Date: Sun, 22 Nov 2015 13:02:40 +0100 From: Daniel Bilik <ddb@neosystem.org> To: Kristof Provost <kp@FreeBSD.org> Cc: freebsd-net@freebsd.org Subject: Re: Outgoing packets being sent via wrong interface Message-ID: <20151122130240.165a50286cbaa9288ffc063b@neosystem.cz> In-Reply-To: <20151121212043.GC2307@vega.codepro.be> References: <20151120155511.5fb0f3b07228a0c829fa223f@neosystem.org> <C1D7F956-81C9-4ED4-99B8-E0C73A3ECB37@FreeBSD.org> <20151120163431.3449a473db9de23576d3a4b4@neosystem.org> <20151121212043.GC2307@vega.codepro.be>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 21 Nov 2015 22:20:43 +0100 Kristof Provost <kp@FreeBSD.org> wrote: >> Sure, pf.conf attached. > Thanks. As a first guess, I think the origin of the problem might be > related to the double nat rule you've got. Well, even though pf may play some role in the problem, I tend to suspect the routing table as the main trigger. There are several facts to support this... 1. after reboot, the router runs fine, even with this "double nat" rule 2. this "double nat" rule was also present on the router when it was running 9-stable, working flawlessly for years 3. when the problems start, there already is one or more "hits" to routing table (by a previously mentioned cron task that updates default route to keep the connectivity), ie. the problems may or may not start only after touching the routing table 4. it seems that touching routing table can also "cure" the problem: last week I noticed the router was unable to make tcp connections to one host over vpn - same problem, it was pushing packets via re0 instead of tap0, but yesterday I've found the problem is gone, without any reboot or other intervention, and surprise... there was short connectivity problem at the beginning of this week, thus default route was changed twice > I don't have the time to dig into this right away. Could you create a PR > and cc me to it? Created, bug id 204735. Thank you. -- Dan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20151122130240.165a50286cbaa9288ffc063b>