Outgoing packets being sent via wrong interface
Daniel Bilik
ddb at neosystem.org
Wed Dec 2 15:52:58 UTC 2015
On Tue, 1 Dec 2015 12:16:45 +0100
Daniel Bilik <ddb at neosystem.org> wrote:
> But next time it happens, I'll try to reload pf rules, and also to
> disable pf completely...
Done. First I've tried to flush nat...
# pfctl -f /etc/pf.conf -F nat -O -N
nat cleared
... then rules...
# pfctl -f /etc/pf.conf -F rules -O -R -Tl
rules cleared
... but neither has helped.
Ping to affected host has been reporting the known error all the time...
ping: sendto: Operation not permitted
Next, I've disabled pf completely...
# pfctl -d
pf disabled
... which changed ping error message to...
ping: sendto: Host is down
... and tcpdump(1) confirmed that packets are still going via wrong
interface...
# tcpdump -i re0 -n icmp
07:54:44.538326 IP 82.x.y.50 > 192.168.2.33: ICMP echo request, id 54720, seq 24, length 64
... now not being dropped by pf, but without any echo response (for
obvious reasons).
Again, refreshing default route solved the problem instantly.
--
Dan
More information about the freebsd-net
mailing list