I just installed my first m0n0wall this weekend. Everything seems to be
working great, but I've run into a problem with my OPT1 DHCP connection.
I've searched the mailing list archive and I don't see any solutions to
the problem I will describe below. Here is my config:
Cable Modem > WAN > LAN/OPT1/OPT2
LAN is on 192.168.1.1/24 -> linksys router -> winxp box + laser printer
OPT1 is on 192.168.2.0/24 -> netgear switch -> win2k box
OPT2 is on 192.168.3.0/24 -> unused
DHCP is enabled on all three subnets. NAT is enabled on LAN and OPT1 to
bring in a few ports for VNC, TELNET, etc. The appropriate rules are
defined. There is no DMZ or any rules to separate any of the subnets
from each other - just the NAT and supporting rules.
On LAN, everything has worked flawlessly. I even set up some reserved
IPs in the DHCP. (Speaking of which, why don't the reserved DHCP IPs
show up in the active DHCP lease table? They are still being leased,
aren't they? I was under the impression that this would be the case.)
On OPT1, I find that the DHCP server fails. At first, I thought it was
failing after 2 hours, i.e. 7200 seconds. However the timing is not
consistent with the lease time. I discovered that the PC on OPT1 would
become unreachable after a random period of time, usually a matter of
hours, sometimes 2 or 3 hours, sometimes 8 or 12. When I say
unreachable - I mean both inside and outside the network. I checked the
PC itself and it is not crashed or locked up. When I looked at the
active leases, there would be no lease for that box. So, I monitored
the box hourly to see if I could catch the moment that the lease failed.
I got lucky. The link below shows a screen capture from the active
lease display. Basically, the firewall makes tons of leases and some
only last half a second before they expire. I think it does this
constantly for a period of time before the monowall decides it has had
enough and just stops serving leases on OPT1 altogether.
Ron Wilson, Senior Engineer, 518.831.7546
MPR Associates http://www.mpr.com
This electronic mail message and any attached files contain information
intended for the exclusive use of the individual or entity to which it
is addressed and may contain information that is proprietary,
privileged, confidential and/or exempt from disclosure under applicable
law. If you are not the intended recipient, you are hereby notified
that any viewing, copying, disclosure or distribution of this
information may be subject to legal restriction or sanction. Please
notify the sender, by electronic mail or telephone, of any unintended
recipients and delete the original message without making any copies.