[ previous ] [ next ] [ threads ]
 
 From:  "Aaron Cherman" <aaronc at morad dot ab dot ca>
 To:  "m0n0wall list" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Lockups...
 Date:  Tue, 7 Nov 2006 09:08:13 -0700
> A while ago my m0n0wall box (a PCengines WRAP) suffered from frequent
> lockups. So I connected it to a USB powerswitch controlled by my
> server. On this server a small script watches the router, and
> powercycles it when it is stuck.


I feel your pain.


> The odd thing is that since then there have been no more hangs... The
> router has now been up for about two weeks.
>
> This is kind of odd. I have two theories right now:
>
> -My ISP gives me a new IP address regularly. This means that sometimes
> I get an address that previously was used by some heavy P2P user,
> which means a lot of work for the firewall, causing some state tables
> to fill and the system to lock. THe last weeks I have just been lucky.

I don't think that m0n0wall blocking a lot of possible P2P requests from the 
Internet would fill up the state tables.  As far as I understand the state 
table only store connections between inside hosts and outside - dropped 
requests will have no impact on the state tables.

> - When I rebooted the m0n0wall by hand I always did this by flipping a
> switch off and on on the powerstrip. The script that I now use (in
> combination with a USB controlled switch) waits 5 secodns between
> switching off and switching on again. Could it be that previously I
> just powercycled it to fast, so that the memory didn't get cleared
> competely?

The memory registers are flushed on initial boot-up as part of the POST I 
believe.

I have a static IP from my ISP - one in each of my cascaded m0n0walls 
actually.  I can go a couple of weeks without a lock-up and then I can get 3 
within 48 hours, sometimes within minutes of booting up.  From everything I 
have seen in my own experience and testing it is some kind of "poison 
packet" from the Internet that FreeBSD can't deal with - perhaps ending up 
in an endless loop (just a guess).  We are all hoping that someone has the 
time to get 6.1 built in here and that it solves our problem.


Aaron