I''ve been hit once again by the arp cache problem with devices located in a proxyarped DMZ as described in http://www.shorewall.net/ProxyARP.htm. In this latest case the culprit was a Cisco VPN Concentrator which didn''t update it''s ARP cache within almost two days (don''t ask me why it does so, I don''t have access to the device to even look at it''s config). My solution was to put the hack below into /etc/shorewall/continue. Maybe it''s useful for others too (note: it delays the start/restart of shorewall for 3 seconds). Regards, Simon ======%<======grep -s -v "^ *#" /etc/shorewall/proxyarp | while read address interface external haveroute; do ip addr add $address dev $external arping -q -A -c 1 -I $external $address ( sleep 2 ; arping -q -U -c 1 -I $external $address ; ip addr del $address dev $external ) > /dev/null 2>&1 < /dev/null & done sleep 3 ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642