thr3ads.net - Shorewall users - Proxy Arp Ip Conflicts [Aug 2004]

If this information is useful, please help other people find it:
Share via:

Paul Sadauskas

2004-Aug-27 05:08 UTC

Proxy Arp Ip Conflicts

I must have something configured wrong somewhere. I''ve enabled
proxy-arp on my
shorewall 2.0.7 firewall. Works fine for what its supposed to do, I can see 
all the machines through it great. However, whenever its enabled, the network 
on the DMZ goes screwy. I''ve narrowed it down to this:

when proxy arp is enabled for that interface, like such:
echo 1 > /proc...eth1/proxy_arp

then arping from a machine that connected to eth1, but on a completely 
different subnet:

workstation rando # arping 192.168.0.5   #non-existent IP
ARPING 192.168.0.5 from 192.168.0.45 eth0
Unicast reply from 192.168.0.5 [00:01:03:2B:EC:57]  699.642ms
Sent 2 probes (1 broadcast(s))
Received 1 response(s)

workstation rando # arping 192.168.0.1  #used ip
ARPING 192.168.0.1 from 192.168.0.45 eth0
Unicast reply from 192.168.0.1 [00:00:F8:05:0F:98]  0.770ms
Unicast reply from 192.168.0.1 [00:01:03:2B:EC:57]  13.273ms
Sent 3 probes (1 broadcast(s))
Received 2 response(s)

however, when proxyarp is turned off, arping behaves as it should, and the 
network is fine.

My question is, why does proxy-arp being enabled cause this, and how can i 
prevent it?

Thanks for any help in advance.
Paul


configuration as follows:

styx linux # ip addr
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:01:03:2b:2c:c8 brd ff:ff:ff:ff:ff:ff
    inet 216.37.35.222/29 brd 216.37.35.223 scope global eth0
3: eth1: <BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc pfifo_fast qlen
1000
    link/ether 00:01:03:2b:ec:57 brd ff:ff:ff:ff:ff:ff
    inet 216.37.35.222/29 brd 216.37.35.223 scope global eth1
4: eth2: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:01:02:c9:35:56 brd ff:ff:ff:ff:ff:ff
    inet 192.168.101.1/24 brd 192.168.101.255 scope global eth2



Shorewall-2.0.7 Status at styx - Fri Aug 27 00:00:18 EST 2004

Counters reset Thu Aug 26 23:28:39 EST 2004

Chain INPUT (policy DROP 1 packets, 92 bytes)
 pkts bytes target     prot opt in     out     source               
destination
    0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0
    0     0 DROP      !icmp --  *      *       0.0.0.0/0            0.0.0.0/0
state INVALID
  988 75519 eth0_in    all  --  eth0   *       0.0.0.0/0            0.0.0.0/0
    4   968 eth1_in    all  --  eth1   *       0.0.0.0/0            0.0.0.0/0
  235 21620 eth2_in    all  --  eth2   *       0.0.0.0/0            0.0.0.0/0
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:INPUT:REJECT:''
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy DROP 1 packets, 76 bytes)
 pkts bytes target     prot opt in     out     source               
destination
    0     0 DROP      !icmp --  *      *       0.0.0.0/0            0.0.0.0/0
state INVALID
   42  2332 eth0_fwd   all  --  eth0   *       0.0.0.0/0            0.0.0.0/0
   21  1384 eth1_fwd   all  --  eth1   *       0.0.0.0/0            0.0.0.0/0
    6   384 eth2_fwd   all  --  eth2   *       0.0.0.0/0            0.0.0.0/0
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:FORWARD:REJECT:''
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               
destination
    0     0 ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0
    0     0 DROP      !icmp --  *      *       0.0.0.0/0            0.0.0.0/0
state INVALID
  599  148K fw2net     all  --  *      eth0    0.0.0.0/0            0.0.0.0/0
  235 21620 fw2all     all  --  *      eth2    0.0.0.0/0            0.0.0.0/0
    0     0 fw2all     all  --  *      eth1    0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain Drop (1 references)
 pkts bytes target     prot opt in     out     source               
destination
  137  8234 RejectAuth  all  --  *      *       0.0.0.0/0            0.0.0.0/0
  137  8234 dropBcast  all  --  *      *       0.0.0.0/0            0.0.0.0/0
   60  3060 dropInvalid  all  --  *      *       0.0.0.0/0            
0.0.0.0/0
   60  3060 DropSMB    all  --  *      *       0.0.0.0/0            0.0.0.0/0
   14   672 DropUPnP   all  --  *      *       0.0.0.0/0            0.0.0.0/0
   14   672 dropNotSyn  all  --  *      *       0.0.0.0/0            0.0.0.0/0
   14   672 DropDNSrep  all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain DropDNSrep (2 references)
 pkts bytes target     prot opt in     out     source               
destination
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0
udp spt:53

Chain DropSMB (1 references)
 pkts bytes target     prot opt in     out     source               
destination
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0
udp dpt:135
    6   468 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0
udp dpts:137:139
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0
udp dpt:445
   32  1536 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0
tcp dpt:135
    8   384 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0
tcp dpt:139
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0
tcp dpt:445

Chain DropUPnP (2 references)
 pkts bytes target     prot opt in     out     source               
destination
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0
udp dpt:1900

Chain Reject (3 references)
 pkts bytes target     prot opt in     out     source               
destination
    0     0 RejectAuth  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 dropBcast  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 dropInvalid  all  --  *      *       0.0.0.0/0            
0.0.0.0/0
    0     0 RejectSMB  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 DropUPnP   all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 dropNotSyn  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 DropDNSrep  all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain RejectAuth (2 references)
 pkts bytes target     prot opt in     out     source               
destination
    0     0 reject     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0
tcp dpt:113

Chain RejectSMB (1 references)
 pkts bytes target     prot opt in     out     source               
destination
    0     0 reject     udp  --  *      *       0.0.0.0/0            0.0.0.0/0
udp dpt:135
    0     0 reject     udp  --  *      *       0.0.0.0/0            0.0.0.0/0
udp dpts:137:139
    0     0 reject     udp  --  *      *       0.0.0.0/0            0.0.0.0/0
udp dpt:445
    0     0 reject     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0
tcp dpt:135
    0     0 reject     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0
tcp dpt:139
    0     0 reject     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0
tcp dpt:445

Chain all2all (2 references)
 pkts bytes target     prot opt in     out     source               
destination
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0
state RELATED,ESTABLISHED
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:all2all:REJECT:''
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain blacklst (2 references)
 pkts bytes target     prot opt in     out     source               
destination

Chain dmz2fw (1 references)
 pkts bytes target     prot opt in     out     source               
destination
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0
state RELATED,ESTABLISHED
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0
multiport dports 22,8080,3000
    4   968 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain dmz2loc (1 references)
 pkts bytes target     prot opt in     out     source               
destination
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0
state RELATED,ESTABLISHED
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0
icmp type 8
    0     0 all2all    all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain dmz2net (1 references)
 pkts bytes target     prot opt in     out     source               
destination
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0
state RELATED,ESTABLISHED
   21  1384 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain dropBcast (2 references)
 pkts bytes target     prot opt in     out     source               
destination
   77  5174 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0
PKTTYPE = broadcast
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0
PKTTYPE = multicast

Chain dropInvalid (2 references)
 pkts bytes target     prot opt in     out     source               
destination
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0
state INVALID

Chain dropNotSyn (2 references)
 pkts bytes target     prot opt in     out     source               
destination
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0
tcp flags:!0x16/0x02

Chain dynamic (6 references)
 pkts bytes target     prot opt in     out     source               
destination

Chain eth0_fwd (1 references)
 pkts bytes target     prot opt in     out     source               
destination
   35  1800 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0
state INVALID,NEW
   35  1800 blacklst   all  --  *      *       0.0.0.0/0            0.0.0.0/0
state INVALID,NEW
    0     0 net2loc    all  --  *      eth2    0.0.0.0/0            0.0.0.0/0
   42  2332 net2dmz    all  --  *      eth1    0.0.0.0/0            0.0.0.0/0

Chain eth0_in (1 references)
 pkts bytes target     prot opt in     out     source               
destination
  102  6434 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0
state INVALID,NEW
  102  6434 blacklst   all  --  *      *       0.0.0.0/0            0.0.0.0/0
state INVALID,NEW
  988 75519 net2fw     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain eth1_fwd (1 references)
 pkts bytes target     prot opt in     out     source               
destination
   21  1384 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0
state INVALID,NEW
   21  1384 dmz2net    all  --  *      eth0    0.0.0.0/0            0.0.0.0/0
    0     0 dmz2loc    all  --  *      eth2    0.0.0.0/0            0.0.0.0/0

Chain eth1_in (1 references)
 pkts bytes target     prot opt in     out     source               
destination
    4   968 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0
state INVALID,NEW
    4   968 dmz2fw     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain eth2_fwd (1 references)
 pkts bytes target     prot opt in     out     source               
destination
    6   384 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0
state INVALID,NEW
    6   384 loc2net    all  --  *      eth0    0.0.0.0/0            0.0.0.0/0
    0     0 loc2dmz    all  --  *      eth1    0.0.0.0/0            0.0.0.0/0

Chain eth2_in (1 references)
 pkts bytes target     prot opt in     out     source               
destination
  235 21620 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0
state INVALID,NEW
  235 21620 loc2fw     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain fw2all (2 references)
 pkts bytes target     prot opt in     out     source               
destination
  235 21620 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0
state RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain fw2net (1 references)
 pkts bytes target     prot opt in     out     source               
destination
  597  148K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0
state RELATED,ESTABLISHED
    2   144 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain icmpdef (0 references)
 pkts bytes target     prot opt in     out     source               
destination

Chain loc2dmz (1 references)
 pkts bytes target     prot opt in     out     source               
destination
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0
state RELATED,ESTABLISHED
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0
icmp type 8
    0     0 all2all    all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain loc2fw (1 references)
 pkts bytes target     prot opt in     out     source               
destination
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0
state RELATED,ESTABLISHED
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0
multiport dports 22,8080,3000
  235 21620 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain loc2net (1 references)
 pkts bytes target     prot opt in     out     source               
destination
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0
state RELATED,ESTABLISHED
    6   384 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain net2all (3 references)
 pkts bytes target     prot opt in     out     source               
destination
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0
state RELATED,ESTABLISHED
  137  8234 Drop       all  --  *      *       0.0.0.0/0            0.0.0.0/0
   14   672 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:net2all:DROP:''
   14   672 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain net2dmz (1 references)
 pkts bytes target     prot opt in     out     source               
destination
    7   532 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0
state RELATED,ESTABLISHED
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0
icmp type 8
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            
216.37.35.219       multiport dports 873,22,80,443
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            
216.37.35.220       multiport dports 22,8080,443,3306
   35  1800 net2all    all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain net2fw (1 references)
 pkts bytes target     prot opt in     out     source               
destination
  886 69085 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0
state RELATED,ESTABLISHED
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0
icmp type 8
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0
multiport dports 22,8080,443
  102  6434 net2all    all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain net2loc (1 references)
 pkts bytes target     prot opt in     out     source               
destination
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0
state RELATED,ESTABLISHED
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0
icmp type 8
    0     0 net2all    all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain reject (10 references)
 pkts bytes target     prot opt in     out     source               
destination
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0
PKTTYPE = broadcast
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0
PKTTYPE = multicast
    0     0 DROP       all  --  *      *       216.37.35.223        0.0.0.0/0
    0     0 DROP       all  --  *      *       192.168.255.255      0.0.0.0/0
    0     0 DROP       all  --  *      *       192.168.101.255      0.0.0.0/0
    0     0 DROP       all  --  *      *       255.255.255.255      0.0.0.0/0
    0     0 DROP       all  --  *      *       224.0.0.0/4          0.0.0.0/0
    0     0 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0
reject-with tcp-reset
    0     0 REJECT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0
reject-with icmp-port-unreachable
    0     0 REJECT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0
reject-with icmp-host-unreachable
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0
reject-with icmp-host-prohibited

Chain shorewall (0 references)
 pkts bytes target     prot opt in     out     source               
destination

Chain smurfs (0 references)
 pkts bytes target     prot opt in     out     source               
destination
    0     0 LOG        all  --  *      *       216.37.35.223        0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:''
    0     0 DROP       all  --  *      *       216.37.35.223        0.0.0.0/0
    0     0 LOG        all  --  *      *       192.168.255.255      0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:''
    0     0 DROP       all  --  *      *       192.168.255.255      0.0.0.0/0
    0     0 LOG        all  --  *      *       192.168.101.255      0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:''
    0     0 DROP       all  --  *      *       192.168.101.255      0.0.0.0/0
    0     0 LOG        all  --  *      *       255.255.255.255      0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:''
    0     0 DROP       all  --  *      *       255.255.255.255      0.0.0.0/0
    0     0 LOG        all  --  *      *       224.0.0.0/4          0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:''
    0     0 DROP       all  --  *      *       224.0.0.0/4          0.0.0.0/0

Aug 26 23:16:43 net2all:DROP:IN=eth0 OUT=eth1 SRC=216.37.243.164 
DST=216.37.35.219 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=25018 DF PROTO=TCP 
SPT=1074 DPT=2745 WINDOW=8760 RES=0x00 SYN URGP=0
Aug 26 23:16:46 net2all:DROP:IN=eth0 OUT=eth1 SRC=216.37.243.164 
DST=216.37.35.219 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=25234 DF PROTO=TCP 
SPT=1074 DPT=2745 WINDOW=8760 RES=0x00 SYN URGP=0
Aug 26 23:16:52 net2all:DROP:IN=eth0 OUT=eth1 SRC=216.37.243.164 
DST=216.37.35.219 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=25753 DF PROTO=TCP 
SPT=1074 DPT=2745 WINDOW=8760 RES=0x00 SYN URGP=0
Aug 26 23:22:11 net2all:DROP:IN=eth0 OUT=eth1 SRC=222.88.173.5 
DST=216.37.35.219 LEN=1484 TOS=0x00 PREC=0x00 TTL=107 ID=8116 PROTO=UDP 
SPT=7622 DPT=1026 LEN=1464
Aug 26 23:22:11 net2all:DROP:IN=eth0 OUT= SRC=222.88.173.5 DST=216.37.35.222 
LEN=1484 TOS=0x00 PREC=0x00 TTL=108 ID=8116 PROTO=UDP SPT=24077 DPT=1026 
LEN=1464
Aug 26 23:22:11 net2all:DROP:IN=eth0 OUT=eth1 SRC=222.88.173.5 
DST=216.37.35.220 LEN=1484 TOS=0x00 PREC=0x00 TTL=107 ID=8116 PROTO=UDP 
SPT=27613 DPT=1026 LEN=1464
Aug 26 23:30:54 net2all:DROP:IN=eth0 OUT=eth1 SRC=66.90.155.122 
DST=216.37.35.219 LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=9928 DF PROTO=TCP 
SPT=3391DPT=1433 WINDOW=64240 RES=0x00 SYN URGP=0
Aug 26 23:30:54 net2all:DROP:IN=eth0 OUT=eth1 SRC=66.90.155.122 
DST=216.37.35.220 LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=9936 DF PROTO=TCP 
SPT=3395DPT=1433 WINDOW=64240 RES=0x00 SYN URGP=0
Aug 26 23:30:54 net2all:DROP:IN=eth0 OUT= SRC=66.90.155.122 DST=216.37.35.222 
LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=9940 DF PROTO=TCP SPT=3399 DPT=1433 
WINDOW=64240 RES=0x00 SYN URGP=0
Aug 26 23:31:08 net2all:DROP:IN=eth0 OUT= SRC=219.240.179.229 
DST=216.37.35.222 LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=22459 DF PROTO=TCP 
SPT=2062 DPT=554 WINDOW=64240 RES=0x00 SYN URGP=0
Aug 26 23:31:11 net2all:DROP:IN=eth0 OUT= SRC=219.240.179.229 
DST=216.37.35.222 LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=23821 DF PROTO=TCP 
SPT=2062 DPT=554 WINDOW=64240 RES=0x00 SYN URGP=0
Aug 26 23:36:48 net2all:DROP:IN=eth0 OUT=eth1 SRC=218.49.51.13 
DST=216.37.35.220 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=15851 DF PROTO=TCP 
SPT=2305DPT=554 WINDOW=64240 RES=0x00 SYN URGP=58231
Aug 26 23:36:48 net2all:DROP:IN=eth0 OUT= SRC=218.49.51.13 DST=216.37.35.222 
LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=15853 DF PROTO=TCP SPT=2307 DPT=554 
WINDOW=64240 RES=0x00 SYN URGP=0
Aug 26 23:36:54 net2all:DROP:IN=eth0 OUT= SRC=218.49.51.13 DST=216.37.35.222 
LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=18116 DF PROTO=TCP SPT=2307 DPT=554 
WINDOW=64240 RES=0x00 SYN URGP=0
Aug 26 23:36:54 net2all:DROP:IN=eth0 OUT=eth1 SRC=218.49.51.13 
DST=216.37.35.220 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=18118 DF PROTO=TCP 
SPT=2305DPT=554 WINDOW=64240 RES=0x00 SYN URGP=0
Aug 26 23:52:03 net2all:DROP:IN=eth0 OUT=eth1 SRC=66.90.155.122 
DST=216.37.35.220 LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=17964 DF PROTO=TCP 
SPT=2312 DPT=1433 WINDOW=64240 RES=0x00 SYN URGP=0
Aug 26 23:52:03 net2all:DROP:IN=eth0 OUT= SRC=66.90.155.122 DST=216.37.35.222 
LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=17968 DF PROTO=TCP SPT=2316 DPT=1433 
WINDOW=64240 RES=0x00 SYN URGP=0
Aug 26 23:52:06 net2all:DROP:IN=eth0 OUT=eth1 SRC=66.90.155.122 
DST=216.37.35.219 LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=19174 DF PROTO=TCP 
SPT=2310 DPT=1433 WINDOW=64240 RES=0x00 SYN URGP=0
Aug 26 23:52:06 net2all:DROP:IN=eth0 OUT=eth1 SRC=66.90.155.122 
DST=216.37.35.220 LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=19176 DF PROTO=TCP 
SPT=2312 DPT=1433 WINDOW=64240 RES=0x00 SYN URGP=0
Aug 26 23:52:06 net2all:DROP:IN=eth0 OUT= SRC=66.90.155.122 DST=216.37.35.222 
LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=19180 DF PROTO=TCP SPT=2316 DPT=1433 
WINDOW=64240 RES=0x00 SYN URGP=0

NAT Table

Chain PREROUTING (policy ACCEPT 46525 packets, 3661K bytes)
 pkts bytes target     prot opt in     out     source               
destination

Chain POSTROUTING (policy ACCEPT 5147 packets, 345K bytes)
 pkts bytes target     prot opt in     out     source               
destination
   19  1304 eth0_masq  all  --  *      eth0    0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT 4089 packets, 282K bytes)
 pkts bytes target     prot opt in     out     source               
destination

Chain eth0_masq (1 references)
 pkts bytes target     prot opt in     out     source               
destination
    4   252 MASQUERADE  all  --  *      *       192.168.101.0/24     0.0.0.0/0

Mangle Table

Chain PREROUTING (policy ACCEPT 275K packets, 178M bytes)
 pkts bytes target     prot opt in     out     source               
destination
 1438  115K pretos     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain INPUT (policy ACCEPT 152K packets, 98M bytes)
 pkts bytes target     prot opt in     out     source               
destination

Chain FORWARD (policy ACCEPT 116K packets, 80M bytes)
 pkts bytes target     prot opt in     out     source               
destination

Chain OUTPUT (policy ACCEPT 111K packets, 24M bytes)
 pkts bytes target     prot opt in     out     source               
destination
  860  203K outtos     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain POSTROUTING (policy ACCEPT 219K packets, 103M bytes)
 pkts bytes target     prot opt in     out     source               
destination

Chain outtos (1 references)
 pkts bytes target     prot opt in     out     source               
destination
    0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0
tcp dpt:22 TOS set 0x10
  571  178K TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0
tcp spt:22 TOS set 0x10
    0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0
tcp dpt:21 TOS set 0x10
    0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0
tcp spt:21 TOS set 0x10
    0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0
tcp spt:20 TOS set 0x08
    0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0
tcp dpt:20 TOS set 0x08

Chain pretos (1 references)
 pkts bytes target     prot opt in     out     source               
destination
  849 62560 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0
tcp dpt:22 TOS set 0x10
    0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0
tcp spt:22 TOS set 0x10
    0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0
tcp dpt:21 TOS set 0x10
    0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0
tcp spt:21 TOS set 0x10
    0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0
tcp spt:20 TOS set 0x08
    0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0
tcp dpt:20 TOS set 0x08

tcp      6 412384 ESTABLISHED src=192.168.0.42 dst=192.168.0.56 sport=139 
dport=3541 [UNREPLIED] src=192.168.0.56 dst=192.168.0.42 sport=3541 dport=139 
use=1
tcp      6 407164 ESTABLISHED src=192.168.0.56 dst=192.168.0.42 sport=139 
dport=3027 [UNREPLIED] src=192.168.0.42 dst=192.168.0.56 sport=3027 dport=139 
use=1
tcp      6 320941 ESTABLISHED src=192.168.0.56 dst=192.168.0.42 sport=139 
dport=4126 [UNREPLIED] src=192.168.0.42 dst=192.168.0.56 sport=4126 dport=139 
use=1
tcp      6 418859 ESTABLISHED src=192.168.0.56 dst=192.168.0.42 sport=139 
dport=3414 [UNREPLIED] src=192.168.0.42 dst=192.168.0.56 sport=3414 dport=139 
use=1
tcp      6 409120 ESTABLISHED src=192.168.0.56 dst=192.168.0.42 sport=139 
dport=3103 [UNREPLIED] src=192.168.0.42 dst=192.168.0.56 sport=3103 dport=139 
use=1
tcp      6 408488 ESTABLISHED src=192.168.0.42 dst=192.168.0.56 sport=139 
dport=3527 [UNREPLIED] src=192.168.0.56 dst=192.168.0.42 sport=3527 dport=139 
use=1
tcp      6 428077 ESTABLISHED src=68.58.147.126 dst=216.37.35.222 sport=33026 
dport=22 src=216.37.35.222 dst=68.58.147.126 sport=22 dport=33026 [ASSURED] 
use=1
tcp      6 395066 ESTABLISHED src=192.168.0.56 dst=80.198.131.50 sport=3017 
dport=6667 [UNREPLIED] src=80.198.131.50 dst=192.168.0.56 sport=6667 
dport=3017 use=1
tcp      6 414312 ESTABLISHED src=192.168.0.42 dst=195.186.138.123 sport=8881 
dport=14406 [UNREPLIED] src=195.186.138.123 dst=192.168.0.42 sport=14406 
dport=8881 use=1
tcp      6 415594 ESTABLISHED src=192.168.0.42 dst=200.125.36.185 sport=8881 
dport=4854 [UNREPLIED] src=200.125.36.185 dst=192.168.0.42 sport=4854 
dport=8881 use=1
tcp      6 314396 ESTABLISHED src=192.168.0.42 dst=192.168.0.56 sport=139 
dport=3223 [UNREPLIED] src=192.168.0.56 dst=192.168.0.42 sport=3223 dport=139 
use=1
tcp      6 394261 ESTABLISHED src=192.168.0.42 dst=192.168.0.2 sport=4390 
dport=445 [UNREPLIED] src=192.168.0.2 dst=192.168.0.42 sport=445 dport=4390 
use=1
tcp      6 319005 ESTABLISHED src=192.168.0.56 dst=192.168.0.42 sport=139 
dport=3612 [UNREPLIED] src=192.168.0.42 dst=192.168.0.56 sport=3612 dport=139 
use=1
udp      17 25 src=192.168.100.3 dst=192.168.100.1 sport=32904 dport=53 
[UNREPLIED] src=192.168.100.1 dst=192.168.100.3 sport=53 dport=32904 use=1
tcp      6 432000 ESTABLISHED src=68.58.147.126 dst=216.37.35.222 sport=33034 
dport=22 src=216.37.35.222 dst=68.58.147.126 sport=22 dport=33034 [ASSURED] 
use=1
tcp      6 414276 ESTABLISHED src=192.168.0.42 dst=192.168.0.56 sport=139 
dport=3547 [UNREPLIED] src=192.168.0.56 dst=192.168.0.42 sport=3547 dport=139 
use=1
tcp      6 394481 ESTABLISHED src=192.168.0.42 dst=200.125.36.185 sport=8881 
dport=2675 [UNREPLIED] src=200.125.36.185 dst=192.168.0.42 sport=2675 
dport=8881 use=1
tcp      6 416909 ESTABLISHED src=192.168.0.56 dst=192.168.0.42 sport=139 
dport=3384 [UNREPLIED] src=192.168.0.42 dst=192.168.0.56 sport=3384 dport=139 
use=1
tcp      6 411928 ESTABLISHED src=192.168.0.42 dst=62.39.223.21 sport=8881 
dport=3862 [UNREPLIED] src=62.39.223.21 dst=192.168.0.42 sport=3862 
dport=8881 use=1
tcp      6 317059 ESTABLISHED src=192.168.0.56 dst=192.168.0.42 sport=139 
dport=3553 [UNREPLIED] src=192.168.0.42 dst=192.168.0.56 sport=3553 dport=139 
use=1
tcp      6 413000 ESTABLISHED src=192.168.0.56 dst=192.168.0.42 sport=139 
dport=3323 [UNREPLIED] src=192.168.0.42 dst=192.168.0.56 sport=3323 dport=139 
use=1
tcp      6 411050 ESTABLISHED src=192.168.0.56 dst=192.168.0.42 sport=139 
dport=3208 [UNREPLIED] src=192.168.0.42 dst=192.168.0.56 sport=3208 dport=139 
use=1
tcp      6 413763 ESTABLISHED src=192.168.0.42 dst=217.128.22.29 sport=8881 
dport=3508 [UNREPLIED] src=217.128.22.29 dst=192.168.0.42 sport=3508 
dport=8881 use=1
tcp      6 395496 ESTABLISHED src=192.168.0.56 dst=192.168.0.42 sport=139 
dport=4306 [UNREPLIED] src=192.168.0.42 dst=192.168.0.56 sport=4306 dport=139 
use=1
tcp      6 405981 ESTABLISHED src=192.168.0.42 dst=192.168.0.2 sport=3009 
dport=139 [UNREPLIED] src=192.168.0.2 dst=192.168.0.42 sport=139 dport=3009 
use=1
tcp      6 317388 ESTABLISHED src=192.168.0.56 dst=64.70.250.197 sport=3019 
dport=6667 [UNREPLIED] src=64.70.250.197 dst=192.168.0.56 sport=6667 
dport=3019 use=1
tcp      6 405856 ESTABLISHED src=192.168.0.42 dst=192.168.0.2 sport=4307 
dport=445 [UNREPLIED] src=192.168.0.2 dst=192.168.0.42 sport=445 dport=4307 
use=1
tcp      6 418132 ESTABLISHED src=192.168.0.42 dst=192.168.0.56 sport=139 
dport=3559 [UNREPLIED] src=192.168.0.56 dst=192.168.0.42 sport=3559 dport=139 
use=1
udp      17 15 src=192.168.100.3 dst=192.168.100.1 sport=32901 dport=53 
[UNREPLIED] src=192.168.100.1 dst=192.168.100.3 sport=53 dport=32901 use=1
udp      17 15 src=192.168.100.3 dst=192.168.100.1 sport=32902 dport=53 
[UNREPLIED] src=192.168.100.1 dst=192.168.100.3 sport=53 dport=32902 use=1
tcp      6 414953 ESTABLISHED src=192.168.0.56 dst=192.168.0.42 sport=139 
dport=3353 [UNREPLIED] src=192.168.0.42 dst=192.168.0.56 sport=3353 dport=139 
use=1
tcp      6 320150 ESTABLISHED src=192.168.0.42 dst=192.168.0.56 sport=139 
dport=3242 [UNREPLIED] src=192.168.0.56 dst=192.168.0.42 sport=3242 dport=139 
use=1
tcp      6 419951 ESTABLISHED src=192.168.0.42 dst=192.168.0.2 sport=4941 
dport=445 [UNREPLIED] src=192.168.0.2 dst=192.168.0.42 sport=445 dport=4941 
use=1
tcp      6 395044 ESTABLISHED src=192.168.0.42 dst=192.168.0.56 sport=139 
dport=3484 [UNREPLIED] src=192.168.0.56 dst=192.168.0.42 sport=3484 dport=139 
use=1
tcp      6 405187 ESTABLISHED src=192.168.0.56 dst=192.168.0.42 sport=139 
dport=4768 [UNREPLIED] src=192.168.0.42 dst=192.168.0.56 sport=4768 dport=139 
use=1
tcp      6 414873 ESTABLISHED src=192.168.0.42 dst=195.186.138.123 sport=8881 
dport=14614 [UNREPLIED] src=195.186.138.123 dst=192.168.0.42 sport=14614 
dport=8881 use=1
udp      17 25 src=192.168.100.3 dst=192.168.100.1 sport=32903 dport=53 
[UNREPLIED] src=192.168.100.1 dst=192.168.100.3 sport=53 dport=32903 use=1
tcp      6 416205 ESTABLISHED src=192.168.0.42 dst=192.168.0.56 sport=139 
dport=3553 [UNREPLIED] src=192.168.0.56 dst=192.168.0.42 sport=3553 dport=139 
use=1

IP Configuration

1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:01:03:2b:2c:c8 brd ff:ff:ff:ff:ff:ff
    inet 216.37.35.222/29 brd 216.37.35.223 scope global eth0
3: eth1: <BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc pfifo_fast qlen
1000
    link/ether 00:01:03:2b:ec:57 brd ff:ff:ff:ff:ff:ff
    inet 216.37.35.222/29 brd 216.37.35.223 scope global eth1
4: eth2: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:01:02:c9:35:56 brd ff:ff:ff:ff:ff:ff
    inet 192.168.101.1/24 brd 192.168.101.255 scope global eth2

Routing Rules

0:      from all lookup local
32766:  from all lookup main
32767:  from all lookup default

Table local:

broadcast 192.168.101.255 dev eth2  proto kernel  scope link  src 
192.168.101.1
broadcast 127.255.255.255 dev lo  proto kernel  scope link  src 127.0.0.1
broadcast 192.168.101.0 dev eth2  proto kernel  scope link  src 192.168.101.1
local 192.168.101.1 dev eth2  proto kernel  scope host  src 192.168.101.1
broadcast 216.37.35.216 dev eth0  proto kernel  scope link  src 216.37.35.222
broadcast 216.37.35.216 dev eth1  proto kernel  scope link  src 216.37.35.222
broadcast 127.0.0.0 dev lo  proto kernel  scope link  src 127.0.0.1
broadcast 216.37.35.223 dev eth0  proto kernel  scope link  src 216.37.35.222
broadcast 216.37.35.223 dev eth1  proto kernel  scope link  src 216.37.35.222
local 127.0.0.1 dev lo  proto kernel  scope host  src 127.0.0.1
local 216.37.35.222 dev eth0  proto kernel  scope host  src 216.37.35.222
local 216.37.35.222 dev eth1  proto kernel  scope host  src 216.37.35.222
local 127.0.0.0/8 dev lo  proto kernel  scope host  src 127.0.0.1

Table main:

216.37.35.219 dev eth1  scope link
216.37.35.220 dev eth1  scope link
216.37.35.216/29 dev eth0  proto kernel  scope link  src 216.37.35.222
216.37.35.216/29 dev eth1  proto kernel  scope link  src 216.37.35.222
192.168.101.0/24 dev eth2  proto kernel  scope link  src 192.168.101.1
127.0.0.0/8 via 127.0.0.1 dev lo  scope link
default via 216.37.35.218 dev eth0

Table default:





-- 
Paul Sadauskas
Input Output Unlimited
(317)-402-2283

Tom Eastep

2004-Aug-27 13:52 UTC

head link

Re: Proxy Arp Ip Conflicts

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Paul Sadauskas wrote:
| I must have something configured wrong somewhere. I''ve enabled
proxy-arp on my
| shorewall 2.0.7 firewall. Works fine for what its supposed to do, I
can see
| all the machines through it great. However, whenever its enabled, the
network
| on the DMZ goes screwy. I''ve narrowed it down to this:
|
| when proxy arp is enabled for that interface, like such:
| echo 1 > /proc...eth1/proxy_arp
|
| then arping from a machine that connected to eth1, but on a completely
| different subnet:
|
| workstation rando # arping 192.168.0.5   #non-existent IP
| ARPING 192.168.0.5 from 192.168.0.45 eth0
| Unicast reply from 192.168.0.5 [00:01:03:2B:EC:57]  699.642ms
| Sent 2 probes (1 broadcast(s))
| Received 1 response(s)
|
| workstation rando # arping 192.168.0.1  #used ip
| ARPING 192.168.0.1 from 192.168.0.45 eth0
| Unicast reply from 192.168.0.1 [00:00:F8:05:0F:98]  0.770ms
| Unicast reply from 192.168.0.1 [00:01:03:2B:EC:57]  13.273ms
| Sent 3 probes (1 broadcast(s))
| Received 2 response(s)
|
| however, when proxyarp is turned off, arping behaves as it should, and
the
| network is fine.
|
| My question is, why does proxy-arp being enabled cause this, and how
can i
| prevent it?

I suspect that it is because your firewall doesn''t know about the
existence of the 192.168.0.0 network connected to its eth1 (that network
doesn''t appear in the firewall''s routing table entries for
eth2).

Just a guess...

- -Tom
- --
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFBLzyGO/MAbZfjDLIRAhXIAJ0V+ZPcqiyKyQGEI168ddsFKbFxfQCfS9VB
fd0njkwZIv5uc9kMXNS9Uis=Urjr
-----END PGP SIGNATURE-----

Tom Eastep

2004-Aug-27 14:18 UTC

head link

Re: Proxy Arp Ip Conflicts

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Tom Eastep wrote:
| Paul Sadauskas wrote:
| | I must have something configured wrong somewhere. I''ve enabled
| proxy-arp on my
| | shorewall 2.0.7 firewall. Works fine for what its supposed to do, I
| can see
| | all the machines through it great. However, whenever its enabled, the
| network
| | on the DMZ goes screwy. I''ve narrowed it down to this:
| |
| | when proxy arp is enabled for that interface, like such:
| | echo 1 > /proc...eth1/proxy_arp
| |
| | then arping from a machine that connected to eth1, but on a completely
| | different subnet:
| |
| | workstation rando # arping 192.168.0.5   #non-existent IP
| | ARPING 192.168.0.5 from 192.168.0.45 eth0
| | Unicast reply from 192.168.0.5 [00:01:03:2B:EC:57]  699.642ms
| | Sent 2 probes (1 broadcast(s))
| | Received 1 response(s)
| |
| | workstation rando # arping 192.168.0.1  #used ip
| | ARPING 192.168.0.1 from 192.168.0.45 eth0
| | Unicast reply from 192.168.0.1 [00:00:F8:05:0F:98]  0.770ms
| | Unicast reply from 192.168.0.1 [00:01:03:2B:EC:57]  13.273ms
| | Sent 3 probes (1 broadcast(s))
| | Received 2 response(s)
| |
| | however, when proxyarp is turned off, arping behaves as it should, and
| the
| | network is fine.
| |
| | My question is, why does proxy-arp being enabled cause this, and how
| can i
| | prevent it?
|
| I suspect that it is because your firewall doesn''t know about the
| existence of the 192.168.0.0 network connected to its eth1 (that network
| doesn''t appear in the firewall''s routing table entries for
eth2).

I of course meant "...table entries for eth1".
~                                        ----

- -Tom
- --
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFBL0KdO/MAbZfjDLIRAv7HAKDAKKdKdkZ05UwYit3AO8WuCvhXbwCeIL6u
9Pi2ZROAGcyhPp4bkYzMsAk=+1WU
-----END PGP SIGNATURE-----

Tom Eastep

2004-Aug-27 14:22 UTC

head link

Re: Proxy Arp Ip Conflicts

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Tom Eastep wrote:

| | |
| | | My question is, why does proxy-arp being enabled cause this, and how
| | can i
| | | prevent it?
| |
| | I suspect that it is because your firewall doesn''t know about the
| | existence of the 192.168.0.0 network connected to its eth1 (that network
| | doesn''t appear in the firewall''s routing table entries for
eth2).
|
| I of course meant "...table entries for eth1".
| ~                                        ----
|

I have set up a test on my own firewall and have confirmed that
executing this command on your firewall will restore proper ARP behavior:

	ip route add 192.168.0.0/24 dev eth1

- -Tom
- --
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFBL0OpO/MAbZfjDLIRAnzNAKCKhFM/36jGcjwXy8BkNOmjalgXHQCgt/Sn
y+FIEfdrgsHBdOEKpOhQPkA=W2dN
-----END PGP SIGNATURE-----

Maybe Matching Threads

Search for more seemingly similar threads

Shorewall users - Aug 2004 - Proxy Arp Ip Conflicts

Proxy Arp Ip Conflicts

Re: Proxy Arp Ip Conflicts

Re: Proxy Arp Ip Conflicts

Re: Proxy Arp Ip Conflicts

Maybe Matching Threads