Well isn't that interesting. That Comcast IP is the address of the
ISP gateway I use. Both of my firewall/gateway boxes that are logging
martian packets are connected to similar Comcast routers. The routers
are configured in bridge mode so the router DHCP service has no
effect on my connection, but it might still be active on the router.
Also each ISP router also has a wireless interface and that could
still be active. My firewall doesn't block any private IPs coming
from the Internet interface since the ISP routers would never forward
them, so that explains how they get past the firewall.
No, I think traceroute doesn't special-case internal IP addresses.
Your routing table is (correctly) set up to route traffic for anything
other than your known subnets to the external internet, and that's
exactly what traceroute is doing. It's your ISP's job to discard
internal address packets, not yours.
But I think you're on to something with the ISP routers. Is there
some reason you don't just run the cable from the cable modem to the
external NIC on the gateway PC ? If you're willing to try that, and
the martians disappear, it's these routers.
Try going into configuration on these routers, and see what their DHCP
servers are set up for, and whether the 192.168.3 subnet appears
anywhere in there. It's possible that one of your DHCP-using wireless
clients is getting an answer to its broadcast from these guys before
your internal router, and picking up a 192.168.3.2 IP address from them.
Well the Comcast cable modem was a dead end. I checked it and DHCP is
disabled, and even if it were enabled it uses a completely different
subnet. Besides, It would be coming in on eth2 and not eth0. I checked
the wireless router in the LAN and it uses the 192.168.3.0/24 subnet for
it's DHCP connections. It has a fixed IP of 192.168.0.100 on the LAN
interface so I don't know why these IPs would ever be seen by the
firewall/gateway box, but this looks like the most likely source.
Jeff
