LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 12-07-2006, 12:01 PM   #1
Dr3am3r
LQ Newbie
 
Registered: Dec 2006
Posts: 3

Rep: Reputation: 0
Strange "martian source" messages in my linux gateway log files


First of all I want to say a hello to everyone on this great linux help community board as this is my first post here. The reason I created this thread is beacause I get alot of martian source messages in my log files. Below is a part of my log files containing the error the error message:

Quote:
Dec 7 17:31:40 spacefrog kernel: martian source 10.0.0.1 from 10.0.0.1, on dev eth0
Dec 7 17:31:40 spacefrog kernel: ll header: 00:01:02:f7:98:b4:00:90:d0:cb:53:09:08:00
Dec 7 17:40:07 spacefrog kernel: martian source 10.0.0.1 from 10.0.0.1, on dev eth0
Dec 7 17:40:07 spacefrog kernel: ll header: 00:01:02:f7:98:b4:00:90:d0:cb:53:09:08:00
Dec 7 17:40:10 spacefrog kernel: martian source 10.0.0.1 from 10.0.0.1, on dev eth0
Dec 7 17:40:10 spacefrog kernel: ll header: 00:01:02:f7:98:b4:00:90:d0:cb:53:09:08:00
Dec 7 17:40:16 spacefrog kernel: martian source 10.0.0.1 from 10.0.0.1, on dev eth0
Dec 7 17:40:16 spacefrog kernel: ll header: 00:01:02:f7:98:b4:00:90:d0:cb:53:09:08:00
I'll give you an explanation of my network setup. First of all I'm using an adsl router (alcatel speedtouch 510i) to connect outside. The mac of the router is 00:90:d0:cb:53:09. The adsl router is connected with my linux gateway machine on eth0 (extif). The extif mac is: 00:01:02:f7:98:b4. I'm also using another nic (eth1) on my linux gateway machine for my internal network. eth1 (internal network) is connected to a 3com 8-port switch. 4 windows machines are connected to that switch too. My internal network ip range is 192.168.192.x . Here is my ifconfig:
Quote:
eth0 Link encap:Ethernet HWaddr 00:01:02:F7:98:B4
inet addr:10.0.0.1 Bcast:10.0.0.255 Mask:255.255.255.0
inet6 addr: fe80::201:2ff:fef7:98b4/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1210280 errors:0 dropped:0 overruns:0 frame:0
TX packets:1368050 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:926661023 (883.7 MiB) TX bytes:1135084627 (1.0 GiB)
Interrupt:177 Base address:0xe000

eth1 Link encap:Ethernet HWaddr 00:10:A7:0C:06: DE
inet addr:192.168.192.1 Bcast:192.168.192.255 Mask:255.255.255.0
inet6 addr: fe80::210:a7ff:fe0c:6de/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1356841 errors:0 dropped:0 overruns:0 frame:0
TX packets:1181906 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1133330489 (1.0 GiB) TX bytes:921595555 (878.9 MiB)
Interrupt:217 Base address:0xe400

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:929310 errors:0 dropped:0 overruns:0 frame:0
TX packets:929310 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:76053800 (72.5 MiB) TX bytes:76053800 (72.5 MiB)
route table:

Quote:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.192.0 * 255.255.255.0 U 0 0 0 eth1
localnet * 255.255.255.0 U 0 0 0 eth0
default 10.0.0.138 0.0.0.0 UG 0 0 0 eth0
/etc/sysctl.conf

Quote:
#---------------------------------------------------
net.ipv4.ip_forward = 1
#---------------------------------------------------
net.ipv4.tcp_syncookies = 1
#---------------------------------------------------
net.ipv4.conf.all.rp_filter = 1
#---------------------------------------------------
net.ipv4.ip_dynaddr = 1
#---------------------------------------------------
net.ipv4.conf.all.log_martians = 1
#---------------------------------------------------
and my interface configuration file found at /etc/network/interfaces (debian 3.1 distro):

Quote:
auto eth0
iface eth0 inet static
address 10.0.0.1
netmask 255.255.255.0
network 10.0.0.0
broadcast 10.0.0.255
gateway 10.0.0.138

auto eth1
iface eth1 inet static
address 192.168.192.1
network 192.168.192.0
netmask 255.255.255.0
broadcast 192.168.192.255
(10.0.0.138 is my adsl router's ip)

Finally the iptables firewall/gateway file I'm using (very simple)

Quote:
/sbin/iptables -F
/sbin/iptables -t nat -F
/sbin/iptables -t mangle -F
/sbin/iptables -X

/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A INPUT -m state --state NEW -i ! eth0 -j ACCEPT

/sbin/iptables -P INPUT DROP

/sbin/iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT

/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

/sbin/iptables -A FORWARD -i eth0 -o eth0 -j REJECT
Dec 7 17:31:40 spacefrog kernel: martian source 10.0.0.1 from 10.0.0.1, on dev eth0
Dec 7 17:31:40 spacefrog kernel: ll header: 00:01:02:f7:98:b4:00:90:d0:cb:53:09:08:00 <== The first mac is eth0's mac address while the second one is my adsl router's mac so it seems that the router is sending a packet at eth0 but why kernel is rejecting it ? Can't understand why these erros apears. Maybe there's something wrong with my iptables firewall/gateway file ?
Error messages seems to apear only when there is traffic on the network..
Finally I must say the network seems to work fine.

I can't find a way to make those messages disapear (without disabling log martian option)
Any help appreciated. Thanks for your time
(Sorry for my bad english)

Last edited by Dr3am3r; 12-07-2006 at 12:26 PM.
 
Old 12-09-2006, 12:36 AM   #2
macemoneta
Senior Member
 
Registered: Jan 2005
Location: Manalapan, NJ
Distribution: Fedora x86 and x86_64, Debian PPC and ARM, Android
Posts: 4,593
Blog Entries: 2

Rep: Reputation: 326Reputation: 326Reputation: 326Reputation: 326
An explanation of "martians" is available here.
 
Old 12-09-2006, 08:57 AM   #3
nuxrl
Member
 
Registered: Jun 2006
Location: NY, USA
Distribution: Slackware, Arch
Posts: 176

Rep: Reputation: 35
Dr3am3r,

A "martian" message is logged when the router failed to route the package. From the log message, it seems that the ADSL interface and eh0 on you Linux box have the same IP (10.0.0.1) assigned. After checking the specification of your modem (http://www.modem-help.com/Alcatel/Sp...Router-v1.php), it seems that it has a built-in router and a RJ-45 port for LAN connection. So, you don't have to configure the Linux box to work as another router. The network could be configured like,

internet<->adsl modem/router<->hub/switch<->linux box and other machines on the lan
[--------------------] [-----------------------------------]
WAN LAN

Check rfc1812 for more information about martian filtering.

Hope this helps.

-n
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
What does "SFW2-INext-DROP-DEFLT" in my messages log file mean? TrulyTessa Linux - Networking 11 12-22-2004 09:28 AM
Multiple "device not ready" messages in System Log quasy Linux - Hardware 0 04-27-2004 05:58 AM
Boot messages not the same as "dmesg" or "/var/log/messages"? massai Linux - General 5 03-10-2004 12:18 AM
ongoing messages in the message log martian source saavik Linux - Networking 4 09-23-2002 06:52 AM
/var/log/messages contains "localhost" instead of the real hostname allel Linux - Networking 0 07-15-2002 02:49 PM


All times are GMT -5. The time now is 01:55 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration