Götz Reinicke - IT-Koordinator wrote: > Hi, > > today I wanted to set up an Citrix Xen Server host and some VMs in my DMZ. > > All systems should get a public IP and like all "old", other physical > systems in our DMZ proxy arp is configured. > > But installing the first VM fails, because I'm not able to mount my > softwareinsatll nfs share and shorewall shows this in the log: > > kernel: martian source 193.196.129.1 from 193.196.129.29, on dev eth2
That message has nothing to do with Shorewall. > > The Xen Server ip is 193.196.129.30, the default gateway and the > externel ip of my shorewall is 193.196.129.1, the VM has got the > 193.196.129.29. > > Both, the Xen Server and the VM use the same physical interface. > A martians occur when a host using reverse path filtering (in your case, /proc/sys/net/ipv4/conf/eth2/rp_filter = 1) receives a packet from a host that is not routed out of that interface. In the case of the above message, 193.196.129.1 is receiving a packet from 193.196.129.29 but the route to 193.196.129.29 does not go out through eth2. Looks like the sub-netting/routing on the Shorewall box is incorrect. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
