|
||||||||
> After 16 days of uptime (a new record) monowall went down. The device was > rebooted but went down again a couple of hours later. Figures. > It seems that denying ICMP data does prolong the uptime of monowall, but > apparently it's not enough. > > My next steps are: > 1) Deny fragmented packages in general > 2) Move management to HTTPS Mine is set for https access only - this is standard dor my setups. > 3) Install an I-BOOT device (http://www.dataprobe.com/power/iboot.html) > 4) Find out if anyone returned from vacation and if so - find out which > hardware rejoined the setup. > > I have a couple of questions for the list: > 1) Is there *ANY* way that mini_httpd can crash the entire box? > 2) If you have a device that locks up: Are you allowing management from > WAN I do not allow management from the WAN - but I do from all other interfaces. > 3) If you have a device that locks up: Are you allowing any type of > fragmented data? In the Advanced tab I do have "Allow fragmentedt IPsec packets" checked. > 4) Anyone getting closer to a solution? I am at 6 days uptime (added an interface and had to reboot last week). I am setting up a box to capture all packets on the WAN and LAN interfaces to reference that to the lockups (try anyway). I hope to find time to get that gear in place this week. Aaron |