On 11/5/19 5:50 AM, Vieri Di Paola wrote: > On Mon, Nov 4, 2019 at 5:44 PM Tom Eastep <teas...@shorewall.net> wrote: >> >> Never use the routefilter/logmartians interface options with policy >> routing; use rpfilter instead. > > Do you mean I should use rpfilter in the "interfaces" file (I've never > used routefilter)? Which interface? The one I'm seeing the martian > source messages for? Incidentally, adding the rpfilter option to > enp8s5 yields a 0 in /proc/sys/net/ipv4/conf/enp8s5/rp_filter.
Which is exactly what you want. I suspect that your sysconf configuration is setting that option to 1. > > Do these log lines mean that I'm seeing, for example, ethernet packets > from a host with IP addr. 10.215.144.35 with destination IP address > 10.215.241.221 on interface enp8s5 (see further down) which has the > following configuration? A martian packet is one that is received on an interface from a host that is routed out of a different interface. As I mentioned before, it does not take policy routing into account. > > # ip a s enp8s5 > 8: enp8s5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast > state UP group default qlen 1000 > link/ether 00:e3:c0:5f:81:5d brd ff:ff:ff:ff:ff:ff > inet 192.168.245.9/29 brd 192.168.245.15 scope global enp8s5 > valid_lft forever preferred_lft forever > inet6 fe80::2e3:c0ff:fe5f:815d/64 scope link > valid_lft forever preferred_lft forever > > Nov 5 13:40:15 kernel: net_ratelimit: 137 callbacks suppressed > Nov 5 13:40:15 kernel: IPv4: martian source 10.215.248.9 from > 10.215.144.91, on dev enp8s5 > Nov 5 13:40:15 kernel: ll header: 00000000: ff ff ff ff ff ff e8 ea > 6a 0c 4c 1c 08 06 ........j.L... > Nov 5 13:40:15 kernel: IPv4: martian source 10.215.241.221 from > 10.215.144.35, on dev enp8s5 > Nov 5 13:40:15 kernel: ll header: 00000000: ff ff ff ff ff ff 00 50 > 56 92 5b 09 08 06 .......PV.[... > Nov 5 13:40:15 kernel: IPv4: martian source 10.215.246.124 from > 10.215.144.91, on dev enp8s5 > Nov 5 13:40:15 kernel: ll header: 00000000: ff ff ff ff ff ff e8 ea > 6a 0c 4c 1c 08 06 ........j.L... > Nov 5 13:40:15 kernel: IPv4: martian source 10.215.144.89 from > 10.215.144.91, on dev enp8s5 > Nov 5 13:40:15 kernel: ll header: 00000000: ff ff ff ff ff ff e8 ea > 6a 0c 4c 1c 08 06 ........j.L... > Nov 5 13:40:15 kernel: IPv4: martian source 10.215.146.23 from > 10.215.144.47, on dev enp8s5 > Nov 5 13:40:15 kernel: ll header: 00000000: ff ff ff ff ff ff 18 60 > 24 ef b9 09 08 06 .......`$..... > Nov 5 13:40:15 kernel: IPv4: martian source 10.215.144.31 from > 10.215.144.67, on dev enp8s5 > Nov 5 13:40:15 kernel: ll header: 00000000: ff ff ff ff ff ff 00 50 > 56 b6 05 90 08 06 .......PV..... > Nov 5 13:40:15 kernel: IPv4: martian source 10.215.247.134 from > 10.215.144.91, on dev enp8s5 > Nov 5 13:40:15 kernel: ll header: 00000000: ff ff ff ff ff ff e8 ea > 6a 0c 4c 1c 08 06 ........j.L... > Nov 5 13:40:15 kernel: IPv4: martian source 10.215.147.32 from > 10.215.144.23, on dev enp8s5 > Nov 5 13:40:15 kernel: ll header: 00000000: ff ff ff ff ff ff 52 54 > 00 de a6 34 08 06 ......RT...4.. > Nov 5 13:40:15 kernel: IPv4: martian source 10.215.147.13 from > 10.215.144.91, on dev enp8s5 > Nov 5 13:40:15 kernel: ll header: 00000000: ff ff ff ff ff ff e8 ea > 6a 0c 4c 1c 08 06 ........j.L... > Nov 5 13:40:15 kernel: IPv4: martian source 10.215.246.40 from > 10.215.247.70, on dev enp8s5 > Nov 5 13:40:15 kernel: ll header: 00000000: ff ff ff ff ff ff c4 34 > 6b 61 b7 bb 08 06 .......4ka.... > > In fact, I should not be seeing traffic between hosts with IP > addresses in the 10.215.* range on this enp8s5 interface. This could > be a loopback on the main switch since there's another NIC on the > Shorewall router connecting to the same switch. However, enp8s5 is > connected to a switch port with a specific VLAN ID. If the VLAN > implementation on this switch is correct, it should be impossible for > traffic for the 10.215.* hosts to reach the enp8s5 interface. > Does the martians log prove that there's something wrong on the main switch? > Seems like it. -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
