Re: [Shorewall-users] VLAN martians

Thu, 25 Nov 2010 12:30:13 -0800 

Thanks Tom, here's the output of shorewall show routing:

Shorewall 4.4.11.6 Routing at bubastis - Thu Nov 25 15:22:40 EST 2010


Routing Rules

0:    from all lookup local
32766:    from all lookup main
32767:    from all lookup default

Table default:


Table local:

broadcast 127.255.255.255 dev lo  proto kernel  scope link  src 127.0.0.1
broadcast 10.5.10.255 dev vlan2  proto kernel  scope link  src 10.5.10.1
local 10.5.1.1 dev eth1  proto kernel  scope host  src 10.5.1.1
broadcast 10.5.1.0 dev eth1  proto kernel  scope link  src 10.5.1.1
local 70.90.228.197 dev eth0  proto kernel  scope host  src 70.90.228.197
broadcast 70.90.228.199 dev eth0 proto kernel scope link src 70.90.228.197 
local 10.5.10.1 dev vlan2  proto kernel  scope host  src 10.5.10.1
local 70.90.228.193 dev eth0  proto kernel  scope host  src 70.90.228.197
broadcast 10.5.10.0 dev vlan2  proto kernel  scope link  src 10.5.10.1
broadcast 70.90.228.192 dev eth0 proto kernel scope link src 70.90.228.197 
local 70.90.228.195 dev eth0  proto kernel  scope host  src 70.90.228.197
broadcast 127.0.0.0 dev lo  proto kernel  scope link  src 127.0.0.1
broadcast 10.5.1.255 dev eth1  proto kernel  scope link  src 10.5.1.1
local 70.90.228.194 dev eth0  proto kernel  scope host  src 70.90.228.197
local 127.0.0.1 dev lo  proto kernel  scope host  src 127.0.0.1
local 127.0.0.0/8 dev lo  proto kernel  scope host  src 127.0.0.1

Table main:

70.90.228.192/29 dev eth0  proto kernel  scope link  src 70.90.228.197
10.5.10.0/24 dev vlan2  proto kernel  scope link  src 10.5.10.1
10.5.1.0/24 dev eth1  proto kernel  scope link  src 10.5.1.1
default via 70.90.228.198 dev eth0

And this is a sample of what I see in the logs:
Nov 25 15:24:36 bubastis kernel: [28104.130146] martian source 10.5.1.1 from 10.5.10.2, on dev eth1 Nov 25 15:24:36 bubastis kernel: [28104.130152] ll header: d8:5d:4c:b0:70:8e:00:25:90:01:35:44:08:00 

I kinda think I know what's going on, but not really.

Any help appreciated :)

Thanks,
Stephen

On 11/25/10 2:24 PM, Tom Eastep wrote:

On 11/25/10 11:11 AM, Stephen Brown wrote:

I'm playing around with VLAN's and I have a VLAN capable (layer 2) smart
switch. I see a steady stream of martians in the logfile if I have the
routefilter option set on the loc zone interfaces in
/etc/shorewall/interfaces. I have two interfaces in the loc zone, eth1
and vlan2 respectively. vlan2 is an 802.1q trunk going towards the switch.

Is this the expected behavior in this configuration? I just want to make
sure Im not missing anything because I've seen some weird stuff happening.

Here's my /etc/shorewall/interfaces:

#ZONE    INTERFACE    BROADCAST    OPTIONS
net     eth0    detect          tcpflags,nosmurfs,routefilter,logmartians
loc     eth1    detect          dhcp,tcpflags,nosmurfs,logmartians
loc    vlan2    detect        dhcp,tcpflags,nosmurfs,logmartians

And /etc/network/interfaces:

# eth1 - local lan segment (gigabit)
auto eth1
iface eth1 inet static
address 10.5.1.1
netmask 255.255.255.0

# VLAN 2 - VoIP network
auto vlan2
iface vlan2 inet static
address 10.5.10.1
netmask 255.255.255.0
vlan_raw_device eth1

I just want to make sure my approach is right with this configuration...
my end goal is to contain my VoIP network in VLAN2. So far it works, but
still a few anomalies.....

Let's be clear -- Martians have nothing to do with Shorewall and
everything to do with routing. So ignore Shorewall for now and fix your
network configuration.

If you forward:

a) The output of 'shorewall show routing'; and
b) A copy of the martian messages that you are seeing

then we may be able to help.

-Tom


------------------------------------------------------------------------------
Increase Visibility of Your 3D Game App&  Earn a Chance To Win $500!
Tap into the largest installed PC base&  get more eyes on your game by
optimizing for Intel(R) Graphics Technology. Get started today with the
Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs.
http://p.sf.net/sfu/intelisp-dev2dev


_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users



------------------------------------------------------------------------------
Increase Visibility of Your 3D Game App & Earn a Chance To Win $500!
Tap into the largest installed PC base & get more eyes on your game by
optimizing for Intel(R) Graphics Technology. Get started today with the
Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs.
http://p.sf.net/sfu/intelisp-dev2dev
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to