From owner-freebsd-net@FreeBSD.ORG Mon Aug 25 08:04:44 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 14B3916A4BF for ; Mon, 25 Aug 2003 08:04:44 -0700 (PDT) Received: from aubgsrv2.stud.aubg.bg (mail.aubg.bg [193.68.137.57]) by mx1.FreeBSD.org (Postfix) with ESMTP id B7C4D43F93 for ; Mon, 25 Aug 2003 08:04:41 -0700 (PDT) (envelope-from SVS000@aubg.bg) Received: from lini ([195.34.115.27]) by aubgsrv2.stud.aubg.bg with Microsoft SMTPSVC(5.0.2195.6713); Mon, 25 Aug 2003 18:03:21 +0300 Message-ID: <002201c36b1a$3408a790$0c00a8c0@lini> From: "Stoyan Stratev" To: Date: Mon, 25 Aug 2003 18:04:37 +0300 MIME-Version: 1.0 Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-OriginalArrivalTime: 25 Aug 2003 15:03:21.0516 (UTC) FILETIME=[06473EC0:01C36B1A] Subject: the router spams with echo requests X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Aug 2003 15:04:44 -0000 Hello, I am running the latest production release(4.8) for a router/nat and i have a problem with my ISP. The ISP is using a network with hubs therefore we receive echo packets on the outside interface, that are not meant for our machine. The problem is that that the box forwards those packets multiple times and so the ISP thinks we have a virus or are doing portscans. i ran 'tcpdump -p -i rl1| grep echo' and noticed the following: we receive one packet: 20:50:02.596560 some.address.com > machine.on.our.subnet: icmp: echo request [tos 0x80] we send 20 packets very fast: 20:50:02.596851 our.router.com > machine.on.our.subnet: icmp: echo request [tos 0x80] I tried to replicate it by pinging machine.on.our.subnet from an outside looking glass and it behaves the same way(sees the packet for machine.on.our.subnet and pings it another 20-30 times) i ran ifconfig and there is no interface running in promiscos(or whatever) mode. The box has a fresh install of FreeBSD 4.8 mini. The only things I did were to recompile the kernel to enable NAT and then edit the configuration so natd starts at boot time. here is a snippet from rc.conf: gateway_enable="YES" firewall_enable="YES" firewall_type="OPEN" natd_enable="YES" natd_interface="rl1" natd_flags="-redirect_port tcp 192.168.0.10:80 80" hostname="our.router.com" ifconfig_rl0="inet 192.168.0.1 netmask 255.255.255.0" ifconfig_rl1="inet xxx.xx.xxx.27 netmask 255.255.255.224" What did i do wrong? Thanks