Re: Martian packets

To: debian-firewall@lists.debian.org
Subject: Re: Martian packets
From: Mark Devin <mdevin@ozemail.com.au>
Date: Wed, 04 Jun 2003 10:59:47 +1000
Message-id: <[🔎] 3EDD4483.3050905@ozemail.com.au>
In-reply-to: <[🔎] 3EDD38D6.1050400@ozemail.com.au>
References: <[🔎] 3EDD38D6.1050400@ozemail.com.au>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mark Devin wrote:
| I am confused about a routing issue.  The kernel is logging packets
| destined to my client subnet as Martians and dropping them.
|
| The firewall has a single ethernet card facing a router.  The router has
| three ports, one to the firewall, one to the clients, and one to the
| internet.  The ethernet port on the firewall is configured with a public
| IP address and I have added some routing rules to the routing table to
| cater for the client IP address range of 192.168.17.2 so that they
| should be routed out eth0 on the firewall back to the router.
|
| If I try and ping 192.168.17.2 from the firewall then the kernel marks
| these packets as martians.  If I try and ping from the 192.168.17.2
| machine then the firewall receives the packets OK (confirmed with
| tcpdump) and tries to respond with an echo-reply (confirmed with
| tcpdump).  However when trying to go out eth0 these reply packets are
| marked as martians and not transmitted by the kernel.
|
| The network looks like this:
|
| ~   Firewall
| ~      |eth0(203.xxx.xxx.42)
| ~      |
| ~      |203.xxx.xxx.41
| ~    Router-----Internet
| ~      |
| ~      |
| ~      |192.168.17.x
| ~   Clients
|
| I have the following routes in my routing table:
| route -n
| 203.xxx.xxx.40  0.0.0.0        255.255.255.252 U    0   0   0 eth0
| 192.168.17.0    203.xxx.xxx.41 255.255.255.0   UG   0   0   0 eth0
| 127.0.0.0       0.0.0.0        255.0.0.0       U    0   0   0 lo
| 0.0.0.0         203.xxx.xxx.41 0.0.0.0         UG   0   0   0 eth0
|
| My syslog shows:
| Jun  4 09:46:26 oprah kernel: martian source 192.168.17.2 from
| 203.xxx.xxx.42, on dev eth0
| Jun  4 09:46:26 oprah kernel: ll header:
| 00:08:6b:58:f1:25:00:09:b7:58:4d:a2:07:00
| Jun  4 09:46:50 oprah kernel: martian source 192.168.17.2 from
| 203.xxx.xxx.42, on dev eth0
|
| I don't know what I have to do to route these packets destined for
| 192.168.17.x back to the router so that they can be forwarded back to
| the clients.  The kernel on the firewall is marking them as martians
| despite me adding a routing table rule for them.
|
| Can anyone help me with this?
|
Oh.  By the way, I have tried both with and without the explicit routing
table entry for 192.168.17.0 network.  I didn't think I should need to
add an explicit routing rule for the 192.168.17.0 network since the
default rule is to send everything out eth0 via the router - Which
should work.  Except the kernel marks the outgoing packets from the
firewall back to 192.168.17.0 network as martians with / without the
routing table entry.

Regards.
Mark.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE+3USDL/zYpWVgapgRAoWDAJ9rUFSei2z2D7Mcgt0zWs/H68QT6gCfQqBP
Hx6s5+AL5RGdOXqAPRt2yOw=
=Zuhk
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- Re: Martian packets
  - From: Mark Devin <mdevin@ozemail.com.au>

References:
- Martian packets
  - From: Mark Devin <mdevin@ozemail.com.au>

Prev by Date: Martian packets
Next by Date: Re: Martian packets
Previous by thread: Martian packets
Next by thread: Re: Martian packets
Index(es):
- Date
- Thread