Hi! I guess you are rigth. In fact, that was my previous configuration, since always. I tried adding eth0 and lo to SuSEfirewall2 but it didn't make any difference.

If you are using PPP over ethernet, eth0 will NOT be your external device. Also, I don't think that lo should be treated as an internal device. It should read FW_DEV_EXT="ppp0" FW_DEV_INT="eth1"

Hi Thomas, On Wednesday 17 September 2003 20:29, Thomas Schweiger wrote:

...

I have an ADSL/Ethernet modem on ppp0: ppp0 Link encap:Point-to-Point Protocol inet addr:81.56.221.174 P-t-P:192.168.254.254 Mask:255.255.255.255

^^^^^^^^^^^^^^^ This looks strange. The P-t-P should be an IP of your ISP (your next hop to the internet). If you're using rp-pppoe there is a switch "DEFAULTROUTE=" in your /etc/ppp/pppoe.conf. It have to be like this

Yes, that's what I though. Isn't this IP reserved? Indeed the PtP is my default route, and the gateway IP is the one that my ISP sends at the beginning of the connection. Here is my routing table: montblanc:/home/pep # netstat -nr Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 192.168.254.254 0.0.0.0 255.255.255.255 UH 40 0 0 ppp0 10.0.0.0 0.0.0.0 255.255.255.0 U 40 0 0 eth0 192.168.0.0 0.0.0.0 255.255.255.0 U 40 0 0 eth1 0.0.0.0 192.168.254.254 0.0.0.0 UG 40 0 0 ppp0 montblanc:/home/pep #

<!-- snip # /etc/ppp/pppoe.conf --> # Make the PPPoE connection your default route. Set to # DEFAULTROUTE=no if you don't want this. DEFAULTROUTE=yes <!-- snap -->

If your're using smpppd change it against the rp-ppppoe. (I hate smpppd) ;-)

I've been using the smppd since 8.0 and never had a problem before. What's so wrong with it? Cheers Pep Serrano

Hola Thomas!

...

On Wednesday 17 September 2003 20:29, Thomas Schweiger wrote:

...

...

...

I have an ADSL/Ethernet modem on ppp0: ppp0 Link encap:Point-to-Point Protocol inet addr:81.56.221.174 P-t-P:192.168.254.254 Mask:255.255.255.255

Yes, that's what I though. Isn't this IP reserved?

Yepp. It's a non routed private IP address. I can't reproduce why your ISP should give you a private IP address as your standard gateway. 192.168.x.x are not routed addresses.

When I do a traceroute from my home box to the inet I get through 192.168.254.254: montblanc:/etc/ppp # traceroute microsoft.com traceroute to microsoft.com (207.46.245.222), 30 hops max, 40 byte packets 1 192.168.254.254 (192.168.254.254) 122 ms 136 ms 121 ms 2 th2-6k-1.routers.proxad.net (212.27.37.30) 121 ms 120 ms 128 ms 3 Ge1-2.PASBB2.Pastourelle.opentransit.net (193.251.252.221) 123 ms 119 ms 121 ms ... But when I do a traceroute from inet to my home computer the 192.168.254.254 is missing (as should be!): ... 6 free-telecom.sfinx.tm.fr (194.68.129.223) 1.305 ms 2.210 ms 1.644 ms 7 th2-6k-1-a0.routers.proxad.net (212.27.32.212) 1.623 ms 9.910 ms 2.332 ms 8 lns-th2-4-a10.routers.proxad.net (212.27.37.4) 2.214 ms 2.088 ms 11.017 ms 9 lns-th2-4f-81-56-221-174.adsl.proxad.net (81.56.221.174) 79.620 ms 74.923 ms 75.842 ms

...

Here is my routing table: montblanc:/home/pep # netstat -nr Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 192.168.254.254 0.0.0.0 255.255.255.255 UH 40 0 0 ppp0

^^^^^^^^^^^^^^^ Here should be the P-t-P address of your ppp0 device.

It is the P-t-P address of my ppp0. Do I miss something?

Something's definitly wrong with your routing table. Have a look to your /etc/ppp/options. It should look like this

We have identic ppp options config. Buenas noches, Pep Serrano.

Pep, we have the same problem. My P-t-P router has a private ip address too. Everything works properly, except the marsians log. A private IP address as gateway is not necessarily a problem. ISP's use

On Sep 18, Roland Freeman wrote: this to save IP addresses and it is in no way bad for anyone. As long as they are not used in the route back to you, which isn't the case as you stated. Markus -- __________________ /"\ Markus Gaugusch \ / ASCII Ribbon Campaign markus@gaugusch.at X Against HTML Mail / \

On Thu, 2003-09-18 at 10:23, Pep Serrano wrote:

But is this the real cause of our martian logs?

...

On Sep 18, Roland Freeman wrote:

...

Pep, we have the same problem. My P-t-P router has a private ip address too. Everything works properly, except the marsians log.

...

A private IP address as gateway is not necessarily a problem. ISP's use this to save IP addresses and it is in no way bad for anyone. As long as they are not used in the route back to you, which isn't the case as you stated.

Last night I spent some time with ethereal tracking my traffic between the loopback and my ppp0. I could see there are some packets from localhost on port 80 to random ports of ppp0. This packet repeats abour every minute. I closed almost all services, disabled routing, no applications... lsof didn't show any process using localhost:80, and yet the werid traffic was still there.

That would be incoming web requests from machines on the other side of your modem. Probably someone trying to see if you're running a web server. Log the packets and inspect the contents.

Cheers Pep Serrano.

-- -- Raymond Leach Network Support Specialist http://www.knowledgefactory.co.za "lynx -source http://www.rchq.co.za/raymondl.asc | gpg --import" Key fingerprint = 7209 A695 9EE0 E971 A9AD 00EE 8757 EE47 F06F FB28 --

Alle 10:23, giovedì 18 settembre 2003, Pep Serrano ha scritto:

But is this the real cause of our martian logs?

...

On Sep 18, Roland Freeman wrote:

...

Pep, we have the same problem. My P-t-P router has a private ip address too. Everything works properly, except the marsians log.

A private IP address as gateway is not necessarily a problem. ISP's use this to save IP addresses and it is in no way bad for anyone. As long as they are not used in the route back to you, which isn't the case as you stated.

Last night I spent some time with ethereal tracking my traffic between the loopback and my ppp0. I could see there are some packets from localhost on port 80 to random ports of ppp0. This packet repeats abour every minute. I closed almost all services, disabled routing, no applications... lsof didn't show any process using localhost:80, and yet the werid traffic was still there.

Cheers Pep Serrano.

I did the same, and found the same results. All the packets are from port 80 to a high port on ppp0. Logs report "ll header: 45:00:00:28" While receiving this packets (from localhost:80) I am not even surfing the web, but they still arrives. All tcp packets I have seen have the RST ACK flags set.