Hi all, My gateway has started logging martian source packets. They have Jan 3 01:19:13 mordor kernel: martian source 192.168.250.3 from 192.168.250.251, on dev eth1 Jan 3 01:19:13 mordor kernel: ll header: ff:ff:ff:ff:ff:ff:00:08:c7:fa:ed:6f:08:06 Jan 3 01:21:26 mordor kernel: martian source 192.168.250.1 from 192.168.250.251, on dev eth1 Jan 3 01:21:26 mordor kernel: ll header: ff:ff:ff:ff:ff:ff:00:08:c7:fa:ed:6f:08:06 192.168.250.0/24 is my LAN, and eth1 on the gateway is 192.168.250.251, so it looks like the gateway is sending packets to itself with incorrect source address. The mac address for the gateway's eth1 is contained in the ll header line. The source is only ever the IP of a machine which is currently running, never a powered down one, or an IP which isn't present on the LAN. I have tried watching the log while using the client machines, but can't see a link between my activity and the bad packets. They occur approximately every 20 minutes, and are often followed by: Jan 3 00:59:06 mordor kernel: SuSE-FW-DROP-DEFAULT IN=eth0 OUT= MAC=00:60:94:6b:e5:ee:00:80:ad:ba:b2:c8:08:00 SRC=194.164.127.4 DST=10.0.0.12 LEN=76 TOS=0x10 PREC=0x00 TTL=248 ID=213 DF PROTO=UDP SPT=123 DPT=123 LEN=56 (10.0.0.12 is the IP of the gateway's external interface - eth0 - connected to my ADSL router) Looks like an NTP connection attempt? I use ntp here from 194.164.127.4 (ntp0.sandvika.net) but don't know why the server would be trying to make a connection to me. Cheers for any hints, info or pointers to tracking this down... Dylan -- Sweet moderation Heart of this nation Desert us not We are between the wars - Billy Bragg