On Thu, 4 Jul 2002, R. R. Lindquist, M.D. wrote:> This my first venture into firewalls and I just installed Leaf-Bering > with Shorewall. The private network is fine. On the DMZ, all was well > when I had only 1 www Box with a public IP in my Proxy ARP File: > #ADDRESS INTERFACE EXTERNAL HAVEROUTE > 155.37.5.7 eth2 eth0 No > #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE > > However, when I added a second www box to my Proxy ARP File: > #ADDRESS INTERFACE EXTERNAL HAVEROUTE > 155.37.5.7 eth2 eth0 No > 155.37.5.236 eth2 eth0 No > #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE > > I cannot view web pages on the second box. I reach the _first_ box (not > the second box) with http://155.37.5.236, and as anticipated the first > box with http://155.37.5.7. My web browser is separate from the > firewall and eth2 feeds a hub. > > What am I missing to reach the second box? >What does "arp -na" show on the Bering box? -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
R. R. Lindquist, M.D.
2002-Jul-04 19:06 UTC
[Shorewall-users] Cann''t add second box with ProxyArp
This my first venture into firewalls and I just installed Leaf-Bering with Shorewall. The private network is fine. On the DMZ, all was well when I had only 1 www Box with a public IP in my Proxy ARP File: #ADDRESS INTERFACE EXTERNAL HAVEROUTE 155.37.5.7 eth2 eth0 No #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE However, when I added a second www box to my Proxy ARP File: #ADDRESS INTERFACE EXTERNAL HAVEROUTE 155.37.5.7 eth2 eth0 No 155.37.5.236 eth2 eth0 No #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE I cannot view web pages on the second box. I reach the _first_ box (not the second box) with http://155.37.5.236, and as anticipated the first box with http://155.37.5.7. My web browser is separate from the firewall and eth2 feeds a hub. What am I missing to reach the second box? My Interfaces File: #ZONE INTERFACE BROADCAST OPTIONS net eth0 155.37.5.255 routefilter,norfc1918,blacklist,filterping - eth1 192.168.1.255 dmz eth2 192.168.2.255 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE -rich