On 05/06/2012 09:15 PM, imnotpc wrote:
I apologize that I didn't give more detail when I started this thread,
but this has become more involved/detailed discussion than I
envisioned. Let me give you the topography of my network as best as I
can describe:
Firewall/Gateway: Mga2 box with 3 NICs which forwards traffic from the
DMZ and the LAN to the Internet and back. The Internet facing NIC has
a public IP. The DMZ is a private subnet with all fixed IPs. The LAN
subnet also has all fixed IPs in the 192.168.0.0/24 range. Iptables
firewall logs and drops all traffic that doesn't originate from these
subnets.
LAN: All the LAN hosts have fixed IPs IN the 192.168.0.0/24 range.
Linux host firewalls block all outgoing traffic that doesn't originate
from the assigned IP address. Windows/other hosts do whatever they do.
Wireless Router Attached to the LAN: The LAN facing NIC on the
wireless router has a fixed IP of 192.168.0.100. The wireless
interface is configured to assign IPs in the 192.168.2.0/24 range to
the wireless hosts using DHCP.
Wireless Hosts: Connect to wireless router via DHCP. I believe these
hosts are generating the martian packets.
I understand the the wireless host may identify themselves using other
IPs due to other connection/configuration issues, but I can't
understand how the kernel on the Mga2 gateway is ever able to see
packets originating from 192.168.3.2 or any other unauthorized subnet.
This is my major concern since it may indicate an error in my LAN
configuration.
1) Is eth0 the interface facing the internet ?
2) Is 173.194.74.154 the IP address assigned (currently) to you by your
ISP ?
3) If you ping 192.168.3.2 when you're getting the martians, do you get
any response ?
4) What does "traceroute 192.168.3.2" from the gateway give ?
