Date: Tue, 1 Dec 2015 12:16:45 +0100 From: Daniel Bilik <ddb@neosystem.org> To: Julian Elischer <julian@freebsd.org> Cc: freebsd-net@freebsd.org Subject: Re: Outgoing packets being sent via wrong interface Message-ID: <20151201121645.dbcf4bf900fd657a6e4ae3b4@neosystem.cz> In-Reply-To: <565D7552.30806@freebsd.org> References: <20151120155511.5fb0f3b07228a0c829fa223f@neosystem.org> <C1D7F956-81C9-4ED4-99B8-E0C73A3ECB37@FreeBSD.org> <20151120163431.3449a473db9de23576d3a4b4@neosystem.org> <20151121212043.GC2307@vega.codepro.be> <20151122130240.165a50286cbaa9288ffc063b@neosystem.cz> <20151125092145.e93151af70085c2b3393f149@neosystem.cz> <20151125122033.GB41119@in-addr.com> <20151127101349.752c94090e78ca68cf0f81fc@neosystem.org> <56597CB5.7030307@freebsd.org> <20151130101838.e59be3db0eb3922d87544b16@neosystem.cz> <565C6F86.7090108@freebsd.org> <20151201090332.09b038935b8eabf33288c24c@neosystem.cz> <565D7552.30806@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 1 Dec 2015 18:24:18 +0800 Julian Elischer <julian@freebsd.org> wrote: > if you reload pf it has no effect? > pf is the part of the picture I have no experience with so I'm > naturally suspicious of it. > have you tried a simple ipfw nat instead? just as a sanity check? Well, I have zero experience with ipfw and this is production system with quite complex pf setup. So I don't have enough courage to experiment much there. But next time it happens, I'll try to reload pf rules, and also to disable pf completely - it's acceptable for short period of time, and we'll see if there still are any "private" packets on "public" interface. Thanks for suggestions. -- Dan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20151201121645.dbcf4bf900fd657a6e4ae3b4>