Hi,
I managed to make my shorewall box into a bridging firewall - shorewall
worked just fine, however I was still getting flooded with ARP requests from
outsiders scanning my network. In an effort to eliminate those, I started to
use proxyarp thinking that if the bridging firewall answered the DSL
modem''s
ARP requests, the modem would pass along the offending packet and the
firewall would drop it, leaving the internal network free of unnecessary
traffic. In my experiments, I added ''proxyarp'' to the bridge,
I added
entries in the proxyarp file too (probably wrong), and I added static routes
in the rc.local file. My problems were that either ARP''s were getting
through or internal boxes couldn''t get out. I finally got rid of the
bridge
all together and I''m trying to go with a proxyarp setup.
I believe most of my configuration is correct except for the routing tables
which are obviously wrong. I''m using Redwall 0.5.5 (an RH9 derivative)
installed to the hard drive. Redwall is nice, though hard drive install is a
bit quirky. It has shorewall, physdev, ebtables, etc. already installed.
My questions are:
- Does anyone see anything obviously wrong with my configuration files (see
attached tgz)
- Am I missing an easy way to stop ARPs at my firewall? (see the diagram
below)
- Finally, the most detailed question: how does RH9 and Shorewall add the
routes to the routing table? I''m getting two identical
66.1.1.96/27<http://66.1.1.96/27>entries and the wrong default gateway
(eth1 instead of eth0).
Thanks,
-Robert
ps. if I didn''t include a file in the tgz, it''s unchanged
from the original
install. For example, the rules file is empty.
pps. How often do you all get scanned? I''m getting about one arp every
5
seconds looking for non-existent machines.
internal network (66.1.1.99-126) <--->
eth1:66.1.1.98:shorewall box:eth0:66.1.1.98 <http://66.1.1.98>
<---->
66.1.1.97:dsl modem/router:66.1.1.64/27 <http://66.1.1.64/27>