[ previous ] [ next ] [ threads ]
 
 From:  "NewMedia42" <newmedia42 at excite dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Problem with deployment (timeout related)...
 Date:  Thu, 30 Sep 2004 14:24:46 -0400 (EDT) 
After doing a fair amount of testing locally with m0n0, I rolled it out on our network in a dual
firewall/nat functionality.  It's running on a 3Ghz P4 with 512Mb RAM, 256Mb CF, and three NIC's (2
Intel onboard 10/100/1000, 1 DLink, 10/100).  Right now I have the two onboard NIC's as the WAN and
LAN, and the DLink (OPT1) as a filtered bridge with the WAN interface.  I have a /24 that is behind
OPT1 which I want to filter based off of the Rules.  My Firewall rules are not too extensive, about
20 or so rules, but I'm also using the Traffic Shaping to get usage statistics via MRTG, so I have 2
rules for every IP (so 512 rules); there is only one pipe with a limit of 1000Mb specified.  During
the course of the day, bandwidth usage normally peaks around 13Mb/sec or so with the troff being
around 5Mb/sec.

The problem is that I am getting substancially more timeouts (TCP) than what I did prior to m0n0
being deployed.  It got so bad this afternoon that it was limited the bandwidth at about 8Mb - I
tried turning Traffic Shaping off and it had no influence.  I also tried changing the limit to
unlimited via exec.php and "ipfw pipe 1 config bw 0", but it didn't change anything.  I finally even
tried installing 1.2b1 (which is what I'm now running), and my usage immediately popped back up to
13Mb and everything looks ok again - but I have noticed an occasional timeout every now and then -
not enough that it would normally worry me if not for the previous problem.  I also found the web
interface to sometimes 'freeze up' for lack of a better description, at which point I think it would
timeout new connections.  It is important to note that the problem seems to be exclusively with it
establishing new connections - it doesn't appear to have any impact on existing connections.

Has anyone had this problem, and if so does anyone know how I could solve it?

Is there any sort of limit on the number of connections which can pass through m0n0 at any time?  

Any help or ideas would be greatly appreciated!


_______________________________________________
Join Excite! - http://www.excite.com
The most personalized portal on the Web!