From owner-freebsd-questions@FreeBSD.ORG Fri Feb 16 16:03:12 2007 Return-Path: X-Original-To: questions@FreeBSD.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 2F4BE16A400 for ; Fri, 16 Feb 2007 16:03:12 +0000 (UTC) (envelope-from igorr@canmos.ru) Received: from sta1.canmos.ru (sta1.canmos.ru [89.107.120.27]) by mx1.freebsd.org (Postfix) with ESMTP id B3B9713C49D for ; Fri, 16 Feb 2007 16:03:11 +0000 (UTC) (envelope-from igorr@canmos.ru) Received: from sta1.canmos.ru (sta1.canmos.ru [89.107.120.27]) by sta1.canmos.ru (Postfix) with ESMTP id 1902A1271BD for ; Fri, 16 Feb 2007 19:03:07 +0300 (MSK) Date: Fri, 16 Feb 2007 19:03:07 +0300 (MSK) From: "Igor V. Ruzanov" To: questions@FreeBSD.org Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: Subject: NeedHelp X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Feb 2007 16:03:12 -0000 Hello! I have a very strange problem occured on my FreeBSD router: - i have several vlan interfaces to wich assigned some real ip-address from 89.107.x.x; - and uplink interface fxp0 to witch assigned gateway real ip-address from 89.107.y.y; Sometimes when i analyze traffic flowing throuth my interfaces (vlans and fxp0) i can see the following data from vlan18 to uplink (tcpdump): root@gw: [18:49] (~)# tcpdump -X -s1024 -n -c100 -i vlan18 host 213.184.148.170 tcpdump: listening on vlan18 19:30:16.577894 213.184.148.170.1323 > 194.67.23.207.80: S 1966953971:1966953971(0) win 65535 (DF) 0x0000 4500 0030 6d74 4000 8006 48de d5b8 94aa E..0mt@...H..... 0x0010 c243 17cf 052b 0050 753d 55f3 0000 0000 .C...+.Pu=U..... 0x0020 7002 ffff 6dfe 0000 0204 05b4 0101 0402 p...m........... 19:30:16.579013 213.184.148.170.63203 > 88.212.201.120.80: . ack 2538364981 win 64240 (DF) 0x0000 4500 0028 a5e9 4000 3f06 0937 d5b8 94aa E..(..@.?..7.... 0x0010 58d4 c978 f6e3 0050 1fe5 8eb7 974c 6035 X..x...P.....L`5 0x0020 5010 faf0 8ae1 0000 aaaa aaaa aaaa P............. 19:30:16.581381 213.184.148.170.63203 > 88.212.201.120.80: . ack 2921 win 64240 (DF) 0x0000 4500 0028 a5ea 4000 3f06 0936 d5b8 94aa E..(..@.?..6.... 0x0010 58d4 c978 f6e3 0050 1fe5 8eb7 974c 6b9d X..x...P.....Lk. 0x0020 5010 faf0 7f79 0000 aaaa aaaa aaaa P....y........ 19:30:16.583829 213.184.148.170.63203 > 88.212.201.120.80: . ack 5841 win 64240 (DF) 0x0000 4500 0028 a5eb 4000 3f06 0935 d5b8 94aa E..(..@.?..5.... 0x0010 58d4 c978 f6e3 0050 1fe5 8eb7 974c 7705 X..x...P.....Lw. 0x0020 5010 faf0 7411 0000 aaaa aaaa aaaa P...t......... 19:30:16.584807 213.184.148.170.1323 > 194.67.23.207.80: . ack 42151783 win 65535 (DF) 0x0000 4500 0028 6d75 4000 8006 48e5 d5b8 94aa E..(mu@...H..... 0x0010 c243 17cf 052b 0050 753d 55f4 0283 2f67 .C...+.Pu=U.../g 0x0020 5010 ffff 68c8 0000 aaaa aaaa aaaa P...h......... 19:30:16.586796 213.184.148.170.1323 > 194.67.23.207.80: P 0:673(673) ack 1 win 65535 (DF) 0x0000 4500 02c9 6d76 4000 8006 4643 d5b8 94aa E...mv@...FC.... 0x0010 c243 17cf 052b 0050 753d 55f4 0283 2f67 .C...+.Pu=U.../g 0x0020 5018 ffff 532f 0000 4745 5420 2f3f 6d61 P...S/..GET./?ma Could you please help me to solve the problem? How the packets from some subnet can be routed throuth gateway, that have an address NOT belonging to this subnet? Below i put trafd logs showing that the packets arrived my uplink interface fxp0: 213.184.148.170 client 72.36.136.82 80 tcp 6479 16135 213.184.148.170 client 204.9.177.18 80 tcp 3365 4165 213.184.148.170 client 205.188.9.166 5190 tcp 12 572 213.184.148.170 client 195.161.116.13 80 tcp 484 564 213.184.148.170 client 89.202.157.135 80 tcp 297 505 213.184.148.170 client 82.33.101.62 41779 tcp 103 383 213.184.148.170 client 213.184.128.18 53 udp 162 274 213.184.148.170 client 89.107.121.50 1569 udp 162 218 213.184.148.170 client 209.85.137.19 80 tcp 0 160 213.184.148.170 client 205.188.9.157 443 tcp 0 160 213.184.148.170 client 62.221.254.147 25 tcp 6 126 89.107.121.50 1569 213.184.148.170 client udp 56 112 213.184.148.170 client 194.67.23.100 2041 tcp 44 84 213.184.148.170 63524 194.67.57.244 client tcp 44 84 213.184.148.170 client 194.67.57.244 2041 tcp 44 84 213.184.148.170 63812 213.113.20.186 client tcp 2 82 213.184.148.170 client 87.250.251.45 80 tcp 0 80 ... and so on. Is this problem in ip routing on my router, or the problem comes to layer that is over ip? The router configuration stands for: - Operating system (uname -a): FreeBSD gw.canmos.ru 4.11-RELEASE FreeBSD 4.11-RELEASE #0; - Routing daemon: Zebra+OSPFd (v0.94); - Loaded modules (kldstat): Id Refs Address Size Name 1 4 0xc0100000 2e5ebc kernel 2 1 0xc12ac000 3000 if_vlan.ko 3 1 0xc1341000 2000 star_saver.ko 4 1 0xc1991000 3000 snp.ko - Packet filter: ipfw; - Kernel options to work ipfw properly: options IPDIVERT #divert sockets options DUMMYNET options IPFIREWALL #firewall options IPFIREWALL_VERBOSE #enable logging to syslogd(8) options IPFIREWALL_FORWARD #enable transparent proxy support options IPFIREWALL_VERBOSE_LIMIT=100 #limit verbosity options IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by default #options IPFW2 options TCP_DROP_SYNFIN Thank you!! +-------------------------------------------+ ! CANMOS ISP Network ! +-------------------------------------------+ ! Best regards ! ! Igor V. Ruzanov, network operational staff! ! e-Mail: igorr@canmos.ru ! +-------------------------------------------+