LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 05-20-2011, 08:47 AM   #1
Samtree
LQ Newbie
 
Registered: May 2011
Posts: 2

Rep: Reputation: Disabled
martian source errors between networks


Hello
Some time ago mine logs start to show this message
-------------------
Apr 23 11:03:01 xxxxx kernel: [38048596.800691] martian source 192.168.0.87 from 217.15.41.137, on dev eth1
Apr 23 11:03:01 xxxxx kernel: [38048596.800691] martian source 192.168.0.87 from 217.15.41.137, on dev eth1
Apr 23 11:15:02 xxxxx kernel: [38049523.750307] martian source 192.168.0.87 from 217.15.41.137, on dev eth1
Apr 23 11:15:02 xxxxx kernel: [38049523.750307] martian source 192.168.0.87 from 217.15.41.137, on dev eth1
Apr 23 11:30:03 xxxxx kernel: [38050706.324262] martian source 192.168.0.87 from 217.15.41.137, on dev eth1
Apr 23 11:30:03 xxxxx kernel: [38050706.324262] martian source 192.168.0.87 from 217.15.41.137, on dev eth1
Apr 23 11:49:14 xxxxx kernel: [38052159.170082] martian source 192.168.0.87 from 217.15.41.137, on dev eth1
Apr 23 11:49:14 xxxxx kernel: [38052159.170082] martian source 192.168.0.87 from 217.15.41.137, on dev eth1
-------------------
I'm using debian5 with 2 network card, eth0(217.15.41.137) and eth1 (my local network) 192.168.0.xxx.
This server is used to host virtual machines and I think this is something related to the openvz

I've been searching in google and I find some thing, but nothing that I can use to understand what is causing this

I know that martian are usually ignored or at least that what I found, but I think in a server with two networks and many virtuals machines, that is not a good idea. It could mean that something is wrong and I can't let it go that easily.

If someone know what could be causing this or can give any advice about it, it would be lovely
Thank you very much
 
Old 05-21-2011, 01:52 AM   #2
corp769
LQ Guru
 
Registered: Apr 2005
Posts: 5,818

Rep: Reputation: 1003Reputation: 1003Reputation: 1003Reputation: 1003Reputation: 1003Reputation: 1003Reputation: 1003Reputation: 1003
Hello,
Quote:
5.3.7 Martian Address Filtering

An IP source address is invalid if it is a special IP address, as
defined in 4.2.2.11 or 5.3.7, or is not a unicast address.

An IP destination address is invalid if it is among those defined as
illegal destinations in 4.2.3.1, or is a Class E address (except
255.255.255.255).

A router SHOULD NOT forward any packet that has an invalid IP source
address or a source address on network 0. A router SHOULD NOT
forward, except over a loopback interface, any packet that has a
source address on network 127. A router MAY have a switch that
allows the network manager to disable these checks. If such a switch
is provided, it MUST default to performing the checks.

A router SHOULD NOT forward any packet that has an invalid IP
destination address or a destination address on network 0. A router
SHOULD NOT forward, except over a loopback interface, any packet that
has a destination address on network 127. A router MAY have a switch
that allows the network manager to disable these checks. If such a
switch is provided, it MUST default to performing the checks.

If a router discards a packet because of these rules, it SHOULD log
at least the IP source address, the IP destination address, and, if

the problem was with the source address, the physical interface on
which the packet was received and the Link Layer address of the host
or router from which the packet was received.
First of all, I need to ask... What exact device has the IP of 192.168.0.87? Is it a computer? Router? And when exactly does this happen? Ie... When the device first comes online, what time, what intervals, etc... I would need to know a bit more information in order to try to troubleshoot this down to the original problem. Most likely, like you said, it CAN be ignored, but you might have a minor problem that you do not know about.

Cheers,

Josh
 
Old 05-27-2011, 02:47 AM   #3
Samtree
LQ Newbie
 
Registered: May 2011
Posts: 2

Original Poster
Rep: Reputation: Disabled
Hello,
The ip your are asking about is a virtual machine, inside the server that gives the mentioned errors.
Those errors appears every day, quite frequently. Apparently without the need to do something special for them to appear.

Thanks for answering.
Cheers,
Ana

Last edited by Samtree; 05-27-2011 at 02:48 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
martian source errors on diffrent network segment ratcateme Linux - Networking 8 03-05-2009 11:36 PM
martian source serge_shp Linux - Networking 1 03-24-2007 07:04 AM
martian source from my own IP? yapp Linux - Security 4 03-30-2005 06:36 PM
martian source saavik Linux - Networking 0 07-02-2003 02:47 AM
Martian source! Why now? Jon- Linux - Networking 1 03-05-2002 06:14 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 10:22 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration