| Dr3am3r |
12-07-2006 12:01 PM |
Strange "martian source" messages in my linux gateway log files
First of all I want to say a hello to everyone on this great linux help community board as this is my first post here. The reason I created this thread is beacause I get alot of martian source messages in my log files. Below is a part of my log files containing the error the error message:
Quote:
Dec 7 17:31:40 spacefrog kernel: martian source 10.0.0.1 from 10.0.0.1, on dev eth0
Dec 7 17:31:40 spacefrog kernel: ll header: 00:01:02:f7:98:b4:00:90:d0:cb:53:09:08:00
Dec 7 17:40:07 spacefrog kernel: martian source 10.0.0.1 from 10.0.0.1, on dev eth0
Dec 7 17:40:07 spacefrog kernel: ll header: 00:01:02:f7:98:b4:00:90:d0:cb:53:09:08:00
Dec 7 17:40:10 spacefrog kernel: martian source 10.0.0.1 from 10.0.0.1, on dev eth0
Dec 7 17:40:10 spacefrog kernel: ll header: 00:01:02:f7:98:b4:00:90:d0:cb:53:09:08:00
Dec 7 17:40:16 spacefrog kernel: martian source 10.0.0.1 from 10.0.0.1, on dev eth0
Dec 7 17:40:16 spacefrog kernel: ll header: 00:01:02:f7:98:b4:00:90:d0:cb:53:09:08:00
|
I'll give you an explanation of my network setup. First of all I'm using an adsl router (alcatel speedtouch 510i) to connect outside. The mac of the router is 00:90:d0:cb:53:09. The adsl router is connected with my linux gateway machine on eth0 (extif). The extif mac is: 00:01:02:f7:98:b4. I'm also using another nic (eth1) on my linux gateway machine for my internal network. eth1 (internal network) is connected to a 3com 8-port switch. 4 windows machines are connected to that switch too. My internal network ip range is 192.168.192.x . Here is my ifconfig:
Quote:
eth0 Link encap:Ethernet HWaddr 00:01:02:F7:98:B4
inet addr:10.0.0.1 Bcast:10.0.0.255 Mask:255.255.255.0
inet6 addr: fe80::201:2ff:fef7:98b4/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1210280 errors:0 dropped:0 overruns:0 frame:0
TX packets:1368050 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:926661023 (883.7 MiB) TX bytes:1135084627 (1.0 GiB)
Interrupt:177 Base address:0xe000
eth1 Link encap:Ethernet HWaddr 00:10:A7:0C:06: DE
inet addr:192.168.192.1 Bcast:192.168.192.255 Mask:255.255.255.0
inet6 addr: fe80::210:a7ff:fe0c:6de/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1356841 errors:0 dropped:0 overruns:0 frame:0
TX packets:1181906 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1133330489 (1.0 GiB) TX bytes:921595555 (878.9 MiB)
Interrupt:217 Base address:0xe400
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:929310 errors:0 dropped:0 overruns:0 frame:0
TX packets:929310 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:76053800 (72.5 MiB) TX bytes:76053800 (72.5 MiB)
|
route table:
Quote:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.192.0 * 255.255.255.0 U 0 0 0 eth1
localnet * 255.255.255.0 U 0 0 0 eth0
default 10.0.0.138 0.0.0.0 UG 0 0 0 eth0
|
/etc/sysctl.conf
Quote:
#---------------------------------------------------
net.ipv4.ip_forward = 1
#---------------------------------------------------
net.ipv4.tcp_syncookies = 1
#---------------------------------------------------
net.ipv4.conf.all.rp_filter = 1
#---------------------------------------------------
net.ipv4.ip_dynaddr = 1
#---------------------------------------------------
net.ipv4.conf.all.log_martians = 1
#---------------------------------------------------
|
and my interface configuration file found at /etc/network/interfaces (debian 3.1 distro):
Quote:
auto eth0
iface eth0 inet static
address 10.0.0.1
netmask 255.255.255.0
network 10.0.0.0
broadcast 10.0.0.255
gateway 10.0.0.138
auto eth1
iface eth1 inet static
address 192.168.192.1
network 192.168.192.0
netmask 255.255.255.0
broadcast 192.168.192.255
|
(10.0.0.138 is my adsl router's ip)
Finally the iptables firewall/gateway file I'm using (very simple)
Quote:
/sbin/iptables -F
/sbin/iptables -t nat -F
/sbin/iptables -t mangle -F
/sbin/iptables -X
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A INPUT -m state --state NEW -i ! eth0 -j ACCEPT
/sbin/iptables -P INPUT DROP
/sbin/iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
/sbin/iptables -A FORWARD -i eth0 -o eth0 -j REJECT
|
Dec 7 17:31:40 spacefrog kernel: martian source 10.0.0.1 from 10.0.0.1, on dev eth0
Dec 7 17:31:40 spacefrog kernel: ll header: 00:01:02:f7:98:b4:00:90:d0:cb:53:09:08:00 <== The first mac is eth0's mac address while the second one is my adsl router's mac so it seems that the router is sending a packet at eth0 but why kernel is rejecting it ? Can't understand why these erros apears. Maybe there's something wrong with my iptables firewall/gateway file ?
Error messages seems to apear only when there is traffic on the network..
Finally I must say the network seems to work fine.
I can't find a way to make those messages disapear (without disabling log martian option)
Any help appreciated. Thanks for your time
(Sorry for my bad english) |
