May 9 09:16:15 yomomma kernel: ll header: 00:a0:cc:40:fa:f2:08:00:11:07:ec:17:08:00
May 9 09:16:19 yomomma kernel: martian source 192.168.1.255 from 192.168.1.229, on dev eth0
May 9 09:16:19 yomomma kernel: ll header: ff:ff:ff:ff:ff:ff:00:00:39:1c:ec:17:08:00

the log just has like 9 megs of this.. its hard to find important messages. i dont care about martians lol.. the linux machine is running as a firewall. any help would be awesome thanx.

Hi,

Try this:

echo "0" > /proc/sys/net/ipv4/conf/all/log_martians

DOH!!

So, this seams like a good way to ignore what's happening, but how do you correct the actual problem of it happening?

MadTurki

Martians show up from IPs that are not on a local network, but they're sending directly to your machine (in this case, broadcasting to all machines). If you have a 192.168.0.0/24 network, then 192.168.1.229 is not going to fall on that network.

Make sure that all machines and devices (this includes printers, PDAs, or anything else with an IP) connected to the network have proper IPs and subnet masks. The proper way to "take care of" something is not to ignore it! The proper way is to identify the problem and fix it, as it's obviously a network misconfiguration.

You're saying then, that there's something misconfigured? Must be the from the windows side of the network It's showing that various unix servers are coming from various win servers. We're all on the same subnet though. I'm experience occasional lockups on this machine and I'm not sure if it's because of this or another error which I'll post below - is this possible?

This is really paraphrased and shortened ->

agassi kernel: IN=eth0 OUT= MAC=00:01:03:23...etc... SRC=66.187.xxx.xxx DST=216 etc...

Long line of errors in this format that I get about 10 of at the begining of every few minutes. Could this just be broadcasts from the windows machines?

The last log line loooks like it's from iptables and it's blocking packets. The odd thing is that the SRC and DST are both "public" or "Internet routable" IPs. It could be someone trying to spoof through your firewall, or more probably again it's a misconfigured host trying to reach the Internet through that box when it shouldn't be.

It looks like you may have a really tangled mess, and posting simple snippets from logs is not going to solve your problem. At this point your best bet is to sit down with a diagram of your network, make sure it actually makes sense (hopefully someone on the staff has a CCNA or similar networking certificate, or experience) and then review each segment and each machine at a time. Check the switches (if they're managed devices) and check each machine attached to make sure all the network settings are correct. I can tell you right now you're going to be surprised by how many misconfigurations you'll find.

You see this a lot when both interfaces are plugged into the same hub. To avoid this try physically segregating networks to different hubs/switchs or use VLANs.

Thanks for your help