25.07.2019 13:00, Peter Suetterlin пишет:

Hi list,

I wonder if one of the network gurus around here can give me some hints on an issue I'm seeing here:

We have a normal, visible IP address range for our observatory network. As we also have lots of guests that want internet access, I prefer to have them in a separate subnet (192.168 class), but using the same infrastructure. For this, the central server has two IP addresses on its (bonded) interface, and unknown clients get (via dhcp) an address in the 192 subnet, with the servers 192 address as gateway, and its set up to do forwarding and masquerading for them. This works fine (AFAICT)

However, the server log is full of martians (ARP requests) like this

Jul 25 09:00:26 helios kernel: IPv4: martian source 192.168.13.51 from 192.168.13.1, on dev bond0 Jul 25 09:00:26 helios kernel: ll header: 00000000: ff ff ff ff ff ff 00 e0 81 24 72 bf 08 06 .........$r...

13.51 is one of those unknown clients, 13.1 is the secondary address of bond0

This is ARP request from your system; it goes out of 192.168.13.1 and is received by the second interface on the same physical port too (because it is broadcast). So it is the second IP that logs them.

As I understand martians, they would be packets arriving on an interface that is not configured for that network. But I do have both the address and a routing entry for it, so I'm not really sure why it is regarding those as martian. Is something wrong in my setup? Are they only logged, or completely discarded? Can/should I just disable martian logging for this interface? Or are there better solutions?

-- To unsubscribe, e-mail: opensuse-support+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-support+owner@opensuse.org

25.07.2019 13:00, Peter Suetterlin пишет:

Hi list,

I wonder if one of the network gurus around here can give me some hints on an issue I'm seeing here:

We have a normal, visible IP address range for our observatory network. As we also have lots of guests that want internet access, I prefer to have them in a separate subnet (192.168 class), but using the same infrastructure. For this, the central server has two IP addresses on its (bonded) interface, and unknown clients get (via dhcp) an address in the 192 subnet, with the servers 192 address as gateway, and its set up to do forwarding and masquerading for them. This works fine (AFAICT)

However, the server log is full of martians (ARP requests) like this

Jul 25 09:00:26 helios kernel: IPv4: martian source 192.168.13.51 from 192.168.13.1, on dev bond0 Jul 25 09:00:26 helios kernel: ll header: 00000000: ff ff ff ff ff ff 00 e0 81 24 72 bf 08 06 .........$r...

13.51 is one of those unknown clients, 13.1 is the secondary address of bond0

This is ARP request from your system; it goes out of 192.168.13.1 and is received by the second interface on the same physical port too (because it is broadcast). So it is the second IP that logs them.

As I understand martians, they would be packets arriving on an interface that is not configured for that network. But I do have both the address and a routing entry for it, so I'm not really sure why it is regarding those as martian. Is something wrong in my setup? Are they only logged, or completely discarded? Can/should I just disable martian logging for this interface? Or are there better solutions?

-- To unsubscribe, e-mail: opensuse-support+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-support+owner@opensuse.org