[ previous ] [ next ] [ threads ]
 
 From:  "Jerome Keating" <jerome at keating dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  too many connections
 Date:  Thu, 15 Mar 2007 09:13:04 -0400
Hi,

I'd just like to re-post my issue to include some advice I've had so far -
I'm hoping someone can still help with this.

Problem: when the firewall states table accumulates too many connections
(from someone's bittorrent traffic on the OPT1 subnet) internet connectivity
drops for everyone else, on both LAN and OPT1 subnets, until I reset the
state table. This is not a bandwidth issue - bandwidth consumption would be
very low - it's the number of connections that's doing it.

Right now my temporary solution is to block all outgoing packets from OPT1
except those ports specified - and I made a list of common ports they'll
need to use. But this will not do.

Some advice I've had from others:
 - too little RAM or slow CPU? - i doubt it - it's running on a fast PC with
more than enough memory - cpu never more than 2%, memory never mor than 12%.
 - too many states overloading NIC, perhaps due to some virus or worm on a
particular user's computer - how can I determine this? *Note: when the
internet drops, I still have access to the m0n0wall from LAN.
- cable modem failing due to too many states? - possibly - it's a Motorola
SB5101 provided by the cable company - after checking the modems logs I see
it's been returned to the cable company and reinitialized 4 times already...
And the log file is polluted with critical errors since sept/06 - Can
someone reccommend a really good cable modem for under $100?

Please if anyone can answer the following questions it would be really
helpful.
1. Reccommend a good consumer grade cable modem in the area of $100?
2. How can I test the NIC's in the m0n0wall as well as the modem itself to
see if they're failing due to too many connections?
3. What about device polling? I've never used this - do you think it might
help to correct the problem? What kind of performance loss would I expect?
4. What kind of features might pfsense have that could detect or solve the
problem?
5. Has anyone had experience setting up "Snort"? It's a system that detects
network intrusions as well as other types of traffic (such as bit torrent)
based on rules, and can block or control them. I guess this would only be
useful if the modem is the problem - because it would have to be placed
between the modem and the m0n0wall. But I'd still be interested in getting
it set up, but I might need a guide...

This is really bumming me out - I can't seem to figure out where the problem
is. Any help is appreciated. Thanks

Jerome