Default router changes unexpectedly
Özkan KIRIK
ozkan.kirik at gmail.com
Sun Aug 29 19:48:13 UTC 2010
Hi Volker,
There is no routing deamon working on this gateway. But I started a
tcpdump that listening to port 521.
I'll inform you about captured packets.
Regards,
Ozkan KIRIK
Mersin University @ Turkey
On Sun, Aug 29, 2010 at 10:09 PM, <volker at vwsoft.com> wrote:
> On 08/29/10 19:50, Özkan KIRIK wrote:
>>
>> Hi,
>>
>> I am using FreeBSD 7.3 STABLE-201004. IPFW + In kernel NAT and if_vlan
>> used mostly.
>> System has 3 em interfaces. Scenario is classical, LAN DMZ WAN.
>>
>> Sometimes default router changes unexpectedly. I inspected logs if
>> someone logged in or changed route. I found nothing.
>> This problem repeats at least 1 times per day. I wrote a shell script
>> which monitors the default router.
>> I saw that sometimes netstat -rn shows that default router is changed
>> as 10.3.1.64 or 10.5.3.189 etc. which are client IP addresses but
>> routing still routes to right router 212.X.Y.Z .
>> After a while, routing really fails.
>> I use em nics for all.
>> At the weekends (when most clients are now working) i dont have any
>> problems.
I'll correct the type above: At the weekends (when most clients are
noT working) i dont have any problems.
>> I think some network packets affects the defaultrouter.
>> I tried to block packets belongs to the IP addresses which shown as
>> default router (10.3.1.64, 10.5.3.189 etc.. ). Then the problem is
>> solved.
>>
>> I wonder how the default router can be changed with packets that came
>> from network?
>> How can i prevent this without writing firewall rules?
>> Or which packets should I drop?
>>
>> Any ideas?
>
> Özkan,
>
> just one: Do you see RIP (521/tcp, 521/udp) traffic?
>
> Volker
>
More information about the freebsd-net
mailing list