[ previous ] [ next ] [ threads ]
 
 From:  sylikc <sylikc at gmail dot com>
 To:  Rodman Frowert <frowertr at i dash 1 dot net>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Program to track packets moving through M0n0
 Date:  Sat, 11 Sep 2004 19:53:10 -0700
Rodman,

> Actually the subject is misleading as I really don't know what I need.  I
> want to be able to see what is causing me to not be able to talk to my DMZ
> from my LAN.  It is not any kind of incorrect firewall rule.  I have reset
> the system plenty of times to see if I could reproduce the problem.  I can
> reproduce the problem, but it doesn't always "break" on the same thing.  For
> example, I can setup my entire m0n0 box and access the DMZ perfectly from
> the LAN.  But when I go to download the configuration, it "breaks" and I can
> no longer talk to the DMZ until I reset the box.  Or, I may get through
> partially configuring the box and it breaks halfway through and I can no
> longer talk to the DMZ.

Have you checked your hardware on the box lately?  It sounds like a
flaky NIC or bad RAM or something because it's breaking different
things everytime.


> So, I didn't know if there was anyway to actually "see" what is going on
> when it is not working.  Can I tell if the m0n0 box is dropping the packets
> anyway.  When it doesn't work, I check the default firewall logs but don't
> see anything.

Like Michael wrote, try using Ethereal on the boxes that are trying to
talk to each other and see what actually gets sent and receive.  If
m0n0 doesn't show a drop, then actually try enabling logging on your
LAN -> * rule.  That way you can also see what packets are being
permitted as well.  Although this really just sounds like flaky
hardware just because of the "random" breakdowns.


/sylikc