[rescue] IPFILTER woes

Greg A. Woods woods at weird.com
Mon Feb 18 17:34:52 CST 2002


[ On Monday, February 18, 2002 at 17:39:09 (-0500), Brian Hechinger wrote: ]
> Subject: [rescue] IPFILTER woes
>
> ok, so here's what happens.  the machine locks dead.  no panic, just stopped.
> i can break to the rom and reboot the machine.  it happens at seemingly random
> intervals.  i saw the posts about ipmon hanging solaris, but i have tried it
> with ipmon running and without ipmon running.  hangs both ways.

Well since IP-Filter doesn't come native on SunOS-5.8, it would REALLY
help if you provided all the relevant details, such as what _version_
you're using, perhaps even what compiler you built it with, what other
kernel modules/modifications you might have too, and even some hint as
to what your configuration might look like (if not the entire config,
provided you're not too worried about it being wrong and thus being
caught unawares with your pants down!  ;-).

> i originally though it was a hardware issue, so i swapped the then current
> firewall (sparc10) with the new firewall (ultra1) and it still happens.  i
> remember that is NEVER happened with my sparc5 when it was the firewall.

So, why don't you go back to the sparc5?!?!?!?!?  It's more than
powerful enough for any kind of firewall I can imagine -- even for a
fairly high-speed connection (a sparc5 @ 85MHz with appropriate ethernet
cards should easily handle a full 10Mbps connection, even with several
dozen well crafted rules).

Anyway I'd personally stay about as far away from any sparc64 stuff as
possible, at least for production use....

> does anyone have any clues at all?

not until/unless you can give us some clues!  ;-)

-- 
								Greg A. Woods

+1 416 218-0098;  <gwoods at acm.org>;  <g.a.woods at ieee.org>;  <woods at robohack.ca>
Planix, Inc. <woods at planix.com>; VE3TCP; Secrets of the Weird <woods at weird.com>



More information about the rescue mailing list