1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<TITLE> [Mageia-discuss] Odd entry in log file
</TITLE>
<LINK REL="Index" HREF="index.html" >
<LINK REL="made" HREF="mailto:mageia-discuss%40mageia.org?Subject=Re%3A%20%5BMageia-discuss%5D%20Odd%20entry%20in%20log%20file&In-Reply-To=%3C4FA7BED0.8090907%40roadrunner.com%3E">
<META NAME="robots" CONTENT="index,nofollow">
<META http-equiv="Content-Type" content="text/html; charset=us-ascii">
<LINK REL="Previous" HREF="007235.html">
<LINK REL="Next" HREF="007245.html">
</HEAD>
<BODY BGCOLOR="#ffffff">
<H1>[Mageia-discuss] Odd entry in log file</H1>
<B>Frank Griffin</B>
<A HREF="mailto:mageia-discuss%40mageia.org?Subject=Re%3A%20%5BMageia-discuss%5D%20Odd%20entry%20in%20log%20file&In-Reply-To=%3C4FA7BED0.8090907%40roadrunner.com%3E"
TITLE="[Mageia-discuss] Odd entry in log file">ftg at roadrunner.com
</A><BR>
<I>Mon May 7 14:23:44 CEST 2012</I>
<P><UL>
<LI>Previous message: <A HREF="007235.html">[Mageia-discuss] Odd entry in log file
</A></li>
<LI>Next message: <A HREF="007245.html">[Mageia-discuss] Odd entry in log file
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#7236">[ date ]</a>
<a href="thread.html#7236">[ thread ]</a>
<a href="subject.html#7236">[ subject ]</a>
<a href="author.html#7236">[ author ]</a>
</LI>
</UL>
<HR>
<!--beginarticle-->
<PRE>On 05/07/2012 06:45 AM, Frank Griffin wrote:
>><i> On 05/06/2012 09:15 PM, imnotpc wrote:
</I>>><i> 1) Is eth0 the interface facing the internet ?
</I>><i>
</I>><i> No, this interface faces the LAN which has a 192.168.0.0/24 subnet.
</I>><i>
</I>
OK, so if eth0 has no outside internet access, you are correct in saying
that something in your network is doing this.
>><i>
</I>>><i> 2) Is 173.194.74.154 the IP address assigned (currently) to you by
</I>>><i> your ISP ?
</I>><i>
</I>><i> No, that IP returns to qe-in-f154.1e100.net which appears to be a
</I>><i> server owned by Google.
</I>
Yes. I thought maybe Google was your ISP.
>><i>
</I>>><i> 4) What does "traceroute 192.168.3.2" from the gateway give ?
</I>><i>
</I>><i> [<A HREF="https://www.mageia.org/mailman/listinfo/mageia-discuss">root at Cedar1</A> /]# traceroute 192.168.3.2
</I>><i> traceroute to 192.168.3.2 (192.168.3.2), 30 hops max, 60 byte packets
</I>><i> 1 74-94-209-242-BusName-VA.hfc.comcastbusiness.net (74.94.209.242)
</I>><i> 0.670 ms 1.372 ms 1.686 ms
</I>><i> 2 * * *
</I>><i>
</I>><i> Well isn't that interesting. That Comcast IP is the address of the ISP
</I>><i> gateway I use. Both of my firewall/gateway boxes that are logging
</I>><i> martian packets are connected to similar Comcast routers. The routers
</I>><i> are configured in bridge mode so the router DHCP service has no effect
</I>><i> on my connection, but it might still be active on the router. Also
</I>><i> each ISP router also has a wireless interface and that could still be
</I>><i> active. My firewall doesn't block any private IPs coming from the
</I>><i> Internet interface since the ISP routers would never forward them, so
</I>><i> that explains how they get past the firewall.
</I>
No, I think traceroute doesn't special-case internal IP addresses. Your
routing table is (correctly) set up to route traffic for anything other
than your known subnets to the external internet, and that's exactly
what traceroute is doing. It's your ISP's job to discard internal
address packets, not yours.
But I think you're on to something with the ISP routers. Is there some
reason you don't just run the cable from the cable modem to the external
NIC on the gateway PC ? If you're willing to try that, and the martians
disappear, it's these routers.
Try going into configuration on these routers, and see what their DHCP
servers are set up for, and whether the 192.168.3 subnet appears
anywhere in there. It's possible that one of your DHCP-using wireless
clients is getting an answer to its broadcast from these guys before
your internal router, and picking up a 192.168.3.2 IP address from them.
</PRE>
<!--endarticle-->
<HR>
<P><UL>
<!--threads-->
<LI>Previous message: <A HREF="007235.html">[Mageia-discuss] Odd entry in log file
</A></li>
<LI>Next message: <A HREF="007245.html">[Mageia-discuss] Odd entry in log file
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#7236">[ date ]</a>
<a href="thread.html#7236">[ thread ]</a>
<a href="subject.html#7236">[ subject ]</a>
<a href="author.html#7236">[ author ]</a>
</LI>
</UL>
<hr>
<a href="https://www.mageia.org/mailman/listinfo/mageia-discuss">More information about the Mageia-discuss
mailing list</a><br>
</body></html>
|
