Dear Shorewall users; I have setup a DMZ zone ussing ProxyArp The DMZ contains a Win2K and a Linux 8.0 server. User could access the Win2K server from the Internet. However, the Linux 8.0 server was not able to let the Internet access it content. Why?? Both servers has different IP addresses. 210.x.x.140 & 210.x.x.141 Any response will be appreciated. Thank you. Romano Leong romano@must.edu.my
Martin Chan
2002-Nov-26 10:09 UTC
[Shorewall-users] Linux not working with ProxyArp in DMZ
I have similar problem before, it was because the linux server ip was serve by another firewall before. The cisco router remember the MAC address of the old firewall and try to send the packets to it. So you can first use packet sniffer (tcpdump) to see if the packets go into shorewall or another firewall. Or simply reboot all machines. Martin Chan romano wrote:> Dear Shorewall users; > I have setup a DMZ zone ussing ProxyArp > The DMZ contains a Win2K and a Linux 8.0 server. > User could access the Win2K server from the Internet. > However, the Linux 8.0 server was not able to let the Internet access > it content. Why?? > Both servers has different IP addresses. 210.x.x.140 & 210.x.x.141 > Any response will be appreciated. Thank you. > Romano Leong > romano@must.edu.my <mailto:romano@must.edu.my>
--On Tuesday, November 26, 2002 06:09:10 PM +0800 Martin Chan <martinc@milliontech.com> wrote:> I have similar problem before, it was because the linux server ip was > serve by another firewall before. > The cisco router remember the MAC address of the old firewall and try to > send the packets to it. > So you can first use packet sniffer (tcpdump) to see if the packets go > into shorewall or another firewall.There are instructions at http://shorewall.sf.net/ProxyARP.htm -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://shorewall.sf.net ICQ: #60745924 \ teastep@shorewall.net