From owner-freebsd-net@FreeBSD.ORG Sun Aug 29 19:48:13 2010 Return-Path: Delivered-To: net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 36CB310656A3 for ; Sun, 29 Aug 2010 19:48:13 +0000 (UTC) (envelope-from ozkan.kirik@gmail.com) Received: from mail-qw0-f54.google.com (mail-qw0-f54.google.com [209.85.216.54]) by mx1.freebsd.org (Postfix) with ESMTP id DCC678FC08 for ; Sun, 29 Aug 2010 19:48:12 +0000 (UTC) Received: by qwg5 with SMTP id 5so4773809qwg.13 for ; Sun, 29 Aug 2010 12:48:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=4b20iDIrLqOUEDjBAgqyx3T1JLUBF2YC+rRNU5hqhm8=; b=B5bu61d3+zcclEhf4lECn+bE7dJglLlz46fXzS82mJ1n7caQ2lB7IvRdkAzY/CDNUx PqW2s1OdqVc5u8S70ysR1FWP+8UIH7tY3Xwn8McBnoiZomtB8NMZiNkYCUe/H7rHaWdy xvEX/iLyC4AexjGXgf3RljvZX3D7W4BO1+TKI= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=x/4eNbhty0QG27qzWED5L6fooqOah2vIKVNAhc3/U5CKM1xcf7M0l+zzaiU4Nl7d/g lWCEGNzIrRELzt2SQNFlG8dcLwL+Y3rp+EnrRmE7wfg3zUVxJ6w/Zk8J+uIj0kkpb7dW x8w+X/8x85DTe6idWvH6KJFoveAABb9I5B2Tk= MIME-Version: 1.0 Received: by 10.229.223.195 with SMTP id il3mr2397426qcb.83.1283111259685; Sun, 29 Aug 2010 12:47:39 -0700 (PDT) Received: by 10.229.46.146 with HTTP; Sun, 29 Aug 2010 12:47:35 -0700 (PDT) In-Reply-To: <4C7AB073.2040802@vwsoft.com> References: <4C7AB073.2040802@vwsoft.com> Date: Sun, 29 Aug 2010 22:47:35 +0300 Message-ID: From: =?ISO-8859-1?Q?=D6zkan_KIRIK?= To: volker@vwsoft.com Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: net@freebsd.org Subject: Re: Default router changes unexpectedly X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Aug 2010 19:48:13 -0000 Hi Volker, There is no routing deamon working on this gateway. But I started a tcpdump that listening to port 521. I'll inform you about captured packets. Regards, Ozkan KIRIK Mersin University @ Turkey On Sun, Aug 29, 2010 at 10:09 PM, wrote: > On 08/29/10 19:50, =D6zkan KIRIK wrote: >> >> Hi, >> >> I am using FreeBSD 7.3 STABLE-201004. IPFW + In kernel NAT and if_vlan >> used mostly. >> System has 3 em interfaces. Scenario is classical, LAN DMZ WAN. >> >> Sometimes default router changes unexpectedly. I inspected logs if >> someone logged in or changed route. I found nothing. >> This problem repeats at least 1 times per day. I wrote a shell script >> which monitors the default router. >> I saw that sometimes netstat -rn shows that default router is changed >> as 10.3.1.64 or 10.5.3.189 etc. which are client IP addresses but >> routing still routes to right router 212.X.Y.Z . >> After a while, routing really fails. >> I use em nics for all. >> At the weekends (when most clients are now working) i dont have any >> problems. I'll correct the type above: At the weekends (when most clients are noT working) i dont have any problems. >> I think some network packets affects the defaultrouter. >> I tried to block packets belongs to the IP addresses which shown as >> default router (10.3.1.64, 10.5.3.189 etc.. ). Then the problem is >> solved. >> >> I wonder how the default router can be changed with packets that came >> from network? >> How can i prevent this without writing firewall rules? >> Or which packets should I drop? >> >> Any ideas? > > =D6zkan, > > just one: Do you see RIP (521/tcp, 521/udp) traffic? > > Volker >