Shorewall users - Oct 2003 - Reg. Proxyarp & DHCP

My ISP has DHCP-assigned IP-addresses.

I wonder if someone has tried using proxyarp
for a DMZ with DHCP-assigned public IP?

On Sun, 2003-10-19 at 03:03, Martin Johansson wrote:
> My ISP has DHCP-assigned IP-addresses.
> 
> I wonder if someone has tried using proxyarp
> for a DMZ with DHCP-assigned public IP?
No reason why it shouldn''t work if you can get dhcrelay working on the
firewall. Be sure to set the ''dhcp'' option on both the
external and DMZ
interfaces in /etc/shorewall/interfaces.

Rather than doing explicit Proxy ARP with entries in the proxyarp file,
you will probably want to just set the ''proxyarp'' option on
both of
those interfaces.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net

On Sun, 19 Oct 2003, Tom Eastep wrote:
> On Sun, 2003-10-19 at 03:03, Martin Johansson wrote:
> > My ISP has DHCP-assigned IP-addresses.
> >
> > I wonder if someone has tried using proxyarp
> > for a DMZ with DHCP-assigned public IP?
>
> No reason why it shouldn''t work if you can get dhcrelay working on
the
> firewall. Be sure to set the ''dhcp'' option on both the
external and DMZ
> interfaces in /etc/shorewall/interfaces.
>
> Rather than doing explicit Proxy ARP with entries in the proxyarp file,
> you will probably want to just set the ''proxyarp'' option
on both of
> those interfaces.
>
There is also the nagging problem of how to add a host route from the
firewall to a DMZ host when that host gets a new IP address. Seems to me
that someone on the list was trying to solve that problem some time back
but I don''t recall a posted solution.

-Tom
--
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net