Re: [m0n0wall] Question about 2 m0n0walls: a LAN router behind a filtered bridge

From:	"Albert Lash" <albert dot lash at gmail dot com>
To:	"Albert Lash" <albert dot lash at gmail dot com>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] Question about 2 m0n0walls: a LAN router behind a filtered bridge
Date:	Sun, 17 Jun 2007 13:35:02 -0400
Err, actually, I just noticed I still had to "Apply changes" and it was
working, so maybe it was the WAN.

On 6/17/07, Albert Lash <albert dot lash at gmail dot com> wrote:
>
> Fixed it. I turned on "allow fragmented packets" all all lan firewall
> rules (not sure if that was needed), but also on the wan and opt1 firewall
> rules (which essentially open the bridge entirely, I just use it for
> bandwidth management).
>
> Specifically, the problem kept occurring until I enabled it on the OPT1
> firewall rule (which is bridged to the WAN).
>
> Thanks, hope this helps someone else.
>
> On 6/16/07, Albert Lash <albert dot lash at gmail dot com> wrote:
> >
> > Now that I'm thinking more about it, I've seen something like this
> > before on my Buffalo Airstation running openwrt. Seems like it runs out of
> > memory. Maybe the Soekris net4501 running in bridge mode runs out of memory
> > when there is a fast output of data?
> >
> > On 6/16/07, Albert Lash < albert dot lash at gmail dot com> wrote:
> > >
> > > Sorry I didn't reply back to the list before. To reiterate, I'm using
> > > cable on both sides, not adsl.
> > >
> > > I noticed that the ifconfig was dying when it should output the ipv6
> > > address, so I blacklisted the ipv6 modules, restarted, still no luck.
> > >
> > > On 6/16/07, Alex Neuman < alex at nkpanama dot com> wrote:
> > > >
> > > > The only time I've seen this is when there is an MTU problem, which
> > > > seem
> > > > to coincide with the use of ADSL links.
> > > >
> > > > Try lowering the MTU to 1400 in every device, one by one, starting
> > > > from
> > > > your computer outwards up to the device you're trying to access. If
> > > > this
> > > > doesn't work, let us know.
> > > >
> > > >
> > > > > Hello,
> > > > >
> > > > > I'm loving m0n0wall, nice work! I'm using a soekris net4501 as a
> > > > filtered
> > > > > bridge to manage bandwidth for a diverse network. I have a /28
> > > > subnet of
> > > > > public ips that I'm passing through the net4501 from wan to opt1
> > > > to a
> > > > > switch
> > > > > connecting:
> > > > >
> > > > > * Astlinux (though soon to be askoziaPBX) on WRAP
> > > > > * m0n0wall on a WRAP acting as a NAT and router for our office lan
> > > >
> > > > > * a couple of public servers
> > > > >
> > > > > This allows our lan computers to access the public servers, which
> > > > you
> > > > > can't
> > > > > do when using 1:1 or server NAT AFAIK.
> > > > >
> > > > > Everything is working well, and I have the inner m0n0wall (the one
> > > > on the
> > > > > WRAP behind the filtered bridge) connecting a VPN out to another
> > > > network.
> > > > > That still works fine, except I'm noticing some very odd behavior.
> > > > If I
> > > > > ssh
> > > > > over the VPN to a a device on the remove lan and run one of the
> > > > following
> > > > > commands:
> > > > >
> > > > > * ifconfig
> > > > > * ps -A
> > > > >
> > > > > something goes haywire and the shell is dropped. The process
> > > > doesn't die,
> > > > > as
> > > > > I can login through the public ip and watch the top of my user and
> > > > see
> > > > > sshd
> > > > > and bash continue to run after the screen buffer in the other
> > > > shell
> > > > > through
> > > > > the vpn stops responding.
> > > > >
> > > > > I'm wondering if I'm doing something that goes against good
> > > > network design
> > > > > here, or if this is a sign of something that is mis-configured and
> > > > needs
> > > > > to
> > > > > be fixed. I appreciate any advice - thanks!
> > > > >
> > > > > Al
> > > > >
> > > > > --
> > > > > My Blogs:
> > > > > http://www.docunext.com/
> > > > > http://www.albertlash.com/
> > > > >
> > > >
> > > >
> > > >
> > > > ---------------------------------------------------------------------
> > > >
> > > > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > > > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> > > >
> > > >
> > >
> > >
> > > --
> > > My Blogs:
> > > http://www.docunext.com/
> > > http://www.albertlash.com/
> > >
> >
> >
> >
> > --
> > My Blogs:
> > http://www.docunext.com/
> > http://www.albertlash.com/
> >
>
>
>
> --
> My Blogs:
> http://www.docunext.com/
> http://www.albertlash.com/
>



-- 
My Blogs:
http://www.docunext.com/
http://www.albertlash.com/