static route has changed

krzysiekb81 · Mar 10, 2012

Hi all!

After upgrading to ~~Freebsd~~ FreeBSD 9.0-release (amd64) I encountered a strange behavior:

I have one static route defined in my /etc/rc.conf:

Code:

static_routes="spp"
route_spp="-net 10.0.0.0/16 10.250.0.2"

# netstat -nr | grep "10.0.0.0"it results with:

Code:

10.0.0.0/16        10.250.0.2         UGS         2 373253416    lan

which is correct.

After about two days the route has changed:

Code:

10.0.0.0/16        213.199.225.14     UGS       455 2058321449    lan

213.199.225.14 is my DNS by the way.

There is no routing software I know about running, the sysctl variables values are default for ~~Freebsd~~ FreeBSD 9.0 (amd64).

I did not change anything during this time, no other user beside me.

Any idea what could change the routing table?

Thanks!

Uniballer · Mar 10, 2012

Could you please show us the whole rc.conf?

krzysiekb81 · Mar 10, 2012

sure:

Code:

gateway_enable="YES"
keymap="pl_PL.ISO8859-2"
sshd_enable="YES"
hostname="xxx.xxx.pl"
sendmail_enable="NONE"
ifconfig_em0_name="lan"
ifconfig_em1_name="wan"
ifconfig_lan="inet 172.16.1.4 netmask 255.255.255.0"
ifconfig_lan_alias0="inet 10.10.10.1 netmask 255.255.255.0"
ifconfig_lan_alias1="inet 10.10.11.1 netmask 255.255.255.0"
ifconfig_lan_alias2="inet 10.250.0.1 netmask 255.255.255.252"
ifconfig_wan="inet aaa.bbb.ccc.2 netmask 255.255.255.0"
defaultrouter="aaa.bbb.ccc.1"
static_routes="spp"
route_spp="-net 10.0.0.0/16 10.250.0.2"
squid_enable="YES"
syslogd_enable="YES"
syslogd_flags="-s"
update_motd="NO"
apache22_enable="YES"
pf_enable="YES"
pflog_enable="YES"
pflog_logfile="/usr/local/pflog/pflog"
pflog_program="/sbin/pflogd"
pflog_flags=""
pmacctd_enable="YES"
pmacctd_flags="-f /usr/local/etc/pmacctd.conf"
pmacctd_pidfile="pmacctd.pid"
inetd_enable="YES"
dhcpd_enable="YES"
dhcpd_flags="-q"
dhcpd_ifaces="lan"
bsnmpd_enable="YES"
auditd_enable="YES"

krzysiekb81 · Mar 12, 2012

Today I had a similar situation, but nexthop changed to different IP (I don't know what is it):

Code:

10.0.0.0/16        77.253.70.144      UGS         0 775444704    lan

Any help would be appreciated, as this is getting very uncomfortable.

Uniballer · Mar 13, 2012

It might be a bug, I'm not sure. The fact that you upgraded rather than did a clean install complicates things.

If it were my system, I would do my best to make sure there is no routing software running (e.g. go through ps -ax with a fine-toothed comb), and no scripts or cron jobs that could be changing routes. I might even log the route table every minute to try to find out when the change occurs.

And if I came up dry I would ask on the freebsd-net@freebsd.org mailing list.

krzysiekb81 · Mar 13, 2012

Thank you. I'm sure no routing software is running and that no cron jobs are executed which could change the routing table. I have a script running that checks the routing table every minute. Yesterday I started to log the output of route -n monitor command, I hope next time the static route changes it can give me some hint.

krzysiekb81 · Mar 14, 2012

Unfortunately, route -n monitor shows nothing related, and the 10.0.0.0/16 route changed again yesterday evening.

krzysiekb81 · Mar 26, 2012

Today, the default route changed... any ideas how to check what's happening?

joel@ · Mar 26, 2012

Try asking on the net@freebsd.org mailing list if you haven't already.

RusDyr · Apr 6, 2012

Check sysctl net.inet.ip.sourceroute and sysctl net.inet.ip.accept_sourceroute, they should be equal to 0.

krzysiekb81 · Apr 6, 2012

Thank you for advice, both are set to 0.

RusDyr · Apr 6, 2012

It's a very strange problem.
Try to set up network audit (as I see, you already enable audit in your rc.conf) and see the logs.

Ashandy · Feb 15, 2013

I have the same issue since upgrade to 9.1 release. This server has a role of a shaper (IPFW) and NAT (Packet Filter) and DNS (bind9).
He has 2 interfaces:

Code:

vlan720
        inet 10.10.10.2 netmask 0xffffff00 broadcast 10.10.10.255 ------- for DNS
        inet 10.255.255.2 netmask 0xfffffffc broadcast 10.255.255.3 --- for routing with local router
        inet 10.8.1.254 netmask 0xffffff00 broadcast 10.8.1.255 -- for dhcp guest pool
vlan750
        inet 195.54.52.2 netmask 0xfffffff8 broadcast 195.54.52.7 ---- to internet

He has 4 static routes:

Code:

default            195.54.52.x        UGS         1 762455527 vlan75
10.9.0.0/16        10.255.255.1       UGS         0 2018665748 vlan72
10.11.0.0/16       10.255.255.1       UGS         0 433174511 vlan72
10.12.0.0/16       10.255.255.1       UGS         0 7723245709 vlan72

There are strange things at about 10.30 AM for 4 days running.
In a moment one of the static routes become such a:

Code:

10.9.0.0/16        31.40.17.58
31.40.17.58 - it is an IP that client have after binat

I had changed binat adress for client, but situation repeated next morning. I had turned off binat for this client, but situation repeated with next client. I can`t see any variant except install FreeBSD 8.3