Hello list
I've got a problem with my firewall. I've got a server (running sarge with a 2.6
kernel) with two NIC's. eth0, which is by a modem connected to the internet
(using a ppp connection), and eth1, which is connected to a LAN. In my log files
appear the following entries now and then:
martian source ip1 from ip2, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:80:5f:d6:05:60:08:06
where ip1 is an address on my network and ip2 the address of eth1. The mac
address belongs to eth1.
using tcpdump I found out that these messages are caused by the following
ARP broadcast packages:
14:18:10.519587 00:80:5f:d6:05:60 > Broadcast, ethertype ARP (0x0806), length
42: arp who-has ip1 tell ip2
Broadcast packages with a length of 60 are fine and are not logged as martians.
Does anyone knows what could be wrong? I spend quite some time googling now, but
I couldn't find an answer.
Regards,
Arnout
--
To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
chicago single What's The Right Dating Web Site? Learn more. Please visit chicago single
ReplyDelete