Hello!
I have a very strange problem occured on my FreeBSD router:
- i have several vlan interfaces to wich assigned some real ip-address from 89.107.x.x; - and uplink interface fxp0 to witch assigned gateway real ip-address from 89.107.y.y;


Sometimes when i analyze traffic flowing throuth my interfaces (vlans and fxp0) i can see the following data from vlan18 to uplink (tcpdump):

[EMAIL PROTECTED]: [18:49] (~)# tcpdump -X -s1024 -n -c100 -i vlan18 host 
213.184.148.170
tcpdump: listening on vlan18
19:30:16.577894 213.184.148.170.1323 > 194.67.23.207.80: S 1966953971:1966953971(0) 
win 65535 <mss 1460,nop,nop,sackOK> (DF)
0x0000   4500 0030 6d74 4000 8006 48de d5b8 94aa        [EMAIL PROTECTED]
0x0010   c243 17cf 052b 0050 753d 55f3 0000 0000        .C...+.Pu=U.....
0x0020   7002 ffff 6dfe 0000 0204 05b4 0101 0402        p...m...........
19:30:16.579013 213.184.148.170.63203 > 88.212.201.120.80: . ack 2538364981 win 
64240 (DF)
0x0000   4500 0028 a5e9 4000 3f06 0937 d5b8 94aa        E..([EMAIL PROTECTED]
0x0010   58d4 c978 f6e3 0050 1fe5 8eb7 974c 6035        X..x...P.....L`5
0x0020   5010 faf0 8ae1 0000 aaaa aaaa aaaa             P.............
19:30:16.581381 213.184.148.170.63203 > 88.212.201.120.80: . ack 2921 win 64240 
(DF)
0x0000   4500 0028 a5ea 4000 3f06 0936 d5b8 94aa        E..([EMAIL PROTECTED]
0x0010   58d4 c978 f6e3 0050 1fe5 8eb7 974c 6b9d        X..x...P.....Lk.
0x0020   5010 faf0 7f79 0000 aaaa aaaa aaaa             P....y........
19:30:16.583829 213.184.148.170.63203 > 88.212.201.120.80: . ack 5841 win 64240 
(DF)
0x0000   4500 0028 a5eb 4000 3f06 0935 d5b8 94aa        E..([EMAIL PROTECTED]
0x0010   58d4 c978 f6e3 0050 1fe5 8eb7 974c 7705        X..x...P.....Lw.
0x0020   5010 faf0 7411 0000 aaaa aaaa aaaa             P...t.........
19:30:16.584807 213.184.148.170.1323 > 194.67.23.207.80: . ack 42151783 win 
65535 (DF)
0x0000   4500 0028 6d75 4000 8006 48e5 d5b8 94aa        E..([EMAIL PROTECTED]
0x0010   c243 17cf 052b 0050 753d 55f4 0283 2f67        .C...+.Pu=U.../g
0x0020   5010 ffff 68c8 0000 aaaa aaaa aaaa             P...h.........
19:30:16.586796 213.184.148.170.1323 > 194.67.23.207.80: P 0:673(673) ack 1 win 
65535 (DF)
0x0000   4500 02c9 6d76 4000 8006 4643 d5b8 94aa        [EMAIL PROTECTED]
0x0010   c243 17cf 052b 0050 753d 55f4 0283 2f67        .C...+.Pu=U.../g
0x0020   5018 ffff 532f 0000 4745 5420 2f3f 6d61        P...S/..GET./?ma

Could you please help me to solve the problem? How the packets from some subnet can be routed throuth gateway, that have an address NOT belonging to this subnet? Below i put trafd logs showing that the packets arrived my uplink interface fxp0:

213.184.148.170    client  72.36.136.82       80      tcp           6479        
 16135
213.184.148.170    client  204.9.177.18       80      tcp           3365        
  4165
213.184.148.170    client  205.188.9.166      5190    tcp             12        
   572
213.184.148.170    client  195.161.116.13     80      tcp            484        
   564
213.184.148.170    client  89.202.157.135     80      tcp            297        
   505
213.184.148.170    client  82.33.101.62       41779   tcp            103        
   383
213.184.148.170    client  213.184.128.18     53      udp            162        
   274
213.184.148.170    client  89.107.121.50      1569    udp            162        
   218
213.184.148.170    client  209.85.137.19      80      tcp              0        
   160
213.184.148.170    client  205.188.9.157      443     tcp              0        
   160
213.184.148.170    client  62.221.254.147     25      tcp              6        
   126
89.107.121.50      1569    213.184.148.170    client  udp             56        
   112
213.184.148.170    client  194.67.23.100      2041    tcp             44        
    84
213.184.148.170    63524   194.67.57.244      client  tcp             44        
    84
213.184.148.170    client  194.67.57.244      2041    tcp             44        
    84
213.184.148.170    63812   213.113.20.186     client  tcp              2        
    82
213.184.148.170    client  87.250.251.45      80      tcp              0        
    80
 ... and so on.

Is this problem in ip routing on my router, or the problem comes to layer that is over ip?

The router configuration stands for:
- Operating system (uname -a):
  FreeBSD gw.canmos.ru 4.11-RELEASE FreeBSD 4.11-RELEASE #0;

- Routing daemon:
  Zebra+OSPFd (v0.94);

- Loaded modules (kldstat):
Id Refs Address    Size     Name
 1    4 0xc0100000 2e5ebc   kernel
 2    1 0xc12ac000 3000     if_vlan.ko
 3    1 0xc1341000 2000     star_saver.ko
 4    1 0xc1991000 3000     snp.ko

- Packet filter:
  ipfw;

- Kernel options to work ipfw properly:
  options         IPDIVERT                #divert sockets
  options         DUMMYNET

  options         IPFIREWALL              #firewall
  options         IPFIREWALL_VERBOSE      #enable logging to syslogd(8)
  options         IPFIREWALL_FORWARD      #enable transparent proxy
  support
  options         IPFIREWALL_VERBOSE_LIMIT=100    #limit verbosity
  options         IPFIREWALL_DEFAULT_TO_ACCEPT    #allow everything by
  default

  #options        IPFW2
  options         TCP_DROP_SYNFIN



Thank you!!

+-------------------------------------------+
! CANMOS ISP Network                        !
+-------------------------------------------+
! Best regards                              !
! Igor V. Ruzanov, network operational staff!
! e-Mail: [EMAIL PROTECTED]                   !
+-------------------------------------------+
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to