Shorewall 4.5.1.1I have 5 interfaces on a centos box, the first two are internal on two different subnets, the next two are two different ISP's and the last one is a private network for testing and administration. The second internal subnet (eth1) is rejecting all the arp requests to it and I get the following in the log files ever second or two -
May 16 05:28:54 services kernel: martian source 172.28.130.6 from 172.28.130.1, on dev eth1 May 16 05:28:54 services kernel: ll header: ff:ff:ff:ff:ff:ff:00:a0:c8:83:d3:c8:08:06
172.28.130.1 is the router and 172.28.130.6 is eth1. Because of this the router is having issues getting traffic to it. Also this is a VPN gateway with ipsec VPN's terminating to eth2 and going out on eth1. I have a static route set in my router to direct the VPN subnets to 172.28.130.6. (172.29.0.0/16) I can communicate from the server to the vpn endpoints just fine from the server, but not from other devices on the network very well because the router (and other devices) cannot get the arp to resolve for 172.28.130.6. I looked at wireshark to verify that it is APR requests that are ending up as martians. I have tried various combination's in the interface file but nothing helps. Here is what I have it at at the moment:
ipsec ipsec+ detect
pptp ppp+ detect
admin eth4 detect proxyarp,arp_filter
chart eth3 detect norfc1918,routefilter,arp_ignore,nosmurfs
tds eth2 detect norfc1918,routefilter,arp_ignore,nosmurfs
voip eth1 detect proxyarp,routeback
local eth0 detect proxyarp,routeback
Here is the rest of the ip information:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UP qlen 1000
link/ether 00:c0:9f:2a:32:46 brd ff:ff:ff:ff:ff:ff
inet 172.28.101.6/24 brd 255.255.255.255 scope global eth0
inet6 fe80::2c0:9fff:fe2a:3246/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UP qlen 1000
link/ether 00:1b:21:31:6b:00 brd ff:ff:ff:ff:ff:ff
inet 172.28.130.6/24 brd 255.255.255.255 scope global eth1
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UP qlen 1000
link/ether 00:1b:21:31:6b:01 brd ff:ff:ff:ff:ff:ff
inet 69.128.165.227/29 brd 255.255.255.255 scope global eth2
inet 172.28.130.1/32 scope global eth2
5: eth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UNKNOWN qlen 1000
link/ether 00:01:02:c2:9b:56 brd ff:ff:ff:ff:ff:ff
inet 24.159.225.220/29 brd 255.255.255.255 scope global eth3
6: eth4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UNKNOWN qlen 1000
link/ether 00:c0:a8:8d:6b:a6 brd ff:ff:ff:ff:ff:ff
inet 198.18.55.28/24 brd 255.255.255.255 scope global eth4
inet6 fe80::2c0:a8ff:fe8d:6ba6/64 scope link
valid_lft forever preferred_lft forever
24.159.225.217 dev eth3 scope link src 24.159.225.220
69.128.165.225 dev eth2 scope link src 69.128.165.227
24.159.225.216/29 dev eth3 proto kernel scope link src 24.159.225.220
69.128.165.224/29 dev eth2 proto kernel scope link src 69.128.165.227
172.29.110.0/24 via 69.128.165.225 dev eth2 src 172.28.130.1
198.18.55.0/24 dev eth4 proto kernel scope link src 198.18.55.28
172.28.130.0/24 dev eth1 proto kernel scope link src 172.28.130.6
172.28.101.0/24 dev eth0 proto kernel scope link src 172.28.101.6
172.29.100.0/24 via 69.128.165.225 dev eth2 src 172.28.130.1
169.254.0.0/16 dev eth0 scope link metric 1002
169.254.0.0/16 dev eth4 scope link metric 1006
default via 69.128.165.225 dev eth2
<<attachment: service.vcf>>
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
