2017-05-18 - Re: [GRASE-Hotspot] Why I am getting martian source package mesages from syslog

Header Data

From: Tubeta Taenang <tu***g@gmail.com>
Message Hash: 77c7f4d83551af229ae5e09a7ab97778f94e46af24e6454c22adc343a898bf83
Message ID: <CAPYsbFaL75DVYd4VbbHkwqFJ8==PX-rUXKMkpa3vp5xaRopU3g@mail.gmail.com>
Reply To: <CAESLx0+bcNz=KJPd0irMeCExNOSKARo++3JAOujfz-2Et3PHfQ@mail.gmail.com>
UTC Datetime: 2017-05-18 19:41:03 UTC
Raw Date: Fri, 19 May 2017 14:41:03 +1200

Raw message

Hello Tim

This the url to my result: https://paste.grasehotspot.org/view/b1a151d2

I notice their is some misconfig with Chilli or what, you can tell me
more what your findings. This just happened from yesterday and my
Ineternet speed drops dramatically. I really need your help as to what
should I have to do to fix this problem.

For one thing, here is a copy of my syscntl.conf

##
# /etc/sysctl.conf - Configuration file for setting system variables
# See /etc/sysctl.d/ for additonal system variables
# See sysctl.conf (5) for information.
#

#kernel.domainname = example.com

# Uncomment the following to stop low-level messages on console
#kernel.printk = 3 4 1 3

##############################################################3
# Functions previously found in netbase
#

# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
# Turn on Source Address Verification in all interfaces to
# prevent some spoofing attacks
net.ipv4.conf.default.rp_filter=1
net.ipv4.conf.all.rp_filter=1

# Uncomment the next line to enable TCP/IP SYN cookies
# See http://lwn.net/Articles/277146/
# Note: This may impact IPv6 TCP sessions too
net.ipv4.tcp_syncookies=1

# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1

# Uncomment the next line to enable packet forwarding for IPv6
#  Enabling this option disables Stateless Address Autoconfiguration
#  based on Router Advertisements for this host
#net.ipv6.conf.all.forwarding=1


###################################################################
# Additional settings - these settings can improve the network
# security of the host and prevent against some network attacks
# including spoofing attacks and man in the middle attacks through
# redirection. Some network environments, however, require that these
# settings are disabled so review and enable them as needed.
#

                                                        1,1
Top

# Do not accept ICMP redirects (prevent MITM attacks)
net.ipv4.conf.all.accept_redirects = 0
net.ipv6.conf.all.accept_redirects = 0
# _or_
# Accept ICMP redirects only for gateways listed in our default
# gateway list (enabled by default)
 net.ipv4.conf.all.secure_redirects = 1
#
# Do not send ICMP redirects (we are not a router)
#net.ipv4.conf.all.send_redirects = 0
#
# Do not accept IP source route packets (we are not a router)
#net.ipv4.conf.all.accept_source_route = 0
#net.ipv6.conf.all.accept_source_route = 0
#
# Log Martian Packets
#net.ipv4.conf.all.log_martians = 1


eof

Here is my setup:

WAN side ome through MODEM - MANAGED SWITCH - ROUTER 1
(111.92.179.46/29) <--> LAN (192.168.x.x/24)

                                     MODEM - MANAGED SWITCH - GRASE
BOX (111.92.179.45) <--> LAN (10.1.x.x/24) ETH0 is facing the Internet
side while ETH1 ( with tun0 and tun1) is where grase resides.

Hope that helps you in  your troubleshooting.

Thanks you very much for your support and time.



Tubeta


=================================================================

On 5/18/17, Timothy White <ti***8@gmail.com> wrote:
> Normally this is caused by traffic appearing on the wrong interface.
>
> Can you please collect support information (
> https://grasehotspot.org/support/collecting-support-information/) and also
> try and give us an overview of your setup, including IP ranges on each
> network, and which network interface each network is.
>
> i.e. WAN, LAN, network interfaces for each, ranges for each, and any other
> networks you may have that could be conflicting with things.
>
> Regards
>
> Tim
>
>
> On Thu, May 18, 2017 at 11:43 AM, Tubeta Taenang <tu***g@gmail.com>
> wrote:
>
>> Hello Tim,
>>
>> I am getting a huge volume of message about martian source from within
>> my lan, on my grase machine, can you help me out telling me what
>> should I do in this instance? I have only a few computers and I think
>> I have configured them correctly.
>>
>> Can you give me any hint on what should I double check.
>>
>> My Internet speed droppped dramatically and I think it is related to
>> this ARP traffic.
>>
>> I include a sample log message below.
>>
>> Thank you for your time.
>>
>> Tubeta
>>
>>
>> May 18 13:20:53 gateway kernel: [16629.698928] net_ratelimit: 104
>> callbacks suppressed
>>
>> May 18 13:20:53 gateway kernel: [16629.698935] martian source
>> 104.116.243.17 from 10.1.0.52, on dev eth1
>> May 18 13:20:53 gateway kernel: [16629.698938] ll header:
>> 90:f6:52:18:4a:b6:b8:97:5a:8f:d5:f4:08:00
>> May 18 13:20:53 gateway kernel: [16629.699957] martian source
>> 104.116.243.17 from 10.1.0.52, on dev eth1
>> May 18 13:20:53 gateway kernel: [16629.699961] ll header:
>> 90:f6:52:18:4a:b6:b8:97:5a:8f:d5:f4:08:00
>> May 18 13:20:53 gateway kernel: [16629.729417] martian source
>> 104.116.243.17 from 10.1.0.52, on dev eth1
>> May 18 13:20:53 gateway kernel: [16629.729422] ll header:
>> 90:f6:52:18:4a:b6:b8:97:5a:8f:d5:f4:08:00
>> May 18 13:20:53 gateway kernel: [16629.730939] martian source
>> 104.116.243.17 from 10.1.0.52, on dev eth1
>> May 18 13:20:53 gateway kernel: [16629.730944] ll header:
>> 90:f6:52:18:4a:b6:b8:97:5a:8f:d5:f4:08:00
>> May 18 13:20:53 gateway kernel: [16629.731921] martian source
>> 104.116.243.17 from 10.1.0.52, on dev eth1
>> May 18 13:20:53 gateway kernel: [16629.731926] ll header:
>> 90:f6:52:18:4a:b6:b8:97:5a:8f:d5:f4:08:00
>> May 18 13:20:53 gateway kernel: [16629.742287] martian source
>> 104.116.243.17 from 10.1.0.52, on dev eth1
>> May 18 13:20:53 gateway kernel: [16629.742291] ll header:
>> 90:f6:52:18:4a:b6:b8:97:5a:8f:d5:f4:08:00
>> May 18 13:20:53 gateway kernel: [16629.745171] martian source 10.1.0.1
>> from 10.1.0.52, on dev eth1
>>
>> --
>> This mailing list is for the Grase Hotspot Project
>> http://grasehotspot.org
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "Grase Hotspot" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to gr***e@grasehotspot.org.
>> To post to this group, send email to gr***t@grasehotspot.org.
>> Visit this group at https://groups.google.com/a/
>> grasehotspot.org/group/grase-hotspot/.
>> To view this discussion on the web visit https://groups.google.com/a/
>> grasehotspot.org/d/msgid/grase-hotspot/CAPYsbFbC6Y2hNamR6d41w7V15pFDC
>> yZbcG8QWAQGjTe05S84Bw%40mail.gmail.com.
>>
>
> --
> This mailing list is for the Grase Hotspot Project http://grasehotspot.org
> ---
> You received this message because you are subscribed to the Google Groups
> "Grase Hotspot" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to gr***e@grasehotspot.org.
> To post to this group, send email to gr***t@grasehotspot.org.
> Visit this group at
> https://groups.google.com/a/grasehotspot.org/group/grase-hotspot/.
> To view this discussion on the web visit
> https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/CAESLx0%2BbcNz%3DKJPd0irMeCExNOSKARo%2B%2B3JAOujfz-2Et3PHfQ%40mail.gmail.com.
>


Thread