LinuxQuestions.org - martian source errors between networks

- Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)

- - martian source errors between networks (https://www.linuxquestions.org/questions/linux-networking-3/martian-source-errors-between-networks-881808/)

martian source errors between networks

Hello
Some time ago mine logs start to show this message
-------------------
Apr 23 11:03:01 xxxxx kernel: [38048596.800691] martian source 192.168.0.87 from 217.15.41.137, on dev eth1
Apr 23 11:03:01 xxxxx kernel: [38048596.800691] martian source 192.168.0.87 from 217.15.41.137, on dev eth1
Apr 23 11:15:02 xxxxx kernel: [38049523.750307] martian source 192.168.0.87 from 217.15.41.137, on dev eth1
Apr 23 11:15:02 xxxxx kernel: [38049523.750307] martian source 192.168.0.87 from 217.15.41.137, on dev eth1
Apr 23 11:30:03 xxxxx kernel: [38050706.324262] martian source 192.168.0.87 from 217.15.41.137, on dev eth1
Apr 23 11:30:03 xxxxx kernel: [38050706.324262] martian source 192.168.0.87 from 217.15.41.137, on dev eth1
Apr 23 11:49:14 xxxxx kernel: [38052159.170082] martian source 192.168.0.87 from 217.15.41.137, on dev eth1
Apr 23 11:49:14 xxxxx kernel: [38052159.170082] martian source 192.168.0.87 from 217.15.41.137, on dev eth1
-------------------
I'm using debian5 with 2 network card, eth0(217.15.41.137) and eth1 (my local network) 192.168.0.xxx.
This server is used to host virtual machines and I think this is something related to the openvz

I've been searching in google and I find some thing, but nothing that I can use to understand what is causing this

I know that martian are usually ignored or at least that what I found, but I think in a server with two networks and many virtuals machines, that is not a good idea. It could mean that something is wrong and I can't let it go that easily.

If someone know what could be causing this or can give any advice about it, it would be lovely
Thank you very much

Hello,

Quote:

5.3.7 Martian Address Filtering

An IP source address is invalid if it is a special IP address, as
defined in 4.2.2.11 or 5.3.7, or is not a unicast address.

An IP destination address is invalid if it is among those defined as
illegal destinations in 4.2.3.1, or is a Class E address (except
255.255.255.255).

A router SHOULD NOT forward any packet that has an invalid IP source
address or a source address on network 0. A router SHOULD NOT
forward, except over a loopback interface, any packet that has a
source address on network 127. A router MAY have a switch that
allows the network manager to disable these checks. If such a switch
is provided, it MUST default to performing the checks.

A router SHOULD NOT forward any packet that has an invalid IP
destination address or a destination address on network 0. A router
SHOULD NOT forward, except over a loopback interface, any packet that
has a destination address on network 127. A router MAY have a switch
that allows the network manager to disable these checks. If such a
switch is provided, it MUST default to performing the checks.

If a router discards a packet because of these rules, it SHOULD log
at least the IP source address, the IP destination address, and, if

the problem was with the source address, the physical interface on
which the packet was received and the Link Layer address of the host
or router from which the packet was received.

First of all, I need to ask... What exact device has the IP of 192.168.0.87? Is it a computer? Router? And when exactly does this happen? Ie... When the device first comes online, what time, what intervals, etc... I would need to know a bit more information in order to try to troubleshoot this down to the original problem. Most likely, like you said, it CAN be ignored, but you might have a minor problem that you do not know about.

Cheers,

Josh

Hello,
The ip your are asking about is a virtual machine, inside the server that gives the mentioned errors.
Those errors appears every day, quite frequently. Apparently without the need to do something special for them to appear.

Thanks for answering.
Cheers,
Ana