Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 22 Nov 2015 13:02:40 +0100
From:      Daniel Bilik <ddb@neosystem.org>
To:        Kristof Provost <kp@FreeBSD.org>
Cc:        freebsd-net@freebsd.org
Subject:   Re: Outgoing packets being sent via wrong interface
Message-ID:  <20151122130240.165a50286cbaa9288ffc063b@neosystem.cz>
In-Reply-To: <20151121212043.GC2307@vega.codepro.be>
References:  <20151120155511.5fb0f3b07228a0c829fa223f@neosystem.org> <C1D7F956-81C9-4ED4-99B8-E0C73A3ECB37@FreeBSD.org> <20151120163431.3449a473db9de23576d3a4b4@neosystem.org> <20151121212043.GC2307@vega.codepro.be>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Sat, 21 Nov 2015 22:20:43 +0100
Kristof Provost <kp@FreeBSD.org> wrote:

>> Sure, pf.conf attached.
> Thanks. As a first guess, I think the origin of the problem might be
> related to the double nat rule you've got.

Well, even though pf may play some role in the problem, I tend to suspect
the routing table as the main trigger. There are several facts to support
this...

1. after reboot, the router runs fine, even with this "double nat" rule

2. this "double nat" rule was also present on the router when it was
running 9-stable, working flawlessly for years

3. when the problems start, there already is one or more "hits" to routing
table (by a previously mentioned cron task that updates default route to
keep the connectivity), ie. the problems may or may not start only after
touching the routing table

4. it seems that touching routing table can also "cure" the problem: last
week I noticed the router was unable to make tcp connections to one host
over vpn - same problem, it was pushing packets via re0 instead of tap0,
but yesterday I've found the problem is gone, without any reboot or other
intervention, and surprise... there was short connectivity problem at the
beginning of this week, thus default route was changed twice

> I don't have the time to dig into this right away. Could you create a PR
> and cc me to it?

Created, bug id 204735.

Thank you.

--
						Dan

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20151122130240.165a50286cbaa9288ffc063b>