martians and arp

Hello list

I've got a problem with my firewall. I've got a server (running sarge with a 2.6
kernel) with two NIC's. eth0, which is by a modem connected to the internet
(using a ppp connection), and eth1, which is connected to a LAN. In my log files
appear the following entries now and then:

martian source ip1 from ip2, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:80:5f:d6:05:60:08:06

where ip1 is an address on my network and ip2 the address of eth1. The mac
address belongs to eth1.

using tcpdump I found out that these messages are caused by the following
ARP broadcast packages:

14:18:10.519587 00:80:5f:d6:05:60 > Broadcast, ethertype ARP (0x0806), length
42: arp who-has ip1 tell ip2

Broadcast packages with a length of 60 are fine and are not logged as martians.

Does anyone knows what could be wrong? I spend quite some time googling now, but
I couldn't find an answer.

Regards,

Arnout

--
To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org