[Shorewall-newbies] Shorewall 2.0 and Routing
teastep at shorewall.net
Tue Feb 3 07:50:37 PST 2004
There have been a number of questions recently about Shorewall 2.0 and
routing. In earlier posts, I said that Shorewall 2.0 would no longer alter
the routing table as part of setting up Proxy ARP.
I have been persuaded to take a different approach.
In Shorewall 2.0.0-Alpha2, the HAVEROUTE column has been restored to the
proxyarp file and a new PERSISTENT column has been added. If the HAVEROUTE
column contains "No" then a "Yes" in the PERSISTENT column will cause the
route added by Shorewall during "shorewall [re]start" to remain after a
"shorewall stop" or a "shorewall clear".
I still believe that the best way to manage Proxy ARP is to install the
appropriate host route(s) when the internal interface is brought up and to
place "Yes" in the HAVEROUTE column. This gets Shorewall out of the business
of updating the routing table and allows interfaces to be restarted without
having to restart Shorewall just to restore the needed route(s).
Nevertheless, the combination of "No" in the HAVEROUTE column together with
"Yes" in the PERSISTENT column provides most of the benefits of the preferred
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep at shorewall.net
More information about the Shorewall-newbies