From owner-freebsd-net@FreeBSD.ORG  Tue Dec 30 06:34:43 2003
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9F01F16A4CE
	for <freebsd-net@freebsd.org>; Tue, 30 Dec 2003 06:34:43 -0800 (PST)
Received: from mail.icomag.de (ns.icomag.de [195.227.115.162])
	by mx1.FreeBSD.org (Postfix) with ESMTP id DE85643D45
	for <freebsd-net@freebsd.org>; Tue, 30 Dec 2003 06:34:41 -0800 (PST)
	(envelope-from bgd@icomag.de)
Received: from localhost (localhost [127.0.0.1])
	by mail.icomag.de (Postfix) with ESMTP id D3E1122E32
	for <freebsd-net@freebsd.org>; Tue, 30 Dec 2003 15:34:39 +0100 (CET)
Received: by mail.icomag.de (Postfix, from userid 1019)
	id 8B1FA22E36; Tue, 30 Dec 2003 15:34:36 +0100 (CET)
Date: Tue, 30 Dec 2003 15:34:36 +0100
From: Bogdan TARU <bgd@icomag.de>
To: freebsd-net@freebsd.org
Message-ID: <20031230143436.GB27308@icomag.de>
Mail-Followup-To: freebsd-net@freebsd.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4.1i
X-Virus-Scanned: by AMaViS
Subject: strange ICMP problems
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Dec 2003 14:34:43 -0000



	Hi,

 I've got some strange ICMP problems on my FreeBSD
 router/firewall. I'm trying to ping a host (dst) from this router,
 and I don't get any answer (100% packet loss). A tcpdump shows me
 (src=freebsd router/firewall, dst=destination host of the ping):

src > dst: icmp: echo request (ttl 64, id 15739, len 84)
dst > src: icmp: echo reply (ttl 58, id 33870, len 84)
src > dst: icmp: time exceeded in-transit for 
              dst > src: icmp: echo reply [ttl 1]
             (id 33870, len 84) [tos 0xc0]  (ttl 254, id 6572, len 56)

 over and over and over again. This happens only with ICMP and only
 for this destination HOST! (It doesn't happen if I try from a
 different source box, though). 

 I guess it's the freebsd router's fault, because it definitely
 receives a packet with ttl 58, and sends an ttl exceeded. 

 The router is running freebsd 4.8-RELEASE, with IPF v3.4.31, and
 IPnat for natting. It's been running ok for about 100 days, and the
 problems with this destination hosts appeared suddenly, without
 configuration changes on any end.

 Any hints if IPF is really the problem?

 Thanks,
 bogdan