[Shorewall-users] ARP requests are interpreted as a martian

From: Jeremy Schaeffer <service_at_nospam>
Date: Wed May 16 2012 - 17:07:05 GMT
To: shorewall-users@lists.sourceforge.net

Shorewall 4.5.1.1

I have 5 interfaces on a centos box, the first two are internal on two
different subnets, the next two are two different ISP's and the last one
is a private network for testing and administration. The second internal
subnet (eth1) is rejecting all the arp requests to it and I get the
following in the log files ever second or two -

May 16 05:28:54 services kernel: martian source 172.28.130.6 from
172.28.130.1, on dev eth1
May 16 05:28:54 services kernel: ll header:
ff:ff:ff:ff:ff:ff:00:a0:c8:83:d3:c8:08:06

172.28.130.1 is the router and 172.28.130.6 is eth1. Because of this the
router is having issues getting traffic to it. Also this is a VPN
gateway with ipsec VPN's terminating to eth2 and going out on eth1. I
have a static route set in my router to direct the VPN subnets to
172.28.130.6. (172.29.0.0/16) I can communicate from the server to the
vpn endpoints just fine from the server, but not from other devices on
the network very well because the router (and other devices) cannot get
the arp to resolve for 172.28.130.6. I looked at wireshark to verify
that it is APR requests that are ending up as martians. I have tried
various combination's in the interface file but nothing helps. Here is
what I have it at at the moment:

ipsec ipsec+ detect
pptp ppp+ detect
admin eth4 detect proxyarp,arp_filter
chart eth3 detect norfc1918,routefilter,arp_ignore,nosmurfs
tds eth2 detect norfc1918,routefilter,arp_ignore,nosmurfs
voip eth1 detect proxyarp,routeback
local eth0 detect proxyarp,routeback

Here is the rest of the ip information:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
     inet 127.0.0.1/8 scope host lo
     inet6 ::1/128 scope host
        valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UP qlen 1000
     link/ether 00:c0:9f:2a:32:46 brd ff:ff:ff:ff:ff:ff
     inet 172.28.101.6/24 brd 255.255.255.255 scope global eth0
     inet6 fe80::2c0:9fff:fe2a:3246/64 scope link
        valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UP qlen 1000
     link/ether 00:1b:21:31:6b:00 brd ff:ff:ff:ff:ff:ff
     inet 172.28.130.6/24 brd 255.255.255.255 scope global eth1
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UP qlen 1000
     link/ether 00:1b:21:31:6b:01 brd ff:ff:ff:ff:ff:ff
     inet 69.128.165.227/29 brd 255.255.255.255 scope global eth2
     inet 172.28.130.1/32 scope global eth2
5: eth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UNKNOWN qlen 1000
     link/ether 00:01:02:c2:9b:56 brd ff:ff:ff:ff:ff:ff
     inet 24.159.225.220/29 brd 255.255.255.255 scope global eth3
6: eth4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UNKNOWN qlen 1000
     link/ether 00:c0:a8:8d:6b:a6 brd ff:ff:ff:ff:ff:ff
     inet 198.18.55.28/24 brd 255.255.255.255 scope global eth4
     inet6 fe80::2c0:a8ff:fe8d:6ba6/64 scope link
        valid_lft forever preferred_lft forever

24.159.225.217 dev eth3 scope link src 24.159.225.220
69.128.165.225 dev eth2 scope link src 69.128.165.227
24.159.225.216/29 dev eth3 proto kernel scope link src 24.159.225.220
69.128.165.224/29 dev eth2 proto kernel scope link src 69.128.165.227
172.29.110.0/24 via 69.128.165.225 dev eth2 src 172.28.130.1
198.18.55.0/24 dev eth4 proto kernel scope link src 198.18.55.28
172.28.130.0/24 dev eth1 proto kernel scope link src 172.28.130.6
172.28.101.0/24 dev eth0 proto kernel scope link src 172.28.101.6
172.29.100.0/24 via 69.128.165.225 dev eth2 src 172.28.130.1
169.254.0.0/16 dev eth0 scope link metric 1002
169.254.0.0/16 dev eth4 scope link metric 1006
default via 69.128.165.225 dev eth2

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

This message: [ Message body ]
Next message: Tom Eastep: "Re: [Shorewall-users] ARP requests are interpreted as a martian"
Previous message: Tom Eastep: "Re: [Shorewall-users] TC: DSCP marking and RESTORE"
Next in thread: Tom Eastep: "Re: [Shorewall-users] ARP requests are interpreted as a martian"
Reply: Tom Eastep: "Re: [Shorewall-users] ARP requests are interpreted as a martian"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]