[Shorewall-users] DMZ with proxy arp and freeswan dilemma

Tom Eastep teastep at shorewall.net
Thu Dec 11 15:26:22 PST 2003


On Thursday 11 December 2003 03:15 pm, Lito Kusnadi wrote:
> 
>
> (http://www.shorewall.net/IPSEC.htm)
> "Warning: Do not use Proxy ARP and FreeS/Wan on the same system unless
> you are prepared to suffer the consequences. If you start or restart
> Shorewall with an IPSEC tunnel active, the proxied IP addresses are
> mistakenly assigned to the IPSEC tunnel device (ipsecX) rather than to
> the interface that you specify in the INTERFACE column of
> /etc/shorewall/proxyarp. I haven't had the time to debug this problem so
> I can't say if it is a bug in the Kernel or in FreeS/Wan."
>

And have you *tried* the workaround suggested immediately below that text?

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net




More information about the Shorewall-users mailing list