NeedHelp

Igor V. Ruzanov igorr at canmos.ru
Fri Feb 16 16:03:12 UTC 2007 

Hello!
I have a very strange problem occured on my FreeBSD router:
- i have several vlan interfaces to wich assigned some real ip-address 
from 89.107.x.x;
- and uplink interface fxp0 to witch assigned gateway real ip-address 
from 89.107.y.y;

Sometimes when i analyze traffic flowing throuth my interfaces (vlans and 
fxp0) i can see the following data from vlan18 to uplink (tcpdump):

root at gw: [18:49] (~)# tcpdump -X -s1024 -n -c100 -i vlan18 host 213.184.148.170
tcpdump: listening on vlan18
19:30:16.577894 213.184.148.170.1323 > 194.67.23.207.80: S 1966953971:1966953971(0) win 65535 <mss 1460,nop,nop,sackOK> (DF)
0x0000   4500 0030 6d74 4000 8006 48de d5b8 94aa        E..0mt at ...H.....
0x0010   c243 17cf 052b 0050 753d 55f3 0000 0000        .C...+.Pu=U.....
0x0020   7002 ffff 6dfe 0000 0204 05b4 0101 0402        p...m...........
19:30:16.579013 213.184.148.170.63203 > 88.212.201.120.80: . ack 2538364981 win 64240 (DF)
0x0000   4500 0028 a5e9 4000 3f06 0937 d5b8 94aa        E..(.. at .?..7....
0x0010   58d4 c978 f6e3 0050 1fe5 8eb7 974c 6035        X..x...P.....L`5
0x0020   5010 faf0 8ae1 0000 aaaa aaaa aaaa             P.............
19:30:16.581381 213.184.148.170.63203 > 88.212.201.120.80: . ack 2921 win 64240 (DF)
0x0000   4500 0028 a5ea 4000 3f06 0936 d5b8 94aa        E..(.. at .?..6....
0x0010   58d4 c978 f6e3 0050 1fe5 8eb7 974c 6b9d        X..x...P.....Lk.
0x0020   5010 faf0 7f79 0000 aaaa aaaa aaaa             P....y........
19:30:16.583829 213.184.148.170.63203 > 88.212.201.120.80: . ack 5841 win 64240 (DF)
0x0000   4500 0028 a5eb 4000 3f06 0935 d5b8 94aa        E..(.. at .?..5....
0x0010   58d4 c978 f6e3 0050 1fe5 8eb7 974c 7705        X..x...P.....Lw.
0x0020   5010 faf0 7411 0000 aaaa aaaa aaaa             P...t.........
19:30:16.584807 213.184.148.170.1323 > 194.67.23.207.80: . ack 42151783 win 65535 (DF)
0x0000   4500 0028 6d75 4000 8006 48e5 d5b8 94aa        E..(mu at ...H.....
0x0010   c243 17cf 052b 0050 753d 55f4 0283 2f67        .C...+.Pu=U.../g
0x0020   5010 ffff 68c8 0000 aaaa aaaa aaaa             P...h.........
19:30:16.586796 213.184.148.170.1323 > 194.67.23.207.80: P 0:673(673) ack 1 win 65535 (DF)
0x0000   4500 02c9 6d76 4000 8006 4643 d5b8 94aa        E...mv at ...FC....
0x0010   c243 17cf 052b 0050 753d 55f4 0283 2f67        .C...+.Pu=U.../g
0x0020   5018 ffff 532f 0000 4745 5420 2f3f 6d61        P...S/..GET./?ma

Could you please help me to solve the problem? How the packets from 
some subnet can be routed throuth gateway, that have an address NOT 
belonging to this subnet? Below i put trafd logs showing that the packets 
arrived my uplink interface fxp0:

213.184.148.170    client  72.36.136.82       80      tcp           6479         16135
213.184.148.170    client  204.9.177.18       80      tcp           3365          4165
213.184.148.170    client  205.188.9.166      5190    tcp             12           572
213.184.148.170    client  195.161.116.13     80      tcp            484           564
213.184.148.170    client  89.202.157.135     80      tcp            297           505
213.184.148.170    client  82.33.101.62       41779   tcp            103           383
213.184.148.170    client  213.184.128.18     53      udp            162           274
213.184.148.170    client  89.107.121.50      1569    udp            162           218
213.184.148.170    client  209.85.137.19      80      tcp              0           160
213.184.148.170    client  205.188.9.157      443     tcp              0           160
213.184.148.170    client  62.221.254.147     25      tcp              6           126
89.107.121.50      1569    213.184.148.170    client  udp             56           112
213.184.148.170    client  194.67.23.100      2041    tcp             44            84
213.184.148.170    63524   194.67.57.244      client  tcp             44            84
213.184.148.170    client  194.67.57.244      2041    tcp             44            84
213.184.148.170    63812   213.113.20.186     client  tcp              2            82
213.184.148.170    client  87.250.251.45      80      tcp              0            80
  ... and so on.

Is this problem in ip routing on my router, or the problem comes to 
layer that is over ip?

The router configuration stands for:
- Operating system (uname -a):
   FreeBSD gw.canmos.ru 4.11-RELEASE FreeBSD 4.11-RELEASE #0;

- Routing daemon:
   Zebra+OSPFd (v0.94);

- Loaded modules (kldstat):
Id Refs Address    Size     Name
  1    4 0xc0100000 2e5ebc   kernel
  2    1 0xc12ac000 3000     if_vlan.ko
  3    1 0xc1341000 2000     star_saver.ko
  4    1 0xc1991000 3000     snp.ko

- Packet filter:
   ipfw;

- Kernel options to work ipfw properly:
   options         IPDIVERT                #divert sockets
   options         DUMMYNET

   options         IPFIREWALL              #firewall
   options         IPFIREWALL_VERBOSE      #enable logging to syslogd(8)
   options         IPFIREWALL_FORWARD      #enable transparent proxy
   support
   options         IPFIREWALL_VERBOSE_LIMIT=100    #limit verbosity
   options         IPFIREWALL_DEFAULT_TO_ACCEPT    #allow everything by
   default

   #options        IPFW2
   options         TCP_DROP_SYNFIN



Thank you!!

+-------------------------------------------+
! CANMOS ISP Network                        !
+-------------------------------------------+
! Best regards                              !
! Igor V. Ruzanov, network operational staff!
! e-Mail: igorr at canmos.ru                   !
+-------------------------------------------+

More information about the freebsd-questions mailing list