[Mageia-discuss] Odd entry in log file

Frank Griffin ftg at roadrunner.com
Mon May 7 02:18:21 CEST 2012 

On 05/06/2012 06:57 PM, imnotpc wrote:
>
> My thanks to you, Maarten, and Doug for replying. I knew that packets 
> in private subnets are never forwarded by routers, one of the basic 
> security features of the IPV4 system. I had never heard them referred 
> to as martian before, but the name makes sense. Based on the 
> destination of the packets (Google, Facebook), my assumption is that 
> these are not malicious, and based on my knowledge of my network, I 
> believe these are originating from the wireless hosts as Doug 
> indicated. I guess the only part I still don't understand is how these 
> packets are reaching the kernel of the gateway through NAT and 
> firewalls? Perhaps there is something I don't understand about how IP 
> traffic moves between hosts.
>
The basic idea of a gateway is that you have two NICs, one (say eth1) 
connected to the same switch to which all your other wired hosts are 
connected, and using an IP address of something internal, say 
192.168.1.1.  The other NIC (say eth0) is connected to your external 
internet.  Your routing table should indicate that any traffic for a 
192.168.1.x address should go out eth1, and any traffic for something 
other than 192,168.1.x should go out eth0.  And you have NAT enabled for 
anything going out eth0 so that your internal addresses get translated 
to the external IP address assigned by your ISP as they pass through the 
gateway.

This assumes that you're using a PC as a gateway.  Your router should 
play no part with the wired connections --- it and all the other wired 
hosts should be plugged into the switch, i. e. you shouldn't be using 
the inbound wired jacks on the router at all.  The wireless goes into 
the router, but beyond that plays on an equal level with the wired guys 
all going into the gateway PC.

The problem you describe most likely results from trying to use the 
router as the gateway in conjunction with the switch.  You've got the 
wired guys coming through the switch and participating in NAT and the 
wireless guys coming into the router directly, and somehow bypassing NAT.

You mention the "gateway kernel", so I'm guessing that you are using a 
gateway PC rather than a gateway router.  If you are using a 192.168.3.x 
subnet, then your gateway is NAT'ing some hosts and not others.

More information about the Mageia-discuss mailing list