From owner-freebsd-net@FreeBSD.ORG  Mon Aug 30 07:54:15 2010
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 2635710656A7
	for <net@freebsd.org>; Mon, 30 Aug 2010 07:54:15 +0000 (UTC)
	(envelope-from ozkan.kirik@gmail.com)
Received: from mail-qw0-f54.google.com (mail-qw0-f54.google.com
	[209.85.216.54])
	by mx1.freebsd.org (Postfix) with ESMTP id 448B78FC14
	for <net@freebsd.org>; Mon, 30 Aug 2010 07:54:14 +0000 (UTC)
Received: by qwg5 with SMTP id 5so5089205qwg.13
	for <net@freebsd.org>; Mon, 30 Aug 2010 00:54:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:mime-version:received:received:in-reply-to
	:references:date:message-id:subject:from:to:content-type
	:content-transfer-encoding;
	bh=S4mpHI0gh71/dfGrSMKNGs/Hvig0SdUsiD9bDbjFoyM=;
	b=gy7aWqTm3nydl19o1WkVKR8PCljALgKF610WkBhDnpzLaB1t8cKu0YnFlw3gF5OmeG
	m0U6XJf7O3Ls8Ojhr2T+MkTPY/j+NNWT0xUmwo1Z20kE5//2/bv7pYjjt1UWWXbxjmot
	/R1fCnUJOZH6+8LfkNRsMsxW05qI0CB0ZubtE=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=mime-version:in-reply-to:references:date:message-id:subject:from:to
	:content-type:content-transfer-encoding;
	b=sciFpU78UR0P5IzY876O5FnCUwcGz1AbHpm1EpZWgJSdqNkixQnkeCTqfQ9ZO8/aOx
	RNHASgpeUijyiavWv7Tpvr/WeImdB4aX2rsQH/975dgZ8ZBgVY4KdpPrN+klYtIG/9ep
	T4DHsmP16C8FzEcff5BZBq23QyZbIvY8l5rcQ=
MIME-Version: 1.0
Received: by 10.229.2.32 with SMTP id 32mr2751517qch.270.1283154853363; Mon,
	30 Aug 2010 00:54:13 -0700 (PDT)
Received: by 10.229.46.146 with HTTP; Mon, 30 Aug 2010 00:54:13 -0700 (PDT)
In-Reply-To: <AANLkTin6gSG+a8ndWFn+6S2DrVqtj7tJtky1qw7VmtMz@mail.gmail.com>
References: <AANLkTinQ3=6eqOLBzJF18dHb=-oEu-G6AmSG9C7TqwKW@mail.gmail.com>
	<4C7AB073.2040802@vwsoft.com>
	<AANLkTimD7E8Vwbhpe7beCCd+L8zzznew_AyCO9Da7wnn@mail.gmail.com>
	<AANLkTin6gSG+a8ndWFn+6S2DrVqtj7tJtky1qw7VmtMz@mail.gmail.com>
Date: Mon, 30 Aug 2010 10:54:13 +0300
Message-ID: <AANLkTingD7VGpbaMojXWWgFapZob5ynNYipHtOhL4QWE@mail.gmail.com>
From: =?ISO-8859-1?Q?=D6zkan_KIRIK?= <ozkan.kirik@gmail.com>
To: =?ISO-8859-1?Q?I=F1igo_Ortiz_de_Urbina?= <inigoortizdeurbina@gmail.com>, 
	net@freebsd.org
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Cc: 
Subject: Re: Default router changes unexpectedly
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Aug 2010 07:54:15 -0000

Hi,

# sysctl net.inet.icmp
net.inet.icmp.maskrepl: 0
net.inet.icmp.icmplim: 200
net.inet.icmp.bmcastecho: 0
net.inet.icmp.quotelen: 8
net.inet.icmp.reply_from_interface: 0
net.inet.icmp.reply_src:
net.inet.icmp.icmplim_output: 1
net.inet.icmp.log_redirect: 0
net.inet.icmp.drop_redirect: 1
net.inet.icmp.maskfake: 0

# ps ax | grep routed
37071  p1  S+     0:00.00 grep routed

# ps ax | grep -E "quagga|ospf|bgp"
37161  p1  S+     0:00.00 grep -E quagga|ospf|bgp


On Mon, Aug 30, 2010 at 1:28 AM, I=F1igo Ortiz de Urbina
<inigoortizdeurbina@gmail.com> wrote:
> Maybe icmp-redirect? You can use tshark or tcpdump to rotate
> compressed captures. You can filter rip or any other dynamic routing
> protocol and icmp.
>
> Have a nice day
>
> On 8/29/10, =D6zkan KIRIK <ozkan.kirik@gmail.com> wrote:
>> Hi Volker,
>>
>> There is no routing deamon working on this gateway. But I started a
>> tcpdump that listening to port 521.
>> I'll inform you about captured packets.
>>
>>
>> Regards,
>> Ozkan KIRIK
>> Mersin University @ Turkey
>>
>>
>> On Sun, Aug 29, 2010 at 10:09 PM, =A0<volker@vwsoft.com> wrote:
>>> On 08/29/10 19:50, =D6zkan KIRIK wrote:
>>>>
>>>> Hi,
>>>>
>>>> I am using FreeBSD 7.3 STABLE-201004. IPFW + In kernel NAT and if_vlan
>>>> used mostly.
>>>> System has 3 em interfaces. Scenario is classical, LAN DMZ WAN.
>>>>
>>>> Sometimes default router changes unexpectedly. I inspected logs if
>>>> someone logged in or changed route. I found nothing.
>>>> This problem repeats at least 1 times per day. I wrote a shell script
>>>> which monitors the default router.
>>>> I saw that sometimes netstat -rn shows that default router is changed
>>>> as 10.3.1.64 or 10.5.3.189 etc. which are client IP addresses but
>>>> routing still routes to right router 212.X.Y.Z .
>>>> After a while, routing really fails.
>>>> I use em nics for all.
>>>> At the weekends (when most clients are now working) i dont have any
>>>> problems.
>>
>> I'll correct the type above: At the weekends (when most clients are
>> noT working) i dont have any problems.
>>
>>
>>
>>>> I think some network packets affects the defaultrouter.
>>>> I tried to block packets belongs to the IP addresses which shown as
>>>> default router (10.3.1.64, 10.5.3.189 etc.. ). Then the problem is
>>>> solved.
>>>>
>>>> I wonder how the default router can be changed with packets that came
>>>> from network?
>>>> How can i prevent this without writing firewall rules?
>>>> Or which packets should I drop?
>>>>
>>>> Any ideas?
>>>
>>> =D6zkan,
>>>
>>> just one: Do you see RIP (521/tcp, 521/udp) traffic?
>>>
>>> Volker
>>>
>> _______________________________________________
>> freebsd-net@freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-net
>> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
>>
>