On Mon, 30 Aug 2004 19:09:51 -0400, Twig <twig at gwi dot net> wrote:
> Second, if I change my lan ip to 192.168.151.1/26, the m0n0wall box
> stops responding to network traffic all together. The only way to
> recover is to pop on the console and change the ip back to default or
> reset the conf completely. As there isn't a standard shell and the web
> interface is inacessable, I'm not sure how to diag. Suggestions?
Does the machine you are trying to access from have an IP on that
subnet? Is the subnet mask on the m0n0wall correct? Can you ping the
LAN interface's IP? If you can't ping that IP from the machine you
are trying to get to the web interface from, then that machine's
configuration is likely your problem.
> ICMP is blocked on the WAN port by default. Nasty bad choice. As per
> RFC 792, and later RFC 2979 parts of ICMP are used for normal
> operation. Global ICMP blocks can break / degrade tcp/ip operation.
> If anything must be nuked out of the box, a selective filter based on
> RFC 2979 seems more appropriate, with the added bonus of legitimizing
> an 'RFC Compliant' sticker. :)
Many or most firewalls block ICMP by default. I believe the WAN port
just drops echo request packets and probably a couple other of the
unnecessary types, not the couple you don't want to block. I could
very well be wrong on that. Regardless, RFC 2979 says it is
acceptable to drop echo request packets amongst other types.
I don't see where what it does is inappropriate.