I’m not a security appliance specialist and in fact rather new at it. I have been using IPFire for some time though and have become somewhat familiar with what to expect it’s outputs to look like. This log file is unlike any I have ever got in the past and I am having problems understanding what I am reading. My number one question is whether this is a new normal or some sort of issue that I need to resolve. My second and last question is does anyone know of a URL that contains the info to teach me how to read that thing and understand it. I hope someone can help. I do appreciate anyone who tries. Thanks.
Martian packets mostly are produced by network misconfigurations and/or false connections.
See also this Wikipedia article.
Without the full IPs mentioned in the message it is not possible to analyse more.
I watched that martian packets also can occur if you do something like 1:1 NAT or SNAT, while the sending host could reach the target without translation via a different route, too. In that case it’s rather a routing misconfiguration.
This article can be an inspiration for struggling with martians.
Especially example 3 which is about RPF. Reverse Path Filtering is restricted in Core Update 168. The discussion about this decision is not closed yet, I think.
If I remember correctly, there were several threads/topics on the forum about martians.
It seems the information you have provided is correct. It is originating with my wifi/router. Let me please enter some information about that hardware. It is a Linksys EA8300 V1.1. It is fed from green (lan). For security reasons the linksys support told me to enable most of the internals for security purposes. I think this is the origin of most if not all my martians. Either I am looking in the wrong place or I am not understanding the IPFire wiki on how to hook up that router securely. If anyone has any ideas how to do this securely please reply. A good URL with step by step instructions would be GREAT as I am not a graduate in networking. My thanks to any who would at least attempt to give me a workable answer. You are a great bunch in here.
The Linksys EA8300 is a Wireless Router and how this has been connected to your green network could play a part in the martians.
Is your green network on IPFire connected to one of the four Ethernet ports on the EA8300 or have you connected it to the Internet Port?
The tech person for linksys told me to use one of the 4 ports to link to green. I have to run a jumper from one of the other 4 ports to the internet port in order to satisfy the router. Unhook that port and many things quit working in it. I can’t connect the internet port direct to my (green) lan switch either. It errors out due to not being able to obtain an address from my ISP. If there was a way to do it I would prefer my wifi to go through red so it would have protection before it entered my lan. According to the wiki my router is not the hardware type needed and also isn’t supported due to manufacturer. (Couldn’t find Linksys anywhere in the list of supported appliances.)
That is the correct way to use it. No problem there.
This seems very weird. You should not need to connect the wan side of your Wireless Router to the Lan side. I am not sure what that might cause. When I have used an old wireless router in the past as a wireless access point my only connection was to the lan side. the router wan was left totally unconnected. The unit then worked as a wireless access point without needing any routing setup.
Have you defined the IP address of your Wifi Router Lan to be on the same subnet as your green network on IPFire.
I have never got it to accept the IP address I tried to set. So, no. The router sets it’s own and it is a 10.78.x.x address. It will use IPFire as the gateway and DNS server. They are the 192.168.x.x standard settings. So, you think I should unhook the internet jumper cable and define the IP address as a 192.168.x.x as well? My problem will be to keep my wireless security software running. Last time I tried setting the router up it would shut off my wireless security if the internet jumper wasn’t hooked up. But, I will try anything you suggest.
If your IPFire green is 192.168.x.y and your wireless access point is 10.78.z.w then I believe that is why you are seeing the martian messages. IPFire is getting traffic sent with a 10.78.z.w address on a lan network of 192.168.x.y
That is not a good situation. From what you are describing it looks like Linksys has deliberately designed that model to not be capable of running only the Wireless Access portion but that the wan has to be connected to something.
I have had a quick read through the manual and FAQ’s for the EA8300 and it looks like it should be possible to set up the lan network with a static IP from the same subnet as IPFire is using. However if the wan and lan need to be connected to make the wireless security function then I have no idea what that would do to the IP setup and usage.
If the EA8300 is so restrictive in trying to be used as a WAP then you may need to consider to purchase a separate dedicated WAP that can be plugged into the IPFire network.
If the EA8300 insists on having its lan IP address as 10.78.x.y then your other option would be to set the IPFire green subnet network to 10.78.x.z . That way the subnet of IPFire and the EA8300 lan would be the same.
If you need to configure the EA8300 as an AccesPoint, you can try the following settings.
Below is a link to the EA8300 simulator:
Below is a link to the some hint
After researching the pros/cons of turning the Linksys into a wireless access point, I have decided not to do so. 1) When bridging all the internal security is turned off. I would have an open wifi hotspot connected to my green. 2) The software in the Linksys will not allow me to make some of the changes necessary to make bridge mode more secure. It will do strange things like turn off the ethernet ports. My EA8300 is v1.1 and has the latest software installed in June of this year. It doesn’t have the same interface as the one posted to help me. 3) There is still no way to protect my green from local wireless users.
After much thought it seems my only course will have to be buying a supported wifi pci card for my IPFire and buying an extender. If I am wrong in my conclusions please post a URL that will explain how and why I’m wrong and the steps I must take to secure the Linksys.
When I followed them exactly it would cause my Linksys to lose all connections. For instance, in the pictures of Connectivity under Administration, if I checked only the HTTPS box and unchecked all the others I would lose all connections to it, both wifi and lan. My version also has settings that are not in that picture. The Linksys website tells that bridging shuts off all the internal security software. From my understanding, there is nothing to stop someone from entering green (internal lan) over wifi with not even a password to worry about. That defeats the very purpose of having IPFire in my opinion. Not being an expert in any of this I am sure I am mistaken in more than one point that I have named.
I have not been able to decide if the wirless pci card is one that is in your list of supported wifi cards. In the wiki it says “If in doubt, ask about it in the forum”. Ok. How about: TP-Link AC1300 PCIe WiFi PCIe Card(Archer T6E)- 2.4G/5G Dual Band Wireless PCI Express Adapter? Will that work with IPFire? What do I look for in the newer hardware to know if it is compatible with IPFire?
After that long post I did prior to this one, I found a different wireless/router and decided to try it. It is older but turned on and seemed to work ok. The software was MUCH closer to that which was posted here for my benefit. After following instructions like I had before, I tried it and to my shock and surprise, it worked. I have internet connected wifi, the internet port is NOT connected, and best of all, it requires a password to enable it. It is not nearly as secure as one that is protected by IPFire but at least it isn’t open. I now can look for a good wireless pci card so I can do it right. I still need to know if that TP-Link will work. The one out of three wifi/routers that did work was also a Linksys. Hard to see how there can be such a big difference in models when discussing software and not hardware. Sorry to be such a pain. And thank you all for all the help and advice you have rendered.
I don’t think a true wireless access point builds a ‘open wifi hotspot’.
In a wired network access is controlled by the ethernet cables and the connectors.
In a wireless network this is done by the 802.11 wireless protocol with passphrases, encryption, …
The connection green IF <—> WAP is well controlled by IPFire, as all connections with green devices.
The access of wirless devices to the WAP is controlled by means of 802.11.
I never had an unknown device in my WLAN.
Installing a wireless card in IPFire just installs a further network for the wireless devices.
Security in the local network(s) should be primarily done by IPFire, which is the gateway for all of them to the WAN,
Just some thoughts to clarify the topics.