梁剑 wrote:> shorewall-users
>
> hi,ALL
>
> I have a firewall have three interface, one NIC is internal (eth0),
> second NIC is SSN(eth2), and other NIC is external(eth1),
>
> on internal network have 10.0.1.59 and gw 10.0.1.163
> eth0: 192.168.1.254/24
> eth1: 10.0.1.55/24 gw 10.0.1.163
>
> I use shorewall''s proxyarp
> 10.0.1.59 eth1 eth0 no no
>
> that is OK.
>
> I saw /usr/share/shorewall/firewall, I think it that
>
> arp -i eth0 -Ds 10.0.1.59 eth0 pub
> echo 1 > /proc/sys/net/ipv4/conf/eth1/proxy_arp
> echo 0 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
>
> or
> echo 0 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
>
> but it don''t work
>
> why?
Because to use Proxy ARP, you would have to connect a system to eth1
that had an address in 192.168.1.0/24. What you have configured doesn''t
make any sense.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key