I ran into a situation yesterday that I have yet to find a solution to.
A client's a 3-LAN WRAP with m0n0wall v1.3b4 firewall started kernel
panicing and rebooting... After connecting to the serial port, I noticed
the following additional information being logged:
ipf_nattable_max reduced to X
(where X is between about 20000 and about 29000)
Now, some random amount of time passes, during which time the web GUI
interface is inaccessible and the firewall stops syslogging to the
remote syslog server then,
panic: kmem_malloc(4096): kmem_map too small: 36687872 total allocated
At which point the system complains about no place to write a dump file
(it's on a WRAP so this makes sense) and it reboots.
Initially, this was a WRAP w/m0n0wall v1.3b4. I upgraded it to m0n0wall
v1.3b10 - same thing. So I swapped it out for a new 3-LAN port ALIX box
with m0n0wall v1.3b10 - same results.
After looking into the states page I noticed a high amount of outbound
dns queries from the "new" djbdns dns server so I increased the
CACHESIZE variable from its default 10 1Meg to 100Meg, and also
increased the DATALIMIT variable and restarted the djbdns service.
The firewall ran fine (stopped rebooting every 5-10 minutes) so I
thought I was home-free. It ran for almost 24 hours after those changes
but then again restarted itself.
This client is a school, and the students are away this week. I am
concerned that when they come back things will get worse. Does anyone
have any ideas as to how I may debug this further and get their network
back to the rock solid stability they have been used to?
Reverse Polarity, LLC