[Shorewall-users] proxyarp problem.
mathewss at nutech.com
Sat Mar 20 06:48:34 PST 2004
Now I understand. On my old firewall setup I had
modified init and start. On this one I was testing
I had not. In your WARNING you mentioned you had
not found the problem nor had time. As I have found
a solution that does not require modification of init
or start would you consider using my fix?
Just add the -i $external to the run_arp call.
[ -z "$haveroute" ] && run_ip route replace $address dev $interface
run_arp -i $external -Ds $address $external pub
echo 1 > /proc/sys/net/ipv4/conf $interface/proxy_arp
---------- Original Message ----------------------------------
From: Tom Eastep <teastep at shorewall.net>
Date: Wed, 10 Mar 2004 06:36:27 -0800
>On Tuesday 09 March 2004 09:19 pm, Sean wrote:
>> I have a problem with proxyarp. If I restart shorewall
>> the arp -Ds command seems to put the arp entry onto my ipsec0
>> upon initial starting of the box I have no problem this
>> is what my arp looks like.
>> ? (XXX.XXX.XXX.XXX) at * PERM PUP on eth2
>> when I restart this is what I get
>> ? (XXX.XXX.XXX.XXX) at * PERM PUP on ipsec0
>> the command it issues in shorewall is
>> arp -Ds XXX.XXX.XXX.XXX eth2 pub
>> this seems to be the problem if I change
>> it to
>> arp -i eth2 -Ds XXX.XXX.XXX.XXX eth2 pub
>> all seems to be ok.
>> Any ideas what the issue may be?
>This issue is discussed in the second Warning on the Shorewall IPSEC page
>Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
>Shoreline, \ http://shorewall.net
>Washington USA \ teastep at shorewall.net
More information about the Shorewall-users