Sean Mathews wrote:> Would it be considered normal that a system behind a shorewall box that
> was setup for proxyarp and able to be reached from the trusted side of
> the net just fine on the proxyapr ip address would if it were to talk
> out to the world show as traffic not from the proxyarp address but the
> firewall''s own address or the masquerading ip used by other zones?
We
> had not really noticed this as an issue till today when the box was
> 0wn3d and started scanning other networks with the address of our
> firewall :c) joy...
>
> Shorewall version 1.4.7 with 3 zones+openswan running a hardened
> diskless linux kernel of my own making.
> Kernel 2.4.22 with a few patches and tweeks
> Arp 1.5 from nettools
> Ip iproute2-ss991023
You''ve probably done something silly like this in your
/etc/shorewall/masq file:
#INTERFACE SUBNET
eth0 eth1
Where eth1 is the interface that the proxy arp''ed system(s) is/are
connected to.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key