From owner-freebsd-net@FreeBSD.ORG Sun Aug 29 18:21:41 2010 Return-Path: Delivered-To: net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 79D8F1065693 for ; Sun, 29 Aug 2010 18:21:41 +0000 (UTC) (envelope-from ozkan.kirik@gmail.com) Received: from mail-qy0-f182.google.com (mail-qy0-f182.google.com [209.85.216.182]) by mx1.freebsd.org (Postfix) with ESMTP id 31F998FC15 for ; Sun, 29 Aug 2010 18:21:40 +0000 (UTC) Received: by qyk4 with SMTP id 4so4963624qyk.13 for ; Sun, 29 Aug 2010 11:21:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:date:message-id :subject:from:to:content-type; bh=S/myDPmx9hC5ltmTDO0PKAcT+13o8KdYsFuzHMiwKIU=; b=vuSRCpxDxZakCdPN4uXFmuwZGv8/6xVBJjmUGLK2ipLo0ZAoTtZZbMRidIVBQATyzi 4Uzl6ip1ZeOYgPBxinwtO5GAyKoefyxPwb4x38Wxe0eCYnV6wCqlis0uz5a7odC3wnF1 BsCaRRBI6Rp3RWmAjWJGFCWYYbhb2voSf/Usg= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=CZ5x8oqmnHp8EEw3cirb3yTPtCHFc4x4DME21COJVv6eyehv0xaWuMVf8sO8kAAYvT eZTsy6O8hp+NnSOevCufZXeucZKe0k22eJvEjliLOqoaTS8J7Unwj4trlGb406ije6Zp Pjlw40AoLQUV8o6qrdNulM8ldXdqU/o1xmX9c= MIME-Version: 1.0 Received: by 10.224.89.11 with SMTP id c11mr2164732qam.182.1283104230248; Sun, 29 Aug 2010 10:50:30 -0700 (PDT) Received: by 10.229.46.146 with HTTP; Sun, 29 Aug 2010 10:50:30 -0700 (PDT) Date: Sun, 29 Aug 2010 20:50:30 +0300 Message-ID: From: =?ISO-8859-1?Q?=D6zkan_KIRIK?= To: net@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Cc: Subject: Default router changes unexpectedly X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Aug 2010 18:21:41 -0000 Hi, I am using FreeBSD 7.3 STABLE-201004. IPFW + In kernel NAT and if_vlan used mostly. System has 3 em interfaces. Scenario is classical, LAN DMZ WAN. Sometimes default router changes unexpectedly. I inspected logs if someone logged in or changed route. I found nothing. This problem repeats at least 1 times per day. I wrote a shell script which monitors the default router. I saw that sometimes netstat -rn shows that default router is changed as 10.3.1.64 or 10.5.3.189 etc. which are client IP addresses but routing still routes to right router 212.X.Y.Z . After a while, routing really fails. I use em nics for all. At the weekends (when most clients are now working) i dont have any problems. I think some network packets affects the defaultrouter. I tried to block packets belongs to the IP addresses which shown as default router (10.3.1.64, 10.5.3.189 etc.. ). Then the problem is solved. I wonder how the default router can be changed with packets that came from network? How can i prevent this without writing firewall rules? Or which packets should I drop? Any ideas? Regards, Ozkan KIRIK Mersin University @ Turkey