From: Joseph Watson <jtwatson@datakota.com>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Proxy Arp question
Date: Sun, 04 May 2003 22:53:12 +0000 [thread overview]
Message-ID: <marc-lartc-105208887529903@msgid-missing> (raw)
In-Reply-To: <marc-lartc-105184920302860@msgid-missing>
On Sunday May 4 2003 04:56 pm, Martin A. Brown wrote:
>
....snip....
>
> Joseph--I have a question for you about how your shorewall box is
> detecting when you move a host from one interface to another? I have been
> puzzling over ways to do this, and I believe I have stumbled on one, but I
> was hoping you might have already solved this problem. Naturally, the
> shorewall box needs to know at all times the location of your roving host,
> so autodetection of the location of the box might be handy.
>
> -Martin
>
I tell it what hosts are in the dmz .... it does not autodetect. I just add
the host to the shorewall config.
I have a question maybe you can help me with though:
Here is the working configuration of my testing firewall using proxy
arp:
192.168.1.0/24
|
eth0: 192.168.1.1
Firewall
eth1: 192.168.3.1
|
192.168.1.2
There are the following routes used by proxy-arp:
192.168.1.2 dev eth1 scope link
192.168.1.0/24 dev eth0 scope link
This moves host 192.168.1.2 from the public network to the dmz behind the
firewall. Where I am confused is when I check the proxy_arp settings:
[]# cat /proc/sys/net/ipv4/conf/eth0/proxy_arp
0
[]# cat /proc/sys/net/ipv4/conf/eth1/proxy_arp
1
[]#
Why is proxy_arp not turned on for eth0?? Every howto I can find says to turn
on proxy_arp for both interfaces.
--
Regards
Joseph Watson
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
next prev parent reply other threads:[~2003-05-04 22:53 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-05-02 4:18 [LARTC] Proxy Arp question Joseph Watson
2003-05-02 7:31 ` christopher cuse
2003-05-03 5:02 ` Joseph Watson
2003-05-03 7:35 ` christopher cuse
2003-05-03 15:27 ` Joseph Watson
2003-05-04 18:53 ` Don Cohen
2003-05-04 19:41 ` christopher cuse
2003-05-04 20:56 ` Martin A. Brown
2003-05-04 22:53 ` Joseph Watson [this message]
2003-05-04 23:15 ` Martin A. Brown
2003-05-06 0:15 ` Joseph Watson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-105208887529903@msgid-missing \
--to=jtwatson@datakota.com \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.