[Shorewall-newbies] Shorewall 2.0 and Routing

Tom Eastep teastep at shorewall.net
Tue Feb 3 07:50:37 PST 2004


There have been a number of questions recently about Shorewall 2.0 and 
routing. In earlier posts, I said that Shorewall 2.0 would no longer alter 
the routing table as part of setting up Proxy ARP. 

I have been persuaded to take a different approach. 

In Shorewall 2.0.0-Alpha2, the HAVEROUTE column has been restored to the 
proxyarp file and a new PERSISTENT column has been added. If the HAVEROUTE 
column contains "No" then a "Yes" in the PERSISTENT column will cause the 
route added by Shorewall during "shorewall [re]start" to remain after a 
"shorewall stop" or a "shorewall clear".

I still believe that the best way to manage Proxy ARP is to install the 
appropriate host route(s) when the internal interface is brought up and to 
place "Yes" in the HAVEROUTE column. This gets Shorewall out of the business 
of updating the routing table and allows interfaces to be restarted without 
having to restart Shorewall just to restore the needed route(s). 
Nevertheless, the combination of "No" in the HAVEROUTE column together with 
"Yes" in the PERSISTENT column provides most of the benefits of the preferred 
approach.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net




More information about the Shorewall-newbies mailing list