bridge-routing and martian packets

i am experimenting with routing a bit, and now i have a problem i cannot solve by myself eth0 | | | ------------------------ br0 ------------------------ | (192.168.100.1) | | | | | | | lxc_vpn_eth0 lxc_test_eth0 (192.168.100.120) (192.168.100.130) | | tun0 i want to send some packets (udp) out of the lxc-container (test) to the other lxc container (vpn) and from there through openvpn running inside this container, this works so far, but somehow the response is marked by the kernel as martian and dropped from the bridge br0 i tested with tcpdump on all 3 "places" the packets pass by and this are the results : (in vpn container ) #tcpdump -i eth0 21:25:12.043321 IP 192.168.100.1.55081 > XX.YY.UU.VV.6969: UDP, length 16 21:25:12.097040 IP XX.YY.UU.VV.6969 > 192.168.100.1.55081: UDP, length 16 as you see, i am masquerading the packets on tun0 so the packets from the test-container arive at the vpn container, go out through tun0 and i get an answer, but as soon as this response-packet is placed on the bridge i get this in kernel logs : kernel: [c0] IPv4: martian source 192.168.100.120 from XX.YY.UU.VV, on dev br0 so how i have to configure the routing ,that the response packet doesn't get dropped? It should already be on the bridge where the container with ip 192.168.100.120 sits, and waits for it ... Thx in advance for helping me out, i'll happily provide you with further informations ... ( i dont wanted to post all the routing tables, because i dont wanted to fill the posting with maybe useless informations )