There have been a number of questions recently about Shorewall 2.0 and
routing. In earlier posts, I said that Shorewall 2.0 would no longer alter
the routing table as part of setting up Proxy ARP.
I have been persuaded to take a different approach.
In Shorewall 2.0.0-Alpha2, the HAVEROUTE column has been restored to the
proxyarp file and a new PERSISTENT column has been added. If the HAVEROUTE
column contains "No" then a "Yes" in the PERSISTENT column
will cause the
route added by Shorewall during "shorewall [re]start" to remain after
a
"shorewall stop" or a "shorewall clear".
I still believe that the best way to manage Proxy ARP is to install the
appropriate host route(s) when the internal interface is brought up and to
place "Yes" in the HAVEROUTE column. This gets Shorewall out of the
business
of updating the routing table and allows interfaces to be restarted without
having to restart Shorewall just to restore the needed route(s).
Nevertheless, the combination of "No" in the HAVEROUTE column together
with
"Yes" in the PERSISTENT column provides most of the benefits of the
preferred
approach.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
