[Shorewall-users] ProxyArp Implementation check

Ama Kalu ama.kalu at cwlgroup.net
Thu Dec 4 15:28:30 PST 2003


Dear All,
 
I have just implemented ProxyARP with my Mail server behind shorewall. 
 
It appears to be working OK as I can both send and receive mails, and
this server is available to both the NET and my LAN using the same
public IP. 
 
The only port open to the net from shorewall is https (443)
 
I have attempted to reach both the Mailserver and the firewall with nmap
and failed.
 
But I have been seeing this in my Mail server logs for the past 24 hours
since I did this ProxyARP thing.
 
"Connection attempt to service SMTP from IP address 127.0.0.1 rejected."
 
My question is this;
 
Is someone attempting some form of exploit via https on my mail server?
How did this person go past shorewall? Has anyone any idea what is going
on?
 
Are there other ways of testing that ProxyARP and shorewall are working
as designed?
 
Thanks for your assistance.
 
Ama


More information about the Shorewall-users mailing list