[ previous ] [ next ] [ threads ]
 
 From:  "Albert Lash" <albert dot lash at gmail dot com>
 To:  "Albert Lash" <albert dot lash at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Question about 2 m0n0walls: a LAN router behind a filtered bridge
 Date:  Sun, 17 Jun 2007 13:31:21 -0400
Fixed it. I turned on "allow fragmented packets" all all lan firewall rules
(not sure if that was needed), but also on the wan and opt1 firewall rules
(which essentially open the bridge entirely, I just use it for bandwidth
management).

Specifically, the problem kept occurring until I enabled it on the OPT1
firewall rule (which is bridged to the WAN).

Thanks, hope this helps someone else.

On 6/16/07, Albert Lash <albert dot lash at gmail dot com> wrote:
>
> Now that I'm thinking more about it, I've seen something like this before
> on my Buffalo Airstation running openwrt. Seems like it runs out of memory.
> Maybe the Soekris net4501 running in bridge mode runs out of memory when
> there is a fast output of data?
>
> On 6/16/07, Albert Lash <albert dot lash at gmail dot com> wrote:
> >
> > Sorry I didn't reply back to the list before. To reiterate, I'm using
> > cable on both sides, not adsl.
> >
> > I noticed that the ifconfig was dying when it should output the ipv6
> > address, so I blacklisted the ipv6 modules, restarted, still no luck.
> >
> > On 6/16/07, Alex Neuman < alex at nkpanama dot com> wrote:
> > >
> > > The only time I've seen this is when there is an MTU problem, which
> > > seem
> > > to coincide with the use of ADSL links.
> > >
> > > Try lowering the MTU to 1400 in every device, one by one, starting
> > > from
> > > your computer outwards up to the device you're trying to access. If
> > > this
> > > doesn't work, let us know.
> > >
> > >
> > > > Hello,
> > > >
> > > > I'm loving m0n0wall, nice work! I'm using a soekris net4501 as a
> > > filtered
> > > > bridge to manage bandwidth for a diverse network. I have a /28
> > > subnet of
> > > > public ips that I'm passing through the net4501 from wan to opt1 to
> > > a
> > > > switch
> > > > connecting:
> > > >
> > > > * Astlinux (though soon to be askoziaPBX) on WRAP
> > > > * m0n0wall on a WRAP acting as a NAT and router for our office lan
> > > > * a couple of public servers
> > > >
> > > > This allows our lan computers to access the public servers, which
> > > you
> > > > can't
> > > > do when using 1:1 or server NAT AFAIK.
> > > >
> > > > Everything is working well, and I have the inner m0n0wall (the one
> > > on the
> > > > WRAP behind the filtered bridge) connecting a VPN out to another
> > > network.
> > > > That still works fine, except I'm noticing some very odd behavior.
> > > If I
> > > > ssh
> > > > over the VPN to a a device on the remove lan and run one of the
> > > following
> > > > commands:
> > > >
> > > > * ifconfig
> > > > * ps -A
> > > >
> > > > something goes haywire and the shell is dropped. The process doesn't
> > > die,
> > > > as
> > > > I can login through the public ip and watch the top of my user and
> > > see
> > > > sshd
> > > > and bash continue to run after the screen buffer in the other shell
> > > > through
> > > > the vpn stops responding.
> > > >
> > > > I'm wondering if I'm doing something that goes against good network
> > > design
> > > > here, or if this is a sign of something that is mis-configured and
> > > needs
> > > > to
> > > > be fixed. I appreciate any advice - thanks!
> > > >
> > > > Al
> > > >
> > > > --
> > > > My Blogs:
> > > > http://www.docunext.com/
> > > > http://www.albertlash.com/
> > > >
> > >
> > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> > >
> > >
> >
> >
> > --
> > My Blogs:
> > http://www.docunext.com/
> > http://www.albertlash.com/
> >
>
>
>
> --
> My Blogs:
> http://www.docunext.com/
> http://www.albertlash.com/
>



-- 
My Blogs:
http://www.docunext.com/
http://www.albertlash.com/