[Shorewall-users] proxyarp problem.

Sean mathewss at nutech.com
Sat Mar 20 06:48:34 PST 2004


 Now I understand. On my old firewall setup I had
modified init and start. On this one I was testing
I had not. In your WARNING you mentioned you had
not found the problem nor had time. As I have found
a solution that does not require modification of init 
or start would you consider using my fix?

Just add the -i $external to the run_arp call.

[ -z "$haveroute" ] && run_ip route replace $address dev $interface
run_arp -i $external -Ds $address $external pub
echo 1 > /proc/sys/net/ipv4/conf $interface/proxy_arp

 Regards
 Sean Mathews

---------- Original Message ----------------------------------
From: Tom Eastep <teastep at shorewall.net>
Date:  Wed, 10 Mar 2004 06:36:27 -0800

>On Tuesday 09 March 2004 09:19 pm, Sean wrote:
>>  I have a problem with proxyarp. If I restart shorewall
>> the arp -Ds command seems to put the arp entry onto my ipsec0
>> interface.
>>
>>  upon initial starting of the box I have no problem this
>> is what my arp looks like.
>>
>> ? (XXX.XXX.XXX.XXX) at * PERM PUP on eth2
>>
>> when I restart this is what I get
>>
>> ? (XXX.XXX.XXX.XXX) at * PERM PUP on ipsec0
>>
>> the command it issues in shorewall is
>>
>> arp -Ds XXX.XXX.XXX.XXX eth2 pub
>>
>> this seems to be the problem if I change
>> it to
>>
>> arp -i eth2 -Ds XXX.XXX.XXX.XXX eth2 pub
>>
>> all seems to be ok.
>>
>> Any ideas what the issue may be?
>>
>
>This issue is discussed in the second Warning on the Shorewall IPSEC page 
>(http://www.shorewall.net/IPSEC.htm).
>
>-Tom
>-- 
>Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
>Shoreline,     \ http://shorewall.net
>Washington USA  \ teastep at shorewall.net
>
>
>


More information about the Shorewall-users mailing list