Hello to OpenBSD users, i have a little problem, i think it's linked with PF, but i have no proofs. System is OpenBSD 5.1 but OpenBSD 5.2 get the same things (with different card, 5.1 uses bnx and 5.2 use em) I have a router with squid proxy, named and isc-dhcpd. The problem is, sometimes i get "no route to host" for some transmissions (often on the proxy), but randomly. Our connexion is perfectly stable (Renater 1Gbit fiber connection), and the routes are static and right. When squid says no route to host and i refresh the page, it works. I think it's a packet filter problem. Nmap has sometimes the same problem and says no route to host when i try to scan. Example:
Starting Nmap 5.51 ( http://nmap.org ) at 2012-11-26 23:56 CET sendto in send_ip_packet_sd: sendto(4, packet, 44, 0, aaa.bbb.ccc.20, 16) => No route to host Offending packet: TCP xxx.yyy.zzz.1:42282 > aaa.bbb.ccc.20:5200 S ttl=37 id=32702 iplen=44 seq=2453102157 win=2048 <mss 1460> Sleeping 15 seconds then retrying This scan was realized in two differents networks, but in this capture, this is the same networks Starting Nmap 5.51 ( http://nmap.org ) at 2012-11-26 23:58 CET sendto in send_ip_packet_sd: sendto(4, packet, 44, 0, xxx.yyy.zzz.50, 16) => No route to host Offending packet: TCP xxx.yyy.zzz.1:49053 > xxx.yyy.zzz.50:161 S ttl=52 id=62248 iplen=44 seq=3073961720 win=1024 <mss 1460> Sleeping 15 seconds then retrying if don't have the problem with pf disabled. All my outgoing packets are allowed and somes are nated. Where do you think the problem comes ? Thanks for Advance. Loïc Blot, UNIX systems engineer.
