From owner-freebsd-net@freebsd.org  Tue Dec  1 11:18:21 2015
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7284EA3DE75
 for <freebsd-net@mailman.ysv.freebsd.org>;
 Tue,  1 Dec 2015 11:18:21 +0000 (UTC)
 (envelope-from daniel.bilik@neosystem.cz)
Received: from mail.neosystem.cz (mail.neosystem.cz
 [IPv6:2001:41d0:2:5ab8::10:15])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 33AF81AD3;
 Tue,  1 Dec 2015 11:18:20 +0000 (UTC)
 (envelope-from daniel.bilik@neosystem.cz)
Received: from mail.neosystem.cz (unknown [127.0.10.15])
 by mail.neosystem.cz (Postfix) with ESMTP id 52C84A9D;
 Tue,  1 Dec 2015 12:18:18 +0100 (CET)
X-Virus-Scanned: amavisd-new at mail.neosystem.cz
Received: from dragon.sn.neosystem.cz (unknown
 [IPv6:2001:41d0:2:5ab8::100:101])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mail.neosystem.cz (Postfix) with ESMTPSA id E11C3A97;
 Tue,  1 Dec 2015 12:18:12 +0100 (CET)
Date: Tue, 1 Dec 2015 12:16:45 +0100
From: Daniel Bilik <ddb@neosystem.org>
To: Julian Elischer <julian@freebsd.org>
Cc: freebsd-net@freebsd.org
Subject: Re: Outgoing packets being sent via wrong interface
Message-Id: <20151201121645.dbcf4bf900fd657a6e4ae3b4@neosystem.cz>
In-Reply-To: <565D7552.30806@freebsd.org>
References: <20151120155511.5fb0f3b07228a0c829fa223f@neosystem.org>
 <C1D7F956-81C9-4ED4-99B8-E0C73A3ECB37@FreeBSD.org>
 <20151120163431.3449a473db9de23576d3a4b4@neosystem.org>
 <20151121212043.GC2307@vega.codepro.be>
 <20151122130240.165a50286cbaa9288ffc063b@neosystem.cz>
 <20151125092145.e93151af70085c2b3393f149@neosystem.cz>
 <20151125122033.GB41119@in-addr.com>
 <20151127101349.752c94090e78ca68cf0f81fc@neosystem.org>
 <56597CB5.7030307@freebsd.org>
 <20151130101838.e59be3db0eb3922d87544b16@neosystem.cz>
 <565C6F86.7090108@freebsd.org>
 <20151201090332.09b038935b8eabf33288c24c@neosystem.cz>
 <565D7552.30806@freebsd.org>
X-Mailer: Sylpheed 3.4.3 (GTK+ 2.24.28; x86_64-portbld-dragonfly4.3)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Dec 2015 11:18:21 -0000

On Tue, 1 Dec 2015 18:24:18 +0800
Julian Elischer <julian@freebsd.org> wrote:

> if you reload pf it has no effect?
> pf is the part of the picture I have no experience with so I'm 
> naturally suspicious of it.
> have you tried a simple ipfw nat instead?  just as a sanity check?

Well, I have zero experience with ipfw and this is production system with
quite complex pf setup. So I don't have enough courage to experiment much
there. But next time it happens, I'll try to reload pf rules, and also to
disable pf completely - it's acceptable for short period of time, and
we'll see if there still are any "private" packets on "public" interface.

Thanks for suggestions.

--
						Dan