On 05/07/2012 04:47 PM, Maarten Vanraes wrote:
Op maandag 07 mei 2012 14:23:44 schreef Frank Griffin:
On 05/07/2012 06:45 AM, Frank Griffin wrote:
On 05/06/2012 09:15 PM, imnotpc wrote:
1) Is eth0 the interface facing the internet ?
No, this interface faces the LAN which has a 192.168.0.0/24 subnet.
OK, so if eth0 has no outside internet access, you are correct in saying
that something in your network is doing this.
2) Is 173.194.74.154 the IP address assigned (currently) to you by
your ISP ?
No, that IP returns to qe-in-f154.1e100.net which appears to be a
server owned by Google.
Yes. I thought maybe Google was your ISP.
4) What does "traceroute 192.168.3.2" from the gateway give ?
[root@Cedar1 /]# traceroute 192.168.3.2
traceroute to 192.168.3.2 (192.168.3.2), 30 hops max, 60 byte packets
1 74-94-209-242-BusName-VA.hfc.comcastbusiness.net (74.94.209.242)
0.670 ms 1.372 ms 1.686 ms
2 * * *
Well isn't that interesting. That Comcast IP is the address of the ISP
gateway I use. Both of my firewall/gateway boxes that are logging
martian packets are connected to similar Comcast routers. The routers
are configured in bridge mode so the router DHCP service has no effect
on my connection, but it might still be active on the router. Also
each ISP router also has a wireless interface and that could still be
active. My firewall doesn't block any private IPs coming from the
Internet interface since the ISP routers would never forward them, so
that explains how they get past the firewall.
No, I think traceroute doesn't special-case internal IP addresses. Your
routing table is (correctly) set up to route traffic for anything other
than your known subnets to the external internet, and that's exactly
what traceroute is doing. It's your ISP's job to discard internal
address packets, not yours.
But I think you're on to something with the ISP routers. Is there some
reason you don't just run the cable from the cable modem to the external
NIC on the gateway PC ? If you're willing to try that, and the martians
disappear, it's these routers.
Try going into configuration on these routers, and see what their DHCP
servers are set up for, and whether the 192.168.3 subnet appears
anywhere in there. It's possible that one of your DHCP-using wireless
clients is getting an answer to its broadcast from these guys before
your internal router, and picking up a 192.168.3.2 IP address from them.
my martians are mostly from: hosts in subnet of my public IP, or internal
ranges from modems, and mostly broadcasts or arp stuff.
i think this 192.168.3.1 stuff is likely someone in your ISP subnet that is
doing bad natting and is trying to get out (much like you pinging 192.168.3.x
which is going outside your public ip, that'll get martians on someone elses
pc for instance
Since it seems to be coming in on the LAN facing interface, wouldn't it
be more likely a bad configuration somewhere in my LAN? Everything seems
to point to my cheap Netgear wireless router even though I just
rechecked it and it's configured properly (to the best of my knowledge).
Jeff
