I have hosts connected to interface INTERNAL with IPs that are on the public interface PUBLIC. Zones are "net" & "loc". I have proxy-ARP turned on for thoses hosts. The firewall is denying packets going to those proxied hosts, which is logical. What is the appropriate rule to allow it? In my mind, this is sort of "net" to "net", which doesn''t make sense... Thanks, A.
Adam Sherman wrote:> I have hosts connected to interface INTERNAL with IPs that are on the > public interface PUBLIC. Zones are "net" & "loc". I have proxy-ARP > turned on for thoses hosts. > > The firewall is denying packets going to those proxied hosts, which is > logical. What is the appropriate rule to allow it? In my mind, this is > sort of "net" to "net", which doesn''t make sense...Found the answer in the archives: # for proxy-arp systems AllowWeb net loc:public_arped_ip_addresses Thanks, A.