Kernel: IPv4: martian source 192.168.100.161 from 192.168.1.11, on dev enp1s0

Hello…

Does anybody knows about this kernel: IPv4: martian source 192.168.100.161 from 192.168.1.11, on dev enp1s0

And how I can fix and why in this.???’

Thanx a lot.

Who is 192.168.100.161 and who’s 192.16.1.11?
They are on different ip range.

You have read about martian ip…?? or somebody know…??? It´s hacking.?

https://community.nethserver.org/search?q=%22martian%20source%22

https://en.wikipedia.org/wiki/Martian_packet
In terminology, a martian packet is an IP packet received by the kernel on a specific interface, while routing tables indicate that the source IP is expected on another interface.

Hi Christian,

All the people refer to the RFC and its definition is quite “abstruse”. The one from Marc is much better.

Check the gateway and the DNS.
● If the server is LOCAL, try to change the gateway of the green card for the main gateway of your ISP.
● If the server is connecter directly to the internet, change the primary DNS to 1.1.1.1 and the secondary to 8.8.8.8

Michel-André

Hi

I’d just say something simple, like a DLink or Netgear WLan Router plugged into LAN of the NethServer…

My 2 cents
Andy

What…??

Hi
I assume a gadget like a router (With an IP of 192.168.1.11) is “poisoning” your network with wrong IPs…

These consumer devices often come factory preset to an IP like 192.168.1.1 or 192.168.1.11…

Andy

But what are Martian source

but the marcian source, what it is.?? why happen this, where comes thats ip.

@kristian1369

Hi

A “martian source” is a joke / referral to a source “Out of this world”. This usually implies Mars, as Venus is uninhabital (too hot).

This means, it’s not possible to route something like that over the internet, so usually the source is something in house, but completly wrong or not configured properly (Like factory defaults)…

Hope that helps to understand the meaning of “Martian Source”.

  • Can’t be from this world, so it must come from Mars (or a Martian)!

Another term often seen on firewalls and packet sniffers is “runt”. A term from farming, implying a piglet born too early or something like that. (I’m not a farmer). This means a misformed packet, usually due to a defective NIC or Cable (wiring).

My 2 cents
Andy

what indicates that…?? is a problem…?? this problem can throw down all the network… all the LAN…? because I get whithout conection in the LAN. Wheres come that segment of IP 192.168.100.xxx

Hi

It would help, if you explain what IPs your Nethserver is using, and is it Router / Firewal for that LAN or is there another box doing this?

As asked earlier:

A device in a network, with a wrongly configured Network NIC can create problems, but usually just can’t connect. If two boxes have the same IP, you have big problems, even bigger if one of those is your server or router!

Andy

I have this configuration.

OK

The Red connection goes to the internet, but not directly.
The green one has quite a few IP Aliases (too many?), but all in the wrong Network range…

The Firewall seems to be configured as such:

RED (Internet) is 192.168.1.11
GREEN (LAN) is 172.16.1.10

The Firewall doesn’t really know about the Networks 10.x.x.x and 192.168.0.x, they are not really configured Networks, only aliases. An Alias is like what your Friends may call you (Kris?), but it’s not in your official papers like ID or Passport.

Now, if any packet from 192.168.0.x get’s routed to the internet by the firewall, it becomes a “martian”. Recall that the firewall doesn’t really know about that network, it just happens to be connected to the same NIC, configured for 172.16.1.10. It can’t logically be possible…

If you want / need that kind of config (seems way to complex, and I happen to be a networking guru!), you need either more NICs in your Nethserver, or look into vLANs and a managed Switch!
That would work without such entries in the log and would be logically correct!

Maybe a quick explanation of what you’re trying to achieve with all those IPs on one NIC might help understanding your situation / problem?

My 2 cents
Andy

1 Like

The RED one is conect direct to the router of my ISP… the others are vlans that are configure in a switch.

OK

Are the vLans configured in the firewall too?

Note: If you changed the connection of your Desktop or Notebook from one vLan to another, it may be the reason for the martian packet - til the NIC switches over, it’s on the wrong vLan with the wrong IP…

this is what appers en message log.

but I dont have any PC Switch Router or anything with that IP.

Appears as though the Hosts with the IPs 192.168.100.161, 192.168.100.162 and 192.168.100.118 are on the wrong vLan or something else is wrong…
Cable ? Switch?

Maybe a gadget with an older configuration?

Try hooking your pc / notebook with a hard configured NIC (192.168.100.2 or 253) to that vLan and see if you can ping any of those three hosts appearing in the logs…

Actually, after checking, I’d say they come from your switch… See the MAC Adresses in the log.
they all seem to start with 18:d6:c7, that seems to indicate TP-Link Technologies ( A chinese company in Shenzen) …