Hi I got a server with dual nics. Each nic is connected to an dsl gateway. This is essentially a dual standalone system with a single network interface, but all Ethernet cables is using 1 switch. Eth0 and eth1 and 192.168.1.0/24 and 192.168.2.0/24 All is working fine, except I am getting these messages in the logs. kernel: [101768.560151] IPv4: martian source 192.168.2.255 from 192.168.2.230, on dev eth0 kernel: [101768.560160] ll header: 00000000: ff ff ff ff ff ff 00 25 90 57 d4 64 08 00 The switch does not have vlan capabilities, so I am putting the PC''s through the IP phone''s and uplinked to the switch. The PC are in 192.168.1.0/24 and Phones in 192.168.2.0/24 I have read the multiple ISP setup, but it is not exactly the same. I removed routefilter and left logmartians in interfaces. I am not sure what I should be putting rules file to prevent this. The other alternative I done is remove logmatians but I prefer to keep that option. Thanks in advance /K ------------------------------------------------------------------------------ November Webinars for C, C++, Fortran Developers Accelerate application performance with scalable programming models. Explore techniques for threading, error checking, porting, and tuning. Get the most from the latest Intel processors and coprocessors. See abstracts and register http://pubads.g.doubleclick.net/gampad/clk?id=60136231&iu=/4140/ostg.clktrk
On 11/10/2013 2:37 AM, Kilburn Abrahams wrote:> Hi > > I got a server with dual nics. Each nic is connected to an dsl gateway. > This is essentially a dual standalone system with a single network > interface, but all Ethernet cables is using 1 switch. > > Eth0 and eth1 and 192.168.1.0/24 and 192.168.2.0/24 > > All is working fine, except I am getting these messages in the logs. > > kernel: [101768.560151] IPv4: martian source 192.168.2.255 from > 192.168.2.230, on dev eth0 > kernel: [101768.560160] ll header: 00000000: ff ff ff ff ff ff 00 25 90 > 57 d4 64 08 00 > > The switch does not have vlan capabilities, so I am putting the PC''s > through the IP phone''s and uplinked to the switch. The PC are in > 192.168.1.0/24 and Phones in 192.168.2.0/24 > > I have read the multiple ISP setup, but it is not exactly the same. I > removed routefilter and left logmartians in interfaces. > > I am not sure what I should be putting rules file to prevent this. The > other alternative I done is remove logmatians but I prefer to keep that > option.You need to use the arp_filter or arp_ignore interface option on both interfaces to prevent them from responding to who-has requests for the other one. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ November Webinars for C, C++, Fortran Developers Accelerate application performance with scalable programming models. Explore techniques for threading, error checking, porting, and tuning. Get the most from the latest Intel processors and coprocessors. See abstracts and register http://pubads.g.doubleclick.net/gampad/clk?id=60136231&iu=/4140/ostg.clktrk
On 11/11/2013 2:12 AM, Kilburn Abrahams wrote:> On 11/11/2013 02:55 AM, Tom Eastep wrote: >> On 11/10/2013 2:37 AM, Kilburn Abrahams wrote: >>> Hi >>> >>> I got a server with dual nics. Each nic is connected to an dsl gateway. >>> This is essentially a dual standalone system with a single network >>> interface, but all Ethernet cables is using 1 switch. >>> >>> Eth0 and eth1 and 192.168.1.0/24 and 192.168.2.0/24 >>> >>> All is working fine, except I am getting these messages in the logs. >>> >>> kernel: [101768.560151] IPv4: martian source 192.168.2.255 from >>> 192.168.2.230, on dev eth0 >>> kernel: [101768.560160] ll header: 00000000: ff ff ff ff ff ff 00 25 90 >>> 57 d4 64 08 00 >>> >>> The switch does not have vlan capabilities, so I am putting the PC''s >>> through the IP phone''s and uplinked to the switch. The PC are in >>> 192.168.1.0/24 and Phones in 192.168.2.0/24 >>> >>> I have read the multiple ISP setup, but it is not exactly the same. I >>> removed routefilter and left logmartians in interfaces. >>> >>> I am not sure what I should be putting rules file to prevent this. The >>> other alternative I done is remove logmatians but I prefer to keep that >>> option. >> You need to use the arp_filter or arp_ignore interface option on both >> interfaces to prevent them from responding to who-has requests for the >> other one. >> >> -Tom >> > Tom, > > I tried all arp_ignore options and still get the same results.It may take hours before the change takes effect because the upstream routers have cached the bogus ARP responses that they have been getting from your Shorewall box. You can possibly speed up the process by following the procedure under ''ARP Cache'' at http://www.shorewall.org/ProxyARP.htm -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ November Webinars for C, C++, Fortran Developers Accelerate application performance with scalable programming models. Explore techniques for threading, error checking, porting, and tuning. Get the most from the latest Intel processors and coprocessors. See abstracts and register http://pubads.g.doubleclick.net/gampad/clk?id=60136231&iu=/4140/ostg.clktrk