Date: Wed, 25 Nov 2015 12:20:33 +0000 From: Gary Palmer <gpalmer@freebsd.org> To: Daniel Bilik <ddb@neosystem.org> Cc: Kristof Provost <kp@FreeBSD.org>, freebsd-net@freebsd.org Subject: Re: Outgoing packets being sent via wrong interface Message-ID: <20151125122033.GB41119@in-addr.com> In-Reply-To: <20151125092145.e93151af70085c2b3393f149@neosystem.cz> References: <20151120155511.5fb0f3b07228a0c829fa223f@neosystem.org> <C1D7F956-81C9-4ED4-99B8-E0C73A3ECB37@FreeBSD.org> <20151120163431.3449a473db9de23576d3a4b4@neosystem.org> <20151121212043.GC2307@vega.codepro.be> <20151122130240.165a50286cbaa9288ffc063b@neosystem.cz> <20151125092145.e93151af70085c2b3393f149@neosystem.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Nov 25, 2015 at 09:21:45AM +0100, Daniel Bilik wrote: > On Sun, 22 Nov 2015 13:02:40 +0100 > Daniel Bilik <ddb@neosystem.org> wrote: > > > Well, even though pf may play some role in the problem, I tend to suspect > > the routing table as the main trigger. There are several facts to support > > this... > > It happened again, yesterday, and I can now definitely confirm that it's > related to default route. > > In this case, affected address was 192.168.2.33. This host was unable to > connect to 192.168.2.15 (jail on the router), and router itself was unable > to even ping the affected host... > > PING 192.168.2.33 (192.168.2.33): 56 data bytes > ping: sendto: Operation not permitted > ping: sendto: Operation not permitted > > ... because again it was pushing outgoing packets wrong way, via public > interface, where it's dropped by pf... > > 00:00:07.091814 rule 53..16777216/0(match): block out on re0: 82.x.y.50 > 192.168.2.33: ICMP echo request, id 12037, seq 0, length 64 > 00:00:01.011536 rule 53..16777216/0(match): block out on re0: 82.x.y.50 > 192.168.2.33: ICMP echo request, id 12037, seq 1, length 64 > > I've tried to just delete default route and enter it back to routing table. > In one tmux session ping was running, in another session I've performed > this... > > # route delete default ; sleep 1 ; route add default 82.x.y.29 > > ... and voila, ping started to communicate with affected host... > > ping: sendto: Operation not permitted > ping: sendto: Operation not permitted > 64 bytes from 192.168.2.33: icmp_seq=12 ttl=128 time=0.535 ms > 64 bytes from 192.168.2.33: icmp_seq=13 ttl=128 time=0.264 ms > > Touching nothing else (pf etc.), not rebooting, just "refreshing" the > default route entry, and the problem disappeared. When the problem happens, what does the output of route -n get <unreachable IP> show? It would also be worth checking the arp table. Gary
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20151125122033.GB41119>