2017-05-22 - Re: [GRASE-Hotspot] Why I am getting martian source package mesages from syslog

Header Data

From: Tubeta Taenang <tu***g@gmail.com>
Message Hash: 96100891c4438c9642df6d9a931951efb3c2de9ad331ba2398bc147e4b28adf6
Message ID: <CAPYsbFbnfYuKDKfEEVo+WUj+3NS2eenKGYY2QeMQ-0i4LHZv=g@mail.gmail.com>
Reply To: <CAPYsbFaL75DVYd4VbbHkwqFJ8==PX-rUXKMkpa3vp5xaRopU3g@mail.gmail.com>
UTC Datetime: 2017-05-22 20:49:01 UTC
Raw Date: Tue, 23 May 2017 15:49:01 +1200

Raw message 

Hello Tim

Have you had a chance to look at my issue? How can I resolve it?

Thanks

Tubeta

On 5/19/17, Tubeta Taenang <tu***g@gmail.com> wrote:
> Hello Tim
>
> This the url to my result: https://paste.grasehotspot.org/view/b1a151d2
>
> I notice their is some misconfig with Chilli or what, you can tell me
> more what your findings. This just happened from yesterday and my
> Ineternet speed drops dramatically. I really need your help as to what
> should I have to do to fix this problem.
>
> For one thing, here is a copy of my syscntl.conf
>
> ##
> # /etc/sysctl.conf - Configuration file for setting system variables
> # See /etc/sysctl.d/ for additonal system variables
> # See sysctl.conf (5) for information.
> #
>
> #kernel.domainname = example.com
>
> # Uncomment the following to stop low-level messages on console
> #kernel.printk = 3 4 1 3
>
> ##############################################################3
> # Functions previously found in netbase
> #
>
> # Uncomment the next two lines to enable Spoof protection (reverse-path
> filter)
> # Turn on Source Address Verification in all interfaces to
> # prevent some spoofing attacks
> net.ipv4.conf.default.rp_filter=1
> net.ipv4.conf.all.rp_filter=1
>
> # Uncomment the next line to enable TCP/IP SYN cookies
> # See http://lwn.net/Articles/277146/
> # Note: This may impact IPv6 TCP sessions too
> net.ipv4.tcp_syncookies=1
>
> # Uncomment the next line to enable packet forwarding for IPv4
> net.ipv4.ip_forward=1
>
> # Uncomment the next line to enable packet forwarding for IPv6
> #  Enabling this option disables Stateless Address Autoconfiguration
> #  based on Router Advertisements for this host
> #net.ipv6.conf.all.forwarding=1
>
>
> ###################################################################
> # Additional settings - these settings can improve the network
> # security of the host and prevent against some network attacks
> # including spoofing attacks and man in the middle attacks through
> # redirection. Some network environments, however, require that these
> # settings are disabled so review and enable them as needed.
> #
>
>                                                         1,1
> Top
>
> # Do not accept ICMP redirects (prevent MITM attacks)
> net.ipv4.conf.all.accept_redirects = 0
> net.ipv6.conf.all.accept_redirects = 0
> # _or_
> # Accept ICMP redirects only for gateways listed in our default
> # gateway list (enabled by default)
>  net.ipv4.conf.all.secure_redirects = 1
> #
> # Do not send ICMP redirects (we are not a router)
> #net.ipv4.conf.all.send_redirects = 0
> #
> # Do not accept IP source route packets (we are not a router)
> #net.ipv4.conf.all.accept_source_route = 0
> #net.ipv6.conf.all.accept_source_route = 0
> #
> # Log Martian Packets
> #net.ipv4.conf.all.log_martians = 1
>
>
> eof
>
> Here is my setup:
>
> WAN side ome through MODEM - MANAGED SWITCH - ROUTER 1
> (111.92.179.46/29) <--> LAN (192.168.x.x/24)
>
>                                      MODEM - MANAGED SWITCH - GRASE
> BOX (111.92.179.45) <--> LAN (10.1.x.x/24) ETH0 is facing the Internet
> side while ETH1 ( with tun0 and tun1) is where grase resides.
>
> Hope that helps you in  your troubleshooting.
>
> Thanks you very much for your support and time.
>
>
>
> Tubeta
>
>
> =================================================================
>
> On 5/18/17, Timothy White <ti***8@gmail.com> wrote:
>> Normally this is caused by traffic appearing on the wrong interface.
>>
>> Can you please collect support information (
>> https://grasehotspot.org/support/collecting-support-information/) and
>> also
>> try and give us an overview of your setup, including IP ranges on each
>> network, and which network interface each network is.
>>
>> i.e. WAN, LAN, network interfaces for each, ranges for each, and any
>> other
>> networks you may have that could be conflicting with things.
>>
>> Regards
>>
>> Tim
>>
>>
>> On Thu, May 18, 2017 at 11:43 AM, Tubeta Taenang
>> <tu***g@gmail.com>
>> wrote:
>>
>>> Hello Tim,
>>>
>>> I am getting a huge volume of message about martian source from within
>>> my lan, on my grase machine, can you help me out telling me what
>>> should I do in this instance? I have only a few computers and I think
>>> I have configured them correctly.
>>>
>>> Can you give me any hint on what should I double check.
>>>
>>> My Internet speed droppped dramatically and I think it is related to
>>> this ARP traffic.
>>>
>>> I include a sample log message below.
>>>
>>> Thank you for your time.
>>>
>>> Tubeta
>>>
>>>
>>> May 18 13:20:53 gateway kernel: [16629.698928] net_ratelimit: 104
>>> callbacks suppressed
>>>
>>> May 18 13:20:53 gateway kernel: [16629.698935] martian source
>>> 104.116.243.17 from 10.1.0.52, on dev eth1
>>> May 18 13:20:53 gateway kernel: [16629.698938] ll header:
>>> 90:f6:52:18:4a:b6:b8:97:5a:8f:d5:f4:08:00
>>> May 18 13:20:53 gateway kernel: [16629.699957] martian source
>>> 104.116.243.17 from 10.1.0.52, on dev eth1
>>> May 18 13:20:53 gateway kernel: [16629.699961] ll header:
>>> 90:f6:52:18:4a:b6:b8:97:5a:8f:d5:f4:08:00
>>> May 18 13:20:53 gateway kernel: [16629.729417] martian source
>>> 104.116.243.17 from 10.1.0.52, on dev eth1
>>> May 18 13:20:53 gateway kernel: [16629.729422] ll header:
>>> 90:f6:52:18:4a:b6:b8:97:5a:8f:d5:f4:08:00
>>> May 18 13:20:53 gateway kernel: [16629.730939] martian source
>>> 104.116.243.17 from 10.1.0.52, on dev eth1
>>> May 18 13:20:53 gateway kernel: [16629.730944] ll header:
>>> 90:f6:52:18:4a:b6:b8:97:5a:8f:d5:f4:08:00
>>> May 18 13:20:53 gateway kernel: [16629.731921] martian source
>>> 104.116.243.17 from 10.1.0.52, on dev eth1
>>> May 18 13:20:53 gateway kernel: [16629.731926] ll header:
>>> 90:f6:52:18:4a:b6:b8:97:5a:8f:d5:f4:08:00
>>> May 18 13:20:53 gateway kernel: [16629.742287] martian source
>>> 104.116.243.17 from 10.1.0.52, on dev eth1
>>> May 18 13:20:53 gateway kernel: [16629.742291] ll header:
>>> 90:f6:52:18:4a:b6:b8:97:5a:8f:d5:f4:08:00
>>> May 18 13:20:53 gateway kernel: [16629.745171] martian source 10.1.0.1
>>> from 10.1.0.52, on dev eth1
>>>
>>> --
>>> This mailing list is for the Grase Hotspot Project
>>> http://grasehotspot.org
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups
>>> "Grase Hotspot" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an
>>> email to gr***e@grasehotspot.org.
>>> To post to this group, send email to gr***t@grasehotspot.org.
>>> Visit this group at https://groups.google.com/a/
>>> grasehotspot.org/group/grase-hotspot/.
>>> To view this discussion on the web visit https://groups.google.com/a/
>>> grasehotspot.org/d/msgid/grase-hotspot/CAPYsbFbC6Y2hNamR6d41w7V15pFDC
>>> yZbcG8QWAQGjTe05S84Bw%40mail.gmail.com.
>>>
>>
>> --
>> This mailing list is for the Grase Hotspot Project
>> http://grasehotspot.org
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "Grase Hotspot" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to gr***e@grasehotspot.org.
>> To post to this group, send email to gr***t@grasehotspot.org.
>> Visit this group at
>> https://groups.google.com/a/grasehotspot.org/group/grase-hotspot/.
>> To view this discussion on the web visit
>> https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/CAESLx0%2BbcNz%3DKJPd0irMeCExNOSKARo%2B%2B3JAOujfz-2Et3PHfQ%40mail.gmail.com.
>>
>

Thread