Date: Mon, 30 Aug 2010 10:54:13 +0300 From: =?ISO-8859-1?Q?=D6zkan_KIRIK?= <ozkan.kirik@gmail.com> To: =?ISO-8859-1?Q?I=F1igo_Ortiz_de_Urbina?= <inigoortizdeurbina@gmail.com>, net@freebsd.org Subject: Re: Default router changes unexpectedly Message-ID: <AANLkTingD7VGpbaMojXWWgFapZob5ynNYipHtOhL4QWE@mail.gmail.com> In-Reply-To: <AANLkTin6gSG%2Ba8ndWFn%2B6S2DrVqtj7tJtky1qw7VmtMz@mail.gmail.com> References: <AANLkTinQ3=6eqOLBzJF18dHb=-oEu-G6AmSG9C7TqwKW@mail.gmail.com> <4C7AB073.2040802@vwsoft.com> <AANLkTimD7E8Vwbhpe7beCCd%2BL8zzznew_AyCO9Da7wnn@mail.gmail.com> <AANLkTin6gSG%2Ba8ndWFn%2B6S2DrVqtj7tJtky1qw7VmtMz@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, # sysctl net.inet.icmp net.inet.icmp.maskrepl: 0 net.inet.icmp.icmplim: 200 net.inet.icmp.bmcastecho: 0 net.inet.icmp.quotelen: 8 net.inet.icmp.reply_from_interface: 0 net.inet.icmp.reply_src: net.inet.icmp.icmplim_output: 1 net.inet.icmp.log_redirect: 0 net.inet.icmp.drop_redirect: 1 net.inet.icmp.maskfake: 0 # ps ax | grep routed 37071 p1 S+ 0:00.00 grep routed # ps ax | grep -E "quagga|ospf|bgp" 37161 p1 S+ 0:00.00 grep -E quagga|ospf|bgp On Mon, Aug 30, 2010 at 1:28 AM, I=F1igo Ortiz de Urbina <inigoortizdeurbina@gmail.com> wrote: > Maybe icmp-redirect? You can use tshark or tcpdump to rotate > compressed captures. You can filter rip or any other dynamic routing > protocol and icmp. > > Have a nice day > > On 8/29/10, =D6zkan KIRIK <ozkan.kirik@gmail.com> wrote: >> Hi Volker, >> >> There is no routing deamon working on this gateway. But I started a >> tcpdump that listening to port 521. >> I'll inform you about captured packets. >> >> >> Regards, >> Ozkan KIRIK >> Mersin University @ Turkey >> >> >> On Sun, Aug 29, 2010 at 10:09 PM, =A0<volker@vwsoft.com> wrote: >>> On 08/29/10 19:50, =D6zkan KIRIK wrote: >>>> >>>> Hi, >>>> >>>> I am using FreeBSD 7.3 STABLE-201004. IPFW + In kernel NAT and if_vlan >>>> used mostly. >>>> System has 3 em interfaces. Scenario is classical, LAN DMZ WAN. >>>> >>>> Sometimes default router changes unexpectedly. I inspected logs if >>>> someone logged in or changed route. I found nothing. >>>> This problem repeats at least 1 times per day. I wrote a shell script >>>> which monitors the default router. >>>> I saw that sometimes netstat -rn shows that default router is changed >>>> as 10.3.1.64 or 10.5.3.189 etc. which are client IP addresses but >>>> routing still routes to right router 212.X.Y.Z . >>>> After a while, routing really fails. >>>> I use em nics for all. >>>> At the weekends (when most clients are now working) i dont have any >>>> problems. >> >> I'll correct the type above: At the weekends (when most clients are >> noT working) i dont have any problems. >> >> >> >>>> I think some network packets affects the defaultrouter. >>>> I tried to block packets belongs to the IP addresses which shown as >>>> default router (10.3.1.64, 10.5.3.189 etc.. ). Then the problem is >>>> solved. >>>> >>>> I wonder how the default router can be changed with packets that came >>>> from network? >>>> How can i prevent this without writing firewall rules? >>>> Or which packets should I drop? >>>> >>>> Any ideas? >>> >>> =D6zkan, >>> >>> just one: Do you see RIP (521/tcp, 521/udp) traffic? >>> >>> Volker >>> >> _______________________________________________ >> freebsd-net@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-net >> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >> >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTingD7VGpbaMojXWWgFapZob5ynNYipHtOhL4QWE>