Shorewall 4.5.1.1
I have 5 interfaces on a centos box, the first two are internal on two
different subnets, the next two are two different ISP''s and the last
one
is a private network for testing and administration. The second internal
subnet (eth1) is rejecting all the arp requests to it and I get the
following in the log files ever second or two -
May 16 05:28:54 services kernel: martian source 172.28.130.6 from
172.28.130.1, on dev eth1
May 16 05:28:54 services kernel: ll header:
ff:ff:ff:ff:ff:ff:00:a0:c8:83:d3:c8:08:06
172.28.130.1 is the router and 172.28.130.6 is eth1. Because of this the
router is having issues getting traffic to it. Also this is a VPN
gateway with ipsec VPN''s terminating to eth2 and going out on eth1. I
have a static route set in my router to direct the VPN subnets to
172.28.130.6. (172.29.0.0/16) I can communicate from the server to the
vpn endpoints just fine from the server, but not from other devices on
the network very well because the router (and other devices) cannot get
the arp to resolve for 172.28.130.6. I looked at wireshark to verify
that it is APR requests that are ending up as martians. I have tried
various combination''s in the interface file but nothing helps. Here is
what I have it at at the moment:
ipsec ipsec+ detect
pptp ppp+ detect
admin eth4 detect proxyarp,arp_filter
chart eth3 detect norfc1918,routefilter,arp_ignore,nosmurfs
tds eth2 detect norfc1918,routefilter,arp_ignore,nosmurfs
voip eth1 detect proxyarp,routeback
local eth0 detect proxyarp,routeback
Here is the rest of the ip information:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UP qlen 1000
link/ether 00:c0:9f:2a:32:46 brd ff:ff:ff:ff:ff:ff
inet 172.28.101.6/24 brd 255.255.255.255 scope global eth0
inet6 fe80::2c0:9fff:fe2a:3246/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UP qlen 1000
link/ether 00:1b:21:31:6b:00 brd ff:ff:ff:ff:ff:ff
inet 172.28.130.6/24 brd 255.255.255.255 scope global eth1
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UP qlen 1000
link/ether 00:1b:21:31:6b:01 brd ff:ff:ff:ff:ff:ff
inet 69.128.165.227/29 brd 255.255.255.255 scope global eth2
inet 172.28.130.1/32 scope global eth2
5: eth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UNKNOWN qlen 1000
link/ether 00:01:02:c2:9b:56 brd ff:ff:ff:ff:ff:ff
inet 24.159.225.220/29 brd 255.255.255.255 scope global eth3
6: eth4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UNKNOWN qlen 1000
link/ether 00:c0:a8:8d:6b:a6 brd ff:ff:ff:ff:ff:ff
inet 198.18.55.28/24 brd 255.255.255.255 scope global eth4
inet6 fe80::2c0:a8ff:fe8d:6ba6/64 scope link
valid_lft forever preferred_lft forever
24.159.225.217 dev eth3 scope link src 24.159.225.220
69.128.165.225 dev eth2 scope link src 69.128.165.227
24.159.225.216/29 dev eth3 proto kernel scope link src 24.159.225.220
69.128.165.224/29 dev eth2 proto kernel scope link src 69.128.165.227
172.29.110.0/24 via 69.128.165.225 dev eth2 src 172.28.130.1
198.18.55.0/24 dev eth4 proto kernel scope link src 198.18.55.28
172.28.130.0/24 dev eth1 proto kernel scope link src 172.28.130.6
172.28.101.0/24 dev eth0 proto kernel scope link src 172.28.101.6
172.29.100.0/24 via 69.128.165.225 dev eth2 src 172.28.130.1
169.254.0.0/16 dev eth0 scope link metric 1002
169.254.0.0/16 dev eth4 scope link metric 1006
default via 69.128.165.225 dev eth2
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today''s security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/