Date: Mon, 25 Aug 2003 18:04:37 +0300 From: "Stoyan Stratev" <svs000@aubg.bg> To: <freebsd-net@freebsd.org> Subject: the router spams with echo requests Message-ID: <002201c36b1a$3408a790$0c00a8c0@lini>
next in thread | raw e-mail | index | archive | help
Hello, I am running the latest production release(4.8) for a router/nat and i have a problem with my ISP. The ISP is using a network with hubs therefore we receive echo packets on the outside interface, that are not meant for our machine. The problem is that that the box forwards those packets multiple times and so the ISP thinks we have a virus or are doing portscans. i ran 'tcpdump -p -i rl1| grep echo' and noticed the following: we receive one packet: 20:50:02.596560 some.address.com > machine.on.our.subnet: icmp: echo request [tos 0x80] we send 20 packets very fast: 20:50:02.596851 our.router.com > machine.on.our.subnet: icmp: echo request [tos 0x80] I tried to replicate it by pinging machine.on.our.subnet from an outside looking glass and it behaves the same way(sees the packet for machine.on.our.subnet and pings it another 20-30 times) i ran ifconfig and there is no interface running in promiscos(or whatever) mode. The box has a fresh install of FreeBSD 4.8 mini. The only things I did were to recompile the kernel to enable NAT and then edit the configuration so natd starts at boot time. here is a snippet from rc.conf: gateway_enable="YES" firewall_enable="YES" firewall_type="OPEN" natd_enable="YES" natd_interface="rl1" natd_flags="-redirect_port tcp 192.168.0.10:80 80" hostname="our.router.com" ifconfig_rl0="inet 192.168.0.1 netmask 255.255.255.0" ifconfig_rl1="inet xxx.xx.xxx.27 netmask 255.255.255.224" What did i do wrong? Thanks
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002201c36b1a$3408a790$0c00a8c0>