Shorewall users - Jan 2005 - proxyarp and masq ip

Would it be considered normal that a system behind a shorewall box that
was setup for proxyarp and able to be reached from the trusted side of
the net just fine on the proxyapr ip address would if it were to talk
out to the world show as traffic not from the proxyarp address but the
firewall''s own address or the masquerading ip used by other zones? We
had not really noticed this as an issue till today when the box was
0wn3d and started scanning other networks with the address of our
firewall :c) joy... 

Shorewall version 1.4.7 with 3 zones+openswan running a hardened
diskless linux kernel of my own making.
Kernel 2.4.22 with a few patches and tweeks
Arp 1.5 from nettools
Ip iproute2-ss991023

 Regards
 Sean Mathews

Sean Mathews wrote:
>  Would it be considered normal that a system behind a shorewall box that
> was setup for proxyarp and able to be reached from the trusted side of
> the net just fine on the proxyapr ip address would if it were to talk
> out to the world show as traffic not from the proxyarp address but the
> firewall''s own address or the masquerading ip used by other zones?
We
> had not really noticed this as an issue till today when the box was
> 0wn3d and started scanning other networks with the address of our
> firewall :c) joy... 
> 
> Shorewall version 1.4.7 with 3 zones+openswan running a hardened
> diskless linux kernel of my own making.
> Kernel 2.4.22 with a few patches and tweeks
> Arp 1.5 from nettools
> Ip iproute2-ss991023
You''ve probably done something silly like this in your
/etc/shorewall/masq file:

#INTERFACE	SUBNET	
eth0		eth1

Where eth1 is the interface that the proxy arp''ed system(s) is/are
connected to.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key