[Mageia-discuss] Odd entry in log file

Frank Griffin ftg at roadrunner.com
Mon May 7 14:23:44 CEST 2012 

On 05/07/2012 06:45 AM, Frank Griffin wrote:
>> On 05/06/2012 09:15 PM, imnotpc wrote:
>> 1) Is eth0 the interface facing the internet ?
>
> No, this interface faces the LAN which has a 192.168.0.0/24 subnet.
>

OK, so if eth0 has no outside internet access, you are correct in saying 
that something in your network is doing this.

>>
>> 2) Is 173.194.74.154 the IP address assigned (currently) to you by 
>> your ISP ?
>
> No, that IP returns to qe-in-f154.1e100.net which appears to be a 
> server owned by Google.

Yes.  I thought maybe Google was your ISP.

>>
>> 4) What does "traceroute 192.168.3.2" from the gateway give ?
>
> [root at Cedar1 /]# traceroute 192.168.3.2
> traceroute to 192.168.3.2 (192.168.3.2), 30 hops max, 60 byte packets
>  1  74-94-209-242-BusName-VA.hfc.comcastbusiness.net (74.94.209.242)  
> 0.670 ms  1.372 ms  1.686 ms
>  2  * * *
>
> Well isn't that interesting. That Comcast IP is the address of the ISP 
> gateway I use. Both of my firewall/gateway boxes that are logging 
> martian packets are connected to similar Comcast routers. The routers 
> are configured in bridge mode so the router DHCP service has no effect 
> on my connection, but it might still be active on the router. Also 
> each ISP router also has a wireless interface and that could still be 
> active. My firewall doesn't block any private IPs coming from the 
> Internet interface since the ISP routers would never forward them, so 
> that explains how they get past the firewall.

No, I think traceroute doesn't special-case internal IP addresses.  Your 
routing table is (correctly) set up to route traffic for anything other 
than your known subnets to the external internet, and that's exactly 
what traceroute is doing.  It's your ISP's job to discard internal 
address packets, not yours.

But I think you're on to something with the ISP routers.  Is there some 
reason you don't just run the cable from the cable modem to the external 
NIC on the gateway PC ?  If you're willing to try that, and the martians 
disappear, it's these routers.

Try going into configuration on these routers, and see what their DHCP 
servers are set up for, and whether the 192.168.3 subnet appears 
anywhere in there.  It's possible that one of your DHCP-using wireless 
clients is getting an answer to its broadcast from these guys before 
your internal router, and picking up a 192.168.3.2 IP address from them.

More information about the Mageia-discuss mailing list