[Mageia-discuss] Odd entry in log file

[Frank Griffin]

On 05/06/2012 09:15 PM, imnotpc wrote:
>
> I apologize that I didn't give more detail when I started this thread, 
> but this has become more involved/detailed discussion than I 
> envisioned. Let me give you the topography of my network as best as I 
> can describe:
>
> Firewall/Gateway: Mga2 box with 3 NICs which forwards traffic from the 
> DMZ and the LAN to the Internet and back. The Internet facing NIC has 
> a public IP. The DMZ is a private subnet with all fixed IPs. The LAN 
> subnet also has all fixed IPs in the 192.168.0.0/24 range. Iptables 
> firewall logs and drops all traffic that doesn't originate from these 
> subnets.
>
> LAN: All the LAN hosts have fixed IPs IN the 192.168.0.0/24 range. 
> Linux host firewalls block all outgoing traffic that doesn't originate 
> from the assigned IP address. Windows/other hosts do whatever they do.
>
> Wireless Router Attached to the LAN: The LAN facing NIC on the 
> wireless router has a fixed IP of 192.168.0.100. The wireless 
> interface is configured to assign IPs in the 192.168.2.0/24 range to 
> the wireless hosts using DHCP.
>
> Wireless Hosts: Connect to wireless router via DHCP. I believe these 
> hosts are generating the martian packets.
>
> I understand the the wireless host may identify themselves using other 
> IPs due to other connection/configuration issues, but I can't 
> understand how the kernel on the Mga2 gateway is ever able to see 
> packets originating from 192.168.3.2 or any other unauthorized subnet. 
> This is my major concern since it may indicate an error in my LAN 
> configuration.

1) Is eth0 the interface facing the internet ?

2) Is 173.194.74.154 the IP address assigned (currently) to you by your 
ISP ?

3) If you ping 192.168.3.2 when you're getting the martians, do you get 
any response ?

4) What does "traceroute 192.168.3.2" from the gateway give ?