Re: [SLUG] Martians
John Clarke [EMAIL PROTECTED] uttered the following thing: Hi all, Since upgrading from dialup to adsl last week, I've been seeing this: dropbear kernel: martian source 150.101.124.189 from 127.0.0.1, on dev eth1 dropbear kernel: ll header: 00:00:e2:14:a6:b6:00:90:1a:40:6c:d9:08:00 in /var/log/messages occasionally. 150.101.124.189 is my gateway's address, eth1 is the network, and the dsl modem (dlink dsl-300+) is 150.101.124.190. Does anyone have any idea what might be causing these packets? What are the MAC addresses of your DSL modem and your linux box? It seems that whichever has the MAC address given in the kernel message is sending a packet with a 127.0.0.1 source address and that is a no-no. BB -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Martians
On Mon, Nov 03, 2003 at 11:15:24 +0100, Ben Buxton wrote: John Clarke [EMAIL PROTECTED] uttered the following thing: dropbear kernel: martian source 150.101.124.189 from 127.0.0.1, on dev eth1 dropbear kernel: ll header: 00:00:e2:14:a6:b6:00:90:1a:40:6c:d9:08:00 What are the MAC addresses of your DSL modem and your linux box? linux box: [EMAIL PROTECTED] ~]$ /sbin/ifconfig eth1|grep HWaddr eth1 Link encap:Ethernet HWaddr 00:00:E2:14:A6:B6 dsl modem: [EMAIL PROTECTED] ~]$ /sbin/arp -n -i eth1 Address HWtype HWaddress Flags MaskIface 150.101.124.190 ether 00:90:1A:40:6C:D9 C eth1 both of these addresses appear in the 'll header' message in the log. a bit of digging (which i should have done first but i was too tired to think straight - too many nights of four hours or less sleep) tells me that the 'll header' is the ethernet frame header, which is: struct ethhdr { unsigned char h_dest[ETH_ALEN]; /* destination eth addr */ unsigned char h_source[ETH_ALEN]; /* source ether addr*/ unsigned short h_proto;/* packet type ID field */ } __attribute__((packed)); what confused me is the first message says 'martian source 150.101.124.189', so i was thinking it was linux that was to blame, but that's actually the destination address. It seems that whichever has the MAC address given in the kernel message is sending a packet with a 127.0.0.1 source address and that is a no-no. i knew that, what i didn't know was where it came from. now i know it's the dsl modem, so i suppose all i can do is ignore it. thanks ben. cheers, john -- whois [EMAIL PROTECTED] GPG key id: 0xD59C360F http://kirriwa.net/john/ -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Martians
This one time, at band camp, John Clarke wrote: dropbear kernel: martian source 150.101.124.189 from 127.0.0.1, on dev eth1 dropbear kernel: ll header: 00:00:e2:14:a6:b6:00:90:1a:40:6c:d9:08:00 *stab* ll might be Link Level, and the string of hex digits are a pair of mac addresses with some extra data appended. -- [EMAIL PROTECTED] http://spacepants.org/jaq.gpg -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] Martians
Ethernet II defines this as:- |--dest--|src--|-typ-| 00:00:e2:14:a6:b6:00:90:1a:40:6c:d9:08:00 Type 0x0800 is IP Martin Visser ,CISSP Network and Security Consultant Technology Infrastructure - Consulting Integration HP Services 3 Richardson Place North Ryde, Sydney NSW 2113, Australia Phone *: +61-2-9022-1670Mobile *: +61-411-254-513 Fax 7: +61-2-9022-1800 E-mail * : martin.visserAThp.com -Original Message- From: Jamie Wilkinson [mailto:[EMAIL PROTECTED] Sent: Tuesday, 4 November 2003 1:10 AM To: [EMAIL PROTECTED] Subject: Re: [SLUG] Martians This one time, at band camp, John Clarke wrote: dropbear kernel: martian source 150.101.124.189 from 127.0.0.1, on dev eth1 dropbear kernel: ll header: 00:00:e2:14:a6:b6:00:90:1a:40:6c:d9:08:00 *stab* ll might be Link Level, and the string of hex digits are a pair of mac addresses with some extra data appended. -- [EMAIL PROTECTED] http://spacepants.org/jaq.gpg -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] Martians
Hi all, Since upgrading from dialup to adsl last week, I've been seeing this: dropbear kernel: martian source 150.101.124.189 from 127.0.0.1, on dev eth1 dropbear kernel: ll header: 00:00:e2:14:a6:b6:00:90:1a:40:6c:d9:08:00 in /var/log/messages occasionally. 150.101.124.189 is my gateway's address, eth1 is the network, and the dsl modem (dlink dsl-300+) is 150.101.124.190. Does anyone have any idea what might be causing these packets? Thanks, John -- whois [EMAIL PROTECTED] GPG key id: 0xD59C360F http://kirriwa.net/john/ -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Martians, multipath routing tangle...
Peter Chubb wrote: I have a box here with two interfaces, each on a different subnet. One of these interfaces is public, and appears in DNS. The other is private, and is meant to be used for local boot-time file serving and DHCP. I gather this is something to do with DHCP giving out its public address onto the private network. Normally, the boxen on the private address only need to know about the address of the private interface. When the private interface is brought up, other machines with interfaces on the private network can no longer talk to the box. Are you saying that can talk to the box before the private interface is brought up? Are they on physically different subnets? -- Terry Collins {:-)}}} email: terryc at woa.com.au www: http://www.woa.com.au Wombat Outdoor Adventures Bicycles, Computers, GIS, Printing, Publishing People without trees are like fish without clean water -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Martians, multipath routing tangle...
thinks they are martians. Is there a config option that will allow this to work? As I see it, a packet arriving at an interface whose destination address is that interface should usually be allowed, no matter what its source address is (providing it's not the 127.0.0.0 network, of course!) you might try echo 0 /proc/sys/net/ipv4/conf/eth0/rp_filter I may conf/all/rp_filter. Dave. Peter C -- David Airlie, Software Engineer http://www.skynet.ie/~airlied / [EMAIL PROTECTED] pam_smb / Linux DECstation / Linux VAX / ILUG person -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] Martians, multipath routing tangle...
I have a box here with two interfaces, each on a different subnet. One of these interfaces is public, and appears in DNS. The other is private, and is meant to be used for local boot-time file serving and DHCP. When the private interface is brought up, other machines with interfaces on the private network can no longer talk to the box. They want to talk to the public interface; but the dual-homed machine thinks they are martians. Is there a config option that will allow this to work? As I see it, a packet arriving at an interface whose destination address is that interface should usually be allowed, no matter what its source address is (providing it's not the 127.0.0.0 network, of course!) Peter C -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug