[ previous ] [ next ] [ threads ]
 
 From:  "Andrew Kemp" <akemp at iquest dot net>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Version 1.22 freeze
 Date:  Thu, 6 Jul 2006 10:16:04 -0400
I still think there is more to the cause. My m0n0wall does not see high traffic, less than 1.4mbit
inbound and less than 500kbit outbound(usually not much in and a steady 300-450kbit out). My box did
stay alive for maybe 5-10 days at a time though. Perhaps the higher the traffic, the lower the
uptime expectancy. I don't have accurate stats about my box uptime now as a provider issue forced me
to reboot when it was not needed(about 2 days up since that reboot. I was almost 12 days in before
the unneeded reboot.). I have been up a while, although I did drop my m0n0 back to 1.2 from 1.21 as
well. If you can, put your ICMP rules back into place and pop a 1.2 CD back in, it sure seems to be
working fine for me.


Andrew

-----Original Message-----
From: Soren Vanggaard Jensen [mailto:svanggaard at hotmail dot com] 
Sent: Thursday, July 06, 2006 9:00 AM
To: Andrew Kemp; m0n0wall at lists dot m0n0 dot ch
Subject: RE: [m0n0wall] Version 1.22 freeze

It seems my case is getting stronger. Your posts and my uptime (now 6 days,
6 hours - usually less than 2 days) since blocking all ICMP traffic.

Now, why is it that some (most) monowall installations dos not freeze even though outbound ICMP is
allowed by default rules? I think there could be 2
reasons:

1) The problem only occurs under heavy load conditions
2) The problem occurs only when a junk router, Accesspoint or PC (internet or LAN) does not handle
fragmentation correctly.

For now I believe that the odds points towards (2).

Mvh.






>From: "Andrew Kemp" <akemp at iquest dot net>
>To: <m0n0wall at lists dot m0n0 dot ch>
>Subject: RE: [m0n0wall] Version 1.22 freeze
>Date: Thu, 6 Jul 2006 08:22:02 -0400
>
>I had no ICMP rules specified before this single rule to allow from one 
>host.
>
>
>Andrew
>
>
>-----Original Message-----
>From: Jonathan Karras [mailto:jkarras at karras dot net]
>Sent: Thursday, July 06, 2006 12:13 AM
>To: Andrew Kemp
>Cc: m0n0wall at lists dot m0n0 dot ch
>Subject: Re: [m0n0wall] Version 1.22 freeze
>
>A bigger question is before this no ICMP rule was added did you have 
>any ICMP specific rules? My thinking is if you had a block ICMP (other 
>than the default block all rules) and then added an allow ICMP rule. If 
>this were true maybe its some ICMP specific code.
>
>Jonathan
>
>Andrew Kemp wrote:
> > That could have been a freak accident though. If the box continues 
> > to lock up every few days as long as that ICMP rule is in place, 
> > that could be the culprit, but I only allow ICMP from one host and 
> > it was locking up long before that rule was added(before that, no 
> > ICMP was allowed from
> > anywhere) so I don't believe it is the only thing that causes the
>lockups.
> >
> > Andrew
> >
> > PF: m0n0wall wrote:
> >
> >> OK, My home mono has been running perfectly for many months.  Three 
> >> days ago, I added a rule for ICMP and it locked up today.
> >>
> >> I have a Netgear wireless router on OPT1 with captive portal and 
> >> traffic shaping. There is a windows 2000 machine (with god knows 
> >> what
>
> >> on it) and a neoware terminal on OPT1 also.  There is not a lot of 
> >> traffic on this segment.
> >>
> >> Rules on opt1 are basically to allow certain ports (RDP) to my LAN 
> >> and allow TCP and UDP to the internet once the captive portal is 
> >> authenticated.
> >>
> >> I was playing with rules in an attempt to get my wife's Nintendo DS 
> >> to work on my wireless (which still doesn't work.) I created an 
> >> entry
>
> >> to allow the MAC address of the DS to bypass the captive portal. I 
> >> also added a rule to allow ICMP. By looking in the log, I found 
> >> that the DS is not using ICMP at all, but I didn't remove the rule.
> >>
> >> Nothing has changed other than adding the MAC bypass rule and ICMP 
> >> rule three days ago.
> >>
> >> -Kevin
> >>
> >>
> >> -------------------------------------------------------------------
> >> -- To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> >> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >>
> >>
> >>
> >
> >
> > --------------------------------------------------------------------
> > - To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>