Hi, # sysctl net.inet.icmp net.inet.icmp.maskrepl: 0 net.inet.icmp.icmplim: 200 net.inet.icmp.bmcastecho: 0 net.inet.icmp.quotelen: 8 net.inet.icmp.reply_from_interface: 0 net.inet.icmp.reply_src: net.inet.icmp.icmplim_output: 1 net.inet.icmp.log_redirect: 0 net.inet.icmp.drop_redirect: 1 net.inet.icmp.maskfake: 0
# ps ax | grep routed 37071 p1 S+ 0:00.00 grep routed # ps ax | grep -E "quagga|ospf|bgp" 37161 p1 S+ 0:00.00 grep -E quagga|ospf|bgp On Mon, Aug 30, 2010 at 1:28 AM, Iñigo Ortiz de Urbina <inigoortizdeurb...@gmail.com> wrote: > Maybe icmp-redirect? You can use tshark or tcpdump to rotate > compressed captures. You can filter rip or any other dynamic routing > protocol and icmp. > > Have a nice day > > On 8/29/10, Özkan KIRIK <ozkan.ki...@gmail.com> wrote: >> Hi Volker, >> >> There is no routing deamon working on this gateway. But I started a >> tcpdump that listening to port 521. >> I'll inform you about captured packets. >> >> >> Regards, >> Ozkan KIRIK >> Mersin University @ Turkey >> >> >> On Sun, Aug 29, 2010 at 10:09 PM, <vol...@vwsoft.com> wrote: >>> On 08/29/10 19:50, Özkan KIRIK wrote: >>>> >>>> Hi, >>>> >>>> I am using FreeBSD 7.3 STABLE-201004. IPFW + In kernel NAT and if_vlan >>>> used mostly. >>>> System has 3 em interfaces. Scenario is classical, LAN DMZ WAN. >>>> >>>> Sometimes default router changes unexpectedly. I inspected logs if >>>> someone logged in or changed route. I found nothing. >>>> This problem repeats at least 1 times per day. I wrote a shell script >>>> which monitors the default router. >>>> I saw that sometimes netstat -rn shows that default router is changed >>>> as 10.3.1.64 or 10.5.3.189 etc. which are client IP addresses but >>>> routing still routes to right router 212.X.Y.Z . >>>> After a while, routing really fails. >>>> I use em nics for all. >>>> At the weekends (when most clients are now working) i dont have any >>>> problems. >> >> I'll correct the type above: At the weekends (when most clients are >> noT working) i dont have any problems. >> >> >> >>>> I think some network packets affects the defaultrouter. >>>> I tried to block packets belongs to the IP addresses which shown as >>>> default router (10.3.1.64, 10.5.3.189 etc.. ). Then the problem is >>>> solved. >>>> >>>> I wonder how the default router can be changed with packets that came >>>> from network? >>>> How can i prevent this without writing firewall rules? >>>> Or which packets should I drop? >>>> >>>> Any ideas? >>> >>> Özkan, >>> >>> just one: Do you see RIP (521/tcp, 521/udp) traffic? >>> >>> Volker >>> >> _______________________________________________ >> freebsd-net@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-net >> To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org" >> > _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
