search

bitwiseworks / InJoy

Issue tracker for InJoy
0 stars 0 forks source link

Injoy V4.1 PRO on eCS 1.A (fxwrap verison updated in 2012) #48

Closed ecomstation closed 5 years ago

ecomstation commented 7 years ago

Hi,

today i got this (the same problem happens even with the previous 2007 build of fxwrap.sys) after about 4/5 hours of work, the FW pc do a reboot each night (to avoid running out of resources):

InJoy Firewall, Copyright (C) F/X Communications gateway version 4.1 (2) FXWRAP.SYS (DD) version 4.2 (0)

Licensed to [Consorzio di C....] Firewall interface [lan0] [my wan IP] Internal Network 1: [my wan class.0/255.255.255.248] Internal Network 2: [10.2.2.0/255.255.255.0] Fragmentation enabled [MTU 1500] IPSec version [4.1] Firewall version [4.1] Firewall PC is [transparent] GUI Server listen :port :63333

InJoy Firewall Ready!

IP Address not configured, using 1.1.1.1 as a temporary address. FW: new IP address :[1.1.1.1] FW: new IP address :OK FW: new IP address :[my wan IP] FW: new IP address :OK IP Address not configured, using 1.1.1.1 as a temporary address. FW: new IP address :[1.1.1.1] FW: new IP address :OK FW: new IP address :[my wan IP] FW: new IP address :OK IP Address not configured, using 1.1.1.1 as a temporary address. FW: new IP address :[1.1.1.1] FW: new IP address :OK Killed by signal! (C0010003) Stopping I/O threads... Stopping IPSec Plugin... InJoy Firewall, Copyright (C) F/X Communications gateway version 4.1 (2) Fatal: Unable to open FXWRAP.SYS

had to reboot the firewall to have it working again

SilvanScherrer commented 7 years ago

what eth driver are you using? could it be similar to #47?

ecomstation commented 7 years ago

i've seen that i've this DEVICE=C:\MPTN\PROTOCOL\FWIP.SYS (could this create problems to injoy fw?) i commented BASEDEV=APM.ADD

removed, but just about after 24 hours i got:

activity.log:

Killed by signal! (C0010003) Stopping I/O threads... Stopping IPSec Plugin... InJoy Firewall, Copyright (C) F/X Communications gateway version 4.1 (2) Fatal: Unable to open FXWRAP.SYS

firewall.log

2017/01/31 17:34:20 FIREWALL PLUGIN: Shutting down! 2017/01/31 17:39:34 FIREWALL PLUGIN: Initialized successfully 2017/01/31 17:39:34 FIREWALL PLUGIN: Version 4.1, build timestamp Nov 26 2007 1 7:48:27 2017/01/31 17:39:34 FIREWALL PLUGIN: + Dynamic firewall, + URL handling, + Safe -Mail, + Traffic Shaper 2017/01/31 17:39:34 FIREWALL PLUGIN: Configuration successfully loaded 2017/01/31 17:39:34 FIREWALL PLUGIN: Ready...

just a "feeling", it seems to happens in moments where there is "important" internet activity in this moment i'm downloading updates for a server and for a pc desktop (GB of stuff)

I add:

protocol.ini

[PROT_MAN]

DRIVERNAME = PROTMAN$

[IBMLXCFG]

tcpip_nif = tcpip.nif FXWRAP_nif = fxwrap.nif R8110_nif = R8110.NIF E1000_nif = E1000.nif

[tcpip_nif]

DriverName = TCPIP$ Bindings = FXWRAP_nif,E1000_nif

[R8110_nif]

DriverName = R8110$ OPTIMIZE = "YES" TIMER = "NO" LINK_TIMER = "NO" TXQUEUE = 8 RXCHAIN = "YES" RXQUEUE = 16 TXEARLY = 1526 TXMXDMA = 0 RXEARLY = 0 RXMXDMA = 256 PCIMRW = "YES" IRQ15OVR = "YES"

[E1000_nif]

DriverName = E1000$

[FXWRAP_nif]

Drivername = FXWRAP1$ Bindings = R8110_nif

NIC: Realtek Gigabit driver NIC Driver bundled with eCS 2.1ga version 0.1.2

ecomstation commented 7 years ago

this morning i got:

errors.err: Thu Feb 2 09:19:56 2017 - Killed by signal! (C0010003)

activity.log: IP Address not configured, using 1.1.1.1 as a temporary address. FW: new IP address :[1.1.1.1] FW: new IP address :OK Killed by signal! (C0010003) Stopping I/O threads... Stopping IPSec Plugin... InJoy Firewall, Copyright (C) F/X Communications gateway version 4.1 (2) Fatal: Unable to open FXWRAP.SYS Stopping Firewall Plugin... Stopping IDENT support... Shutdown complete - Exiting.

comments: strange thing.. Pluto.exe process was still running, only Gateway.exe crashed/exited also in this moment i've seen an important numer of ip sockets

i add inetcfg.ini -get all, hope it could be of any help

Inetcfg: CURRENT DEFAULT MINIMUM MAXIMUM

keepalive 60 7800 0 7800 KeepAlive (sec) tcpswinsize 64240 32768 1024 246723 TCP SendWindow Size tcprwinsize 64240 32768 1024 246723 TCP RecvWindow Size udpswinsize 9216 9216 1024 246723 UDP SendWindow Size udprwinsize 41600 41600 1024 246723 UDP RecvWindow Size lingertime 120 120 0 65535 Linger Time (sec) probecnt 8 8 1 8 Number Of KeepAlive Probes ipforward 1 0 0 1 IP Forwarding flag ON/OFF mtudiscover 0 1 0 1 TCP Path MTU Discovery ON/OFF arpkillc 1200 1200 180 15300 ARP Complete TimeOut (sec) arpkilli 180 180 60 1200 ARP InComplete TimeOut (sec) lipcstswinsize 10240 10240 1024 246723 LIPC Stream SendWindow Size lipcstrwinsize 10240 10240 1024 246723 LIPC Stream RecvWindow Size lipcdgswinsize 2048 2048 1024 246723 LIPC Dgram SendWindow Size lipcdgrwinsize 4096 4096 1024 246723 LIPC Dgram RecvWindow Size synattack 1 0 0 1 SYN Attack Flag ON/OFF syncookie 0 0 0 1 SYN Cookie Flag ON/OFF firewall 0 0 0 1 FIREWALL ON/OFF multidefrt 0 1 0 1 Multiple Default Routes ON/OFF winscale 1 1 0 1 TCP Window Scale ON/OFF timestmp 1 0 0 1 TCP TimeStamps ON/OFF realslow 20 20 1 100 TCP TW Q Slow Timeout ticks perfhttp 1 1 0 1 Fast Path HTTP ON/OFF tcpttl 64 64 1 255 TCP TTL (hops) udpttl 64 64 1 255 UDP TTL (hops) icmpttl 64 64 1 255 ICMP TTL (hops) fragttl 60 60 1 255 Fragment TTL (sec) reusetw 0 1 0 1 Reuse Time Wait ON/OFF msl 30 30 1 16384 TCP MaxSegLifeTime (sec) cc 0 0 0 1 TTCP function ON/OFF sack 0 0 0 1 Selective ACK ON/OFF

SilvanScherrer commented 7 years ago

I still have the feeling it has to be an issue with multimac drivers. And we know we have to work out some testing with them. For sure I recommend to always use latest of those drivers.

ecomstation commented 7 years ago

Il 03/02/2017 10:59, Silvan Scherrer ha scritto:

I still have the feeling it has to be an issue with multimac drivers. And we know we have to work out some testing with them. For sure I recommend to always use latest of those drivers.

Silvan, if you believe this is the point, i can use a classic Intel pro 100 S as nic that one never gave problems of any kind

Massimo

ecomstation commented 7 years ago

anyway is there some diagnostic tool or debug mode to understand better the possible cause?

SilvanScherrer commented 7 years ago

you could install latest 4.2, as there the exception handler is a lot better. And when it traps, a trp file should be generated. Please attach them here.

ecomstation commented 7 years ago

this Customer has 3 firewalls, one on each office connected with tunnel VPN only 2 of theese firewalls show the problem is it possible to upgrade only 1 firewall? the vpn and the rules will keep working?

to upgrade is sufficient to download the zip file and overwrite firewalls files (except for the configuration file, of course)?

for 4.2? what do you mean? on IJ website there is only 4.2.2

SilvanScherrer commented 6 years ago

is this issue connected with #54 or #49 ?

SilvanScherrer commented 5 years ago

is this issue still valid?

ecomstation commented 5 years ago

i've updated to 4.2.2 ga at the moment the issue seem to be gone you can close the ticket