On 07/15/2010 11:39 AM, Agblad Tore wrote: > Ok, I have tried that now, had to be sure how to turn of > firewall first via VM console in case of no net at all. > > No change, but now I get messages in the log (messages file) > with 'kernel: martian source <my login ip not working> from <my PC ip > address>, on dev eth0' (or 1) > > martian source means a source IP that is not possible together with other > ipconfig > ( I have done some googling here ), so the kernel just refuse it. > > But I don't get the reason here, it is not an 'impossible' source IP here.
Since you have multiple interfaces on the same subnet, things may be a bit complicated. The kernel message you get is from ip_handle_martian_source [http://lxr.linux.no/#linux+v2.6.32/net/ipv4/route.c#L1915]. In your case I suspect it to be called by __mkroute_input [http://lxr.linux.no/#linux+v2.6.32/net/ipv4/route.c#L1945] after having checked the source IP address with fib_validate_source [http://lxr.linux.no/#linux+v2.6.32/net/ipv4/fib_frontend.c#L223]. The latter does a reverse path filtering check among other things. Having multiple interface on the same subnet, with strict reverse path filtering, only packets are allowed that have: destination IP of packet == source IP of route table lookup with source IP of packet as destination IP key for table lookup. Depending on which of your eth{0,1,2} ends up having the first routing table entry for the subnet, only traffic sent to this IP is allowed but all other traffic from the same subnet ends up giving you the above kernel message and the packets are dropped. You can check if my assumption is valid with the following command: tail /proc/sys/net/ipv4/conf/*/rp_filter If it contains 1 for strict rp_filter on all eth{0,1,2} with SLES11SP1 but not with SLES10 then that may be the difference. Do you really need multiple interfaces in the same subnet? If so, you may configure loose rp_filter by writing "2" into the above sysctl files (persistent config may be done with /etc/sysctl.conf) [http://lxr.linux.no/#linux+v2.6.32/Documentation/networking/ip-sysctl.txt#L726]. Steffen Linux on System z Development IBM Deutschland Research & Development GmbH Vorsitzender des Aufsichtsrats: Martin Jetter Geschäftsführung: Dirk Wittkopp Sitz der Gesellschaft: Böblingen Registergericht: Amtsgericht Stuttgart, HRB 243294 ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/
