jtwatson at datakota.com
Mon May 5 21:06:27 PDT 2003
On Monday May 5 2003 07:51 pm, Tom Eastep wrote:
> From the 'setup_proxy_arp' function in Shorewall:
> arp -Ds $address $external pub
> echo 1 > /proc/sys/net/ipv4/conf/$interface/proxy_arp
> echo 0 > /proc/sys/net/ipv4/conf/$external/proxy_arp
> Note: $address = the address of the system $external = the external
> $interface = the internal interface
> In other words, I add a persistent ARP cache entry for the address on the
> external interface and I turn on the proxy_arp flag for the internal
> Doing it that way prevents external hosts on the same subnet from being
> able to use ARP to probe the configuration of your internal network.
Thankyou very much Tom, that clears it up very well.
More information about the Shorewall-users