[ previous ] [ next ] [ threads ]
 
 From:  "Bryan K. Brayton" <bryan at sonicburst dot net>
 To:  "Steve Thomas" <sthomas at consultant dot com>, "Lonnie Abelbeck" <abelbeck at abelbeck dot com>, "m0n0wall List" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Re: m0n0s hanging : any progress ?
 Date:  Tue, 29 Aug 2006 10:33:42 -0400 
My two cents:
 
I run 1.21 on a dell poweredge server (celeron 1.8, 256MB memory, m0n0 running off HD) that has an
onboard broadcom gigabit controller and add-in intel and linksys cards (1 each) in it.  It is
connected to a 3mbit SDSL line, which runs about 70-80% saturation on average.  It provides network
access for a college res. hall with about 150 residents in it.  Since it's an academic network, it's
pretty wide-open outbound (minus the MS networking ports), so we have *tons* of p2p traffic,
including bittorrent, which we all know can bring a firewall to its knees.  I do use the traffic
shaper, but only to give dynamic pipes to each user for equitable bandwidth among all the users.  I
don't prioritize traffic of any type.  This system is rock solid.  It only goes down when the dorms
lose power and the UPS gives out, which happens 2-3 times a year (Good old New York State Flicker
and Flash, er, I mean New York State Electric and Gas).
 
I mention all this only to point out that I don't think the hangs are p2p or poisoned-packet
related.  Perhaps they are, but this environment (a college dorm) is about as unhealthy an
environment you can find for a firewall, yet ours stays up.
 
It's anecdotal evidence, but it would seem to me that this helps the argument that it probably is
bad hardware or a small bug in a driver somewhere, since this m0n0 seems to be rock-solid in a very
demanding environment.
 
-Bryan

________________________________

From: Steve Thomas [mailto:sthomas at consultant dot com]
Sent: Tue 8/29/2006 10:03 AM
To: Lonnie Abelbeck; m0n0wall List
Subject: Re: [m0n0wall] Re: m0n0s hanging : any progress ?




I've been following this thread and I've seen the hangs
reported on all platforms and many different NICs.

It's not likely a NIC chip/driver problem.

It appears to have more to do with P2P traffic or
fragmented packets. Both of these have been common
sources of problems for many routers/firewalls.

I think the solution may come from limiting outbound
connections or dropping packets that can't be handled.
Just speculation on my part, I'm not a developer.




> ----- Original Message -----
> From: "Lonnie Abelbeck" <abelbeck at abelbeck dot com>
> To: "m0n0wall List" <m0n0wall at lists dot m0n0 dot ch>
> Subject: Re: [m0n0wall] Re: m0n0s hanging : any progress ?
> Date: Tue, 29 Aug 2006 08:31:23 -0500
>
>
> Has anyone experienced the 'hanging' issue with a Soekris box?  
> Soekris uses NatSemi NIC's in the 4801.
>
> If not, (and there are a lot of net4801 m0n0's out there) this
> would  add credence to the NIC chip/driver as the problem.
>
> Lonnie
>
>
> On Aug 29, 2006, at 3:34 AM, Jurgen van Vliet wrote:
>
> > It can be nic related, but its kind of hard to replace nics in a  wrap board
> > :)
> >
> > -----Original Message-----
> > From: Jimmy Bones (Mhottie) [mailto:mhottie at gmail dot com]
> > Sent: dinsdag 29 augustus 2006 10:24
> > To: YvesDM; m0n0wall at lists dot m0n0 dot ch
> > Subject: Re: [m0n0wall] Re: m0n0s hanging : any progress ?
> >
> > Just to add to the converastion; I have always found that 3COM  NIC's have
> > worked flawlessly for me.
> >
> > On 8/29/06, YvesDM <ydmlog at gmail dot com> wrote:
> >>
> >> On 8/28/06, Andrew Kemp <akemp at iquest dot net> wrote:
> >>> the entire box freezes, snmp stops responding, i monitor the box
> >>> from the outside world with cacti via pings and the graphs show that
> >>> the ip was unpingable for the duration of the outage until a reboot.
> >>> i also console in and the keyboard is unresponsive.
> >>>
> >>
> >> Yes, I experienced exactly the same with onboard (fxp) intel cards.
> >> I even had a box with keyboard and monitor directly attached to it
> >> when it crashed.
> >> It was totally inresponsive in every way. I solved the problem by
> >> changing the onboard intel nic with a cheap realtek 8139d nic and
> >> didn't use the onboard nic anymore. All nics in the box are realtek
> >> 8139d's now.
> >> For the moment the uptime of that box is 56 days, so I guess it's ok
> >> :-)
> >>
> >> Best Regards, Yves
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> >> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >>
> >>
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >
> >

>


---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch