|
||||||||
On Fri, 21 Jul 2006 09:00:01 -0600, Aaron Cherman wrote > > Has anybody looked at cascading m0n0walls to see what side the trouble is > > coming from? IE Bridged m0n0 on WAN -> existing m0n0 full firewall with > > all rules -> Bridged mono on LAN. Then moving rules off the main firewall > > to the inside bridge until the fault moves... > > I think Jeroen Visser tried something like that at one point - not 100% > sure about that though. If he did, I don't remember what he found. > > Aaron > (Late response. I'm currently out of an Internet Connection at home) I did look into that. The trouble comes most likely from the WAN side (Internet Connection). I have a few firewalls stacked behind each other. (No VLAN experience ;-) ) The only firewall with troubles was the one connected to the internet. As soon as I denied al lot of traffic on one of the "inside" firewalls, the freezes on the WAN firewall stopped. It's still up and this was more than 25 days ago. I reported earlier that my guts tell me this is P2P traffic related, probably a P2P application attracting bad behaving hosts. See my posting over here. http://m0n0.ch/wall/list/showmsg.php?id=278/55 So cascading firewalls work for me, but it does not prove I'm right. By far. -- Jeroen Visser. |