From owner-freebsd-pf@FreeBSD.ORG Wed Oct 18 13:56:02 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A10AA16A412; Wed, 18 Oct 2006 13:56:02 +0000 (UTC) (envelope-from turgeon.martin@gmail.com) Received: from relais.videotron.ca (relais.videotron.ca [24.201.245.36]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1D6B843D45; Wed, 18 Oct 2006 13:56:02 +0000 (GMT) (envelope-from turgeon.martin@gmail.com) Received: from martinlaptop ([70.81.169.115]) by VL-MH-MR001.ip.videotron.ca (Sun Java System Messaging Server 6.2-2.05 (built Apr 28 2005)) with ESMTP id <0J7C00A30418UN90@VL-MH-MR001.ip.videotron.ca>; Wed, 18 Oct 2006 09:56:01 -0400 (EDT) Date: Wed, 18 Oct 2006 09:56:12 -0400 From: Martin Turgeon To: freebsd-pf@freebsd.org, freebsd-bugs@freebsd.org, freebsd-questions@freebsd.org Message-id: <0J7C00A3541CUN90@VL-MH-MR001.ip.videotron.ca> MIME-version: 1.0 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.2962 X-Mailer: Microsoft Office Outlook, Build 11.0.5510 Thread-index: AcbyvSvyTupTIOwvRfqNjRmitjV4Aw== Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7BIT X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Subject: Routing with external interface doesn't work after a while X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Oct 2006 13:56:02 -0000 Hi everyone, I've been reading the mailing list for a while, but it's my first post. I'm not sure what is causing the problem so I'm posting to multiple lists. I'm running FreeBSD 6.1 on a Celeron 2.8GHz with 512Mo of RAM. It looks likes after a while (a couple of weeks) the routing isn't working anymore, but only with the external interface (the one connected to my cable modem from Videotron in Montreal). The box is acting as the gateway of the network with PF, OpenVPN 2.0.5-1 and ISC-DHCPd 3.0.3-1 running. The problem also occurred on FreeBSD 6.0 on another box. The routing table looks ok. The external interface is still receiving ARP requests but nothing is going out from my internal network. When I run tcpdump on my internal interface I can see the request to the DNS server of my ISP but running tcpdump on the external interface isn't showing anything related to that. It's like if the packet disappeared. Tcpdump on pflog0 isn't showing any good traffic that is being blocked Here's what I tried with no result: I tried to flush the states with pfctl -Fs I tried to reload the NAT with pfctl -N The solution was to renew the address of the external interface with dhclient fxp0. I looked back at the routing table after the dhclient fxp0 and nothing changed except the address of the default gateway because my IP address changed of subnetwork. I don't think it's related to the ISP because I'm not seeing any packet going out of the external interface. Here is a little more detail about the box: Uname -a: FreeBSD gateway.bureau.own 6.1-RELEASE-p5 FreeBSD 6.1-RELEASE-p5 #2: Fri Sep 15 14:59:44 EDT 2006 root@gateway.bureau.own:/usr/src/sys/i386/compile/OPTIK i386 The external interface is a Intel 10/100 onboard an Asus motherboard with fxp driver Thanks for your help Martin