Hi Gary, Thanks for the prompt response.
First, congrats on the initiative of trying out Linux. I did the same thing a long time ago and am still having a riot and learning tons of stuff.
Yep, it has been a steep curve but fascinating.
Second, why do you have two interfaces on your P0 and P1 machines? Are
Mainly because they were there - and for bandwidth and to try network bonding, but that is sometime away :)
they on the same subnet?
Sorry I should have said. Yes they are - and that is probably a no-no? FE-eth0 - external-IP FE-eth1 - 192.168.0.10 P0-eth0 - 192.168.0.20 P0-eth1 - 192.168.0.21 P1-eth0 - 192.168.0.30 P1-eth1 - 192.168.0.31
Third, I have a similar setup with a gateway (your FE) machine. I get martian sources on my OUTSIDE interface all the time, some say 255.255.255.255 others 169.254.x.x and they all say from 192.168.0.3 which is a mahcine in my providers network with the same subnet as my inside network. The martian message means that it's seeing trafic from one subnet on the other card, and that makes no sense.
OK, on my private network I see 255.* martian sources from one of the other machines. I don't see anything on the other (but I suspect I don't have logging turned on there). Yep, the private interface of the public machines really has me confused - I've tried moving the cables around, but saw the same messages. I had wondered if it was the forwarding and/or the network masquarading setting in the howto I mentioned- but I'm loathed to change them for fear of losing my connections/really mangling my setup. I'm not sure if that provides any useful information - I'd appreciate any thoughts/suggestions you might have. Regards Mark
Gary B
Mark Van De Vyver wrote:
Hi, I'm a computer amateur/hobbyist and a Suse/Linux newbie (from a WInXP-Pro background). I've run into a problem with some computers that I have setup as a local private network. I'll try and describe the setup, and the problem, clearly.
I am using OpenSUSE 10.2. I have set up my frontend/public machine - FE - as a router by following: HOW-TO: Set Up a SUSE 10 Machine As a Router http://www.novell.com/coolsolutions/feature/16579.html
I have two other machines that are behind the router machine, these private machines are P0 and P1. All three machine have two ethernet ports: eth0 and eth1. The frontend/public machine connects to the internet on eth0. According to my co-location provider, all the other ports are connected via a 'virtual-switch'(?), and are suppoosed to be on a private LAN.
FE-eth0 ------------ internet
FE-eth1 --| s P0-eth0 --| w P0-eth1 --| i P1-eth0 --| t P1-eth1 --| ch
The FE-etho is in the external zone of the YaSt/Firewall, no ports are open and no services allowed. I can connect to FE-eth0 without problems (I use fwknop to open some connection port). All other interfaces are in the private zone of the YaSt/Firewall and everything is allowed I can connect from the FE-eth0 machine, and then to all the others without problems.
The problem? Well, in /var/log/messages of the frontend machine I see lots (every couple of seconds) of:
Nov 5 19:09:59 frontend kernel: printk: 135 messages suppressed. Nov 5 19:09:59 frontend kernel: martian source <IP-address> from <IP-address>, on dev eth1 Nov 5 19:09:59 frontend kernel: ll header: ff:ff:ff:ff:ff:ff:00:xx:xx:xx:xx:xx:xx:xx
The port is always eth1, which on the frontend machine is the private network interface. The IP addresses come from outside of my machines, and seem to me to come from the wider network. My hosting tech support say that I have a private 'virtual switch' whatever that means, and that I shouldn't be seeing any outside traffic on the private interfaces. To confuse me more I see similar messages logged on the Private machines, but only for the address 255.255.255.255 or one of the private IP adresses, and the frequency is orders of magnitude less.
Is the martian sources on the private interfce of the frontend machine due to the router setup? If so, how might I correct it? Is this problem likely to be due to the service providers setup of the 'virtual-switch'/virual private lan, or is that unlikely?
I'd appreciate any suggestions - this has been going on for several months, and I'm at a loss - it would be great if I could claim with some certainly that this problem is not due to my YaST/Firewall/Router setup.
Regards Mark --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
iD8DBQFHLxUo5BLKxPqBKDURAs72AJ9TW/ppn4MHO/ZYD3ls5hJT3BM8vwCfVQCx /iTZss2CYCoSLOS5W+g4qYM= =rGhx -----END PGP SIGNATURE-----
--------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org