On 11/4/19 2:44 AM, Vieri Di Paola wrote: > Hi, > > I see something like this in syslog every 5 seconds: > > Nov 4 11:16:05 inf-fw2 kernel: net_ratelimit: 102 callbacks suppressed > Nov 4 11:16:05 inf-fw2 kernel: IPv4: martian source 10.215.147.139 > from 10.215.144.91, on dev enp8s5 > Nov 4 11:16:05 inf-fw2 kernel: ll header: 00000000: ff ff ff ff ff ff > e8 ea 6a 0c 4c 1c 08 06 ........j.L... > Nov 4 11:16:05 inf-fw2 kernel: IPv4: martian source 10.215.144.89 > from 10.215.144.91, on dev enp8s5 > Nov 4 11:16:05 inf-fw2 kernel: ll header: 00000000: ff ff ff ff ff ff > e8 ea 6a 0c 4c 1c 08 06 ........j.L... > Nov 4 11:16:05 inf-fw2 kernel: IPv4: martian source 10.215.246.58 > from 10.215.144.91, on dev enp8s5 > Nov 4 11:16:05 inf-fw2 kernel: ll header: 00000000: ff ff ff ff ff ff > e8 ea 6a 0c 4c 1c 08 06 ........j.L... > Nov 4 11:16:05 inf-fw2 kernel: IPv4: martian source 10.215.247.223 > from 10.215.144.91, on dev enp8s5 > Nov 4 11:16:05 inf-fw2 kernel: ll header: 00000000: ff ff ff ff ff ff > e8 ea 6a 0c 4c 1c 08 06 ........j.L... > Nov 4 11:16:05 inf-fw2 kernel: IPv4: martian source 10.215.147.11 > from 10.215.144.91, on dev enp8s5 > Nov 4 11:16:05 inf-fw2 kernel: ll header: 00000000: ff ff ff ff ff ff > e8 ea 6a 0c 4c 1c 08 06 ........j.L... > Nov 4 11:16:05 inf-fw2 kernel: IPv4: martian source 10.215.247.228 > from 10.215.144.91, on dev enp8s5 > Nov 4 11:16:05 inf-fw2 kernel: ll header: 00000000: ff ff ff ff ff ff > e8 ea 6a 0c 4c 1c 08 06 ........j.L... > Nov 4 11:16:05 inf-fw2 kernel: IPv4: martian source 10.215.246.216 > from 10.215.144.91, on dev enp8s5 > Nov 4 11:16:05 inf-fw2 kernel: ll header: 00000000: ff ff ff ff ff ff > e8 ea 6a 0c 4c 1c 08 06 ........j.L... > Nov 4 11:16:06 inf-fw2 kernel: IPv4: martian source 10.215.247.13 > from 10.215.144.91, on dev enp8s5 > Nov 4 11:16:06 inf-fw2 kernel: ll header: 00000000: ff ff ff ff ff ff > e8 ea 6a 0c 4c 1c 08 06 ........j.L... > Nov 4 11:16:06 inf-fw2 kernel: IPv4: martian source 10.215.247.151 > from 10.215.144.91, on dev enp8s5 > Nov 4 11:16:06 inf-fw2 kernel: ll header: 00000000: ff ff ff ff ff ff > e8 ea 6a 0c 4c 1c 08 06 ........j.L... > Nov 4 11:16:06 inf-fw2 kernel: IPv4: martian source 10.215.247.179 > from 10.215.246.91, on dev enp8s5 > Nov 4 11:16:06 inf-fw2 kernel: ll header: 00000000: ff ff ff ff ff ff > e8 ea 6a 0c 4c 1c 08 06 ........j.L... > > The IP addr. 10.215.144.91 is on the Shorewall firewall. > > I did not define routefilter on any interface and ROUTE_FILTER is No. > > The shorewall dump is available here: > https://drive.google.com/file/d/16-ajeHLOq_TxU_Y6Hs0g34KNR9QpFeGq/view?usp=sharing > > The "enp8s5" interface is connected to the same switch as the "blan" > interface. However, the switch port it's connected to is within an > isolated VLAN. > > How can I deal with these "martian source" messages? >
Never use the routefilter/logmartians interface options with policy routing; use rpfilter instead. -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
