On Fri, 07 Nov 2008 13:22:08 +0100, Peter N. M. Hansteen wrote: >Harald Dunkel <[EMAIL PROTECTED]> writes: > >> I can post 2 dmesg logs of the same machine with the NIC >> names mixed up. Somehow 2 NICs disappeared on a reboot. On >> the next reboot they were back. Attached is the diff. > >Dodgy hardware does lead to problems, certainly. > >The basic problem here is that the system enumerates only the hardware >it is able to contact and identify, and units of the same type are >assigned an identifier equal to driver name plus a sequence number. > >Unless we make some other unique identifier part of the way PF >evaluates rules (the MAC address comes to mind, but that too can be >changed in any modern operating system), there is no quick fix, other >than rewriting your rule set so it avoids 'on' criteria and other >hardware specifics wherever possible.
Let's look at this a little more analytically: My firewall is a Soekris 4801 with sis0, sis1 and sis2. sis0 is the 0utside (ADSL) sis1 is the 1nside (LAN) sis2 is the 2erver LAN If 0 fails the other two "move up" the table. Risk = zero. If 1 fails the users holler "No service!" and the servers won't be compromised because they will now be connected to sis2 promoted to be sis1 and their default route won't be available and incoming traffic can't get to them either. Now, what was the problem again? With all the interfaces below the failure moving up the table there will be address mismatches = no traffic. I see no reason to panic. Maybe I'm too tired after being up really late replacing a faulty modem and I forgot to turn off NAT in the new one so my sleepy eyes missed the fact that I needed to test more than browsing from the LAN to make sure my servers were reachable. 8-(( 8>< snip rest of story. *** NOTE *** Please DO NOT CC me. I <am> subscribed to the list. Mail to the sender address that does not originate at the list server is tarpitted. The reply-to: address is provided for those who feel compelled to reply off list. Thankyou. Rod/ /earth: write failed, file system is full cp: /earth/creatures: No space left on device
