search for: proxyarp

Does anyone know what a good maximum number of machines I should place in the ProxyArp list? Thanks Jamie

My ISP has DHCP-assigned IP-addresses. I wonder if someone has tried using proxyarp for a DMZ with DHCP-assigned public IP?

Hi- One last question for the week, I promise. I''ve got one IP ProxyArp''d according to the instructions at http://www.shorewall.net/ProxyARP.htm. I''ve setup the shorewall/proxyarp file as follows: #ADDRESS INTERFACE EXTERNAL HAVEROUTE PERSISTENT 208.4.145.73 br0 eth1 no yes #LAST LINE -- ADD...

...ave included a diagram below to help explain the target network I am working toward. I have read the shorewall online documentation and though I have used Shorewall the past 4 years in the current configuration (see current network diagram) I cannot see what would be the best solution: DNAT, NAT or ProxyARP. Currently, I access my server (and Shorewall) using webmin. I am 9,000 miles from the public server so I must use some type of remote Linux admin tool (hence webmin). I would like to configure the new machine similarly to the current server (services, protocols, daemons, applications, etc.). If I...

http://shorewall.net/pub/shorewall/Alpha/shorewall-2.0.0 ftp://shorewall.net/pub/shorewall/Alpha/shorewall-2.0.0 -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net

Hi everybody. I''m trying to configure shorewall folowing this manual: http://www.montanalinux.org/proxmox-ve-with-shorewall.html But with shorewall check it tells me thah: Checking /etc/shorewall/interfaces... ERROR: Unknown zone (dmz) : /etc/shorewall/interfaces (line 16) How can I define it in the zone file? thanks for the help. best regards, Santiago.

I have some hosts in a DMZ zone with proxyarp. In my local zone I have a host to which I DNAT. I have discovered that I can reach the host in the local zone by attempting to connect to the fw (As expected) or ANY proxyarped host in my dmz zone (as not expected). Is this normal ? (I''ve just discovered that actually the dnated host an...

Hi As per my follow up mail I implemented the ProxyArp configuration as per the Documentation on the Web site and all seemed to be working correctly. However, the one thing that doesn''t seem to be working properly is Samba. I have Samba running on the FW machine and one of the servers 192.168.0.8 on the Local Lan. I can connect to a Share...

...s in the 192.168.2.0/24 subnet, and I use IPCOP to route requests to the x.x.x.67 and x.x.x.68 address to the appropriate machine. These are set up for testing purposes. I read the excellent shorewall documentation. One of the examples fits our situation prety closely. I was unfamiliar with proxyarp. It seems that I could I could give the two virtual machines DMZ 2 and DMZ 3 the x.x.x. 67 and 68 addresses and then put the appropriate entry in the proxyarp file. x.x.x.67 eth2 eth0 No x.x.x.68 eth2 eth0 No I would leave DMZ 1 with a private address in the 192.168.2.0/...

Hi, In a routed network setup , is it possible to use ProxyARP given the condition that the shorewall external interface and the DMZ interface are in a completely different network . That means the gateway of the External interface and the hosts in ProxyARPed DMZ zones are in different network. eth0 ---in 220.227.X.Y/30 -- shorewall external interface eth1...

Tom, Is not this query worth answering? -Siva -----Original Message----- From: Sivamurugu K. Pillai Sent: Friday, April 08, 2005 3:14 PM To: ''Mailing List for Shorewall Users'' Subject: ProxyARP in a Routed environment Hi, In a routed network setup , is it possible to use ProxyARP given the condition that the shorewall external interface and the DMZ interface are in a completely different network . That means the gateway of the External interface and the hosts in ProxyARPed DMZ zones...

Would it be considered normal that a system behind a shorewall box that was setup for proxyarp and able to be reached from the trusted side of the net just fine on the proxyapr ip address would if it were to talk out to the world show as traffic not from the proxyarp address but the firewall''s own address or the masquerading ip used by other zones? We had not really noticed this as...

...ry well with a minimum of traffic <100 kbit/s. Only DNS Zones and nagios passive checks were transferred. Everything seems to work. Left side is x.x.x.14 (host 1) Subnet 10.0.0.0/24 openswan 2.4.4 shorewall 2.4.2 & iptables 1.3.4 gentoo 2.6.12-r9 with policy match It´s reachable through a proxyarp entry on x.x.x.11 (host 2) which is another gentoo 2.6.12-r9 with shorewall 2.4.1 and iptables 1.3.2. At this point this shorewall has nothing to do with the vpn but allows the traffic generally to x.x.x.14 Right side is y.y.y.212 (host 3) Subnet 10.10.10.0/24 openswan 2.3.0 shorewall 2.4.1 &...

Hi Folks, Can i account proxyarped pc´s ?? Like know how much web traffic passthru a specific person ip using shorewall ? So i can know how much bandwidth that specific IP EAT ? Thanks alot Carlos Arnt ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strateg...

I have been trying to get DNAT to work and I actually have succeeded too, however, not how I thought it would work when reading through the documentation. 1. No matter what I do I cannot get DNAT to work unless I have an entry in eiter the nat or the proxyarp file. Is that really how it''s supposed to be? I can''t find anything about it in the documentation. 2. Also, in the documentation it says that the order of the rules is not significant, however, if I DNAT port 80 into dmz before I DNAT port 80 to loc all request to port 80 is forwa...

I´ve figured out the following. I am able to sftp from shorewall 2.4.2 left vpn gateway x.x.x.14 (DMZ) to shorewall 2.4.1 fw x.x.x.11 with /etc/shorewall/proxyarp x.x.x.14 eth2 eth0 No very well. That´s not through a tunnel (of course a ssh tunnel, but no vpn) but with public ip x.x.x.14 to x.x.x.11 If I try to sftp through the fw to the public internet I have the same problems as mentioned before. I am able to read/write my prov...

...mess of NAT on our firewall/router systems at the corporate office which seems to do nothing other than confuse the heck out of people. What I''d like to do is gradually migrate the hosts on the various DMZ networks away from private IP addresses and NAT over to public IP addresses and proxyarp. What I''m wondering, before I start this, is how do I configure the DMZ systems when I move them to a proxyarp configuration? I set them up with the public IP addresses, but what do I use as the default gateway, the DMZ-connected interface of the firewall? Also, then, how do I config...

Hello all, I have a question in regards to proxyarp and shorewall, I am new to shorewall and I have 5 static IP address from my ISP. My current setup is that I have one system with three network cards, (eth0 = xx.xx.xx.42, eth1 = 192.168.110.41 eth2 = 10.10.10.41), two systems with two network cards, (eth0 = xx.xx.xx.41 and eth1 = 10.10.10.42/44),...

...horewall-users hi,ALL I have a firewall have three interface, one NIC is internal (eth0), second NIC is SSN(eth2), and other NIC is external(eth1), on internal network have 10.0.1.59 and gw 10.0.1.163 eth0: 192.168.1.254/24 eth1: 10.0.1.55/24 gw 10.0.1.163 I use shorewall''s proxyarp 10.0.1.59 eth1 eth0 no no that is OK. I saw /usr/share/shorewall/firewall, I think it that arp -i eth0 -Ds 10.0.1.59 eth0 pub echo 1 > /proc/sys/net/ipv4/conf/eth1/proxy_arp echo 0 > /proc/sys/net/ipv4/conf/eth0/proxy_arp or echo 0 > /proc/sys/net/ipv4/conf/eth0/proxy...

Hello All, I am using shorewall 2.0.7. first i give you my config here and will tell you my problem. ProxyARP: 203.77.204.85 eth1 eth0 no Interface: net eth0 203.77.204.87 loc eth1 192.168.0.255 routeback Masq : eth0 192.168.0.0/24 203.77.204.86 Rules: # Squid access REDIRECT loc 8080 tcp www -...