From mboxrd@z Thu Jan 1 00:00:00 1970 From: Joseph Watson Date: Sun, 04 May 2003 22:53:12 +0000 Subject: Re: [LARTC] Proxy Arp question Message-Id: List-Id: References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org On Sunday May 4 2003 04:56 pm, Martin A. Brown wrote: > ....snip.... > > Joseph--I have a question for you about how your shorewall box is > detecting when you move a host from one interface to another? I have been > puzzling over ways to do this, and I believe I have stumbled on one, but I > was hoping you might have already solved this problem. Naturally, the > shorewall box needs to know at all times the location of your roving host, > so autodetection of the location of the box might be handy. > > -Martin > I tell it what hosts are in the dmz .... it does not autodetect. I just add the host to the shorewall config. I have a question maybe you can help me with though: Here is the working configuration of my testing firewall using proxy arp: 192.168.1.0/24 | eth0: 192.168.1.1 Firewall eth1: 192.168.3.1 | 192.168.1.2 There are the following routes used by proxy-arp: 192.168.1.2 dev eth1 scope link 192.168.1.0/24 dev eth0 scope link This moves host 192.168.1.2 from the public network to the dmz behind the firewall. Where I am confused is when I check the proxy_arp settings: []# cat /proc/sys/net/ipv4/conf/eth0/proxy_arp 0 []# cat /proc/sys/net/ipv4/conf/eth1/proxy_arp 1 []# Why is proxy_arp not turned on for eth0?? Every howto I can find says to turn on proxy_arp for both interfaces. -- Regards Joseph Watson _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/