[ previous ] [ next ] [ threads ]
 From:  Sterling Windmill <sterling dot windmill at custdata dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] 1.3b5 and filtering bridge/traffic shaper on ALIX 2.1
 Date:  Thu, 29 Nov 2007 10:48:12 -0500
I have found that disabling traffic shaping causes firewall states to be 
properly shown, but after enabling it no new firewall states are being 
displayed. Also, traffic shaping does not appear to be working in 
combination with the filtering bridge.

Sterling Windmill wrote:
> I have migrated from a standalone PC running m0n0wall 1.231 to an ALIX 
> 2.1 board (three NICs) running the newest 1.3b5
> I am using m0n0wall in front of our Cisco PIX in order to utilize it's 
> robust traffic shaping features, and it was working great with the 
> previous hardware/software combination.
> After manually duplicating my existing (standalone PC) configuration 
> on the ALIX and putting the box into production it doesn't seem to be 
> exhibiting the same behavior as the previous version.
> I am bridging WAN and OPT1. LAN is configured with a static IP but is 
> not connected to anything. I have enabled filtering bridge and have 
> added in any to any rules on both WAN and OPT1. I have added a few 
> traffic shaping rules that apply to both WAN and OPT1 interfaces. I 
> have not touched any NAT configuration or done much else in the way of 
> making changes away from the defaults other than disabling the DHCP 
> server and giving WAN a static (public) IP address.
> I am able to pass traffic through the box with no issue, our 
> connection to the outside world through the ALIX system remains 
> intact. I am not, however, seeing any firewall states other than my 
> own access to the web GUI through the WAN interface (I have allowed 
> only certain IPs to access in this way), and I am 100% sure that large 
> numbers of connections are being made through the box. If I disable 
> and re-enable traffic shaping I see a few extra entries in the 
> firewall states that seem to be valid, but no new entries show up 
> afterwards.
> I have also verified that traffic shaping does not seem to be working, 
> as I have added a small pipe and corresponding rules to shape traffic 
> originating from my PC behind the m0n0wall and PIX and see no change 
> in throughput.
> Has anyone else experienced problems with 1.3b5 filtering 
> bridge/traffic shaper perhaps specifically on the new ALIX hardware?
> Best regards,
> Sterling Windmill
> Custom Data Solutions, Inc.


	Sterling Windmill
Systems and Technology
Phone: 586-752-9671 Ext 146
Fax: 586-752-6589
www.custdata.com <http://www.custdata.com>

CONFIDENTIALITY NOTICE: This email contains information from the sender 
protected from disclosure. This email is intended for use only by the 
person or entity to whom it is addressed. If you are not the intended 
recipient, any use, disclosure, copying, distribution, printing, or any 
action taken in reliance on the contents of this email, is strictly 
prohibited. If you received this email in error, please contact the 
sending party by replying in an email to the sender, delete the email 
from your computer system and shred any paper copies of the email you