I use a FreeBSD box as a primary router/gateway (henceforth referred to as "the router"). It directly receives my WAN IP from the cable modem. When I originally set this up several months ago, everything worked fine (and had for a much longer time before that running Linux instead). Lately, however, the system has been problematic.
I'm receiving a lot of this when I try to access remote hosts on my client machines:
It's not just that one host, but any that I try to connect to. The router itself is able to connect without issues, however. It can always initiate outbound connections and receive inbound connections on both the WAN and LAN. I have reason to suspect routing trouble in the opposite direction (WAN to LAN) as well, but I cannot yet say so with certainty. In any event, I can ssh into the router from a client machine and then proceed to ping out - for whatever reason, it appears to just stop routing packets.
The problem is intermittent, with small windows of availability (one connection, or possibly several). In all cases, existing connections continue to work fine - only new connections fail. If I reboot the router, it clears up and works fine for a short period. After 10 minutes or so, it begins failing again. This problem may have started small and grown worse over time, but there have been multiple factors involved so I cannot say this with certainty either.
Checking the usual logs, I see nothing of interest. /var/log/auth.log revealed a high degree of attempted sshd break-in activity, but dropping that port didn't help. Since I don't know what might prove relevant, and don't want to dump an entire machine worth of logs and terminal output in the thread right off the bat, I'll begin with some generic information. Please ask if you wish to see anything else.
/etc/rc.conf
I'm receiving a lot of this when I try to access remote hosts on my client machines:
Code:
PING blackshard.net (96.126.121.106) 56(84) bytes of data.
From 10.0.0.1 icmp_seq=1 Destination Host Unreachable
From 10.0.0.1 icmp_seq=2 Destination Host Unreachable
From 10.0.0.1 icmp_seq=3 Destination Host Unreachable
From 10.0.0.1 icmp_seq=4 Destination Host Unreachable
It's not just that one host, but any that I try to connect to. The router itself is able to connect without issues, however. It can always initiate outbound connections and receive inbound connections on both the WAN and LAN. I have reason to suspect routing trouble in the opposite direction (WAN to LAN) as well, but I cannot yet say so with certainty. In any event, I can ssh into the router from a client machine and then proceed to ping out - for whatever reason, it appears to just stop routing packets.
The problem is intermittent, with small windows of availability (one connection, or possibly several). In all cases, existing connections continue to work fine - only new connections fail. If I reboot the router, it clears up and works fine for a short period. After 10 minutes or so, it begins failing again. This problem may have started small and grown worse over time, but there have been multiple factors involved so I cannot say this with certainty either.
Checking the usual logs, I see nothing of interest. /var/log/auth.log revealed a high degree of attempted sshd break-in activity, but dropping that port didn't help. Since I don't know what might prove relevant, and don't want to dump an entire machine worth of logs and terminal output in the thread right off the bat, I'll begin with some generic information. Please ask if you wish to see anything else.
Code:
% uname -a
FreeBSD gateway 10.0-RELEASE FreeBSD 10.0-RELEASE #0 r260789: Thu Jan 16 22:34:59 UTC 2014 root@snap.freebsd.org:/usr/obj/usr/src/sys/GENERIC amd64
/etc/rc.conf
Code:
hostname="gateway"
ifconfig_dc0="DHCP"
ifconfig_re0="inet 10.0.0.1 netmask 255.255.0.0"
gateway_enable="YES"
ipnat_enable="YES"
dhcpd_enable="YES"
ddclient_enable="YES"
sshd_enable="YES"
ntpd_enable="YES"
powerd_enable="YES"
# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
dumpdev="AUTO"
zfs_enable="YES"
cupsd_enable="YES"
devfs_system_ruleset="system"