Bonjour,
je suis inquiet et ne sais que penser exactement de ceci :
Dec 6 14:41:51 atalaya dhclient: DHCPREQUEST on eth1 to 255.255.255.255 port 67
Dec 6 14:41:54 atalaya dhclient: DHCPREQUEST on eth1 to 255.255.255.255 port 67
Dec 6 14:42:02 atalaya dhclient: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 5
Dec 6 14:42:25 atalaya kernel: [ADI] ADIUSBADSLOPTIONS : Eth device already open.
Dec 6 14:43:26 atalaya kernel: [adi] ioctl ADIUSBADSLOPTIONS received
Dec 6 14:43:26 atalaya kernel: [adi] Reassembly buffer size set to 1536
Dec 6 14:43:26 atalaya kernel: [adi] ioctl ADIUSBADSLDSP received
Dec 6 14:43:26 atalaya kernel: [adi] Loading DSP code to device...
Dec 6 14:43:26 atalaya kernel: [adi] DSP code successfully loaded to device
Dec 6 14:43:52 atalaya kernel: [adi] Modem operational !!
déc 6 14:47:04 atalaya su(pam_unix)[4426]: session opened for user root by (uid=500)
Dec 6 14:47:20 atalaya dhclient: Internet Software Consortium DHCP Client V3.0.1rc12
Dec 6 14:47:20 atalaya dhclient: Copyright 1995-2002 Internet Software Consortium.
Dec 6 14:47:20 atalaya dhclient: All rights reserved.
Dec 6 14:47:20 atalaya dhclient: For info, please visit [
www.isc.org]
Dec 6 14:47:20 atalaya dhclient:
Dec 6 14:47:21 atalaya dhclient: Listening on LPF/eth1/00:60:4c:1a:41:47
Dec 6 14:47:21 atalaya dhclient: Sending on LPF/eth1/00:60:4c:1a:41:47
Dec 6 14:47:21 atalaya dhclient: Sending on Socket/fallback
Dec 6 14:47:21 atalaya dhclient: DHCPREQUEST on eth1 to 255.255.255.255 port 67
Dec 6 14:47:21 atalaya dhclient: DHCPACK from 82.66.147.254
Dec 6 14:47:21 atalaya kernel: martian source 255.255.255.255 from 82.66.147.254, on dev eth1
Dec 6 14:47:21 atalaya kernel: ll header: 00:60:4c:1a:41:47:00:60:4c:1a:41:46:08:00
Dec 6 14:47:21 atalaya dhclient: bound to 82.66.147.135 -- renewal in 243649 seconds.
déc 6 14:47:29 atalaya su(pam_unix)[4426]: session closed for user root
Dec 6 14:47:34 atalaya kernel: martian source 82.66.147.135 from 127.0.0.1, on dev eth1
Dec 6 14:47:34 atalaya kernel: ll header: 00:60:4c:1a:41:47:00:60:4c:1a:41:46:08:00
Dec 6 14:47:41 atalaya kernel: martian source 82.66.147.135 from 127.0.0.1, on dev eth1
Dec 6 14:47:41 atalaya kernel: ll header: 00:60:4c:1a:41:47:00:60:4c:1a:41:46:08:00
Dec 6 14:47:53 atalaya kernel: martian source 82.66.147.135 from 127.0.0.1, on dev eth1
Dec 6 14:47:53 atalaya kernel: ll header: 00:60:4c:1a:41:47:00:60:4c:1a:41:46:08:00
Dec 6 14:48:01 atalaya kernel: martian source 82.66.147.135 from 127.0.0.1, on dev eth1
Dec 6 14:48:01 atalaya kernel: ll header: 00:60:4c:1a:41:47:00:60:4c:1a:41:46:08:00
Grosso modo: après un dhclient eth1 réussi
un tail -f /var/log/messages m'affiche ces lignes suspectent à propos d'un martian source que le noyau me signale.
Qu'est-ce que c'est que ce truc ?
Des pistes, des pistes....
Voici mes règles iptables :
#!/bin/sh
IPTABLES=/sbin/iptables
EXTERNAL_ADSL="eth1"
modprobe ip_conntrack_ftp
#---------------------------------------------
#INITIALISATION DES CIBLES
#---------------------------------------------
echo "Initialisation de la table FILTER"
$IPTABLES -t filter -F
$IPTABLES -t filter -X
$IPTABLES -t filter -P INPUT DROP
$IPTABLES -t filter -P OUTPUT DROP
$IPTABLES -t filter -P FORWARD DROP
echo "Initialisation de la table NAT"
$IPTABLES -t nat -F
$IPTABLES -t nat -X
$IPTABLES -t nat -P PREROUTING ACCEPT
$IPTABLES -t nat -P POSTROUTING ACCEPT
$IPTABLES -t nat -P OUTPUT ACCEPT
echo "Initialisation de la table MANGLE"
$IPTABLES -t mangle -F
$IPTABLES -t mangle -X
$IPTABLES -t mangle -P PREROUTING ACCEPT
$IPTABLES -t mangle -P INPUT ACCEPT
$IPTABLES -t mangle -P OUTPUT ACCEPT
$IPTABLES -t mangle -P FORWARD ACCEPT
$IPTABLES -t mangle -P POSTROUTING ACCEPT
#--------------------------------------------
#RESEAU LOCAL VERS INTERNET
#---------------------------------------------
echo "RESEAU LOCAL VERS INTERNET"
$IPTABLES -A INPUT -i $EXTERNAL_ADSL -p tcp -m multiport --sports domain,ftp,ftp-data,www,https,pop-3,smtp,cvspserver,11371,ssh,1441,2064 -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A OUTPUT -o $EXTERNAL_ADSL -p tcp -m multiport --dports domain,ftp,ftp-data,www,https,pop-3,smtp,cvspserver,11371,ssh,1441,2064 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A INPUT -i $EXTERNAL_ADSL -p udp -m multiport --sports domain,ntp -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A OUTPUT -o $EXTERNAL_ADSL -p udp -m multiport --dports domain,ntp -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
#---------------------------------------------
#INTERNET VERS RESEAU LOCAL
#---------------------------------------------
#permettre le ftp passif
echo "PERMETTRE LE FTP PASSIF"
$IPTABLES -A INPUT -i $EXTERNAL_ADSL -p tcp --sport 1024:65535 --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A OUTPUT -o $EXTERNAL_ADSL -p tcp --sport 1024:65535 --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT
#---------------------------------------------
#PERMETTRE LE PING
#---------------------------------------------
echo "PERMETTRE LE PING"
$IPTABLES -A OUTPUT -p icmp -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
#$IPTABLES -A INPUT -p icmp -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
$IPTABLES -A INPUT -p icmp -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPTABLES -A INPUT -p icmp -m state --state NEW -m limit --limit 1/s -j ACCEPT
voili, je sais c'est long, mais faut bien que je fournisse des données.
En espérant, qu'on y comprenne quelque chose, merci pour toute piste.
a+
>L'Avenir n'existe pas. Les Présents à venir seront la somme de
tous les combats que tu auras perdus ou gagnés dans tes Présents !