On Fri, Feb 09, 2007 at 06:02:09PM -0500, Brian J. Murrell wrote: > Lately I have been seeing "transient" (I say transient because the > problem will persist for a while and then magically clear itself up some > number of minutes later) situations where my gateway will log: > > Feb 9 17:23:45 gw.ilinx kernel: martian source 66.11.173.224 from > 64.86.88.116, on dev eth1 > Feb 9 17:23:45 gw.ilinx kernel: ll header: > 00:a0:24:2a:1f:72:00:13:5f:07:97:05:08:00 > > but I'm not quite sure how to read these and/or what would be causing > them. > > Concerning the packet that the message is describing I can assert that > eth1 is the interface the packet would have arrived on and 64.86.88.116 > would have been the party sending the packet and indeed > 00:A0:24:2A:1F:72 is the address of my eth1 and 00:13:5f:07:97:05 is the > router on the other end of that eth1. Finally, 66.11.173.224 is the > address of my other Internet interface, a pppoe link. > > So in the above messages, what is it trying to tell me about the packet > that arrived and what's the relevance of the 66.11.173.224 in it? All > seems well except that 66.11.173.224.
The message is somewhat obtusely phrased. The kernel has received a packet from 64.86.88.116 to 66.11.173.224 on eth1, and it doesn't like the source address for whatever reason, so it dropped the packet. Most likely, 64.86.88.116 is not routable via eth1, which implies either your routing tables are wrong or you need to disable return-path filtering on this interface (I still haven't been paying enough attention to know which, but you must disable rpfilter if your routing is assymetric). It's probably transient because the sending system notes that packets aren't getting through and tries a different route. Other less likely reasons: the kernel thinks that's a broadcast address, or something else that is not a unicast host address. The message sadly does not indicate which of the many obscure rules were violated. ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier. Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
