If I understand this correctly, some device on your LAN is sending packets with a source address of 127.0.0.1. I would want to see those packets with tcpdump:
tcpdump -n -i eth1 host 127.0.0.1 Bill On 8/1/2012 4:54 AM, Øyvind Lode - Forums wrote: > I'll be the first one to admit that I don't know why this is happening. > > On the firewall there is 2 NICs. > > Eth0 = wan > Eth1 = lan > > There is only 1 default via and that is to the ISP's router. > > To me that makes sense. > > All clients and servers receive the same gateway settings from the dhcp > server on the firewall. > > Gateway = 192.168.1.1 which is the firewalls lan interface eth1. > > Servers receive static dhcp lease from the dhcp server but gateway, dns etc > is the same for all hosts. > > The only difference is that the static addresses is not a part of the dynamic > pool. > > I had a look at my Shorewall config and it look fine to me. > > But I changed LOG_MARTIANS=Yes to LOG_MARTIANS=No in > /etc/shorewall/shorewall.conf to stop these messages from cluttering my log. > > I still have logmargians activated on eth0 though. > > Is this an acceptable workaround or should I worry about those kernel > martians on eth1? > > -----Original Message----- > From: Benny Pedersen [mailto:[email protected]] > Sent: 1. august 2012 05:36 > To: [email protected] > Subject: Re: [Shorewall-users] A lot of kernel martian source messages in > /var/log/messages > > Den 2012-08-01 01:28, Øyvind Lode - Forums skrev: > >> 192.168.1.5 = Wireless Access Point. >> >> The AP receives it's IP via a static lease from isc-dhcp-server >> running on the firewall box. > are there any route with default via ?, if so remove this and make explicit > network routes > > default via is only good if ther is one network card with one outgoing wan ip > > maybe i am wrong, maybe i am not :) > > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and threat > landscape has changed and how IT managers can respond. Discussions will > include endpoint security, mobile security and the latest in malware threats. > http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
