Hi, I'm a computer amateur/hobbyist and a Suse/Linux newbie (from a WInXP-Pro background). I've run into a problem with some computers that I have setup as a local private network. I'll try and describe the setup, and the problem, clearly. I am using OpenSUSE 10.2. I have set up my frontend/public machine - FE - as a router by following: HOW-TO: Set Up a SUSE 10 Machine As a Router http://www.novell.com/coolsolutions/feature/16579.html I have two other machines that are behind the router machine, these private machines are P0 and P1. All three machine have two ethernet ports: eth0 and eth1. The frontend/public machine connects to the internet on eth0. According to my co-location provider, all the other ports are connected via a 'virtual-switch'(?), and are suppoosed to be on a private LAN. FE-eth0 ------------ internet FE-eth1 --| s P0-eth0 --| w P0-eth1 --| i P1-eth0 --| t P1-eth1 --| ch The FE-etho is in the external zone of the YaSt/Firewall, no ports are open and no services allowed. I can connect to FE-eth0 without problems (I use fwknop to open some connection port). All other interfaces are in the private zone of the YaSt/Firewall and everything is allowed I can connect from the FE-eth0 machine, and then to all the others without problems. The problem? Well, in /var/log/messages of the frontend machine I see lots (every couple of seconds) of: Nov 5 19:09:59 frontend kernel: printk: 135 messages suppressed. Nov 5 19:09:59 frontend kernel: martian source <IP-address> from <IP-address>, on dev eth1 Nov 5 19:09:59 frontend kernel: ll header: ff:ff:ff:ff:ff:ff:00:xx:xx:xx:xx:xx:xx:xx The port is always eth1, which on the frontend machine is the private network interface. The IP addresses come from outside of my machines, and seem to me to come from the wider network. My hosting tech support say that I have a private 'virtual switch' whatever that means, and that I shouldn't be seeing any outside traffic on the private interfaces. To confuse me more I see similar messages logged on the Private machines, but only for the address 255.255.255.255 or one of the private IP adresses, and the frequency is orders of magnitude less. Is the martian sources on the private interfce of the frontend machine due to the router setup? If so, how might I correct it? Is this problem likely to be due to the service providers setup of the 'virtual-switch'/virual private lan, or is that unlikely? I'd appreciate any suggestions - this has been going on for several months, and I'm at a loss - it would be great if I could claim with some certainly that this problem is not due to my YaST/Firewall/Router setup. Regards Mark --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org