[Shorewall-users] Cann't add second box with ProxyArp

R. R. Lindquist, M.D. Lindquist@informatics.uchc.edu
Thu, 04 Jul 2002 15:06:21 -0400


This my first venture into firewalls and I just installed Leaf-Bering 
with Shorewall.  The private network is fine. On the DMZ, all was well 
when I had only 1 www Box  with a public IP in my Proxy ARP File:
#ADDRESS    INTERFACE    EXTERNAL    HAVEROUTE
155.37.5.7     eth2        eth0         No
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

However, when I added a second www box to my Proxy ARP File:
#ADDRESS    INTERFACE    EXTERNAL    HAVEROUTE
155.37.5.7     eth2        eth0         No
155.37.5.236     eth2        eth0         No
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

I cannot view web pages on the second box.  I reach the _first_ box (not 
the second box)  with http://155.37.5.236, and as anticipated the first 
box with http://155.37.5.7.  My web browser is separate from the 
firewall and eth2 feeds a hub.

  What am I missing to reach the second box?

My Interfaces File:
#ZONE    INTERFACE    BROADCAST     OPTIONS
net    eth0         155.37.5.255   
 routefilter,norfc1918,blacklist,filterping
-    eth1         192.168.1.255    
dmz    eth2         192.168.2.255    
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

-rich