[ previous ] [ next ] [ threads ]
 From:  Manuel Kasper <mk at neon1 dot net>
 To:  waa dash m0n0wall at revpol dot com
 Cc:  m0n0wall <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] 1.3.b11 lockups
 Date:  Fri, 16 May 2008 21:04:24 +0200
On 16.05.2008, at 20:01, mtnbkr wrote:

> 	3648 active

I can't really see anything out of the ordinary in your vmstat/ipfstat  
output; however, given the strict ruleset that you described, I find  
3648 active connections quite a lot. You could try "ipfstat -ls" to  
see the full list of active connections - maybe you'll see something  
odd there. Of course if you have lots of users it could also be quite  
normal. ;)

Well, I have to admit that I don't know what to suggest at this point.  
If the problem is really related to some odd traffic that occurs only  
once in a while and somehow messes up ipfilter, one way of hopefully  
getting a bit closer to finding out what it is would be to capture all  
traffic on the LAN interface of your m0n0wall. Wireshark has a ring  
buffer feature that allows it to capture indefinitely while consuming  
a fixed amount of disk space. Then when the problem occurs again, you  
could correlate the time of the kernel panic with the traffic just  
before it happened, and hopefully discovery something extraordinary.  
It could be a lot of data to sift through, though...

- Manuel