search for: proxy_arp

...orewall/macro.DropUPnP... ..End Macro ..Expanding Macro /usr/share/shorewall/macro.DropDNSrep... ..End Macro Pre-processing /usr/share/shorewall/action.Reject... Pre-processing /usr/share/shorewall/action.Limit... /usr/share/shorewall/firewall: line 3009: /proc/sys/net/ipv4/conf/all/proxy_arp: Operation not permitted /usr/share/shorewall/firewall: line 3009: /proc/sys/net/ipv4/conf/default/proxy_arp: Operation not permitted /usr/share/shorewall/firewall: line 3009: /proc/sys/net/ipv4/conf/eth0/proxy_arp: Operation not permitted /usr/share/shorewall/firewall: line 3009: /proc/sys/net/...

...there isn't, you're right. > > > >> > > > >> But maybe you can work around this by waiting for > > > >> DEVICE_ADDED/DEVICE_REMOVED events? What is it that you're trying to solve? > > > > > > > > I'd like to enable proxy_arp on the interface among other things. > > > > I can easily do this from the same script that adds the interface > > > > though, so I have a workaround, but a hook that triggers on all > > > > interface events felt cleaner. > > > > > > Also keep i...

...and gw 10.0.1.163 eth0: 192.168.1.254/24 eth1: 10.0.1.55/24 gw 10.0.1.163 I use shorewall''s proxyarp 10.0.1.59 eth1 eth0 no no that is OK. I saw /usr/share/shorewall/firewall, I think it that arp -i eth0 -Ds 10.0.1.59 eth0 pub echo 1 > /proc/sys/net/ipv4/conf/eth1/proxy_arp echo 0 > /proc/sys/net/ipv4/conf/eth0/proxy_arp or echo 0 > /proc/sys/net/ipv4/conf/eth0/proxy_arp but it don''t work why? thanks Regards

...? > > > > No not in the libvirt sense there isn't, you're right. > >> > >> But maybe you can work around this by waiting for > >> DEVICE_ADDED/DEVICE_REMOVED events? What is it that you're trying to solve? > > > > I'd like to enable proxy_arp on the interface among other things. > > I can easily do this from the same script that adds the interface > > though, so I have a workaround, but a hook that triggers on all > > interface events felt cleaner. > > Also keep in mind that the hook scripts aren't an officia...

...ee some evidence in the archive that this was broken in the 2.0.x timeframe and never fixed. Anyone know for sure if it''s broken or working ? (I''m attempting to route a few addresses into a routed network, from the ethernet side of a DSL router that has a /29 public subnet). The proxy_arp flag thing won''t help because the destination subnet is not on any of the ethernet interfaces on the router machine (it''s off a few hops distant in the middle of our network). Thanks! _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl htt...

...------------------------------------------------------- New Features in 2.0.10 The "shorewall status" command has been enhanced to include the values of key /proc settings: Example from a two-interface firewall: /proc /proc/sys/net/ipv4/ip_forward = 1 /proc/sys/net/ipv4/conf/all/proxy_arp = 0 /proc/sys/net/ipv4/conf/all/arp_filter = 0 /proc/sys/net/ipv4/conf/all/rp_filter = 0 /proc/sys/net/ipv4/conf/default/proxy_arp = 0 /proc/sys/net/ipv4/conf/default/arp_filter = 0 /proc/sys/net/ipv4/conf/default/rp_filter = 0 /proc/sys/net/ipv4/conf/eth0/proxy_arp = 0 /proc/s...

...;'ve read the lartc howto, so I created a tun0 interface on both boxes: ip tunnel add tun0 mode gre remote remote_ip_here local local_ip_here ttl 255; ip link set tun0 up. The problem is what do I do from here? Do I bridge tun0 and eth1 on Box A and add tun0 to br0 on Box B? Or do I just enable proxy_arp for eth1 and tun0 on Box A and for br0 and tun0 on B? Are there any routes neccesary (my guess is no, but I''m not very sure)? And about proxy_arp: what do I have to do to turn it on, just set /proc/sys/net/ipv4/conf/<iface>/proxy_arp to 1 and that''s it? One last thing: http:...

...o was to answer with it''s own MAC address on the external Interface if a certain different IP on the network was ARPrequested. The machine didn''t need to route this address because it was natted. Cited from the howto (chap 13): ---8<---8<---8< /proc/sys/net/ipv4/conf/DEV/proxy_arp If you set this to 1, all other interfaces will respond to arp queries destined for addresses on this interface. Can be very useful when building ''ip pseudo bridges''. Do take care that your netmasks are very correct before enabling this! ---8<---8<---8< I interpret this...

In kernel 2.6.31, the handling of the rp_filter interface option was changed incompatibly. Previously, the effective value was determined by the setting of net.ipv4.config.dev.proxy_arp logically ANDed with the setting of net.ipv4.config.all.proxy_arp. Beginning with kernel 2.6.31, the value is the arithmetic MAX of those two values. Additionally, a ''loose'' routefiltering facility is now enabled by setting the effective value of proxy_arp to 2. Given that Shore...

Hi, > Can you manually do on the xen interfaces what the scripts would? How about > doing it on some other interface configured in a similar way? Toying with the vif-route script, I might have found a workaround for this issue. If I disable the ifconfig and ip route commands from vif-route script, and bring up vif interface by hand later on, everything seems to work. In other works,

.../ether 00:48:54:81:08:d3 brd ff:ff:ff:ff:ff:ff Output of ''ip route show'': 81.17.202.64/26 dev eth0 proto kernel scope link src 81.17.202.70 default via 81.17.202.65 dev eth0 The actual error messages are: /usr/share/shorewall/firewall: line 2179: /proc/sys/net/ipv4/conf/all/proxy_arp: Permission denied iptables v1.2.11: can''t initialize iptables table `filter'': Permission denied (you must be root) ERROR: Command "/sbin/iptables -P INPUT DROP" Failed /usr/share/shorewall/firewall: line 2179: /proc/sys/net/ipv4/conf/all/proxy_arp: Permission denied...

Hi, I have IP 64.10.12.64/26 (example) and there''s gateway 64.10.12.65 and I want doing something like this: -------------------------------------64.10.12.65 GW --------------------------- ROUTER ----------- --------------------clients eth0 64.10.12.66 eth1 64.10.12.66 from 64.10.12.67 to 126 255.255.255.192

...1 bond-downdelay 200 bond-updelay 200 address 0.0.0.0 netmask 0.0.0.0 *** *** /etc/sysctl.conf #kernel.printk = 3 4 1 3 #net.ipv4.conf.default.rp_filter=1 #net.ipv4.conf.all.rp_filter=1 #net.ipv4.tcp_syncookies=1 net.ipv4.ip_forward=1 #net.ipv4.conf.br0.proxy_arp=1 #net.ipv4.conf.eth0.proxy_arp=1 #net.ipv4.conf.eth1.proxy_arp=1 #net.ipv6.conf.all.forwarding=1 #net.ipv4.conf.all.accept_redirects = 0 #net.ipv6.conf.all.accept_redirects = 0 #net.ipv4.conf.all.send_redirects = 0 #net.ipv4.conf.all.accept_source_route = 0 #net.ipv6.conf.all.accept_source_route =...

...FW2 HB is the heartbeat between the two firewalls. The default gateway of SERVER will be the IP address of the cluster of firewall. So SERVER->INTERNET will always go through the right FW. But I''m concerned about INTERNET->SERVER (public IP). My question is: will enabling proxy_arp on the active firewall and disabling it on the inactive be enough to route the traffic through the correct(active) firewall? Thanks Sébastien --

...is missing. Please see below for more information. *** root at eliott:~# /etc/init.d/xend restart Restarting Xen daemons: xend/etc/xen/scripts/network-route: line 20: /etc/xen/scripts/hotplugpath.sh: No such file or directory /etc/xen/scripts/network-route: line 28: /proc/sys/net/ipv4/conf/eth/proxy_arp: No such file or directory /etc/xen/scripts/network-route: line 20: /etc/xen/scripts/hotplugpath.sh: No such file or directory /etc/xen/scripts/network-route: line 28: /proc/sys/net/ipv4/conf/eth/proxy_arp: No such file or directory xend/etc/xen/scripts/network-route: line 20: /etc/xen/scripts/hot...

Package: xen-utils-3.2-1 Version: 3.2.0-5 Severity: important $vifnum is undefined when this is called. Starting XEN control daemon: xend/etc/xen/scripts/network-route: line 27: /proc/sys/net/ipv4/conf/eth/proxy_arp: No such file or directory /etc/xen/scripts/network-route: line 27: /proc/sys/net/ipv4/conf/eth/proxy_arp: No such file or directory /etc/xen/scripts/network-route: line 27: /proc/sys/net/ipv4/conf/eth/proxy_arp: No such file or directory . -- System Information: Debian Release: lenny/sid APT pr...

...ny of the servers at 1.2.3.nnn/24 are behind the firewall. (Obviously, 1.2.3.nnn is a fudged network.) eth0 points outward to the Internet. eth1 points inward to the serers. Both eth0 and eth1 have IP Address 1.2.3.2. I setup proxy ARP like this: echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp echo 1 > /proc/sys/net/ipv4/conf/eth1/proxy_arp And I set up appropriate routes to the systems on both sides of the firewall. This all works - all the systems route the way they are supposed to route. Here is the problem. Behind the firewall is a Coyote Point Equalizer at 1.2.3.10, with...

...work where the event > ocurred. But there is no network, is it? No not in the libvirt sense there isn't, you're right. > > But maybe you can work around this by waiting for > DEVICE_ADDED/DEVICE_REMOVED events? What is it that you're trying to solve? I'd like to enable proxy_arp on the interface among other things. I can easily do this from the same script that adds the interface though, so I have a workaround, but a hook that triggers on all interface events felt cleaner. > > Michal Kind regards, Ruben

...not in the libvirt sense there isn't, you're right. > > >> > > >> But maybe you can work around this by waiting for > > >> DEVICE_ADDED/DEVICE_REMOVED events? What is it that you're trying to solve? > > > > > > I'd like to enable proxy_arp on the interface among other things. > > > I can easily do this from the same script that adds the interface > > > though, so I have a workaround, but a hook that triggers on all > > > interface events felt cleaner. > > > > Also keep in mind that the hook scri...

https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=40 laforge@netfilter.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED ------- Additional Comments From laforge@netfilter.org 2003-02-03 16:49 ------- We haven't seen this