search for: martian

...d access.. but how is he connecting in the first place.. And why isnt he being refused by my servers hosts.deny file...? I have about 6 of these rogue logs with different connect names being used.. what can I do to clear this up?? Also on a side note, Any of you know what the deal is with the martian messages my kernel is getting?? or how to stop them?? They appeared right after a connection attempt by Gustavo.. I've attached a sample.. there are about 200-500 of them :: Nov 14 04:40:00 server CROND[20451]: (root) CMD ( /usr/share/msec/promisc_check.sh) Nov 14 04:40:14 server smbd[20...

Hi all: I see a lot of the errors below in /var/log/messages on my firewall: Aug 1 00:47:44 munin kernel: [109008.257109] martian source 192.168.1.5 from 127.0.0.1, on dev eth1 Aug 1 00:48:44 munin kernel: [109068.257384] martian source 192.168.1.5 from 127.0.0.1, on dev eth1 Aug 1 00:49:44 munin kernel: [109128.257509] martian source 192.168.1.5 from 127.0.0.1, on dev eth1 Aug 1 00:50:44 munin kernel: [109188.257788] mart...

I have a theory on the cause of a problem but it is still only a theory. I wonder if anyone here can confirm. I have a multi-isp configuration with a multi-path default route to each ISP, equally weighted. I am seeing, periodically, traffic dropped due to martian detection and errors logged on inbound traffic, but at other times, that same exact traffic will be allowed, no errors. My supposition is this: If I use "ip route get <source_addr>" for the source address that rp_filter is dropping traffic from I can see that it''s reporti...

We are seeing the following in our logs: Nov 25 16:21:41 fw kernel: martian source 139.142.66.253 from 10.0.0.199, on dev eth0 Nov 25 16:21:41 fw kernel: ll header: 00:a0:c9:60:0e:b2:00:02:7e:21:0e:dc:08:00 00:a0:c9:60:0e:b2 is the mac of our firewall interface on IP 139.142.66.253. 00:02:7e:21:0e:dc is the mac of our Cisco router on IP 10.0.0.1 10.0.0.199 is a Cisc...

...ppreciated. If I connect via IPSec from a machine behind a router on the remote end, all is fine: 192.168.42.242/32 == 12.221.192.13 -- 208.10.57.129 == 192.168.168.0/24 However, if I connect from a direct endpoint on the net like this: 12.221.194.89 -- 208.10.57.129 == 192.168.168.0/24 I get martian errors: Feb 25 20:09:04 fw kernel: martian source 208.10.57.129 from 12.221.194.89, on dev eth0 I''m most perplexed as to where to look... interfaces: rw ipsec+ zones: rw RoadWarriors Road Warriors policy: rw rw ACCEPT rw loc ACCEPT loc rw ACCE...

...0 Permanent HW addr: 2c:59:e5:3c:71:6c Slave queue ID: 0 [root at xxxxx ~]# cat /etc/sysconfig/network-scripts/ifcfg-bond0 DEVICE=bond0 IPADDR=10.104.x.x NETMASK=255.255.255.0 ONBOOT=yes BOOTPROTO=none USERCTL=no BONDING_OPTS="mode=1 miimon=1000" In /var/log/messages I have a lot martian source .... [root at xxxxx ~]# tail -f /var/log/messages Sep 17 13:26:38 xxxxx kernel: IPv4: martian source 10.104.172.0 from 0.0.0.0, on dev bond0 Sep 17 13:26:38 xxxxx kernel: ll header: 00000000: ff ff ff ff ff ff 00 00 00 00 5b 00 08 00 ..........[... Sep 17 13:26:39 xxxxx kernel: I...

I''m playing around with VLAN''s and I have a VLAN capable (layer 2) smart switch. I see a steady stream of martians in the logfile if I have the routefilter option set on the loc zone interfaces in /etc/shorewall/interfaces. I have two interfaces in the loc zone, eth1 and vlan2 respectively. vlan2 is an 802.1q trunk going towards the switch. Is this the expected behavior in this configuration? I just want t...

...t subnets, the next two are two different ISP''s and the last one is a private network for testing and administration. The second internal subnet (eth1) is rejecting all the arp requests to it and I get the following in the log files ever second or two - May 16 05:28:54 services kernel: martian source 172.28.130.6 from 172.28.130.1, on dev eth1 May 16 05:28:54 services kernel: ll header: ff:ff:ff:ff:ff:ff:00:a0:c8:83:d3:c8:08:06 172.28.130.1 is the router and 172.28.130.6 is eth1. Because of this the router is having issues getting traffic to it. Also this is a VPN gateway with ipsec...

...oute_rules as suggested by Tom and Jerry suggested. Lately I have been seeing "transient" (I say transient because the problem will persist for a while and then magically clear itself up some number of minutes later) situations where my gateway will log: Feb 9 17:23:45 gw.ilinx kernel: martian source 66.11.173.224 from 64.86.88.116, on dev eth1 Feb 9 17:23:45 gw.ilinx kernel: ll header: 00:a0:24:2a:1f:72:00:13:5f:07:97:05:08:00 but I''m not quite sure how to read these and/or what would be causing them. Concerning the packet that the message is describing I can assert that e...

...S2: ABC.DEF.254.101 ABC.DEF.254.101 ABC.DEF.254.101 NS3: ABD.XYZ.254.100 ABD.XYZ.254.100 ABD.XYZ.254.100 /etc/shorewall/zones fw firewall net ipv4 loc ipv4 serv ipv4 /etc/shorewall/interfaces net eth0 detect proxyarp,tcpflags,routefilter,nosmurfs,logmartians,norfc1918 serv eth1 detect dhcp loc eth2 detect dhcp,tcpflags,nosmurfs,blacklist (no masq file, no proxyarp file) This is also the setup for a firewall for the same local network (Shorewall 1.0.3) which works for several years. I just want to replace the older PC with a newer one ... I hav...

I''ve set up a simple 2-interface Linux router using shorewall-perl 4.0.8 (and upgraded to 4.0.9). Everything works flawlessly. One small exception I have noticed (since I''m a new shorewall user I assume this is probably an error on my part). 1. Problem: With no "logmartians" entries in /etc/shorewall/interfaces, shorewall-perl sets /proc/sys/net/ipv4/conf/*/log_martians to "0". 2. Expected behavior: For any interface entry in /etc/shorewall/interfaces for which the "logmartians" option is not present, shorewall-perl should take no action, le...

...301 192.168.0.1 track,balance eth0,eth1,eth0.* freeold 2048 2048 main eth2.302 88.162.207.254 track,balance eth0,eth1,eth0.* **** **** Log : *eth2.303 is Down!* Restarting Shorewall.... Initializing... Setting up Route Filtering... Setting up Martian Logging... Adding Providers... Setting up Traffic Control... Preparing iptables-restore input... Running /sbin/iptables-restore... IPv4 Forwarding Enabled done. .... .... 172.20.8.0/24 dev eth0.9 proto kernel scope link src 172.20.8.254 default nexthop via 88.162.205.254 dev eth2.303 we...

the establishment of an openvpn link sometimes fails. I tracked it down to network traffic with wrong Sourceport in the answer packet (should be 1300 not 1024): 2 1.119309000 aaa.185.165 bbb.162.192 UDP 58 Source port: 1300 Destination port: 1300 3 1.119446000 bbb.162.192 aaa.185.165 UDP 66 Source port: 1024 Destination port: 1300 and a collateral entry in the connection tracking table

...IP 172.16.110.139.1782 > 216.193.202.92.80: S 1919280507:1919280507(0) win 65535 <mss 1460,nop,nop,sackOK> 15:09:24.427183 IP 172.16.110.139.1782 > 216.193.202.92.80: S 1919280507:1919280507(0) win 65535 <mss 1460,nop,nop,sackOK> But the kernel sees the traffic as "martian" and disards them: Dec 1 15:09:45 xxxxxxxx last message repeated 9 times Dec 1 15:11:37 xxxxxxxx kernel: martian destination 127.0.0.1 from 172.16.110.139, dev br0 Dec 1 15:11:46 xxxxxxxx last message repeated 2 times Ok, that isn''t what I want to see... so I tried...

...dds the following features: 1) The default Drop and Reject actions now invoke the new standard action ''AllowICMPs''. This new action accepts critical ICMP types: Type 3 code 4 (fragmentation needed) Type 11 (TTL exceeded) 2) Explicit control over the kernel''s Martian logging is now provided using the new ''logmartians'' interface option. If you include ''logmartians'' in the interface option list then logging of Martian packets on will be enabled on the specified interface. If you wish to globally enable martian loggi...

i am reaving lots of martian broadcats Nov 8 15:37:57 firewall kernel: [ 895.708393] martian source 192.168.0.3 from 192.168.0.1, on dev eth0 Nov 8 15:37:57 firewall kernel: [ 895.708399] ll header: ff:ff:ff:ff:ff:ff:90:f6:52:3f:65:c0:08:00 Nov 8 15:37:59 firewall kernel: [ 897.711647] martian source 192.168.0.3 from 19...

...|netfilter at linuxace.com Resolution| |INVALID --- Comment #1 from Phil Oester <netfilter at linuxace.com> 2013-06-14 17:01:31 CEST --- These packets will never make it to netfilter, because they will be dropped by the network core as a martian source. If you enable logging of martian packets (via /proc/sys/net/ipv4/conf/*/log_martians), you will see an entry in your syslog similar to this: localhost kernel: [19202.736982] IPv4: martian source 192.168.19.150 from 192.168.19.255, on dev p3p1 As such, this is not a netfilter bug - it is...

..... inet Zone: eth0:0.0.0.0/0 pflan Zone: eth1:0.0.0.0/0 baja Zone: ipsec+:192.168.90.0/24 bcvpn Zone: ipsec+:192.168.0.0/24 Deleting user chains... Compiling /etc/shorewall/routestopped ... Creating Interface Chains... Compiling Common Rules Compiling Kernel Route Filtering... Compiling Martian Logging... Compiling IP Forwarding... Compiling /etc/shorewall/rules... Compiling /etc/shorewall/tunnels... Compiling Actions... Compiling /usr/share/shorewall/action.Drop for Chain Drop... Compiling /usr/share/shorewall/action.Reject for Chain Reject... Compiling /etc/shorewall/policy... Compiling...

Hi, I have recently installed shorewall with a very simple rules configuration, ---------------------------------- #SECTION RELATED SECTION NEW Ping/ACCEPT all $FW Trcrt/ACCEPT all $FW SSH/ACCEPT all $FW ACCEPT net $FW tcp http #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE ----------------------------------------- and I have no

The man page isn't helping, nor have I been able to find examples that work. For example, the man page claims I can do ipmitool lan get active, and I try, and it says, "invaling lan command, get". Do I set the MAC address for the lan to NIC 2? Anyone have a clue - I do *not* want martians on the real network. mark