allow 'martian source'

Hi,

I have a rather unique problem. I utilize a VPN software that forces me to assign an ip to VPN clients using a different subnet than that of my normal LAN. For example, my Suse machine has an eth0 ip of 192.168.2.x and a VPN client has an ip of 192.168.3.x. I have come to realize that I am unable to connect or to even ping the Suse machine from the VPN client in the different subnet. An error in the /var/log/message file is reported “martian source 192.168.2.x from 192.168.3.x on dev eth0”. I know how I can hide this warning but that is not the point. I need to be able to allow connections from ips in a different subnet than the Suse machine. In other words the martian sources need to be allowed not blocked.

Any help in the above would be greatly appreciated.

Thanks,
Daniel

Well, seeing as no one else has come up with a solution for me I found it myself :slight_smile: I thought I would post it here for the benefit of future readers. It comes down to simple routing on the Linux machine. Even though the default gateway (192.168.2.x) is set for the normal subnet (lets say 192.168.2.0/24) it doesn’t want to work for a different subnet (lets say 192.168.0.0/24). So what you have to do is add in a route like so:

Destiation: 192.168.0.0/24
Gateway: 192.168.2.x (same as default gateway)
Netmask: 255.255.255.0
Device: (whatever device the communication is coming in on)

That’s all there is to it folks - simple but extremely frustrating :slight_smile: Now it seems the martians will leave me alone…