[ previous ] [ next ] [ threads ]
 
 From:  Andrew Kemp <akemp at iquest dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Re: m0n0s hanging : any progress ?
 Date:  Tue, 29 Aug 2006 18:14:22 -0400
I would tend to agree that it is not p2p or poisen packet related. i 
have since gotten pfSense up and running, i just loaded my m0n0wall 
config into it and it is now working for me with a little bit of help 
from one of the dev's(pointed out a bug and he fixed it and sent me a 
copy of the "patch", it probably hasnt worked its way to the 
downloadable iso yet.)

either way, it has been running with the m0n0wall config for a few days 
now. we'll see how it holds. same exact hardware, same exact 
config(minus the traffic shaping as the pfSense way of traffic shaping 
is very different from m0n0wall, that stuff cant be brought in from a 
m0n0 config.).

Andrew

Bryan K. Brayton wrote:

>My two cents:
> 
>I run 1.21 on a dell poweredge server (celeron 1.8, 256MB memory, m0n0 running off HD) that has an
onboard broadcom gigabit controller and add-in intel and linksys cards (1 each) in it.  It is
connected to a 3mbit SDSL line, which runs about 70-80% saturation on average.  It provides network
access for a college res. hall with about 150 residents in it.  Since it's an academic network, it's
pretty wide-open outbound (minus the MS networking ports), so we have *tons* of p2p traffic,
including bittorrent, which we all know can bring a firewall to its knees.  I do use the traffic
shaper, but only to give dynamic pipes to each user for equitable bandwidth among all the users.  I
don't prioritize traffic of any type.  This system is rock solid.  It only goes down when the dorms
lose power and the UPS gives out, which happens 2-3 times a year (Good old New York State Flicker
and Flash, er, I mean New York State Electric and Gas).
> 
>I mention all this only to point out that I don't think the hangs are p2p or poisoned-packet
related.  Perhaps they are, but this environment (a college dorm) is about as unhealthy an
environment you can find for a firewall, yet ours stays up.
> 
>It's anecdotal evidence, but it would seem to me that this helps the argument that it probably is
bad hardware or a small bug in a driver somewhere, since this m0n0 seems to be rock-solid in a very
demanding environment.
> 
>-Bryan
>
>________________________________
>
>From: Steve Thomas [mailto:sthomas at consultant dot com]
>Sent: Tue 8/29/2006 10:03 AM
>To: Lonnie Abelbeck; m0n0wall List
>Subject: Re: [m0n0wall] Re: m0n0s hanging : any progress ?
>
>
>
>
>I've been following this thread and I've seen the hangs
>reported on all platforms and many different NICs.
>
>It's not likely a NIC chip/driver problem.
>
>It appears to have more to do with P2P traffic or
>fragmented packets. Both of these have been common
>sources of problems for many routers/firewalls.
>
>I think the solution may come from limiting outbound
>connections or dropping packets that can't be handled.
>Just speculation on my part, I'm not a developer.
>
>
>
>
>  
>
>>----- Original Message -----
>>From: "Lonnie Abelbeck" <abelbeck at abelbeck dot com>
>>To: "m0n0wall List" <m0n0wall at lists dot m0n0 dot ch>
>>Subject: Re: [m0n0wall] Re: m0n0s hanging : any progress ?
>>Date: Tue, 29 Aug 2006 08:31:23 -0500
>>
>>
>>Has anyone experienced the 'hanging' issue with a Soekris box?  
>>Soekris uses NatSemi NIC's in the 4801.
>>
>>If not, (and there are a lot of net4801 m0n0's out there) this
>>would  add credence to the NIC chip/driver as the problem.
>>
>>Lonnie
>>
>>
>>On Aug 29, 2006, at 3:34 AM, Jurgen van Vliet wrote:
>>
>>    
>>
>>>It can be nic related, but its kind of hard to replace nics in a  wrap board
>>>:)
>>>
>>>-----Original Message-----
>>>From: Jimmy Bones (Mhottie) [mailto:mhottie at gmail dot com]
>>>Sent: dinsdag 29 augustus 2006 10:24
>>>To: YvesDM; m0n0wall at lists dot m0n0 dot ch
>>>Subject: Re: [m0n0wall] Re: m0n0s hanging : any progress ?
>>>
>>>Just to add to the converastion; I have always found that 3COM  NIC's have
>>>worked flawlessly for me.
>>>
>>>On 8/29/06, YvesDM <ydmlog at gmail dot com> wrote:
>>>      
>>>
>>>>On 8/28/06, Andrew Kemp <akemp at iquest dot net> wrote:
>>>>        
>>>>
>>>>>the entire box freezes, snmp stops responding, i monitor the box
>>>>>from the outside world with cacti via pings and the graphs show that
>>>>>the ip was unpingable for the duration of the outage until a reboot.
>>>>>i also console in and the keyboard is unresponsive.
>>>>>
>>>>>          
>>>>>
>>>>Yes, I experienced exactly the same with onboard (fxp) intel cards.
>>>>I even had a box with keyboard and monitor directly attached to it
>>>>when it crashed.
>>>>It was totally inresponsive in every way. I solved the problem by
>>>>changing the onboard intel nic with a cheap realtek 8139d nic and
>>>>didn't use the onboard nic anymore. All nics in the box are realtek
>>>>8139d's now.
>>>>For the moment the uptime of that box is 56 days, so I guess it's ok
>>>>:-)
>>>>
>>>>Best Regards, Yves
>>>>
>>>>---------------------------------------------------------------------
>>>>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>>>>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>>>
>>>>
>>>>        
>>>>
>>>---------------------------------------------------------------------
>>>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>>>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>>
>>>
>>>      
>>>
>
>  
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>
>
>
>  
>