-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 When proxyarp is controlled outside shorewall and shorewall-perl is used it''s documented that proxy_arp interface options are not touched. That''s not true, even when proxyarp interface options are not specified and proxyarp file is empty proxyarping is still deleted on all interfaces: + /sbin/iptables -X shorewall + delete_proxyarp + [ -f /var/lib/shorewall/proxyarp ] + read address interface external haveroute + [ -f /proc/sys/net/ipv4/conf/all/proxy_arp ] + echo 0 + [ -f /proc/sys/net/ipv4/conf/bond0/proxy_arp ] + echo 0 + [ -f /proc/sys/net/ipv4/conf/bond0.206/proxy_arp ] + echo 0 + [ -f /proc/sys/net/ipv4/conf/bond0.207/proxy_arp ] + echo 0 + [ -f /proc/sys/net/ipv4/conf/bond0.25/proxy_arp ] + echo 0 + [ -f /proc/sys/net/ipv4/conf/default/proxy_arp ] + echo 0 + [ -f /proc/sys/net/ipv4/conf/eth0/proxy_arp ] + echo 0 + [ -f /proc/sys/net/ipv4/conf/eth1/proxy_arp ] + echo 0 + [ -f /proc/sys/net/ipv4/conf/lo/proxy_arp ] + echo 0 + rm -f /var/lib/shorewall/proxyarp I try to generate patch later, now I just added proxyarp=1 on bond0.206 to fix networking. - -- Tuomo Soini <tis@foobar.fi> Linux and network services +358 40 5240030 Foobar Oy <http://foobar.fi/> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFG2/4KTlrZKzwul1ERApCLAJ9SttbAK0Kq5P1dRe/FpD8+d4FArQCcCH5f uV/Y2+msamG5fnOfG3O56JQ=Cj5x -----END PGP SIGNATURE----- ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
Tuomo Soini wrote:> When proxyarp is controlled outside shorewall and shorewall-perl is used > it''s documented that proxy_arp interface options are not touched. That''s > not true, even when proxyarp interface options are not specified and > proxyarp file is empty proxyarping is still deleted on all interfaces: > > > I try to generate patch later, now I just added proxyarp=1 on bond0.206 > to fix networking. >The attached patch should do the trick. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/