[Shorewall-users] proxyarp problem.

Sean mathewss at nutech.com
Sat Mar 20 06:48:34 PST 2004

 Now I understand. On my old firewall setup I had
modified init and start. On this one I was testing
I had not. In your WARNING you mentioned you had
not found the problem nor had time. As I have found
a solution that does not require modification of init 
or start would you consider using my fix?

Just add the -i $external to the run_arp call.

[ -z "$haveroute" ] && run_ip route replace $address dev $interface
run_arp -i $external -Ds $address $external pub
echo 1 > /proc/sys/net/ipv4/conf $interface/proxy_arp

 Sean Mathews

---------- Original Message ----------------------------------
From: Tom Eastep <teastep at shorewall.net>
Date:  Wed, 10 Mar 2004 06:36:27 -0800

>On Tuesday 09 March 2004 09:19 pm, Sean wrote:
>>  I have a problem with proxyarp. If I restart shorewall
>> the arp -Ds command seems to put the arp entry onto my ipsec0
>> interface.
>>  upon initial starting of the box I have no problem this
>> is what my arp looks like.
>> ? (XXX.XXX.XXX.XXX) at * PERM PUP on eth2
>> when I restart this is what I get
>> ? (XXX.XXX.XXX.XXX) at * PERM PUP on ipsec0
>> the command it issues in shorewall is
>> arp -Ds XXX.XXX.XXX.XXX eth2 pub
>> this seems to be the problem if I change
>> it to
>> arp -i eth2 -Ds XXX.XXX.XXX.XXX eth2 pub
>> all seems to be ok.
>> Any ideas what the issue may be?
>This issue is discussed in the second Warning on the Shorewall IPSEC page 
>Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
>Shoreline,     \ http://shorewall.net
>Washington USA  \ teastep at shorewall.net

More information about the Shorewall-users mailing list