From: Thomas Schweiger (El_Donschweigisito.de)
Date: Wed Sep 17 2003 - 13:29:35 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Heya,

On Wed, 17 Sep 2003, Pep Serrano wrote:

> Hi all
>
> I am getting the following martian kernel messages since I changed my ISP:
>
> martian source 81.56.221.174 from 127.0.0.1, on dev ppp0
> ll header: 45:08:00:28:da:b8:00:00:7d:06:b5:27:7f:00:00:01:51:38:dd:ae:00:50
>
> Now here is the configuration of my box:
>
> I have an ADSL/Ethernet modem on ppp0:
> ppp0 Link encap:Point-to-Point Protocol
> inet addr:81.56.221.174 P-t-P:192.168.254.254
> Mask:255.255.255.255
                                           ^^^^^^^^^^^^^^^
This looks strange. The P-t-P should be an IP of your ISP (your next
hop to the internet).
If you're using rp-pppoe there is a switch "DEFAULTROUTE=" in your
/etc/ppp/pppoe.conf. It have to be like this

<!-- snip # /etc/ppp/pppoe.conf -->
# Make the PPPoE connection your default route. Set to
# DEFAULTROUTE=no if you don't want this.
DEFAULTROUTE=yes
<!-- snap -->

If your're using smpppd change it against the rp-ppppoe. (I hate smpppd)
;-)

> FW_DEV_EXT="ppp0 eth0"
                   ^^^^
This is not an external device.

> FW_DEV_INT="lo eth1"
              ^^
I think that's not allowed.

> FW_ROUTE="yes"
> FW_MASQUERADE="yes"
> FW_MASQ_DEV="ppp0"
>
> I don't see where I am getting these "martian packets" from. I need some
> help.

Regards,
 Thomas

--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]