Vorweg :
SuSE 10.0 seit Monaten installiert und läuft.
Habe jetzt 2.te Netzwerkkarte installiert und folgende Konfiguration eingerichtet :
1. Router (DSL) : 192.168.1.1 (keine Route
2. Netzwerkkarte (1) zum Router : 192.168.1.2 (Eth1)
3. Netzwerkkarte (2) zum internem Lan : 192.168.2.1 (Eth0)
4. PC´s im internem Lan : 192.168.2.100 - 192.168.2.110
5. Routing-Tabelle via YaST :
Gerät : Netzwerkkarte (1)
Ziel : 192.168.2.0
Gateway : 192.168.1.2
Netzwerkmaske : 255.255.255.0
IP-Weiterleitung aktiviert
6. KEINEN DHCP-Server
Eigentlich läuft alles, d.h. von den Clients kommt man ins Internet (dort ist 192.168.2.1 als Gateway hinterlegt), alle Pings funktionieren.
Im Router zum Internet (siehe Pkt 1) ist folgende Routing-Tabelle zur Zeit aktiviert :
Aber ich erhalte seitdem immer folgende Fehlermeldungen :
Diese Fehlermeldungen kommen alle 5 Sekunden an und "schaufeln" mir meine Logs zu !
UND das, obwohl ich z.B. KEINE 192.168.1.101 Adresse in den LANs habe !
Ich habe schon mehrfach gegoogled, aber die meisten Threads meinen dass es sich um ein Kernel-Problem handelt (meiner ist übrigens 2.6.13-15.11-smp).
Das glaube ich aber nicht. Vielmehr vermute ich die Fehlerquelle im Routing (weis ich aber nicht).
Firewall läuft (ansonsten würde ja auch die Weiterleitung nicht funktionieren).
Ich hoffe hier kann man mir helfen
P.S. Hier die Routing-Tabelle aus meinem Netz :
Und auch noch meine iptables :
SuSE 10.0 seit Monaten installiert und läuft.
Habe jetzt 2.te Netzwerkkarte installiert und folgende Konfiguration eingerichtet :
1. Router (DSL) : 192.168.1.1 (keine Route
2. Netzwerkkarte (1) zum Router : 192.168.1.2 (Eth1)
3. Netzwerkkarte (2) zum internem Lan : 192.168.2.1 (Eth0)
4. PC´s im internem Lan : 192.168.2.100 - 192.168.2.110
5. Routing-Tabelle via YaST :
Gerät : Netzwerkkarte (1)
Ziel : 192.168.2.0
Gateway : 192.168.1.2
Netzwerkmaske : 255.255.255.0
IP-Weiterleitung aktiviert
6. KEINEN DHCP-Server
Eigentlich läuft alles, d.h. von den Clients kommt man ins Internet (dort ist 192.168.2.1 als Gateway hinterlegt), alle Pings funktionieren.
Im Router zum Internet (siehe Pkt 1) ist folgende Routing-Tabelle zur Zeit aktiviert :
Code:
81.182.118.198 255.255.255.255 192.168.1.1 1 (Ziel Maske Gateway Metrisch)
192.168.1.0 255.255.255.0 192.168.1.1 1
192.168.1.1 255.255.255.255 192.168.1.1 1
192.168.2.0 255.255.255.0 192.168.2.1 1
Aber ich erhalte seitdem immer folgende Fehlermeldungen :
Oct 6 13:54:44 myserver kernel: martian source 192.168.1.101 from 192.168.1.1, on dev eth0
Oct 6 13:54:44 myserver kernel: ll header: ff:ff:ff:ff:ff:ff:00:14:bf:62:7a:80:08:06
Oct 6 13:54:46 myserver kernel: martian source 192.168.1.101 from 192.168.1.1, on dev eth0
Oct 6 13:54:46 myserver kernel: ll header: ff:ff:ff:ff:ff:ff:00:14:bf:62:7a:80:08:06
Oct 6 13:54:47 myserver kernel: martian source 192.168.1.101 from 192.168.1.1, on dev eth0
Oct 6 13:54:47 myserver kernel: ll header: ff:ff:ff:ff:ff:ff:00:14:bf:62:7a:80:08:06
Oct 6 13:54:51 myserver kernel: printk: 3 messages suppressed.
Oct 6 13:54:51 myserver kernel: martian source 192.168.1.101 from 192.168.1.1, on dev eth0
Oct 6 13:54:51 myserver kernel: ll header: ff:ff:ff:ff:ff:ff:00:14:bf:62:7a:80:08:06
Diese Fehlermeldungen kommen alle 5 Sekunden an und "schaufeln" mir meine Logs zu !
UND das, obwohl ich z.B. KEINE 192.168.1.101 Adresse in den LANs habe !
Ich habe schon mehrfach gegoogled, aber die meisten Threads meinen dass es sich um ein Kernel-Problem handelt (meiner ist übrigens 2.6.13-15.11-smp).
Das glaube ich aber nicht. Vielmehr vermute ich die Fehlerquelle im Routing (weis ich aber nicht).
Firewall läuft (ansonsten würde ja auch die Weiterleitung nicht funktionieren).
Ich hoffe hier kann man mir helfen
P.S. Hier die Routing-Tabelle aus meinem Netz :
Code:
myserver:/etc # route -n
Kernel IP Routentabelle
Ziel Router Genmask Flags Metric Ref Use Iface
192.168.2.0 192.168.1.2 255.255.255.0 UG 0 0 0 eth1
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth1
myserver:/etc #
Und auch noch meine iptables :
Code:
myserver:/etc # iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
input_int all -- anywhere anywhere
input_ext all -- anywhere anywhere
LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-IN-ILL-TARGET '
DROP all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
forward_int all -- anywhere anywhere
forward_ext all -- anywhere anywhere
LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWD-ILL-ROUTING '
DROP all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED
LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-OUT-ERROR '
Chain forward_ext (1 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp echo-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp time-exceeded
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp parameter-problem
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp timestamp-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp address-mask-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp protocol-unreachable
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp redirect
ACCEPT all -- anywhere anywhere
ACCEPT all -- 192.168.2.0/24 anywhere state NEW,RELATED,ESTABLISHED
ACCEPT all -- anywhere 192.168.2.0/24 state RELATED,ESTABLISHED
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT '
LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT '
LOG udp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT '
LOG all -- anywhere anywhere limit: avg 3/min burst 5 state INVALID LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT-INV '
DROP all -- anywhere anywhere
Chain forward_int (1 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp echo-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp time-exceeded
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp parameter-problem
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp timestamp-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp address-mask-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp protocol-unreachable
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp redirect
ACCEPT all -- anywhere anywhere
ACCEPT all -- 192.168.2.0/24 anywhere state NEW,RELATED,ESTABLISHED
ACCEPT all -- anywhere 192.168.2.0/24 state RELATED,ESTABLISHED
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-DEFLT '
LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-DEFLT '
LOG udp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-DEFLT '
LOG all -- anywhere anywhere limit: avg 3/min burst 5 state INVALID LOG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-DEFLT-INV '
DROP all -- anywhere anywhere
Chain input_ext (1 references)
target prot opt source destination
DROP all -- anywhere anywhere PKTTYPE = broadcast
ACCEPT icmp -- anywhere anywhere icmp source-quench
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp echo-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp time-exceeded
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp parameter-problem
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp timestamp-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp address-mask-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp protocol-unreachable
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp redirect
LOG all -- 192.168.2.0/24 anywhere limit: avg 3/min burst 5 state NEW LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TRUST '
ACCEPT all -- 192.168.2.0/24 anywhere state NEW,RELATED,ESTABLISHED
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:ndmp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:ndmp
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:scp-config flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:scp-config
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:amandaidx flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:amandaidx
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:amidxtape flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:amidxtape
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:imap flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:imap
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:ftp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:smtp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:snpp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:snpp
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:ddm-rdb flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:ddm-rdb
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:smtps flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:smtps
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:domain flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:submission flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:submission
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:sane-port flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:sane-port
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:6567 flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:6567
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:imaps flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:imaps
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:domain flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:http flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:http
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:https flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:https
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:imap flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:imap
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:imaps flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:imaps
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:netbios-ns flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:netbios-ns
ACCEPT udp -- anywhere anywhere udp dpt:ndmp
ACCEPT udp -- anywhere anywhere udp dpt:scp-config
ACCEPT udp -- anywhere anywhere udp dpt:sane-port
ACCEPT udp -- anywhere anywhere udp dpt:6567
ACCEPT udp -- anywhere anywhere udp dpt:smpnameres
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:microsoft-ds
ACCEPT udp -- anywhere anywhere udp dpt:netbios-ssn
reject_func tcp -- anywhere anywhere tcp dpt:ident state NEW
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
LOG udp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
LOG all -- anywhere anywhere limit: avg 3/min burst 5 state INVALID LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT-INV '
DROP all -- anywhere anywhere
Chain input_int (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain reject_func (1 references)
target prot opt source destination
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere reject-with icmp-proto-unreachable