From owner-freebsd-net@FreeBSD.ORG  Sun Aug 29 18:18:06 2010
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 2475810656D4
	for <freebsd-net@freebsd.org>; Sun, 29 Aug 2010 18:18:06 +0000 (UTC)
	(envelope-from ozkan.kirik@gmail.com)
Received: from mail-qw0-f54.google.com (mail-qw0-f54.google.com
	[209.85.216.54])
	by mx1.freebsd.org (Postfix) with ESMTP id D0ADC8FC12
	for <freebsd-net@freebsd.org>; Sun, 29 Aug 2010 18:18:05 +0000 (UTC)
Received: by qwg5 with SMTP id 5so4735107qwg.13
	for <freebsd-net@freebsd.org>; Sun, 29 Aug 2010 11:18:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:mime-version:received:received:date:message-id
	:subject:from:to:content-type;
	bh=S/myDPmx9hC5ltmTDO0PKAcT+13o8KdYsFuzHMiwKIU=;
	b=M72jxyq0CP65pSN6o+IQRcGSEWc3Hd9HDVB4hnBaRUACiL1dXh7NdWxBMZRRgeBjAX
	sR+ZrqVIXWU51fi9cmqMe+eMJPWl73Y+b0v1LcHjNbFpP+OUU5YyXyOf8FozJEBABZwV
	Cg1iFJXuRGqF37eopbIzBa3oUNk3dMvUP4mmI=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=mime-version:date:message-id:subject:from:to:content-type;
	b=c/qYN/4GkiO83e4mD/8I4WHXHqRAf2qyOG0m1kukKyCAJESnCrkkfnDbLlSBy46mU3
	TWIyctvuD3Hrmw15umO8SCcDNSYUsOStIGzbK8KWORlcYeCVEfmLVqR/7cjzCxrjLSTF
	zNgtL7+/jLAXNrGWDLaXhFSyPNNMMmY0CdknE=
MIME-Version: 1.0
Received: by 10.224.89.11 with SMTP id c11mr2166442qam.182.1283104404984; Sun,
	29 Aug 2010 10:53:24 -0700 (PDT)
Received: by 10.229.46.146 with HTTP; Sun, 29 Aug 2010 10:53:24 -0700 (PDT)
Date: Sun, 29 Aug 2010 20:53:24 +0300
Message-ID: <AANLkTina3iO0QcFf8PSvEW-K5P5SM+H4jSeDBmU6yqmt@mail.gmail.com>
From: =?ISO-8859-1?Q?=D6zkan_KIRIK?= <ozkan.kirik@gmail.com>
To: freebsd-net@freebsd.org
Content-Type: text/plain; charset=ISO-8859-1
Subject: Default router changes unexpectedly
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 29 Aug 2010 18:18:06 -0000

Hi,

I am using FreeBSD 7.3 STABLE-201004. IPFW + In kernel NAT and if_vlan
used mostly.
System has 3 em interfaces. Scenario is classical, LAN DMZ WAN.

Sometimes default router changes unexpectedly. I inspected logs if
someone logged in or changed route. I found nothing.
This problem repeats at least 1 times per day. I wrote a shell script
which monitors the default router.
I saw that sometimes netstat -rn shows that default router is changed
as 10.3.1.64 or 10.5.3.189 etc. which are client IP addresses but
routing still routes to right router 212.X.Y.Z .
After a while, routing really fails.
I use em nics for all.
At the weekends (when most clients are now working) i dont have any problems.
I think some network packets affects the defaultrouter.
I tried to block packets belongs to the IP addresses which shown as
default router (10.3.1.64, 10.5.3.189 etc.. ). Then the problem is
solved.

I wonder how the default router can be changed with packets that came
from network?
How can i prevent this without writing firewall rules?
Or which packets should I drop?

Any ideas?

Regards,
Ozkan KIRIK
Mersin University @ Turkey