Shorewall users - Jan 2005 - proxyarp problem

shorewall-users

hi,ALL
  
 I have a firewall have three interface, one NIC is internal (eth0),
 second NIC is SSN(eth2), and other NIC is external(eth1),
  
 on internal network have 10.0.1.59 and gw 10.0.1.163
 eth0: 192.168.1.254/24
 eth1: 10.0.1.55/24 gw 10.0.1.163
  
 I use shorewall''s proxyarp
 10.0.1.59  eth1  eth0 no no
  
 that is OK.
  
 I saw /usr/share/shorewall/firewall, I think it that
  
 arp -i eth0 -Ds 10.0.1.59 eth0 pub
 echo 1 > /proc/sys/net/ipv4/conf/eth1/proxy_arp
 echo 0 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
  
 or
 echo 0 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
  
 but it don''t work
 
 why?
  
 thanks
  
 Regards

梁剑 wrote:
> shorewall-users
> 
> hi,ALL
>   
>  I have a firewall have three interface, one NIC is internal (eth0),
>  second NIC is SSN(eth2), and other NIC is external(eth1),
>   
>  on internal network have 10.0.1.59 and gw 10.0.1.163
>  eth0: 192.168.1.254/24
>  eth1: 10.0.1.55/24 gw 10.0.1.163
>   
>  I use shorewall''s proxyarp
>  10.0.1.59  eth1  eth0 no no
>   
>  that is OK.
>   
>  I saw /usr/share/shorewall/firewall, I think it that
>   
>  arp -i eth0 -Ds 10.0.1.59 eth0 pub
>  echo 1 > /proc/sys/net/ipv4/conf/eth1/proxy_arp
>  echo 0 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
>   
>  or
>  echo 0 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
>   
>  but it don''t work
>  
>  why?
 Because to use Proxy ARP, you would have to connect a system to eth1
that had an address in 192.168.1.0/24. What you have configured doesn''t
make any sense.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key