This is a FAQ. I asked the same question back in July, and this was the best answer I got: http://archives.neohapsis.com/archives/linux/suse/2000-q3/0161.html In general, such messages indicate misconfiguration or, potentially, monkey business. Any given case requires investigation and interpretation to decide what the specific cause is. Since I am not an expert, I won't venture any guidelines here. The relevant documentation is RFC1812, wherefrom the following: 5.3.7 Martian Address Filtering An IP source address is invalid if it is a special IP address, as defined in 4.2.2.11 or 5.3.7, or is not a unicast address. An IP destination address is invalid if it is among those defined as illegal destinations in 4.2.3.1, or is a Class E address (except 255.255.255.255). A router SHOULD NOT forward any packet that has an invalid IP source address or a source address on network 0. A router SHOULD NOT forward, except over a loopback interface, any packet that has a source address on network 127. A router MAY have a switch that allows the network manager to disable these checks. If such a switch is provided, it MUST default to performing the checks. A router SHOULD NOT forward any packet that has an invalid IP destination address or a destination address on network 0. A router SHOULD NOT forward, except over a loopback interface, any packet that has a destination address on network 127. A router MAY have a switch that allows the network manager to disable these checks. If such a switch is provided, it MUST default to performing the checks. If a router discards a packet because of these rules, it SHOULD log at least the IP source address, the IP destination address, and, if Baker Standards Track [Page 96] RFC 1812 Requirements for IP Version 4 Routers June 1995 the problem was with the source address, the physical interface on which the packet was received and the Link Layer address of the host or router from which the packet was received. 5.3.8 Source Address Validation A router SHOULD IMPLEMENT the ability to filter traffic based on a comparison of the source address of a packet and the forwarding table for a logical interface on which the packet was received. If this filtering is enabled, the router MUST silently discard a packet if the interface on which the packet was received is not the interface on which a packet would be forwarded to reach the address contained in the source address. In simpler terms, if a router wouldn't route a packet containing this address through a particular interface, it shouldn't believe the address if it appears as a source address in a packet read from this interface. If this feature is implemented, it MUST be disabled by default. DISCUSSION This feature can provide useful security improvements in some situations, but can erroneously discard valid packets in situations where paths are asymmetric. -- Corvin Russell <corvinr@sympatico.ca>