Firewall2 log - What does this mean
Hi list, I'm new to firewall2 and I am investigating the use of raw iptables as an alternative. May be a stupid question - but here goes anyway - thanks for you patience.. What does this mean:- Mar 7 19:49:31 dilmom kernel: martian source 10.0.0.5 from 62.49.zzz.xxx, on dev eth0 Mar 7 19:49:31 dilmom kernel: ll header: 00:10:4b:00:d4:1b:00:90:27:6d:cb:e9:08:00 Mar 7 19:49:33 dilmom kernel: martian source 10.0.0.5 from 62.49.zzz.xxx, on dev eth0 Mar 7 19:49:33 dilmom kernel: ll header: 00:10:4b:00:d4:1b:00:90:27:6d:cb:e9:08:00 Mar 7 19:49:34 dilmom kernel: martian source 10.0.0.5 from 62.49.zzz.xxx, on dev eth0 Mar 7 19:49:34 dilmom kernel: ll header: 00:10:4b:00:d4:1b:00:90:27:6d:cb:e9:08:00 Mar 7 19:49:37 dilmom kernel: martian source 10.0.0.5 from 62.49.zzz.xxx, on dev eth0 Mar 7 19:49:37 dilmom kernel: ll header: 00:10:4b:00:d4:1b:00:90:27:6d:cb:e9:08:00 Mar 7 19:49:39 dilmom kernel: martian source 10.0.0.5 from 62.49.zzz.xxx, on dev eth0 Mar 7 19:49:39 dilmom kernel: ll header: 00:10:4b:00:d4:1b:00:90:27:6d:cb:e9:08:00 Mar 7 19:49:40 dilmom kernel: martian source 10.0.0.5 from 62.49.zzz.xxx, on dev eth0 The masked ip address in our NT server. Thanks. To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
Kevin Passey wrote:
Hi list,
I'm new to firewall2 and I am investigating the use of raw iptables as an alternative.
May be a stupid question - but here goes anyway - thanks for you patience..
What does this mean:-
Mar 7 19:49:31 dilmom kernel: martian source 10.0.0.5 from 62.49.zzz.xxx, on dev eth0 Mar 7 19:49:31 dilmom kernel: ll header: 00:10:4b:00:d4:1b:00:90:27:6d:cb:e9:08:00
that tells you that the source 10.0.0.5 cannot come in on eth0 cause there's another network connected to. Its like anti spoofing rules. -- intraDAT AG http://www.intradat.com Wilhelm-Leuschner-Strasse 7 Tel: +49 69-25629-0 D - 60329 Frankfurt am Main Fax: +49 69-25629-256 Junk mail is war. RFCs do not apply.
Quite easy [snip] What does "kernel: martian source aabbccdd for 11223344, dev eth0" mean? These are packets that Linux does not expect from the direction they came from (i.e. packets from internal hosts coming in on the external interface). The cause is probably a misconfigured machine on your LAN. You can turn off logging those packets via /proc/sys/net/ipv4/conf/*interface*/log_martians which is documented in /usr/src/linux/Documentation/proc.txt [snap] Michael Appeldorn
participants (3)
-
Kevin Passey
-
Michael Appeldorn
-
Sven Michels