General Questions

Here's a strange one; some websites do not 'work' when I try to get to them through the m0n0wall.

Traceroutes for these sites complete, on the comp and on the m0n0wall, but trying to get to them through a browser gives me timeout errors.

It is a small number of sites; more things seem to work than do not, but this still should not be happening.

My connection is via a cable ISP, and a direct connection from the modem to the comp shows that everything is 100%.  It is only when routed through the m0n0wall that these sites fail.

There are no firewall rules that I know of that would be causing this; it is a rather fresh install of 1.3b11, with maybe 8-9 NAT rules created (and their corresponding auto-created firewall rules), and that's about it.

Any insights?

Thanks in advance =)

Have you tried checking the box to "Allow fragmented packets"  in your "Default LAN to any" rule?  Also, check "Interfaces" under "Status" and see if you are logging any "in/out errors" on your WAN or LAN interface.

CS...

Interfaces under Status is showing 0/0 errors...

I just turned on the "Allow fragmented packets" on the "Default LAN to any" rule, and it did not fix the problem; I still get a timeout error on these specific sites.

The packet fragmentation did remind me about my MTU; this cable connection is new and I had not fixed the MTU for it yet, so I did the ping -f -l test and found my max to be 1432.  + 28 = an MTU of 1460, which seems to be correct... so I set my MTU to that and rebooted...

Still getting timeout errors on the sites.

Grr, very strange.  Any further thoughts?

very strange indeed.  I can't really think of anything else to try.  also, your cable connection MTU seems strange as well.  all the cable connections I have dealt with have been 1500.  have you tried more than one PC for this test?

CS...

I have multiple computers on this network and long story short: same problem on all of them.

I just reset the router to 'factory defaults' or w/e it's named in the menu, set up my interfaces and left everything else as default: same problem still.

And just to make sure I'm not crazy, tested things through a direct connection to the computer again, and the problematic sites indeed work this way.

^ That is kind of 'proof' that it's nothing that my computer(s) is(are) doing really; the simple fact of the traffic going through the m0n0wall causes the problem.

I'm at a complete loss here.  1.3b11... is this something the devs could/should look at?  --  I think I've exhausted my own options as well and if it's some sort of bug, I'd be happy to do what I can and help squash it...

Thanks again CS/all =)

I'm running 1.3b11 on 32 production boxes without a single problem of any kind.  At this point the only thing I could think of is possibly your m0n0wall's hardware.  Try different NIC cards and if that doesn't help try a different PC.  seems to me that if this was a m0n0wall bug, you wouldn't be the only one reporting it.

also, if your hardware support it, try running 1.233 and see if that makes a difference.

CS...

Hardware is an Alix 2c3, so can't change NIC cards... not sure if it would be supported by 1.233; I did try it first, but it seemed that you -have- to have a null modem cable for it; doesn't seem to have any default interface settings to allow you access to the GUI first.

Or if it actually does, then it just must not have ever gotten booted, because I couldn't ever even ping it.

1.3b11 booted as expected though.

Could indeed be the hardware... would it be worth it to try say, pfSense and see if it happens there?

I mean... if it -doesn't- happen with pfSense and does with m0n0wall, that'd be a bug right?

are you using the WRAP version of 1.3b11?  if not you should be.  it could also be related to your alix firmware.  I don't think there is any way of checking that without a null modem cable.  why don't you throw an old PC together and see if you can get that working.

CS...

Yep, I'm using the WRAP image of 1.3b11.

Holy crap I didn't think to check the firmware.  Whoops.

Yeah I'll do that ASAP... (smacking head at having forgotten that).  Now to find a cable...

I'll report back soon enough.

Thanks CS! =)

as I recall the last alix I flashed required booting DOS and running a .com file.  I now have a CF card setup for just that purpose.  very dumb in my opinion to release a product without the BIOS upload function working.   

Good luck!

CS...

Yeah... I only have the one CF card too.

I'm not sure if I can (easily) flash FreeDOS onto this one, use it to update, and re-flash m0n0 back on, or not.

Wondering if I shouldn't get a spare tiny CF card for this purpose... but I kind of hate to because if I can't get this working in a reasonable amount of time, I'll have to return/sell the Alix, and I don't want leftover stuff I don't really need.

Hmm.

there should be no problem with using your current CF card to flash your BIOS then re-image with m0n0wall.  what version is your alix BIOS now?

CS...

I am not sure of its current version...

Is there a way to check from within m0n0wall?

I don't think so.  You need to be connected to the serial port when it boots.

CS...

Thought so.  No cable just yet; will be finding one today.