misc/174749: Unexpected change of default route

Radek Krejca radek.krejca at starnet.cz
Thu Dec 27 20:10:01 UTC 2012 

>Number:         174749
>Category:       misc
>Synopsis:       Unexpected change of default route
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Dec 27 20:10:00 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator:     Radek Krejca
>Release:        9.0
>Organization:
STARNET, s.r.o.
>Environment:
FreeBSD nat-62.starnet.cz 9.0-RELEASE-p4 FreeBSD 9.0-RELEASE-p4 #1: Mon Nov  5 14:24:05 CET 2012     root at storage.starnet.cz:/usr/obj/usr/src/sys/NAT-9.0  amd64
>Description:
Hello,

I have a lot of diskless machines (about 60) booted over network from one readonly image. This machines are NATs realized over PF. Image is relative clean system, there is only PF support compiled in kernel, snmpd (readonly, but if I shut it down, problem is still here), fprobe for reports and that is all. I dont block any port at this moment, except smtp.

No route software or dhclient is running.

Only on one machine is problem (probably client with virus), but this problem is very often and serious. Currently I have script for watching default route and after change turn it back and send me e-mail. Change come on about 10 times (randomly) pred day, but in batch, I got 15 e-mail per 5 second (15 changes) 10 minutes ago.

Default route (bad default route) is random and last change was to 192.168.1.5 - correct is 178.255.168.254. Bad default route need not be from ip range on this machine.

Ipv6 routing is untouched so I can analyze traffic, but I dont know which. All traffic is impossible, because bandwidth of this machine is about 300-450 mbit and I cannot predict time of problem and ip range of new bad default route.

I thought that could be a problem in icmp redirect (if there is huge of theese packet, change of default route comes) but I switched on log.icmp.redirect and I dont have positive match.
>How-To-Repeat:
Its hard to say - if there is a lot of icmp redirect packets sometimes change comes, but not always. Instalation is relative clean, so problem could be in default instalation. The same problem comes also on 8.2 FBSD, the same machine (physical machine was changed, but the same set of clients).
>Fix:


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list