strange ICMP problems
Bogdan TARU
bgd at icomag.de
Tue Dec 30 06:34:43 PST 2003
Hi,
I've got some strange ICMP problems on my FreeBSD
router/firewall. I'm trying to ping a host (dst) from this router,
and I don't get any answer (100% packet loss). A tcpdump shows me
(src=freebsd router/firewall, dst=destination host of the ping):
src > dst: icmp: echo request (ttl 64, id 15739, len 84)
dst > src: icmp: echo reply (ttl 58, id 33870, len 84)
src > dst: icmp: time exceeded in-transit for
dst > src: icmp: echo reply [ttl 1]
(id 33870, len 84) [tos 0xc0] (ttl 254, id 6572, len 56)
over and over and over again. This happens only with ICMP and only
for this destination HOST! (It doesn't happen if I try from a
different source box, though).
I guess it's the freebsd router's fault, because it definitely
receives a packet with ttl 58, and sends an ttl exceeded.
The router is running freebsd 4.8-RELEASE, with IPF v3.4.31, and
IPnat for natting. It's been running ok for about 100 days, and the
problems with this destination hosts appeared suddenly, without
configuration changes on any end.
Any hints if IPF is really the problem?
Thanks,
bogdan
More information about the freebsd-net
mailing list