days ago.
>>
>> -Kevin
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>
>>  
>>
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>