[Shorewall-users] Cann't add second box with ProxyArp

Tom Eastep teastep@shorewall.net
Thu, 4 Jul 2002 12:04:56 -0700 (Pacific Daylight Time)


On Thu, 4 Jul 2002, R. R. Lindquist, M.D. wrote:

> This my first venture into firewalls and I just installed Leaf-Bering
> with Shorewall.  The private network is fine. On the DMZ, all was well
> when I had only 1 www Box  with a public IP in my Proxy ARP File:
> #ADDRESS    INTERFACE    EXTERNAL    HAVEROUTE
> 155.37.5.7     eth2        eth0         No
> #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
>
> However, when I added a second www box to my Proxy ARP File:
> #ADDRESS    INTERFACE    EXTERNAL    HAVEROUTE
> 155.37.5.7     eth2        eth0         No
> 155.37.5.236     eth2        eth0         No
> #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
>
> I cannot view web pages on the second box.  I reach the _first_ box (not
> the second box)  with http://155.37.5.236, and as anticipated the first
> box with http://155.37.5.7.  My web browser is separate from the
> firewall and eth2 feeds a hub.
>
>   What am I missing to reach the second box?
>

What does "arp -na" show on the Bering box?

-Tom
--
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net