[ previous ] [ next ] [ threads ]
 
 From:  "Soren Vanggaard Jensen" <svanggaard at hotmail dot com>
 To:  akemp at iquest dot net, m0n0wall at lists dot m0n0 dot ch
 Subject:  RE: [m0n0wall] Version 1.22 freeze
 Date:  Thu, 06 Jul 2006 12:59:41 +0000 
It seems my case is getting stronger. Your posts and my uptime (now 6 days, 
6 hours - usually less than 2 days) since blocking all ICMP traffic.

Now, why is it that some (most) monowall installations dos not freeze even 
though outbound ICMP is allowed by default rules? I think there could be 2 
reasons:

1) The problem only occurs under heavy load conditions
2) The problem occurs only when a junk router, Accesspoint or PC (internet 
or LAN) does not handle fragmentation correctly.

For now I believe that the odds points towards (2).

Mvh.
Søren Vanggaard Jensen





>From: "Andrew Kemp" <akemp at iquest dot net>
>To: <m0n0wall at lists dot m0n0 dot ch>
>Subject: RE: [m0n0wall] Version 1.22 freeze
>Date: Thu, 6 Jul 2006 08:22:02 -0400
>
>I had no ICMP rules specified before this single rule to allow from one
>host.
>
>
>Andrew
>
>
>-----Original Message-----
>From: Jonathan Karras [mailto:jkarras at karras dot net]
>Sent: Thursday, July 06, 2006 12:13 AM
>To: Andrew Kemp
>Cc: m0n0wall at lists dot m0n0 dot ch
>Subject: Re: [m0n0wall] Version 1.22 freeze
>
>A bigger question is before this no ICMP rule was added did you have any
>ICMP specific rules? My thinking is if you had a block ICMP (other than
>the default block all rules) and then added an allow ICMP rule. If this
>were true maybe its some ICMP specific code.
>
>Jonathan
>
>Andrew Kemp wrote:
> > That could have been a freak accident though. If the box continues to
> > lock up every few days as long as that ICMP rule is in place, that
> > could be the culprit, but I only allow ICMP from one host and it was
> > locking up long before that rule was added(before that, no ICMP was
> > allowed from
> > anywhere) so I don't believe it is the only thing that causes the
>lockups.
> >
> > Andrew
> >
> > PF: m0n0wall wrote:
> >
> >> OK, My home mono has been running perfectly for many months.  Three
> >> days ago, I added a rule for ICMP and it locked up today.
> >>
> >> I have a Netgear wireless router on OPT1 with captive portal and
> >> traffic shaping. There is a windows 2000 machine (with god knows what
>
> >> on it) and a neoware terminal on OPT1 also.  There is not a lot of
> >> traffic on this segment.
> >>
> >> Rules on opt1 are basically to allow certain ports (RDP) to my LAN
> >> and allow TCP and UDP to the internet once the captive portal is
> >> authenticated.
> >>
> >> I was playing with rules in an attempt to get my wife's Nintendo DS
> >> to work on my wireless (which still doesn't work.) I created an entry
>
> >> to allow the MAC address of the DS to bypass the captive portal. I
> >> also added a rule to allow ICMP. By looking in the log, I found that
> >> the DS is not using ICMP at all, but I didn't remove the rule.
> >>
> >> Nothing has changed other than adding the MAC bypass rule and ICMP
> >> rule three days ago.
> >>
> >> -Kevin
> >>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> >> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >>
> >>
> >>
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>