Shorewall users - Jul 2002 - Cann''t add second box with ProxyArp

On Thu, 4 Jul 2002, R. R. Lindquist, M.D. wrote:
> This my first venture into firewalls and I just installed Leaf-Bering
> with Shorewall.  The private network is fine. On the DMZ, all was well
> when I had only 1 www Box  with a public IP in my Proxy ARP File:
> #ADDRESS    INTERFACE    EXTERNAL    HAVEROUTE
> 155.37.5.7     eth2        eth0         No
> #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
>
> However, when I added a second www box to my Proxy ARP File:
> #ADDRESS    INTERFACE    EXTERNAL    HAVEROUTE
> 155.37.5.7     eth2        eth0         No
> 155.37.5.236     eth2        eth0         No
> #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
>
> I cannot view web pages on the second box.  I reach the _first_ box (not
> the second box)  with http://155.37.5.236, and as anticipated the first
> box with http://155.37.5.7.  My web browser is separate from the
> firewall and eth2 feeds a hub.
>
>   What am I missing to reach the second box?
>
What does "arp -na" show on the Bering box?

-Tom
--
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net

This my first venture into firewalls and I just installed Leaf-Bering 
with Shorewall.  The private network is fine. On the DMZ, all was well 
when I had only 1 www Box  with a public IP in my Proxy ARP File:
#ADDRESS    INTERFACE    EXTERNAL    HAVEROUTE
155.37.5.7     eth2        eth0         No
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

However, when I added a second www box to my Proxy ARP File:
#ADDRESS    INTERFACE    EXTERNAL    HAVEROUTE
155.37.5.7     eth2        eth0         No
155.37.5.236     eth2        eth0         No
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

I cannot view web pages on the second box.  I reach the _first_ box (not 
the second box)  with http://155.37.5.236, and as anticipated the first 
box with http://155.37.5.7.  My web browser is separate from the 
firewall and eth2 feeds a hub.

  What am I missing to reach the second box?

My Interfaces File:
#ZONE    INTERFACE    BROADCAST     OPTIONS
net    eth0         155.37.5.255   
 routefilter,norfc1918,blacklist,filterping
-    eth1         192.168.1.255    
dmz    eth2         192.168.2.255    
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

-rich