Shorewall users - Aug 2002 - Proxy Arp

Hopefully this is an easy question....

I''m using a leaf router (bearing) running shorewall.   Three interfaces
net,
loc, and dmz.  Only one computer in the dmz and its being proxy arp''d.
External and internal (net and loc) can reach the dmz but the dmz cannot
reach the isp''s gateway and beyond, but can reach a system adjacent to
the
firewall.

                                 HUB
          adj System   -- |
             _____            |----isp
  --loc--| FW  | --net--|
            |_____|
                 |
               dmz
                 |
              Proxyed System

I have the interfaces setup as follows. (ips not actual)

Adjacent System
IP: 24.2.2.202  GW 24.2.2.1

fw net:
IP: 24.2.2.200 GW 24.2.2.1

fw dmz:
IP: 192.168.2.1

Proxy arp''d compter in dmz
IP 24.2.2.201 GW 24.2.2.1

Config files:
Policy
No entry for dmz

Proxy Arp
Address         Interface   external   haveroute
24.2.2.201     eth2          eth0        no

Rules
ACCEPT   dmz  net    tcp   53,21,22,25,80,110
ACCEPT   dmz  net    udp  53
ACCEPT   dmz  net    icmp  8

ACCEPT   net   dmz   tcp  53,21,25,80,110
ACCEPT   net   dmz   udp  53
ACCEPT   net   dmz   icmp  8

ACCEPT   loc   dmz   tcp  21,22,25,110,80

 Any help is appreciated
   Thanks
     Scott

On Fri, 9 Aug 2002, Scott Ritchie wrote:
>                                  HUB
>           adj System   -- |
>              _____            |----isp
>   --loc--| FW  | --net--|
>             |_____|
>                  |
>                dmz
>                  |
>               Proxyed System
> 
Please try your ASCII art again -- the above is unfathomable...

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net

On Fri, 9 Aug 2002, Scott Ritchie wrote:
> Hopefully this is an easy question....
> 
> I''m using a leaf router (bearing) running shorewall.   Three
interfaces net,
> loc, and dmz.  Only one computer in the dmz and its being proxy
arp''d.
> External and internal (net and loc) can reach the dmz but the dmz cannot
> reach the isp''s gateway and beyond, but can reach a system
adjacent to the
> firewall.
>
< Mangled ASCII art deletec>
 
> 
> I have the interfaces setup as follows. (ips not actual)
> 
> Adjacent System
> IP: 24.2.2.202  GW 24.2.2.1
> 
> fw net:
> IP: 24.2.2.200 GW 24.2.2.1
> 
> fw dmz:
> IP: 192.168.2.1
> 
> Proxy arp''d compter in dmz
> IP 24.2.2.201 GW 24.2.2.1
> 
> Config files:
> Policy
> No entry for dmz
> 
> Proxy Arp
> Address         Interface   external   haveroute
> 24.2.2.201     eth2          eth0        no
> 
> Rules
> ACCEPT   dmz  net    tcp   53,21,22,25,80,110
> ACCEPT   dmz  net    udp  53
> ACCEPT   dmz  net    icmp  8
> 
> ACCEPT   net   dmz   tcp  53,21,25,80,110
> ACCEPT   net   dmz   udp  53
> ACCEPT   net   dmz   icmp  8
> 
> ACCEPT   loc   dmz   tcp  21,22,25,110,80
> 
>  Any help is appreciated
Was the address "24.2.2.201" previously assigned to a system adjacent
to
the firewall? 

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net