Hi Mark, I am not an expert on this, but I have some experience, so maybe I can help a bit. But dont take everything I write as hard facts. I might well be wrong :-) Am Montag, 5. November 2007 20:26:35 schrieb Mark Van De Vyver:
Hi Gary,
FE-eth0 - external-IP FE-eth1 - 192.168.0.10 P0-eth0 - 192.168.0.20 P0-eth1 - 192.168.0.21 P1-eth0 - 192.168.0.30 P1-eth1 - 192.168.0.31
Avoid multiple interfaces on the same subnet without using bonding. And since they are connected via a virtual switch (->software) I doubt you gain performance by using them in parallel, with or without bonding. At least it would depend very much on the workload. I think two interfaces at virtual switches are mainly useful for firewalling. E.g. if you have more than 2 machines on that switch and you want A <-> B <-> C but not A <-> C
Third, I have a similar setup with a gateway (your FE) machine. I get martian sources on my OUTSIDE interface all the time, some say 255.255.255.255 others 169.254.x.x and they all say from 192.168.0.3 which is a mahcine in my providers network with the same subnet as my inside network. The martian message means that it's seeing trafic from one subnet on the other card, and that makes no sense.
I think it is a feature of linux that packets show up on all interfaces. I dont know why this could be usefull, but it is the default behaviour. It can be switched off, but I dont know how. Probably by writing some value to some file in /proc/sys/net?
OK, on my private network I see 255.* martian sources from one of the other machines. I don't see anything on the other (but I suspect I don't have logging turned on there).
You can get rid of the symptom (log entries for martians) by issuing this: for i in /proc/sys/net/ipv4/conf/*/log_martians; do echo "0" >$i; done For a permanent solution you have to put this in some boot script.
I'm not sure if that provides any useful information - I'd appreciate any thoughts/suggestions you might have.
Ok thats it. HTH Joachim Banzhaf --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org