# [solved] bridging + weird syslog messenges

## tudor

Hello,

I have just set up a linux bridge on my server and as soon as i plug the local network cables in, I get these weird syslog messenges every few seconds:

 *Quote:*   

> Sep 19 00:00:01 alba eth2: received packet with  own address as source address
> 
> Sep 19 00:00:03 alba eth2: received packet with  own address as source address
> 
> Sep 19 00:00:03 alba eth2: received packet with  own address as source address
> ...

 

I don't know if it affects the newtork in any way, but I'd like to be sure anyway   :Confused: 

The bridge is made of eth1 and eth2, internet is connected to eth0, kernel 2.6.17-hardened-r1, pIII @ 800MHz CPU

                                   Thanx in advance   :Smile: Last edited by tudor on Tue Oct 10, 2006 5:03 am; edited 1 time in total

----------

## shanew

Can you post the contents of your /etc/conf.d/net ?

----------

## tudor

Here's the part containing the bridge:

 *Quote:*   

> 
> 
> modules=( "iproute2" )
> 
> [.....................]  <- stuff not concerning bridge, just eth0 
> ...

 

This is the only bridge in the network btw.

Also, I have read somewhere it may have something to do with eth2 (in my case) and br0 having the same MAC... tried changing the MAC of eth2 but the bringe's also changed (can't seem to change the mac of br0), so...

----------

## shanew

On both my bridges the bridge device shares a MAC address with one of its constituent ethernet devices, and I don't see any of the errors you're reporting.  My general guess is that there's a loop somewhere in the network, and specifically that traffic coming out of br0 is eventually making it's way "through" the bridge, into eth2, at which point these errors show up as a way to warn you that some sort of spoofing may be going on.

Does 'route -n' reveal anything that might explain a loop (speaking of which, is the subnet mismatch in the routes_br0 line a typo or is it intentional)?

----------

## lbrtuk

 *Quote:*   

> brctl_br0=( "stp off" )

 

Is there a reason you've turned spanning tree protocol off? This is exactly the sort of problem it's supposed to solve.

----------

## tudor

The 89.34.223.0/24 subnet is routed through 89.34.222.10 ( another server ).

I've turned stp on for a few days but the results are the same.

route -n says:

 *Quote:*   

> alba ~ # route -n
> 
> Kernel IP routing table
> 
> Destination             Gateway              Genmask                Flags     Metric     Ref        Use   Iface
> ...

 

Also, here's the STP info for br0:

 *Quote:*   

> alba ~ # brctl showstp br0
> 
> br0
> 
>  bridge id              8000.000acd10ba31
> ...

 

 *Quote:*   

> alba ~ # brctl show
> 
> bridge name     bridge id               STP enabled     interfaces
> 
> br0             8000.000acd10ba31       yes             eth1
> ...

 

I've blocked every client's MAC with 1 IP. What spoofing could be happening?

----------

## shanew

Just to be clear, I'm not saying there's any spoofing going on, only that the error you're seeing could be associated with spoofing.  I think the reason you're seeing the error is possibly because of a network loop.

Anyway, the routing info seems a little off, but I can't put my finger on exactly what seems off.  First, it seems odd that traffic bound for 127.0.0.0 has 0.0.0.0 as the gateway (all the boxes I have, bridge or not, have the gateway for 127.0.0.0 set as 127.0.0.1).  There also seems to be more routing going on than I would normally expect to see on a bridge.  Something about it makes me wonder if your bridge is actually spanning two different subnets.  Do you mind describing how your network is setup, how the bridge fits into it?  Why does the bridge device have three IP addresses assigned to it, for instance?

----------

## tudor

OK, the main ideea behind setting up he bridge was to split the main network because of the adorable little 139 port & so on, without all that trouble of dividing the bandwidth between 2 or more ethernet cards with htb (if you know a way to set up HTB so the eth cards don't use a fixed amount of bandwidth and if one can use what the other doesn't need in a given moment, I'll lose the bridge).

The setup is like this:

 - eth1 has half the .222.0 network linked to it and eth2 the other half, so the server blocks the viruses running around

 - 89.34.222.10 is the second server's eth0 address which has the .223.0 subnet routed through it (89.34.223.1 on eth1)

 - the bridge had 3 IP's associated because .1 is the gateway, .2 is the DNS cache and .3 is the local DC hub

 - 127.0.0.0 is routed by default through 0.0.0.0 in Gentoo at least, so I thought maybe they know better; I'll change it it makes a difference

Does it matter if the linux box is a router and a bridge? eth1 and eth2 are Repotec, with Realtek 8139D chipset

----------

## shanew

 *tudor wrote:*   

> 
> 
>  - 127.0.0.0 is routed by default through 0.0.0.0 in Gentoo at least, so I thought maybe they know better; I'll change it it makes a difference
> 
> 

 

Maybe this has changed with some recent version of gentoo, then, because I admin nearly 20 gentoo boxes, and while I haven't verified each and every one of them, the ones I did check all have 127.0.0.0 routed through 127.0.0.1.  But, I haven't set up a new box since the spring some time.  In any case, I don't really think this has anything to do with what you're seeing.

 *tudor wrote:*   

> 
> 
> Does it matter if the linux box is a router and a bridge? eth1 and eth2 are Repotec, with Realtek 8139D chipset

 

It matters in that a bridge/router (AKA brouter) is a different beast than either a bridge or a router (which are totally different beasts to begin with).  While I've set up several bridges (bridging firewalls specifically) using gentoo, I've never ventured into brouter territory. It sounds like what you actually need though, since some of the packets entering eth1 need to be bridged out to eth2, while some need to be routed out eth0 (and vice-versa for packets entering eth2), if I'm understanding your setup correctly (I'm basing this on the fact that it sounds like clients on either side of the bridge actually have 89.34.222.1 set as their gateway).

Setting up a brouter requires ebtables, which may require a new kernel or kernel modules, plus the ebtables tools, which are available as an ebuild.  http://ebtables.sourceforge.net/examples.html#ex_brouter shows a simple example of using ebtables to do brouting, but I don't know how helpful it will be in your setup.

If everything seems to be working despite this error, it's tempting to say just ignore it.  But my intuition is that the error indicates something isn't really configured properly, you just haven't run into the situation where it's obvious enough to notice.  Unfortunately, I'm not sure what other advice I can offer.

----------

## tudor

I'll set up a separate box as a bridge and see if the problem goes away.

                Thanx anyway   :Smile: 

----------

## tudor

There are some Wireless Access Points set in bridge mode for linking 2 LANs ( Linkssys among others).. could they be the source of these messages? I've tried switching the cables between eth1 and eth2 and the problem seems to originate from their... direction.

   If anyone has experience with APs in bridge/WDS modes and Linux bridges, I'd appreciate the help  :Smile: 

----------

## tudor

If anyone's actually interested, I solved the "mistery". Looks like the bridge/router tried to route traffic, but after the bridge code changed the source MAC to it's own so it would bridge the packet. Looks like not using the broute chain is BAD   :Confused: 

----------

