Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
My opensuse box has two NICs, eth1 and eth2. The network physically is delivered by a single cable, but we have to networks on it, so we have two networks on the same physical layer.
Both eth1 and eth2 connects to this physical layer using a simple switch, but they are set up to connect to different networks.
eth1 is set up with IP address like 193.5.x.x
eth2 is set up with IP address 172.19.175.25
My log file is full of messages like:
martian source 255.255.255.255 from 172.19.175.25, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:34:52:98:ae:1e:08:00
Sometimes I have similar message but on eth2, and the IP is the IP of eth1 or another computer on this network.
The NICs are set up in a way that the internet is accessed through eth2, and local servers are accessed with eth1. Eth1 also serves as an address to access the computer from the internet.
Basically everything works as intended, except the fact, the the log file is practically unusable because of the millions of martians attacking
I see, that the problem is the two networks somehow mix on the same layer. What can be done? Is there a solution, to stop receiving martians?
you can disable logging martians with sysctl -w net.ipv4.conf.all.log_martians=0. but, instead of using two interfaces, why not give eth1 a secondary IP address?
People usually say it is not a good practice to disable martian logging. This is somehow hiding the problem, and not solving it.
The two IPS are not on the same subnet, they belong to different networks. I am not sure if it is possible to have a secondary IP address on a different network for the same NIC. Any suggestions how to try this?
People usually say it is not a good practice to disable martian logging. This is somehow hiding the problem, and not solving it.
to "solve" the problem for your setup, the two switch ports connected to your system would have to be on different vlans. failing that, you cannot prevent martian broadcasts on the same switch.
your distro's documentation is the best place to learn about configuring a secondary IP address, since configuration files vary. it's also possible to have the secondary IP address on a different network from the primary.
[edit] Also, I believe that with a secondary IP address configured, broadcasts from either network would not be considered martian [/edit]
If using only one NIC but with two IPs, will this prevent martians to come up for sure?
What is the reason for not having martians when only one NIC is in use? The physical layer itself still has two networks, and computers on this layer either connect to one or the other (or sometimes both).
Mod: I have tried the sysctl... command, and nothing changed. syslogd was restarted. What am I missing?
If using only one NIC but with two IPs, will this prevent martians to come up for sure?
yes, i'm almost sure that's the case.
Quote:
What is the reason for not having martians when only one NIC is in use?
a martian is supposed to be something that comes from an unexpected source. by defining a secondary IP address, you are declaring that another network is present on that interface.
Quote:
The physical layer itself still has two networks, and computers on this layer either connect to one or the other (or sometimes both).
right, but something is declared a martian based on its source address and on the interface it came in on. e.g. a packet from the 172.19.175.x
network is not a martian when it comes in on eth2, but it is when it comes through eth1.
Quote:
I have tried the sysctl... command, and nothing changed. syslogd was restarted. What am I missing?
I thought all.log should be enough, but eth1 and eth2 was also needed. Now they are stopped.
Is there a way to not receive martians from the other NICs network, but receive otherwise? Is defining secondary IPs for both NICs with the other NIC's network can help? For some reasons it would be better to keep both NICs.
Is there a way to not receive martians from the other NICs network, but receive otherwise?
dropping martians is not a problem. the problem is that martian logging may occur (i'm not sure) early in the inspection process, earlier, for example, than the iptables rule which drops such a packet.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.