I ran into a situation yesterday that I have yet to find a solution to.

A client's a 3-LAN WRAP with m0n0wall v1.3b4 firewall started kernel 
panicing and rebooting... After connecting to the serial port, I noticed 
the following additional information being logged:

ipf_nattable_max reduced to X
(where X is between about 20000 and about 29000)

Now, some random amount of time passes, during which time the web GUI 
interface is inaccessible and the firewall stops syslogging to the 
remote syslog server then,

panic: kmem_malloc(4096): kmem_map too small: 36687872 total allocated

At which point the system complains about no place to write a dump file 
(it's on a WRAP so this makes sense) and it reboots.

Initially, this was a WRAP w/m0n0wall v1.3b4. I upgraded it to m0n0wall 
v1.3b10 - same thing. So I swapped it out for a new 3-LAN port ALIX box 
with m0n0wall v1.3b10 - same results.

After looking into the states page I noticed a high amount of outbound 
dns queries from the "new" djbdns dns server so I increased the 
CACHESIZE variable from its default 10 1Meg to 100Meg, and also 
increased the DATALIMIT variable and restarted the djbdns service.

The firewall ran fine (stopped rebooting every 5-10 minutes) so I 
thought I was home-free.  It ran for almost 24 hours after those changes 
but then again restarted itself.

This client is a school, and the students are away this week. I am 
concerned that when they come back things will get worse.  Does anyone 
have any ideas as to how I may debug this further and get their network 
back to the rock solid stability they have been used to?


THANKS!

--
Bill Arlofski
Reverse Polarity, LLC