From owner-freebsd-net@freebsd.org Sat Nov 28 10:06:59 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 57051A3AFEE for ; Sat, 28 Nov 2015 10:06:59 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 26D591DFA; Sat, 28 Nov 2015 10:06:58 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from Julian-MBP3.local (ppp121-45-225-88.lns20.per1.internode.on.net [121.45.225.88]) (authenticated bits=0) by vps1.elischer.org (8.15.2/8.15.2) with ESMTPSA id tASA6pCe084546 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Sat, 28 Nov 2015 02:06:55 -0800 (PST) (envelope-from julian@freebsd.org) Subject: Re: Outgoing packets being sent via wrong interface To: Daniel Bilik , Gary Palmer References: <20151120155511.5fb0f3b07228a0c829fa223f@neosystem.org> <20151120163431.3449a473db9de23576d3a4b4@neosystem.org> <20151121212043.GC2307@vega.codepro.be> <20151122130240.165a50286cbaa9288ffc063b@neosystem.cz> <20151125092145.e93151af70085c2b3393f149@neosystem.cz> <20151125122033.GB41119@in-addr.com> <20151127101349.752c94090e78ca68cf0f81fc@neosystem.org> Cc: freebsd-net@freebsd.org From: Julian Elischer Message-ID: <56597CB5.7030307@freebsd.org> Date: Sat, 28 Nov 2015 18:06:45 +0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0) Gecko/20100101 Thunderbird/38.4.0 MIME-Version: 1.0 In-Reply-To: <20151127101349.752c94090e78ca68cf0f81fc@neosystem.org> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 28 Nov 2015 10:06:59 -0000 On 27/11/2015 5:13 PM, Daniel Bilik wrote: > On Wed, 25 Nov 2015 12:20:33 +0000 > Gary Palmer wrote: > >> route -n get > As suggested by Kevin and Ryan, I set the router to drop redirects... > > net.inet.icmp.drop_redirect: 1 > > ... but it happened again today, and again affected host was 192.168.2.33. > Routing and arp entries were correct. Output of "route -n get"... > > route to: 192.168.2.33 > destination: 192.168.2.0 > mask: 255.255.255.0 > fib: 0 > interface: re1 > flags: > recvpipe sendpipe ssthresh rtt,msec mtu weight expire > 0 0 0 0 1500 1 0 > > ... has not changed during the problem. > > Interesting was ping result... > > PING 192.168.2.33 (192.168.2.33): 56 data bytes > ping: sendto: Operation not permitted > ping: sendto: Operation not permitted > ... > 64 bytes from 192.168.2.33: icmp_seq=11 ttl=128 time=0.593 ms > ping: sendto: Operation not permitted > ... > 64 bytes from 192.168.2.33: icmp_seq=20 ttl=128 time=0.275 ms > 64 bytes from 192.168.2.33: icmp_seq=21 ttl=128 time=0.251 ms > ping: sendto: Operation not permitted > ... > 64 bytes from 192.168.2.33: icmp_seq=40 ttl=128 time=0.245 ms > ping: sendto: Operation not permitted > 64 bytes from 192.168.2.33: icmp_seq=42 ttl=128 time=7.111 ms > ping: sendto: Operation not permitted > ... > --- 192.168.2.33 ping statistics --- > 46 packets transmitted, 5 packets received, 89.1% packet loss > > It seems _some_ packets go the right interface (re1), but most > try to go wrong (re0) and are dropped by pf... > > 00:00:01.066886 rule 53..16777216/0(match): block out on re0: 82.x.y.50 > 192.168.2.33: ICMP echo request, id 58628, seq 39, length 64 > 00:00:02.017874 rule 53..16777216/0(match): block out on re0: 82.x.y.50 > 192.168.2.33: ICMP echo request, id 58628, seq 41, length 64 > 00:00:02.069634 rule 53..16777216/0(match): block out on re0: 82.x.y.50 > 192.168.2.33: ICMP echo request, id 58628, seq 43, length 64 > > And again, refreshing default route (delete default / add default) > resolved it... > > PING 192.168.2.33 (192.168.2.33): 56 data bytes > 64 bytes from 192.168.2.33: icmp_seq=0 ttl=128 time=0.496 ms > 64 bytes from 192.168.2.33: icmp_seq=1 ttl=128 time=0.226 ms > 64 bytes from 192.168.2.33: icmp_seq=2 ttl=128 time=0.242 ms > 64 bytes from 192.168.2.33: icmp_seq=3 ttl=128 time=0.226 ms next time it happens try flushing the arp table. > > -- > Dan > _______________________________________________ > freebsd-net@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >