From owner-freebsd-net Tue May 16 19:29: 4 2000 Delivered-To: freebsd-net@freebsd.org Received: from netcom.com (netcom17.netcom.com [199.183.9.117]) by hub.freebsd.org (Postfix) with ESMTP id 4F39337B68E for ; Tue, 16 May 2000 19:29:01 -0700 (PDT) (envelope-from stanb@netcom.com) Received: (from stanb@localhost) by netcom.com (8.9.3/8.9.3) id TAA04726 for freebsd-net@FreeBSD.ORG; Tue, 16 May 2000 19:28:54 -0700 (PDT) From: Stan Brown Message-Id: <200005170228.TAA04726@netcom.com> Subject: What the heck! routeing wierdness To: freebsd-net@FreeBSD.ORG (FreeBSD Networking) Date: Tue, 16 May 2000 22:28:53 -0400 (EDT) X-Mailer: ELM [version 2.5 PL3] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I have a FreebSD 3.4 machine that I use for a NAT, ipfw firweall from my cablemodem provider to my home nnetwork. Today I was having problems reaching certain hosts (slashdot being one of them). I noticed that I could tracerout to a host 1 hop before shlashdot without a problem, but that traceroutes to is just got lost. So I looked at the routeing tables on that machine. here is wat I found! Script started on Tue May 16 22:22:59 2000 ]0;stan@koala.fas.com;/home/stanstan@koala.fas.com:/home/stan $ netstat -rn Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 24.6.61.1 UGSc 44 782073 ed1 4.3.33.177 default UGHS 1 13414 ed1 4.48.171.31 default UGHS 0 410 ed1 24.5.62.2 default UGHS 0 1086 ed1 24.6.61.0 ff:ff:ff:ff:ff:ff UHLWb 0 3 ed1 => 24.6.61/24 link#2 UC 0 0 ed1 24.6.61.1 0:50:3e:e2:10:40 UHLW 8 15654 ed1 1073 24.6.61.255 ff:ff:ff:ff:ff:ff UHLWb 0 8738 ed1 24.25.116.78 default UGHS 0 13000 ed1 24.112.117.50 default UGHS 0 10 ed1 62.125.35.46 default UGHS 0 134 ed1 62.236.0.4 default UGHS 0 484 ed1 63.15.93.89 default UGHS 1 18 ed1 63.225.179.60 default UGHS 0 2064 ed1 64.28.67.48 default UGHS 0 128 ed1 127.0.0.1 127.0.0.1 UH 3 624586 lo0 131.118.80.101 default UGHS 0 52 ed1 151.99.78.38 default UGHS 1 110 ed1 162.39.196.32 default UGHS 0 13348 ed1 170.85.106/24 205.159.77.240 UGSc 0 0 ed0 170.85.109/24 205.159.77.240 UGSc 0 0 ed0 170.85.111/24 205.159.77.240 UGSc 0 0 ed0 170.85.113/24 205.159.77.240 UGSc 0 0 ed0 192.0.4.1 192.0.3.1 UH 0 5101 lp0 192.0.6.1 192.0.5.1 UH 0 4346 lp1 192.168.0.1 205.159.77.240 UGHS 0 0 ed0 192.168.1.1 205.159.77.240 UGHS 0 1155 ed0 198.92.138.246 default UGHS 0 94 ed1 202.53.226.70 default UGHS 0 1190 ed1 202.146.244.167 default UGHS 0 278 ed1 202.146.244.169 default UGHS 0 450 ed1 202.146.246.57 default UGHS 0 582 ed1 202.146.246.143 default UGHS 0 614 ed1 202.146.246.197 default UGHS 0 334 ed1 202.146.254.56 default UGHS 0 27494 ed1 202.147.251.241 default UGHS 0 212 ed1 202.154.42.20 default UGHS 0 162 ed1 202.155.5.166 default UGHS 0 502 ed1 202.155.53.122 default UGHS 0 390 ed1 203.123.252.234 default UGHS 0 486 ed1 205.159.77 link#1 UC 0 0 ed0 205.159.77.225 0:80:ad:7:f9:75 UHLW 0 9 ed0 234 205.159.77.231 8:0:9:4:1a:75 UHLW 0 8 ed0 474 205.159.77.232 link#1 UHLW 15 318024 ed0 205.159.77.234 0:80:ad:8:2b:80 UHLW 3 96 lo0 205.159.77.236 8:0:9:92:55:11 UHLW 2 1562217 ed0 1189 205.159.77.238 0:80:d4:0:11:97 UHLW 0 1232 ed0 222 205.159.77.239 8:0:9:10:6:a5 UHLW 2 1417 ed0 774 205.159.77.240 8:0:9:11:e5:a UHLW 12 735653 ed0 774 205.159.77.255 ff:ff:ff:ff:ff:ff UHLWb 1 4369 ed0 206.31.36.83 default UGHS 0 752 ed1 207.126.96.163 default UGHS 0 252 ed1 208.243.117.123 default UGHS 0 26 ed1 209.74.30.64 default UGHS 0 1380 ed1 209.74.30.178 default UGHS 0 1578 ed1 209.74.30.182 default UGHS 1 1182 ed1 209.198.223.126 default UGHS 0 268 ed1 212.25.97.32 default UGHS 0 18 ed1 216.132.33.42 default UGHS 0 206 ed1 ]0;stan@koala.fas.com;/home/stanstan@koala.fas.com:/home/stan $ Script done on Tue May 16 22:23:10 2000 Can anyone tell me what is going on here? ed0 is the internal interface, and ed1 is the external. The real default route should be to 24.6.61.1 What are all these others? Is this some strange sort of atack? -- Stan Brown stanb@netcom.com 404-996-6955 Factory Automation Systems Atlanta Ga. -- Look, look, see Windows 95. Buy, lemmings, buy! Pay no attention to that cliff ahead... Henry Spencer (c) 1998 Stan Brown. Redistribution via the Microsoft Network is prohibited. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message