On Mon, Nov 4, 2019 at 5:44 PM Tom Eastep <teas...@shorewall.net> wrote:
>
> Never use the routefilter/logmartians interface options with policy
> routing; use rpfilter instead.
Do you mean I should use rpfilter in the "interfaces" file (I've never
used routefilter)? Which interface? The one I'm seeing the martian
source messages for? Incidentally, adding the rpfilter option to
enp8s5 yields a 0 in /proc/sys/net/ipv4/conf/enp8s5/rp_filter.
Do these log lines mean that I'm seeing, for example, ethernet packets
from a host with IP addr. 10.215.144.35 with destination IP address
10.215.241.221 on interface enp8s5 (see further down) which has the
following configuration?
# ip a s enp8s5
8: enp8s5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UP group default qlen 1000
link/ether 00:e3:c0:5f:81:5d brd ff:ff:ff:ff:ff:ff
inet 192.168.245.9/29 brd 192.168.245.15 scope global enp8s5
valid_lft forever preferred_lft forever
inet6 fe80::2e3:c0ff:fe5f:815d/64 scope link
valid_lft forever preferred_lft forever
Nov 5 13:40:15 kernel: net_ratelimit: 137 callbacks suppressed
Nov 5 13:40:15 kernel: IPv4: martian source 10.215.248.9 from
10.215.144.91, on dev enp8s5
Nov 5 13:40:15 kernel: ll header: 00000000: ff ff ff ff ff ff e8 ea
6a 0c 4c 1c 08 06 ........j.L...
Nov 5 13:40:15 kernel: IPv4: martian source 10.215.241.221 from
10.215.144.35, on dev enp8s5
Nov 5 13:40:15 kernel: ll header: 00000000: ff ff ff ff ff ff 00 50
56 92 5b 09 08 06 .......PV.[...
Nov 5 13:40:15 kernel: IPv4: martian source 10.215.246.124 from
10.215.144.91, on dev enp8s5
Nov 5 13:40:15 kernel: ll header: 00000000: ff ff ff ff ff ff e8 ea
6a 0c 4c 1c 08 06 ........j.L...
Nov 5 13:40:15 kernel: IPv4: martian source 10.215.144.89 from
10.215.144.91, on dev enp8s5
Nov 5 13:40:15 kernel: ll header: 00000000: ff ff ff ff ff ff e8 ea
6a 0c 4c 1c 08 06 ........j.L...
Nov 5 13:40:15 kernel: IPv4: martian source 10.215.146.23 from
10.215.144.47, on dev enp8s5
Nov 5 13:40:15 kernel: ll header: 00000000: ff ff ff ff ff ff 18 60
24 ef b9 09 08 06 .......`$.....
Nov 5 13:40:15 kernel: IPv4: martian source 10.215.144.31 from
10.215.144.67, on dev enp8s5
Nov 5 13:40:15 kernel: ll header: 00000000: ff ff ff ff ff ff 00 50
56 b6 05 90 08 06 .......PV.....
Nov 5 13:40:15 kernel: IPv4: martian source 10.215.247.134 from
10.215.144.91, on dev enp8s5
Nov 5 13:40:15 kernel: ll header: 00000000: ff ff ff ff ff ff e8 ea
6a 0c 4c 1c 08 06 ........j.L...
Nov 5 13:40:15 kernel: IPv4: martian source 10.215.147.32 from
10.215.144.23, on dev enp8s5
Nov 5 13:40:15 kernel: ll header: 00000000: ff ff ff ff ff ff 52 54
00 de a6 34 08 06 ......RT...4..
Nov 5 13:40:15 kernel: IPv4: martian source 10.215.147.13 from
10.215.144.91, on dev enp8s5
Nov 5 13:40:15 kernel: ll header: 00000000: ff ff ff ff ff ff e8 ea
6a 0c 4c 1c 08 06 ........j.L...
Nov 5 13:40:15 kernel: IPv4: martian source 10.215.246.40 from
10.215.247.70, on dev enp8s5
Nov 5 13:40:15 kernel: ll header: 00000000: ff ff ff ff ff ff c4 34
6b 61 b7 bb 08 06 .......4ka....
In fact, I should not be seeing traffic between hosts with IP
addresses in the 10.215.* range on this enp8s5 interface. This could
be a loopback on the main switch since there's another NIC on the
Shorewall router connecting to the same switch. However, enp8s5 is
connected to a switch port with a specific VLAN ID. If the VLAN
implementation on this switch is correct, it should be impossible for
traffic for the 10.215.* hosts to reach the enp8s5 interface.
Does the martians log prove that there's something wrong on the main switch?
Thanks,
Vieri
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
