Re: [SLE] martian source in dev eth0
Carlos Illana <cillana@teleline.es> wrote:
I have a remote linux box connected to a cisco router with a direct cross cable. I access remotely to it through ssh. But soumetimes I realize that I can not access to my linux box, and when I walk to the computer I see this message in the log:
Jul 3 10:41:55 dragon kernel: martian source fe14030a for 4614030a, dev eth0
The only documentation that at least mentions this kind of logging I found in /usr/src/linux/Documentation/networking/ip-sysctl.txt: log_martians - BOOLEAN Log packets with impossible addresses to kernel log. This means that the kernel doesn't accept the source address 10.3.20.254 (= fe14030a; the destination address of the packet in question is 10.3.20.70 = 4614030a).
Jul 3 10:41:55 dragon kernel: ll header: ff ff ff ff ff ff 00 b0 c2 88 50 01 08 06
This is the MAC (ll = link level) header of the packet, i.e., the header of the Ethernet frame: Destination: ff ff ff ff ff ff = broadcast Source: 00 b0 c2 88 50 01 = sender's MAC address Type: 08 06 = ARP (Address Resolution Protocol) Maybe something goes wrong when the remote host tries to look up the MAC address for this host's IP address. For some reason 10.3.20.254 (which is a valid IP unicast address) is regarded as an impossible source address.
Then, I do a telnet to any place and I can do a ssh from outside again.
Perhaps the address resolution works only in one direction. In this case all would be ok after doing it once in the "right" direction. However, I don't know what kind of misconfiguration could cause such a problem.
Any one knows what does this message mean? It is due to the cisco router, the cable, the ethernet cards or the OS?
It's probably neither the cable nor the network cards -- the physical transmission seems to work. Maybe the information above can help you isolating the problem. Eilert -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Eilert Brinkmann -- Universitaet Bremen -- FB 3, Informatik eilert@informatik.uni-bremen.de - eilert@tzi.org - eilert@linuxfreak.com http://www.informatik.uni-bremen.de/~eilert/ -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq
Thank you very much for your help, I know what is the problem, but I have no idea of what is producing it. I don't know why the router is requesting MAC adress of the other computer, since it should be in the cache. It has an information timeout? and when an IP frame is deliver from the linux box to the router, it update its own ARP chache??? But why? The problem is that I don't know what is hapenning in the router, becouse it is out of my control, since it is managed by my internet provider. Eilert Brinkmann wrote:
Carlos Illana <cillana@teleline.es> wrote:
I have a remote linux box connected to a cisco router with a direct cross cable. I access remotely to it through ssh. But soumetimes I realize that I can not access to my linux box, and when I walk to the computer I see this message in the log:
Jul 3 10:41:55 dragon kernel: martian source fe14030a for 4614030a, dev eth0
The only documentation that at least mentions this kind of logging I found in /usr/src/linux/Documentation/networking/ip-sysctl.txt:
log_martians - BOOLEAN Log packets with impossible addresses to kernel log.
This means that the kernel doesn't accept the source address 10.3.20.254 (= fe14030a; the destination address of the packet in question is 10.3.20.70 = 4614030a).
Jul 3 10:41:55 dragon kernel: ll header: ff ff ff ff ff ff 00 b0 c2 88 50 01 08 06
This is the MAC (ll = link level) header of the packet, i.e., the header of the Ethernet frame:
Destination: ff ff ff ff ff ff = broadcast Source: 00 b0 c2 88 50 01 = sender's MAC address Type: 08 06 = ARP (Address Resolution Protocol)
Maybe something goes wrong when the remote host tries to look up the MAC address for this host's IP address. For some reason 10.3.20.254 (which is a valid IP unicast address) is regarded as an impossible source address.
Then, I do a telnet to any place and I can do a ssh from outside again.
Perhaps the address resolution works only in one direction. In this case all would be ok after doing it once in the "right" direction. However, I don't know what kind of misconfiguration could cause such a problem.
Any one knows what does this message mean? It is due to the cisco router, the cable, the ethernet cards or the OS?
It's probably neither the cable nor the network cards -- the physical transmission seems to work. Maybe the information above can help you isolating the problem.
Eilert -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Eilert Brinkmann -- Universitaet Bremen -- FB 3, Informatik eilert@informatik.uni-bremen.de - eilert@tzi.org - eilert@linuxfreak.com http://www.informatik.uni-bremen.de/~eilert/
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq
participants (2)
-
cillana@teleline.es -
eilert@Informatik.Uni-Bremen.DE