[Mageia-discuss] Odd entry in log file
Maarten Vanraes
alien at rmail.be
Mon May 7 23:27:08 CEST 2012
Op maandag 07 mei 2012 23:04:14 schreef Frank Griffin:
> On 05/07/2012 04:50 PM, Maarten Vanraes wrote:
> > Op maandag 07 mei 2012 14:23:44 schreef Frank Griffin:
> > [...]
> >
> > it's like this:
> >
> > mostly people natting will do:
> >
> > iptables -s 192.168.0.0/24 -o eth0 -j MASQUERADE
> >
> > which means internal traffic on 192.168.3.2 would go outside without
> > being natted. if someone nearby uses 192.168.3.2 as a local network ip,
> > it would get martians, since that network is coming from an unexpected
> > source interface.
>
> Yes, but it would go to the ISP gateway and get discarded. Why would it
> be seen by anything else on the ISP subnet, unless the NIC were in
> promiscuous mode ? And if that (promiscuous mode) were the case, why
> would iptables complain ?
promiscuous mode means you're passing through from layer 2 to layer 3
irrespective of mac address (ie: even if it's not for you)
iptables is not complaining
martians is kernel level, (resource path filtering (for asynchronous routing)),
before iptables even comes into play.
martians is actually also on the same level as promiscuous checking iinm...
ie: it's disregarding an ip packet on an interface, which should not have come
from that interface, but according to routing information, you expect it to
come from another interface.
ie: if you have:
eth0: 192.168.0.2/24
eth1: 192.168.1.5/24
eth2: 75.124.56.84
and default route via eth2
if coming from eth2 there is a packet with source IP 192.168.1.54, it would
fire.
if going out to eth1 a packet with dest IP 192.168.0.6 it would also fire.
if coming from eth0 is a packet with source ip 192.168.3.8, it also fires,
since default route is eth2.
i donno if you see an interface which it's speaking of in the martians
warning, but i suggest you look at the routing table and see what is going on.
you can furthermore try to use tcpdump and see what is going on.
More information about the Mageia-discuss
mailing list