[ previous ] [ next ] [ threads ]
 From:  "Jeroen Visser" <monowall at forty dash two dot nl>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Version 1.22 freeze
 Date:  Mon, 24 Jul 2006 10:27:00 +0200
On Fri, 21 Jul 2006 09:00:01 -0600, Aaron Cherman wrote
> > Has anybody looked at cascading m0n0walls to see what side the trouble is 
> > coming from?  IE  Bridged m0n0 on WAN -> existing m0n0 full firewall with 
> > all rules -> Bridged mono on LAN.  Then moving rules off the main firewall 
> > to the inside bridge until the fault moves...
> I think Jeroen Visser tried something like that at one point - not 100% 
> sure about that though.  If he did, I don't remember what he found.
> Aaron

(Late response. I'm currently out of an Internet Connection at home)

I did look into that. The trouble comes most likely from the WAN side (Internet
Connection). I have a few firewalls stacked behind each other. 
(No VLAN experience ;-) ) The only firewall with troubles was the one connected to
the internet. 

As soon as I denied al lot of traffic on one of the "inside" firewalls, the
freezes on the WAN firewall stopped. It's still up and this was more than 25 days

I reported earlier that my guts tell me this is P2P traffic related, probably a
P2P application attracting bad behaving hosts. See my posting over here. 


So cascading firewalls work for me, but it does not prove I'm right. By far. 

Jeroen Visser.