On Fri, 21 Jul 2006 09:00:01 -0600, Aaron Cherman wrote
> > Has anybody looked at cascading m0n0walls to see what side the trouble is
> > coming from? IE Bridged m0n0 on WAN -> existing m0n0 full firewall with
> > all rules -> Bridged mono on LAN. Then moving rules off the main firewall
> > to the inside bridge until the fault moves...
> I think Jeroen Visser tried something like that at one point - not 100%
> sure about that though. If he did, I don't remember what he found.
(Late response. I'm currently out of an Internet Connection at home)
I did look into that. The trouble comes most likely from the WAN side (Internet
Connection). I have a few firewalls stacked behind each other.
(No VLAN experience ;-) ) The only firewall with troubles was the one connected to
As soon as I denied al lot of traffic on one of the "inside" firewalls, the
freezes on the WAN firewall stopped. It's still up and this was more than 25 days
I reported earlier that my guts tell me this is P2P traffic related, probably a
P2P application attracting bad behaving hosts. See my posting over here.
So cascading firewalls work for me, but it does not prove I'm right. By far.